From e7760c584521f09e914d231b7be8dcb7fe7b6dd4 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2020 20:40:12 +0000 Subject: [PATCH 01/42] chore(deps): bump aws-sdk from 2.632.0 to 2.633.0 (#6592) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.632.0 to 2.633.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.632.0...v2.633.0) Signed-off-by: dependabot-preview[bot] --- packages/@aws-cdk/aws-cloudfront/package.json | 2 +- packages/@aws-cdk/aws-cloudtrail/package.json | 2 +- packages/@aws-cdk/aws-codebuild/package.json | 2 +- packages/@aws-cdk/aws-codecommit/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-route53/package.json | 2 +- packages/@aws-cdk/aws-sqs/package.json | 2 +- packages/@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- yarn.lock | 8 ++++---- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/package.json b/packages/@aws-cdk/aws-cloudfront/package.json index f0cec04d40eb6..3f2286857b2c4 100644 --- a/packages/@aws-cdk/aws-cloudfront/package.json +++ b/packages/@aws-cdk/aws-cloudfront/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-cloudtrail/package.json b/packages/@aws-cdk/aws-cloudtrail/package.json index c4c8044408f9d..19eebb6179e6f 100644 --- a/packages/@aws-cdk/aws-cloudtrail/package.json +++ b/packages/@aws-cdk/aws-cloudtrail/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index d25efa52af6f3..2c0d5f565455f 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -70,7 +70,7 @@ "@aws-cdk/aws-sns": "0.0.0", "@aws-cdk/aws-sqs": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codecommit/package.json b/packages/@aws-cdk/aws-codecommit/package.json index 4dcb82a20c66f..cb63fe15a0dc6 100644 --- a/packages/@aws-cdk/aws-codecommit/package.json +++ b/packages/@aws-cdk/aws-codecommit/package.json @@ -70,7 +70,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 3e4457600beac..9be9c2acab9cf 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index f1f9f55fe0077..f16dc3017211e 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index 3317acb29b8fd..e4fcd21da00df 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -86,7 +86,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index 91c1b317dfd5b..16d3ad42e8daf 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -71,7 +71,7 @@ "@types/lodash": "^4.14.149", "@types/nodeunit": "^0.0.30", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-route53/package.json b/packages/@aws-cdk/aws-route53/package.json index 1efe30e394b71..e804aa8a2ed98 100644 --- a/packages/@aws-cdk/aws-route53/package.json +++ b/packages/@aws-cdk/aws-route53/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-sqs/package.json b/packages/@aws-cdk/aws-sqs/package.json index 997e7e2be246a..71a9a34217d58 100644 --- a/packages/@aws-cdk/aws-sqs/package.json +++ b/packages/@aws-cdk/aws-sqs/package.json @@ -65,7 +65,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index 5271331b22d63..7ded8beac3ef4 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -73,7 +73,7 @@ "@types/aws-lambda": "^8.10.39", "@types/fs-extra": "^8.1.0", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 71ee5d05880f1..c1ef0880c55c7 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -71,7 +71,7 @@ "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "camelcase": "^5.3.1", "colors": "^1.4.0", "decamelize": "^4.0.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index cf1f715aae0ef..f6e8565aa6d89 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -42,7 +42,7 @@ "dependencies": { "@aws-cdk/cdk-assets-schema": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.632.0", + "aws-sdk": "^2.633.0", "glob": "^7.1.6", "yargs": "^15.2.0" }, diff --git a/yarn.lock b/yarn.lock index d1e389486da73..01cf1f4f0fa85 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2646,10 +2646,10 @@ aws-sdk-mock@^5.0.0: sinon "^8.0.1" traverse "^0.6.6" -aws-sdk@^2.596.0, aws-sdk@^2.632.0: - version "2.632.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.632.0.tgz#d36ac406b3d45dc3cab88c2859b389b822828409" - integrity sha512-8Ewnxpi1jWN/nTc4ngDqeAiReqlib0SfIPQFHNozyJFOdOW6ERKd/hGdrci9qXJIn8NYQj82QsR3JTjjFzG9Zg== +aws-sdk@^2.596.0, aws-sdk@^2.633.0: + version "2.633.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.633.0.tgz#3bdb8ec2671884025e9f64fdfa2c0af3cc663118" + integrity sha512-C28/GefIQ+Dk1hjPQrpG1Yt9RdvqeFMP4nb6iActanoGq5JTSJU9103ukpBzrHz96fvjhIRogrvfOhDKubbcjw== dependencies: buffer "4.9.1" events "1.1.1" From 211737452e9af66a3f2b214c44071362a2a3172d Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2020 21:43:48 +0000 Subject: [PATCH 02/42] chore(appsync): don't retain dynamodb tables (#6401) Correctly tear down the tables created in the context of the test. Signed-off-by: Duarte Nunes Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- .../@aws-cdk/aws-appsync/test/integ.graphql.expected.json | 8 ++++---- packages/@aws-cdk/aws-appsync/test/integ.graphql.ts | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json index 2face78179375..f31e1ba15348c 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json @@ -574,8 +574,8 @@ ], "BillingMode": "PAY_PER_REQUEST" }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "OrderTable416EB896": { "Type": "AWS::DynamoDB::Table", @@ -602,8 +602,8 @@ ], "BillingMode": "PAY_PER_REQUEST" }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql.ts b/packages/@aws-cdk/aws-appsync/test/integ.graphql.ts index a2efb337e3a28..d7fc704153599 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql.ts +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql.ts @@ -1,6 +1,6 @@ import { UserPool } from '@aws-cdk/aws-cognito'; import { AttributeType, BillingMode, Table } from '@aws-cdk/aws-dynamodb'; -import { App, Stack } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; import { join } from 'path'; import { GraphQLApi, KeyCondition, MappingTemplate, PrimaryKey, UserPoolDefaultAction, Values } from '../lib'; @@ -35,6 +35,7 @@ const customerTable = new Table(stack, 'CustomerTable', { name: 'id', type: AttributeType.STRING, }, + removalPolicy: RemovalPolicy.DESTROY, }); const orderTable = new Table(stack, 'OrderTable', { billingMode: BillingMode.PAY_PER_REQUEST, @@ -45,7 +46,8 @@ const orderTable = new Table(stack, 'OrderTable', { sortKey: { name: 'order', type: AttributeType.STRING, - } + }, + removalPolicy: RemovalPolicy.DESTROY, }); const customerDS = api.addDynamoDbDataSource('Customer', 'The customer data source', customerTable); From a0fb5187a4b0c74c32333e14af1098b0c1f25705 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2020 10:54:10 +0000 Subject: [PATCH 03/42] feat(efs): create EFS file systems (#6373) * feat(aws-efs): adding construct library for creating EFS * 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes #6286 * addressing review comments * setting correct ipaddress for mount targets * feat(aws-efs): adding construct library for creating EFS * 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes #6286 * addressing review comments * setting correct ipaddress for mount targets * address review comments v2 * removing mount targets info Co-authored-by: Rico Huijbers Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-efs/README.md | 63 ++++ .../@aws-cdk/aws-efs/lib/efs-file-system.ts | 282 ++++++++++++++++++ packages/@aws-cdk/aws-efs/lib/index.ts | 1 + packages/@aws-cdk/aws-efs/package.json | 18 +- .../aws-efs/test/efs-file-system.test.ts | 190 ++++++++++++ packages/@aws-cdk/aws-efs/test/efs.test.ts | 6 - 6 files changed, 552 insertions(+), 8 deletions(-) create mode 100644 packages/@aws-cdk/aws-efs/lib/efs-file-system.ts create mode 100644 packages/@aws-cdk/aws-efs/test/efs-file-system.test.ts delete mode 100644 packages/@aws-cdk/aws-efs/test/efs.test.ts diff --git a/packages/@aws-cdk/aws-efs/README.md b/packages/@aws-cdk/aws-efs/README.md index 6b9958d570161..c743f78786eee 100644 --- a/packages/@aws-cdk/aws-efs/README.md +++ b/packages/@aws-cdk/aws-efs/README.md @@ -17,4 +17,67 @@ --- +This construct library allows you to set up AWS Elastic File System (EFS). + +```ts +import efs = require('@aws-cdk/aws-efs'); + +const myVpc = new ec2.Vpc(this, 'VPC'); +const fileSystem = new efs.EfsFileSystem(this, 'MyEfsFileSystem', { + vpc: myVpc, + encrypted: true, + lifecyclePolicy: EfsLifecyclePolicyProperty.AFTER_14_DAYS, + performanceMode: EfsPerformanceMode.GENERAL_PURPOSE, + throughputMode: EfsThroughputMode.BURSTING +}); +``` + +### Connecting + +To control who can access the EFS, use the `.connections` attribute. EFS has +a fixed default port, so you don't need to specify the port: + +```ts +fileSystem.connections.allowDefaultPortFrom(instance); +``` +### Mounting the file system using User Data + +In order to automatically mount this file system during instance launch, +following code can be used as reference: +``` +const vpc = new ec2.Vpc(this, 'VPC'); + +const fileSystem = new efs.EfsFileSystem(this, 'EfsFileSystem', { + vpc, + encrypted: true, + lifecyclePolicy: efs.EfsLifecyclePolicyProperty.AFTER_14_DAYS, + performanceMode: efs.EfsPerformanceMode.GENERAL_PURPOSE, + throughputMode: efs.EfsThroughputMode.BURSTING +}); + +const inst = new Instance(this, 'inst', { + instanceType: InstanceType.of(InstanceClass.T2, InstanceSize.LARGE), + machineImage: new AmazonLinuxImage({ + generation: AmazonLinuxGeneration.AMAZON_LINUX_2 + }), + vpc, + vpcSubnets: { + subnetType: SubnetType.PUBLIC, + } +}); + +fileSystem.connections.allowDefaultPortFrom(inst); + +inst.userData.addCommands("yum check-update -y", // Ubuntu: apt-get -y update + "yum upgrade -y", // Ubuntu: apt-get -y upgrade + "yum install -y amazon-efs-utils", // Ubuntu: apt-get -y install amazon-efs-utils + "yum install -y nfs-utils", // Ubuntu: apt-get -y install nfs-common + "file_system_id_1=" + fileSystem.fileSystemId, + "efs_mount_point_1=/mnt/efs/fs1", + "mkdir -p \"${efs_mount_point_1}\"", + "test -f \"/sbin/mount.efs\" && echo \"${file_system_id_1}:/ ${efs_mount_point_1} efs defaults,_netdev\" >> /etc/fstab || " + + "echo \"${file_system_id_1}.efs." + cdk.Stack.of(this).region + ".amazonaws.com:/ ${efs_mount_point_1} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0\" >> /etc/fstab", + "mount -a -t efs,nfs4 defaults"); +``` + This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. diff --git a/packages/@aws-cdk/aws-efs/lib/efs-file-system.ts b/packages/@aws-cdk/aws-efs/lib/efs-file-system.ts new file mode 100644 index 0000000000000..bf83de7d8f217 --- /dev/null +++ b/packages/@aws-cdk/aws-efs/lib/efs-file-system.ts @@ -0,0 +1,282 @@ +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as kms from '@aws-cdk/aws-kms'; +import {Construct, Resource} from "@aws-cdk/core"; +import {CfnFileSystem, CfnMountTarget} from "./efs.generated"; + +// tslint:disable: max-line-length +/** + * EFS Lifecycle Policy, if a file is not accessed for given days, it will move to EFS Infrequent Access. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-elasticfilesystem-filesystem-lifecyclepolicies + */ +export enum EfsLifecyclePolicyProperty { + /** + * After 7 days of not being accessed. + */ + AFTER_7_DAYS, + + /** + * After 14 days of not being accessed. + */ + AFTER_14_DAYS, + + /** + * After 30 days of not being accessed. + */ + AFTER_30_DAYS, + + /** + * After 60 days of not being accessed. + */ + AFTER_60_DAYS, + + /** + * After 90 days of not being accessed. + */ + AFTER_90_DAYS +} + +/** + * EFS Performance mode. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-performancemode + */ +export enum EfsPerformanceMode { + /** + * This is the general purpose performance mode for most file systems. + */ + GENERAL_PURPOSE = "generalPurpose", + + /** + * This performance mode can scale to higher levels of aggregate throughput and operations per second with a + * tradeoff of slightly higher latencies. + */ + MAX_IO = "maxIO" +} + +/** + * EFS Throughput mode. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-elasticfilesystem-filesystem-throughputmode + */ +export enum EfsThroughputMode { + /** + * This mode on Amazon EFS scales as the size of the file system in the standard storage class grows. + */ + BURSTING = "bursting", + + /** + * This mode can instantly provision the throughput of the file system (in MiB/s) independent of the amount of data stored. + */ + PROVISIONED = "provisioned" +} + +/** + * Interface to implement AWS File Systems. + */ +export interface IEfsFileSystem extends ec2.IConnectable { + /** + * The ID of the file system, assigned by Amazon EFS. + * + * @attribute + */ + readonly fileSystemId: string; +} + +/** + * Properties of EFS FileSystem. + */ +export interface EfsFileSystemProps { + + /** + * VPC to launch the file system in. + */ + readonly vpc: ec2.IVpc; + + /** + * Security Group to assign to this file system. + * + * @default - creates new security group which allow all out bound traffic + */ + readonly securityGroup?: ec2.ISecurityGroup; + + /** + * Where to place the mount target within the VPC. + * + * @default - Private subnets + */ + readonly vpcSubnets?: ec2.SubnetSelection; + + /** + * Defines if the data at rest in the file system is encrypted or not. + * + * @default - false + */ + readonly encrypted?: boolean; + + /** + * The KMS key used for encryption. This is required to encrypt the data at rest if @encrypted is set to true. + * + * @default - if @encrypted is true, the default key for EFS (/aws/elasticfilesystem) is used + */ + readonly kmsKey?: kms.IKey; + + /** + * A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. + * + * @default - none + */ + readonly lifecyclePolicy?: EfsLifecyclePolicyProperty; + + /** + * Enum to mention the performance mode of the file system. + * + * @default - GENERAL_PURPOSE + */ + readonly performanceMode?: EfsPerformanceMode; + + /** + * Enum to mention the throughput mode of the file system. + * + * @default - BURSTING + */ + readonly throughputMode?: EfsThroughputMode; + + /** + * Provisioned throughput for the file system. This is a required property if the throughput mode is set to PROVISIONED. + * Valid values are 1-1024. + * + * @default - None, errors out + */ + readonly provisionedThroughputInMibps?: number; +} + +/** + * A new or imported EFS File System. + */ +abstract class EfsFileSystemBase extends Resource implements IEfsFileSystem { + + /** + * The security groups/rules used to allow network connections to the file system. + */ + public abstract readonly connections: ec2.Connections; + + /** + * @attribute + */ + public abstract readonly fileSystemId: string; +} + +/** + * Properties that describe an existing EFS file system. + */ +export interface EfsFileSystemAttributes { + /** + * The security group of the file system + */ + readonly securityGroup: ec2.ISecurityGroup; + + /** + * The File System's ID. + */ + readonly fileSystemID: string; +} + +/** + * The Elastic File System implementation of IFileSystem. + * It creates a new, empty file system in Amazon Elastic File System (Amazon EFS). + * It also creates mount target (AWS::EFS::MountTarget) implicitly to mount the + * EFS file system on an Amazon Elastic Compute Cloud (Amazon EC2) instance or another resource. + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html + * + * @resource AWS::EFS::FileSystem + */ +export class EfsFileSystem extends EfsFileSystemBase { + + /** + * Import an existing File System from the given properties. + */ + public static fromEfsFileSystemAttributes(scope: Construct, id: string, attrs: EfsFileSystemAttributes): IEfsFileSystem { + class Import extends EfsFileSystemBase implements IEfsFileSystem { + public readonly fileSystemId = attrs.fileSystemID; + public readonly connections = new ec2.Connections({ + securityGroups: [attrs.securityGroup], + defaultPort: ec2.Port.tcp(EfsFileSystem.DEFAULT_PORT) + }); + } + + return new Import(scope, id); + } + + /** + * The default port File System listens on. + */ + private static readonly DEFAULT_PORT: number = 2049; + + /** + * The security groups/rules used to allow network connections to the file system. + */ + public readonly connections: ec2.Connections; + + /** + * @attribute + */ + public readonly fileSystemId: string; + + private readonly efsFileSystem: CfnFileSystem; + + /** + * Constructor for creating a new EFS FileSystem. + */ + constructor(scope: Construct, id: string, props: EfsFileSystemProps) { + super(scope, id); + + if (props.throughputMode === EfsThroughputMode.PROVISIONED) { + if (props.provisionedThroughputInMibps === undefined) { + throw new Error('Property provisionedThroughputInMibps is required when throughputMode is PROVISIONED'); + } else if (!Number.isInteger(props.provisionedThroughputInMibps)) { + throw new Error("Invalid input for provisionedThroughputInMibps"); + } else if (props.provisionedThroughputInMibps < 1 || props.provisionedThroughputInMibps > 1024) { + this.node.addWarning("Valid values for throughput are 1-1024 MiB/s. You can get this limit increased by contacting AWS Support."); + } + } + + this.efsFileSystem = new CfnFileSystem(this, "Resource", { + encrypted: props.encrypted, + kmsKeyId: (props.kmsKey ? props.kmsKey.keyId : undefined), + lifecyclePolicies: (props.lifecyclePolicy ? Array.of({ + transitionToIa: EfsLifecyclePolicyProperty[props.lifecyclePolicy] + } as CfnFileSystem.LifecyclePolicyProperty) : undefined), + performanceMode: props.performanceMode, + throughputMode: props.throughputMode, + provisionedThroughputInMibps: props.provisionedThroughputInMibps + }); + + this.fileSystemId = this.efsFileSystem.ref; + this.node.defaultChild = this.efsFileSystem; + + const securityGroup = (props.securityGroup || new ec2.SecurityGroup(this, 'EfsSecurityGroup', { + vpc: props.vpc + })); + + this.connections = new ec2.Connections({ + securityGroups: [securityGroup], + defaultPort: ec2.Port.tcp(EfsFileSystem.DEFAULT_PORT) + }); + + const subnets = props.vpc.selectSubnets(props.vpcSubnets); + + // We now have to create the mount target for each of the mentioned subnet + let mountTargetCount = 0; + subnets.subnetIds.forEach((subnetId: string) => { + new CfnMountTarget(this, + "EfsMountTarget" + (++mountTargetCount), + { + fileSystemId: this.fileSystemId, + securityGroups: Array.of(securityGroup.securityGroupId), + subnetId + }); + }); + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-efs/lib/index.ts b/packages/@aws-cdk/aws-efs/lib/index.ts index 0f93e4419ab6b..808b7a1162e5f 100644 --- a/packages/@aws-cdk/aws-efs/lib/index.ts +++ b/packages/@aws-cdk/aws-efs/lib/index.ts @@ -1,2 +1,3 @@ // AWS::EFS CloudFormation Resources: +export * from './efs-file-system'; export * from './efs.generated'; diff --git a/packages/@aws-cdk/aws-efs/package.json b/packages/@aws-cdk/aws-efs/package.json index 04dbf74368339..9c71b82dc5875 100644 --- a/packages/@aws-cdk/aws-efs/package.json +++ b/packages/@aws-cdk/aws-efs/package.json @@ -85,14 +85,28 @@ "pkglint": "0.0.0" }, "dependencies": { - "@aws-cdk/core": "0.0.0" + "@aws-cdk/core": "0.0.0", + "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/aws-kms": "0.0.0", + "@aws-cdk/cx-api": "0.0.0" }, "homepage": "https://github.com/aws/aws-cdk", "peerDependencies": { - "@aws-cdk/core": "0.0.0" + "@aws-cdk/core": "0.0.0", + "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/aws-kms": "0.0.0", + "@aws-cdk/cx-api": "0.0.0" }, "engines": { "node": ">= 10.3.0" }, + "awslint": { + "exclude": [ + "props-physical-name:@aws-cdk/aws-efs.EfsFileSystemProps", + "resource-interface:@aws-cdk/aws-efs.EfsFileSystem", + "construct-interface-extends-iconstruct:@aws-cdk/aws-efs.IEfsFileSystem", + "resource-interface-extends-resource:@aws-cdk/aws-efs.IEfsFileSystem" + ] + }, "stability": "experimental" } diff --git a/packages/@aws-cdk/aws-efs/test/efs-file-system.test.ts b/packages/@aws-cdk/aws-efs/test/efs-file-system.test.ts new file mode 100644 index 0000000000000..51efbc95d97b5 --- /dev/null +++ b/packages/@aws-cdk/aws-efs/test/efs-file-system.test.ts @@ -0,0 +1,190 @@ +import {expect as expectCDK, haveResource} from '@aws-cdk/assert'; +import * as ec2 from "@aws-cdk/aws-ec2"; +import * as kms from "@aws-cdk/aws-kms"; +import {Stack} from "@aws-cdk/core"; +import {WARNING_METADATA_KEY} from "@aws-cdk/cx-api"; +import {EfsFileSystem, EfsLifecyclePolicyProperty, EfsPerformanceMode, EfsThroughputMode} from "../lib/efs-file-system"; + +let stack = new Stack(); +let vpc = new ec2.Vpc(stack, 'VPC'); + +beforeEach( () => { + stack = new Stack(); + vpc = new ec2.Vpc(stack, 'VPC'); +}); + +test('default file system is created correctly', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + }); + // THEN + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem')); + expectCDK(stack).to(haveResource('AWS::EFS::MountTarget')); + expectCDK(stack).to(haveResource('AWS::EC2::SecurityGroup')); +}); + +test('unencrypted file system is created correctly with default KMS', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + encrypted: false + }); + // THEN + expectCDK(stack).notTo(haveResource('AWS::EFS::FileSystem', { + Encrypted: true, + })); +}); + +test('encrypted file system is created correctly with default KMS', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + encrypted: true + }); + // THEN + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem', { + Encrypted: true, + })); +}); + +test('encrypted file system is created correctly with custom KMS', () => { + const key = new kms.Key(stack, 'customKeyFS'); + + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + encrypted: true, + kmsKey: key + }); + // THEN + + /** + * CDK appends 8-digit MD5 hash of the resource path to the logical Id of the resource in order to make sure + * that the id is unique across multiple stacks. There isnt a direct way to identify the exact name of the resource + * in generated CDK, hence hardcoding the MD5 hash here for assertion. Assumption is that the path of the Key wont + * change in this UT. Checked the unique id by generating the cloud formation stack. + */ + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem', { + Encrypted: true, + KmsKeyId: { + Ref: 'customKeyFSDDB87C6D' + } + })); +}); + +test('file system is created correctly with life cycle property', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + lifecyclePolicy: EfsLifecyclePolicyProperty.AFTER_14_DAYS + }); + // THEN + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem', { + LifecyclePolicies: [{ + TransitionToIA: "AFTER_14_DAYS" + }] + })); +}); + +test('file system is created correctly with performance mode', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + performanceMode: EfsPerformanceMode.MAX_IO + }); + // THEN + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem', { + PerformanceMode: "maxIO" + })); +}); + +test('file system is created correctly with bursting throughput mode', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + throughputMode: EfsThroughputMode.BURSTING + }); + // THEN + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem', { + ThroughputMode: "bursting" + })); +}); + +test('Exception when throughput mode is set to PROVISIONED, but provisioned throughput is not set', () => { + expect(() => { + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + throughputMode: EfsThroughputMode.PROVISIONED + }); + }).toThrowError(/Property provisionedThroughputInMibps is required when throughputMode is PROVISIONED/); +}); + +test('Warning when provisioned throughput is less than the valid range', () => { + const fileSystem = new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + throughputMode: EfsThroughputMode.PROVISIONED, + provisionedThroughputInMibps: 0 + }); + + expect(fileSystem.node.metadata[0].type).toMatch(WARNING_METADATA_KEY); + expect(fileSystem.node.metadata[0].data).toContain("Valid values for throughput are 1-1024 MiB/s"); + expect(fileSystem.node.metadata[0].data).toContain("You can get this limit increased by contacting AWS Support"); + + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem')); +}); + +test('Warning when provisioned throughput is above than the valid range', () => { + const fileSystem = new EfsFileSystem(stack, 'EfsFileSystem1', { + vpc, + throughputMode: EfsThroughputMode.PROVISIONED, + provisionedThroughputInMibps: 1025 + }); + + expect(fileSystem.node.metadata[0].type).toMatch(WARNING_METADATA_KEY); + expect(fileSystem.node.metadata[0].data).toContain("Valid values for throughput are 1-1024 MiB/s"); + expect(fileSystem.node.metadata[0].data).toContain("You can get this limit increased by contacting AWS Support"); + + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem')); +}); + +test('Error when provisioned throughput is invalid number', () => { + expect(() => { + new EfsFileSystem(stack, 'EfsFileSystem2', { + vpc, + throughputMode: EfsThroughputMode.PROVISIONED, + provisionedThroughputInMibps: 1.5 + }); + }).toThrowError(/Invalid input for provisionedThroughputInMibps/); +}); + +test('file system is created correctly with provisioned throughput mode', () => { + // WHEN + new EfsFileSystem(stack, 'EfsFileSystem', { + vpc, + throughputMode: EfsThroughputMode.PROVISIONED, + provisionedThroughputInMibps: 5 + }); + // THEN + expectCDK(stack).to(haveResource('AWS::EFS::FileSystem', { + ThroughputMode: "provisioned", + ProvisionedThroughputInMibps: 5 + })); +}); + +test('existing file system is imported correctly', () => { + // WHEN + const fs = EfsFileSystem.fromEfsFileSystemAttributes(stack, "existingFS", { + fileSystemID: "fs123", + securityGroup: ec2.SecurityGroup.fromSecurityGroupId(stack, 'SG', 'sg-123456789', { + allowAllOutbound: false + }) + }); + + fs.connections.allowToAnyIpv4(ec2.Port.tcp(443)); + + // THEN + expectCDK(stack).to(haveResource('AWS::EC2::SecurityGroupEgress', { + GroupId: 'sg-123456789', + })); +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-efs/test/efs.test.ts b/packages/@aws-cdk/aws-efs/test/efs.test.ts deleted file mode 100644 index e394ef336bfb4..0000000000000 --- a/packages/@aws-cdk/aws-efs/test/efs.test.ts +++ /dev/null @@ -1,6 +0,0 @@ -import '@aws-cdk/assert/jest'; -import {} from '../lib'; - -test('No tests are specified for this package', () => { - expect(true).toBe(true); -}); From dfdbfc64c521e1603db273d0901abd6d280a625c Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2020 18:26:45 +0000 Subject: [PATCH 04/42] chore(prlint): exclude package cfnspec from expecting changes to README (#6600) Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- tools/prlint/index.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/prlint/index.js b/tools/prlint/index.js index 2db9b2a547ea4..7e4212d1ef9ea 100755 --- a/tools/prlint/index.js +++ b/tools/prlint/index.js @@ -22,6 +22,10 @@ function createGitHubClient() { return new GitHub({'token': token}); } +function isPkgCfnspec(issue) { + return issue.title.indexOf("(cfnspec)") > -1; +} + function isFeature(issue) { return issue.title.startsWith("feat") } @@ -39,7 +43,7 @@ function readmeChanged(files) { } function featureContainsReadme(issue, files) { - if (isFeature(issue) && !readmeChanged(files)) { + if (isFeature(issue) && !readmeChanged(files) && !isPkgCfnspec(issue)) { throw new LinterError("Features must contain a change to a README file"); }; }; From 79f70c96c3fa7604a1eaf5abbd5c816845b3178a Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2020 20:56:19 +0000 Subject: [PATCH 05/42] chore(deps): bump aws-sdk from 2.633.0 to 2.634.0 (#6604) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.633.0 to 2.634.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.633.0...v2.634.0) Signed-off-by: dependabot-preview[bot] --- packages/@aws-cdk/aws-cloudfront/package.json | 2 +- packages/@aws-cdk/aws-cloudtrail/package.json | 2 +- packages/@aws-cdk/aws-codebuild/package.json | 2 +- packages/@aws-cdk/aws-codecommit/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-route53/package.json | 2 +- packages/@aws-cdk/aws-sqs/package.json | 2 +- packages/@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- yarn.lock | 8 ++++---- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/package.json b/packages/@aws-cdk/aws-cloudfront/package.json index 3f2286857b2c4..9d5e62c7f4194 100644 --- a/packages/@aws-cdk/aws-cloudfront/package.json +++ b/packages/@aws-cdk/aws-cloudfront/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-cloudtrail/package.json b/packages/@aws-cdk/aws-cloudtrail/package.json index 19eebb6179e6f..8dc324a789c65 100644 --- a/packages/@aws-cdk/aws-cloudtrail/package.json +++ b/packages/@aws-cdk/aws-cloudtrail/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index 2c0d5f565455f..9cc6a90e66e13 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -70,7 +70,7 @@ "@aws-cdk/aws-sns": "0.0.0", "@aws-cdk/aws-sqs": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codecommit/package.json b/packages/@aws-cdk/aws-codecommit/package.json index cb63fe15a0dc6..15a8ed670e9f4 100644 --- a/packages/@aws-cdk/aws-codecommit/package.json +++ b/packages/@aws-cdk/aws-codecommit/package.json @@ -70,7 +70,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 9be9c2acab9cf..ad1e6435cd970 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index f16dc3017211e..97de559591bd2 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index e4fcd21da00df..5b6de1712e8fe 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -86,7 +86,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index 16d3ad42e8daf..33cbac5981a42 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -71,7 +71,7 @@ "@types/lodash": "^4.14.149", "@types/nodeunit": "^0.0.30", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-route53/package.json b/packages/@aws-cdk/aws-route53/package.json index e804aa8a2ed98..cc500cdb9e753 100644 --- a/packages/@aws-cdk/aws-route53/package.json +++ b/packages/@aws-cdk/aws-route53/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-sqs/package.json b/packages/@aws-cdk/aws-sqs/package.json index 71a9a34217d58..31ae40fb2b228 100644 --- a/packages/@aws-cdk/aws-sqs/package.json +++ b/packages/@aws-cdk/aws-sqs/package.json @@ -65,7 +65,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index 7ded8beac3ef4..73a998d65fbb1 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -73,7 +73,7 @@ "@types/aws-lambda": "^8.10.39", "@types/fs-extra": "^8.1.0", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index c1ef0880c55c7..8cf79ed4ac0af 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -71,7 +71,7 @@ "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "camelcase": "^5.3.1", "colors": "^1.4.0", "decamelize": "^4.0.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index f6e8565aa6d89..783d669defae9 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -42,7 +42,7 @@ "dependencies": { "@aws-cdk/cdk-assets-schema": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.633.0", + "aws-sdk": "^2.634.0", "glob": "^7.1.6", "yargs": "^15.2.0" }, diff --git a/yarn.lock b/yarn.lock index 01cf1f4f0fa85..86a450009c537 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2646,10 +2646,10 @@ aws-sdk-mock@^5.0.0: sinon "^8.0.1" traverse "^0.6.6" -aws-sdk@^2.596.0, aws-sdk@^2.633.0: - version "2.633.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.633.0.tgz#3bdb8ec2671884025e9f64fdfa2c0af3cc663118" - integrity sha512-C28/GefIQ+Dk1hjPQrpG1Yt9RdvqeFMP4nb6iActanoGq5JTSJU9103ukpBzrHz96fvjhIRogrvfOhDKubbcjw== +aws-sdk@^2.596.0, aws-sdk@^2.634.0: + version "2.634.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.634.0.tgz#95077c191107b9cb696e922b06e79949dcd13434" + integrity sha512-cZfRD7bcKBHOLoHUJuqB9xaLs/z1/xsc9zfGLIzyuxKLJa7Z0pxy8Y/0GrhWO98yXLBvLLET7btj2iDI2oWWhQ== dependencies: buffer "4.9.1" events "1.1.1" From db111afe25a24d259a08a29b7530afbbebc39351 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2020 22:16:28 +0000 Subject: [PATCH 06/42] docs(TRACKING): update tracking issue template (#6606) * add ROADMAP.md and update README.md to link to ROADMAP * fix some errant spaces * Added module maturity section and moved the API reference link to the Implementation section --- .github/ISSUE_TEMPLATE/tracking.md | 9 +++- README.md | 10 +++- ROADMAP.md | 86 ++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 ROADMAP.md diff --git a/.github/ISSUE_TEMPLATE/tracking.md b/.github/ISSUE_TEMPLATE/tracking.md index 0b7af0fdc1547..f01cf2969bb9a 100644 --- a/.github/ISSUE_TEMPLATE/tracking.md +++ b/.github/ISSUE_TEMPLATE/tracking.md @@ -21,7 +21,13 @@ service’s CDK Construct Library API reference page. [AWS Docs](url) -[CDK API Reference](url) + +### Maturity: CloudFormation Resources Only + + +See the [AWS Construct Library Module Lifecycle doc](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0107-construct-library-module-lifecycle.md) for more information about maturity levels. ### Implementation: @@ -31,6 +37,7 @@ Checklist of use cases, constructs, features (such as grant methods) that will s - [ ] - [ ] --> +[CDK API Reference](url) diff --git a/README.md b/README.md index 34fdaf211c532..d3cab200be3b9 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,8 @@ The CDK is available in the following languages: [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html) | [Examples](https://github.com/aws-samples/aws-cdk-examples) | [Getting Help](#getting-help) | -[RFCs](https://github.com/aws/aws-cdk-rfcs) +[RFCs](https://github.com/aws/aws-cdk-rfcs) | +[Roadmap](https://github.com/aws/aws-cdk/ROADMAP.md) Developers use the [CDK framework] in one of the supported programming languages to define reusable cloud components called [constructs], which @@ -122,6 +123,13 @@ We welcome community contributions and pull requests. See [CONTRIBUTING](./CONTRIBUTING.md) for information on how to set up a development environment and submit code. +## Roadmap + +The [AWS CDK Roadmap project board] lets developers know about our upcoming features and priorities to help them plan how to best leverage the CDK and identify opportunities to contribute to the project. See [ROADMAP] for more information and FAQs. + +[AWS CDK Roadmap project board]: https://github.com/orgs/aws/projects/7 +[Roadmap]: (https://github.com/aws/aws-cdk/ROADMAP.md) + ## License The AWS CDK is distributed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/ROADMAP.md b/ROADMAP.md new file mode 100644 index 0000000000000..8a8a1f18c6181 --- /dev/null +++ b/ROADMAP.md @@ -0,0 +1,86 @@ +# AWS CDK Roadmap + +The [AWS CDK Roadmap] lets developers know about our upcoming features and priorities to help them plan how to best leverage the CDK and identify opportunities to contribute to the project. The roadmap provides a high-level view of our work in progress across the [aws-cdk], [aws-cdk-rfcs], and [jsii] repositories, and creates an opportunity for customers to engage in a conversation with AWS CDK engineers to give us direct feedback. + +[AWS CDK Roadmap]: https://github.com/orgs/aws/projects/7 +[aws-cdk]: https://github.com/aws/aws-cdk +[aws-cdk-rfcs]: https://github.com/aws/aws-cdk-rfcs +[jsii]: https://github.com/aws/jsii + +## Roadmap FAQs + +**Q: How do you manage the roadmap?** + +A: We know that our customers are making decisions and plans based on what we +are developing, and we want to provide the information they need to be successful. Our roadmap management tenets are: + +* **Be transparent** with customers about the AWS CDK team’s work in progress +* **Listen to customers,** allowing them to participate in design decisions and to vote on and propose new AWS CDK + features. We will periodically re-prioritize the roadmap based on customer feedback +* **Stay up-to-date,** or we will lose customer trust +* **Provide the right level of detail** so customers can easily see what we’re working on at a glance, without being + overwhelmed by minutiae +* **Guide the community** on what AWS CDK constructs or features to contribute without the risk of conflicting with work + already in progress + +**Q: What do the roadmap project board columns mean?** + +A: There are four columns on the roadmap project board: + +* **Researching** - We’re thinking about it, but cannot commit if, or when, we will work on items in this list. + This means we are still designing the feature and evaluating how it might work. This is the phase when we collect + customer use cases and feedback on how they want to see something implemented. There is no firm commitment to deliver + functionality listed in the Researching column, and there might be situations that require us to move items from the + roadmap back to the backlog. +* **We’re working on it** - In progress, but further out. We have made an implied commitment to work on items in this + bucket, they have some level of design spec’ed out, and a developer assigned to them. Items might linger in this + bucket as we work through the implementation details, or scope stuff out. Think several months out until a developer + preview release, give or take. +* **Developer preview** - It’s available now as a release candidate. Items will spend extended periods of time in + developer preview as we conduct user acceptance testing and accumulate sufficient usage to declare the API stable and + ready for general availability. We will only make breaking changes to developer preview modules when we need to address unforeseen use cases or issues. Not all + features, such as enhancements to the CDK CLI, will have a developer preview phase. In these cases the tracking issue + is moved directly to the Shipped bucket when released. +* **Shipped** - It’s available now, fully supported by AWS, and we guarantee the API is stable and safe to use in + production. + +**Q: How do items on the roadmap move across the project board?** + +A: The [AWS Construct Library module lifecycle +document](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0107-construct-library-module-lifecycle.md) describes how +we graduate packages from experimental, to developer preview, to generally available. + +**Q: Why are there no dates on this roadmap?** + +A: Security and operational stability are our main priority and we will not ship a feature until these criteria are met, +therefore we generally don’t provide specific target dates for releases. + +**Q: Is every feature on the roadmap?** + +A: The AWS Cloud Development Kit roadmap provides transparency on our priority for adding new programming languages, +developer experience improvements, and service coverage in the AWS Construct Library. The AWS CDK toolkit and AWS +Construct Library are such a large surface areas we are intentionally keeping the roadmap at a high-level, so not every +CDK feature request will appear on the roadmap. Instead, the roadmap will include a tracking issue +for each deliverable that provides a feature overview and contains links to relevant, more granular issues and pull +requests. If you want to track the status of a specific issue or pull request, you can do so by monitoring that work +item in the [aws-cdk] GitHub repository. + +**Q: What is a tracking issue?** + +A: We create a tracking issue for each CDK feature, AWS Construct Library module, and jsii-supported programming language. Tracking issues provide a brief summary of the feature and a consolidated view of the work scoped for the release. They include links to design documentation, implementation details, and relevant issues. Tracking issues are living documents that start from a basic template and grow more robust over time as we experiment and learn. You can easily find tracking issues by filtering on the [management/tracking label](https://github.com/aws/aws-cdk/labels/management%2Ftracking). + +**Q: How can I provide feedback on the roadmap or ask for more information about a feature?** + +A: Please open an issue! + +**Q: How can I request a feature be added to the roadmap?** + +A: Please open an issue! Community submitted issues will be tagged “feature-request” and will be reviewed by the team. + +**Q: Can I “+1” tracking issues and feature requests?** + +A: We strongly encourage you to do so, as it helps us understand which issues will have the broadest impact. You can navigate to the issue details page and add a reaction. There are six types of reactions (thumbs up “+1”, thumbs down “-1”, confused, heart, watching, laugh, and hooray) you can use to help us decide which items will benefit you most. + +**Q: Will you accept a pull request to the aws-cdk repo?** + +A: Yes! We take PRs very seriously and will review for inclusion. You can read how to contribute to the CDK [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md). From ee3a5300eb9ec44b12fec6c70ad018f42e182859 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Fri, 6 Mar 2020 17:22:38 +0100 Subject: [PATCH 07/42] feat(cfnspec): cloudformation spec v11.3.0 (#6598) see CHANGELOG --- packages/@aws-cdk/cfnspec/CHANGELOG.md | 62 ++++ .../@aws-cdk/cfnspec/build-tools/build.ts | 26 +- packages/@aws-cdk/cfnspec/cfn.version | 2 +- ...0_CloudFormationResourceSpecification.json | 302 +++++++++++++++++- .../cfnspec/spec-source/000_sam.spec.json | 18 ++ .../@aws-cdk/cfnspec/test/spec-validators.ts | 2 +- packages/@aws-cdk/cfnspec/test/test.build.ts | 68 ++++ packages/decdk/package.json | 2 +- packages/monocdk-experiment/package.json | 2 +- 9 files changed, 477 insertions(+), 7 deletions(-) create mode 100644 packages/@aws-cdk/cfnspec/test/test.build.ts diff --git a/packages/@aws-cdk/cfnspec/CHANGELOG.md b/packages/@aws-cdk/cfnspec/CHANGELOG.md index 22bc1db55fe29..7f7739c0490f4 100644 --- a/packages/@aws-cdk/cfnspec/CHANGELOG.md +++ b/packages/@aws-cdk/cfnspec/CHANGELOG.md @@ -1,3 +1,65 @@ +# CloudFormation Resource Specification v11.3.0 + +## New Resource Types + +* AWS::CloudWatch::CompositeAlarm + +## Attribute Changes + +* AWS::AppMesh::Mesh MeshOwner (__added__) +* AWS::AppMesh::Mesh ResourceOwner (__added__) +* AWS::AppMesh::Route MeshOwner (__added__) +* AWS::AppMesh::Route ResourceOwner (__added__) +* AWS::AppMesh::VirtualNode MeshOwner (__added__) +* AWS::AppMesh::VirtualNode ResourceOwner (__added__) +* AWS::AppMesh::VirtualRouter MeshOwner (__added__) +* AWS::AppMesh::VirtualRouter ResourceOwner (__added__) +* AWS::AppMesh::VirtualService MeshOwner (__added__) +* AWS::AppMesh::VirtualService ResourceOwner (__added__) + +## Property Changes + + +## Property Type Changes + +* AWS::AppMesh::VirtualNode.BackendDefaults (__added__) +* AWS::AppMesh::VirtualNode.ClientPolicy (__added__) +* AWS::AppMesh::VirtualNode.ClientPolicyTls (__added__) +* AWS::AppMesh::VirtualNode.ListenerTls (__added__) +* AWS::AppMesh::VirtualNode.ListenerTlsAcmCertificate (__added__) +* AWS::AppMesh::VirtualNode.ListenerTlsCertificate (__added__) +* AWS::AppMesh::VirtualNode.ListenerTlsFileCertificate (__added__) +* AWS::AppMesh::VirtualNode.TlsValidationContext (__added__) +* AWS::AppMesh::VirtualNode.TlsValidationContextAcmTrust (__added__) +* AWS::AppMesh::VirtualNode.TlsValidationContextFileTrust (__added__) +* AWS::AppMesh::VirtualNode.TlsValidationContextTrust (__added__) +* AWS::Greengrass::ResourceDefinition.ResourceDownloadOwnerSetting (__added__) +* AWS::Greengrass::ResourceDefinitionVersion.ResourceDownloadOwnerSetting (__added__) +* AWS::AppMesh::VirtualNode.Listener TLS (__added__) +* AWS::AppMesh::VirtualNode.VirtualNodeSpec BackendDefaults (__added__) +* AWS::AppMesh::VirtualNode.VirtualServiceBackend ClientPolicy (__added__) +* AWS::Greengrass::ResourceDefinition.S3MachineLearningModelResourceData OwnerSetting (__added__) +* AWS::Greengrass::ResourceDefinition.SageMakerMachineLearningModelResourceData OwnerSetting (__added__) +* AWS::Greengrass::ResourceDefinitionVersion.S3MachineLearningModelResourceData OwnerSetting (__added__) +* AWS::Greengrass::ResourceDefinitionVersion.SageMakerMachineLearningModelResourceData OwnerSetting (__added__) + +# Serverless Application Model (SAM) Resource Specification v2016-10-31 + +## New Resource Types + + +## Attribute Changes + + +## Property Changes + + +## Property Type Changes + +* AWS::Serverless::Function.CloudWatchLogsEvent (__added__) +* AWS::Serverless::Function.EventSource Properties.Types (__changed__) + * Added CloudWatchLogsEvent + # CloudFormation Resource Specification v11.1.0 ## New Resource Types diff --git a/packages/@aws-cdk/cfnspec/build-tools/build.ts b/packages/@aws-cdk/cfnspec/build-tools/build.ts index d65f2f53fe6a4..5b2910f12d7c4 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/build.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/build.ts @@ -26,8 +26,7 @@ async function main() { } } - detectScrutinyTypes(spec); - replaceIncompleteTypes(spec); + massageSpec(spec); spec.Fingerprint = md5(JSON.stringify(normalize(spec))); @@ -36,6 +35,12 @@ async function main() { await fs.writeJson(path.join(outDir, 'specification.json'), spec, { spaces: 2 }); } +export function massageSpec(spec: schema.Specification) { + detectScrutinyTypes(spec); + replaceIncompleteTypes(spec); + dropTypelessAttributes(spec); +} + function forEachSection(spec: schema.Specification, data: any, cb: (spec: any, fragment: any, path: string[]) => void) { cb(spec.PropertyTypes, data.PropertyTypes, ['PropertyTypes']); cb(spec.ResourceTypes, data.ResourceTypes, ['ResourceTypes']); @@ -74,6 +79,23 @@ function replaceIncompleteTypes(spec: schema.Specification) { } } +/** + * Drop Attributes specified with the different ResourceTypes that have + * no type specified. + */ +function dropTypelessAttributes(spec: schema.Specification) { + const resourceTypes = spec.ResourceTypes; + Object.values(resourceTypes).forEach((resourceType) => { + const attributes = resourceType.Attributes ?? {}; + Object.keys(attributes).forEach((attrKey) => { + const attrVal = attributes[attrKey]; + if (Object.keys(attrVal).length === 0) { + delete attributes[attrKey]; + } + }); + }); +} + function merge(spec: any, fragment: any, jsonPath: string[]) { if (!fragment) { return; } for (const key of Object.keys(fragment)) { diff --git a/packages/@aws-cdk/cfnspec/cfn.version b/packages/@aws-cdk/cfnspec/cfn.version index 68d8f15e23cf5..f628d2eafc5e5 100644 --- a/packages/@aws-cdk/cfnspec/cfn.version +++ b/packages/@aws-cdk/cfnspec/cfn.version @@ -1 +1 @@ -11.1.0 +11.3.0 diff --git a/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json b/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json index 00eda8574624a..2284434892c24 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json +++ b/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json @@ -2068,6 +2068,52 @@ } } }, + "AWS::AppMesh::VirtualNode.BackendDefaults": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-backenddefaults.html", + "Properties": { + "ClientPolicy": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-backenddefaults.html#cfn-appmesh-virtualnode-backenddefaults-clientpolicy", + "Required": false, + "Type": "ClientPolicy", + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.ClientPolicy": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-clientpolicy.html", + "Properties": { + "TLS": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-clientpolicy.html#cfn-appmesh-virtualnode-clientpolicy-tls", + "Required": false, + "Type": "ClientPolicyTls", + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.ClientPolicyTls": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-clientpolicytls.html", + "Properties": { + "Enforce": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-clientpolicytls.html#cfn-appmesh-virtualnode-clientpolicytls-enforce", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "Ports": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-clientpolicytls.html#cfn-appmesh-virtualnode-clientpolicytls-ports", + "PrimitiveItemType": "Integer", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "Validation": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-clientpolicytls.html#cfn-appmesh-virtualnode-clientpolicytls-validation", + "Required": true, + "Type": "TlsValidationContext", + "UpdateType": "Mutable" + } + } + }, "AWS::AppMesh::VirtualNode.DnsServiceDiscovery": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-dnsservicediscovery.html", "Properties": { @@ -2151,6 +2197,74 @@ "Required": true, "Type": "PortMapping", "UpdateType": "Mutable" + }, + "TLS": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listener.html#cfn-appmesh-virtualnode-listener-tls", + "Required": false, + "Type": "ListenerTls", + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.ListenerTls": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertls.html", + "Properties": { + "Certificate": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertls.html#cfn-appmesh-virtualnode-listenertls-certificate", + "Required": true, + "Type": "ListenerTlsCertificate", + "UpdateType": "Mutable" + }, + "Mode": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertls.html#cfn-appmesh-virtualnode-listenertls-mode", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.ListenerTlsAcmCertificate": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlsacmcertificate.html", + "Properties": { + "CertificateArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlsacmcertificate.html#cfn-appmesh-virtualnode-listenertlsacmcertificate-certificatearn", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.ListenerTlsCertificate": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlscertificate.html", + "Properties": { + "ACM": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlscertificate.html#cfn-appmesh-virtualnode-listenertlscertificate-acm", + "Required": false, + "Type": "ListenerTlsAcmCertificate", + "UpdateType": "Mutable" + }, + "File": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlscertificate.html#cfn-appmesh-virtualnode-listenertlscertificate-file", + "Required": false, + "Type": "ListenerTlsFileCertificate", + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.ListenerTlsFileCertificate": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlsfilecertificate.html", + "Properties": { + "CertificateChain": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlsfilecertificate.html#cfn-appmesh-virtualnode-listenertlsfilecertificate-certificatechain", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + }, + "PrivateKey": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-listenertlsfilecertificate.html#cfn-appmesh-virtualnode-listenertlsfilecertificate-privatekey", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" } } }, @@ -2199,9 +2313,66 @@ } } }, + "AWS::AppMesh::VirtualNode.TlsValidationContext": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontext.html", + "Properties": { + "Trust": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontext.html#cfn-appmesh-virtualnode-tlsvalidationcontext-trust", + "Required": true, + "Type": "TlsValidationContextTrust", + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.TlsValidationContextAcmTrust": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontextacmtrust.html", + "Properties": { + "CertificateAuthorityArns": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontextacmtrust.html#cfn-appmesh-virtualnode-tlsvalidationcontextacmtrust-certificateauthorityarns", + "PrimitiveItemType": "String", + "Required": true, + "Type": "List", + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.TlsValidationContextFileTrust": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontextfiletrust.html", + "Properties": { + "CertificateChain": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontextfiletrust.html#cfn-appmesh-virtualnode-tlsvalidationcontextfiletrust-certificatechain", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + } + } + }, + "AWS::AppMesh::VirtualNode.TlsValidationContextTrust": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontexttrust.html", + "Properties": { + "ACM": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontexttrust.html#cfn-appmesh-virtualnode-tlsvalidationcontexttrust-acm", + "Required": false, + "Type": "TlsValidationContextAcmTrust", + "UpdateType": "Mutable" + }, + "File": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontexttrust.html#cfn-appmesh-virtualnode-tlsvalidationcontexttrust-file", + "Required": false, + "Type": "TlsValidationContextFileTrust", + "UpdateType": "Mutable" + } + } + }, "AWS::AppMesh::VirtualNode.VirtualNodeSpec": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-virtualnodespec.html", "Properties": { + "BackendDefaults": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-virtualnodespec.html#cfn-appmesh-virtualnode-virtualnodespec-backenddefaults", + "Required": false, + "Type": "BackendDefaults", + "UpdateType": "Mutable" + }, "Backends": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-virtualnodespec.html#cfn-appmesh-virtualnode-virtualnodespec-backends", "ItemType": "Backend", @@ -2233,6 +2404,12 @@ "AWS::AppMesh::VirtualNode.VirtualServiceBackend": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-virtualservicebackend.html", "Properties": { + "ClientPolicy": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-virtualservicebackend.html#cfn-appmesh-virtualnode-virtualservicebackend-clientpolicy", + "Required": false, + "Type": "ClientPolicy", + "UpdateType": "Mutable" + }, "VirtualServiceName": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-virtualservicebackend.html#cfn-appmesh-virtualnode-virtualservicebackend-virtualservicename", "PrimitiveType": "String", @@ -17649,6 +17826,23 @@ } } }, + "AWS::Greengrass::ResourceDefinition.ResourceDownloadOwnerSetting": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-resourcedownloadownersetting.html", + "Properties": { + "GroupOwner": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-resourcedownloadownersetting.html#cfn-greengrass-resourcedefinition-resourcedownloadownersetting-groupowner", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "GroupPermission": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-resourcedownloadownersetting.html#cfn-greengrass-resourcedefinition-resourcedownloadownersetting-grouppermission", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + } + } + }, "AWS::Greengrass::ResourceDefinition.ResourceInstance": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-resourceinstance.html", "Properties": { @@ -17681,6 +17875,12 @@ "Required": true, "UpdateType": "Immutable" }, + "OwnerSetting": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-s3machinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinition-s3machinelearningmodelresourcedata-ownersetting", + "Required": false, + "Type": "ResourceDownloadOwnerSetting", + "UpdateType": "Immutable" + }, "S3Uri": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-s3machinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinition-s3machinelearningmodelresourcedata-s3uri", "PrimitiveType": "String", @@ -17698,6 +17898,12 @@ "Required": true, "UpdateType": "Immutable" }, + "OwnerSetting": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-sagemakermachinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinition-sagemakermachinelearningmodelresourcedata-ownersetting", + "Required": false, + "Type": "ResourceDownloadOwnerSetting", + "UpdateType": "Immutable" + }, "SageMakerJobArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinition-sagemakermachinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinition-sagemakermachinelearningmodelresourcedata-sagemakerjobarn", "PrimitiveType": "String", @@ -17816,6 +18022,23 @@ } } }, + "AWS::Greengrass::ResourceDefinitionVersion.ResourceDownloadOwnerSetting": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-resourcedownloadownersetting.html", + "Properties": { + "GroupOwner": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-resourcedownloadownersetting.html#cfn-greengrass-resourcedefinitionversion-resourcedownloadownersetting-groupowner", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "GroupPermission": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-resourcedownloadownersetting.html#cfn-greengrass-resourcedefinitionversion-resourcedownloadownersetting-grouppermission", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + } + } + }, "AWS::Greengrass::ResourceDefinitionVersion.ResourceInstance": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-resourceinstance.html", "Properties": { @@ -17848,6 +18071,12 @@ "Required": true, "UpdateType": "Immutable" }, + "OwnerSetting": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-s3machinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinitionversion-s3machinelearningmodelresourcedata-ownersetting", + "Required": false, + "Type": "ResourceDownloadOwnerSetting", + "UpdateType": "Immutable" + }, "S3Uri": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-s3machinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinitionversion-s3machinelearningmodelresourcedata-s3uri", "PrimitiveType": "String", @@ -17865,6 +18094,12 @@ "Required": true, "UpdateType": "Immutable" }, + "OwnerSetting": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-sagemakermachinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinitionversion-sagemakermachinelearningmodelresourcedata-ownersetting", + "Required": false, + "Type": "ResourceDownloadOwnerSetting", + "UpdateType": "Immutable" + }, "SageMakerJobArn": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-resourcedefinitionversion-sagemakermachinelearningmodelresourcedata.html#cfn-greengrass-resourcedefinitionversion-sagemakermachinelearningmodelresourcedata-sagemakerjobarn", "PrimitiveType": "String", @@ -29912,7 +30147,7 @@ } } }, - "ResourceSpecificationVersion": "11.1.0", + "ResourceSpecificationVersion": "11.3.0", "ResourceTypes": { "AWS::ACMPCA::Certificate": { "Attributes": { @@ -32149,6 +32384,8 @@ "MeshName": { "PrimitiveType": "String" }, + "MeshOwner": {}, + "ResourceOwner": {}, "Uid": { "PrimitiveType": "String" } @@ -32184,6 +32421,8 @@ "MeshName": { "PrimitiveType": "String" }, + "MeshOwner": {}, + "ResourceOwner": {}, "RouteName": { "PrimitiveType": "String" }, @@ -32237,6 +32476,8 @@ "MeshName": { "PrimitiveType": "String" }, + "MeshOwner": {}, + "ResourceOwner": {}, "Uid": { "PrimitiveType": "String" }, @@ -32281,6 +32522,8 @@ "MeshName": { "PrimitiveType": "String" }, + "MeshOwner": {}, + "ResourceOwner": {}, "Uid": { "PrimitiveType": "String" }, @@ -32325,6 +32568,8 @@ "MeshName": { "PrimitiveType": "String" }, + "MeshOwner": {}, + "ResourceOwner": {}, "Uid": { "PrimitiveType": "String" }, @@ -34521,6 +34766,61 @@ } } }, + "AWS::CloudWatch::CompositeAlarm": { + "Attributes": { + "Arn": { + "PrimitiveType": "String" + } + }, + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html", + "Properties": { + "ActionsEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-actionsenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "AlarmActions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-alarmactions", + "PrimitiveItemType": "String", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "AlarmDescription": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-alarmdescription", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "AlarmName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-alarmname", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "AlarmRule": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-alarmrule", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Mutable" + }, + "InsufficientDataActions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-insufficientdataactions", + "PrimitiveItemType": "String", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "OKActions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html#cfn-cloudwatch-compositealarm-okactions", + "PrimitiveItemType": "String", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + } + } + }, "AWS::CloudWatch::Dashboard": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-dashboard.html", "Properties": { diff --git a/packages/@aws-cdk/cfnspec/spec-source/000_sam.spec.json b/packages/@aws-cdk/cfnspec/spec-source/000_sam.spec.json index 4605ed2151a38..2dd18618067a8 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/000_sam.spec.json +++ b/packages/@aws-cdk/cfnspec/spec-source/000_sam.spec.json @@ -178,6 +178,23 @@ } } }, + "AWS::Serverless::Function.CloudWatchLogsEvent": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#cloudwatchevent", + "Properties": { + "FilterPattern": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#cloudwatchlogs", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "LogGroupName": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#cloudwatchlogs", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + } + } + }, "AWS::Serverless::Function.CollectionSAMPT": { "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/docs/policy_templates.rst", "Properties": { @@ -302,6 +319,7 @@ "ApiEvent", "ScheduleEvent", "CloudWatchEventEvent", + "CloudWatchLogsEvent", "IoTRuleEvent", "AlexaSkillEvent" ], diff --git a/packages/@aws-cdk/cfnspec/test/spec-validators.ts b/packages/@aws-cdk/cfnspec/test/spec-validators.ts index 04fd388210fba..7506d5e1da77d 100644 --- a/packages/@aws-cdk/cfnspec/test/spec-validators.ts +++ b/packages/@aws-cdk/cfnspec/test/spec-validators.ts @@ -120,7 +120,7 @@ function validateAttributes(typeName: string, specification: schema.Specification) { for (const name of Object.keys(attributes)) { const attribute = attributes[name]; - test.ok(('Type' in attribute) !== ('PrimitiveType' in attribute)); + test.ok(('Type' in attribute) !== ('PrimitiveType' in attribute), 'One of, and only one of, Type or PrimitiveType must be present'); if (schema.isPrimitiveAttribute(attribute)) { test.ok(!schema.isListAttribute(attribute), `${typeName}.Attributes.${name} is only a Primitive type`); test.ok(schema.isPrimitiveType(attribute.PrimitiveType), `${typeName}.Attributes.${name} has a valid PrimitiveType`); diff --git a/packages/@aws-cdk/cfnspec/test/test.build.ts b/packages/@aws-cdk/cfnspec/test/test.build.ts new file mode 100644 index 0000000000000..ba7364b7075d8 --- /dev/null +++ b/packages/@aws-cdk/cfnspec/test/test.build.ts @@ -0,0 +1,68 @@ +import { Test } from 'nodeunit'; +import { massageSpec } from '../build-tools/build'; +import { schema } from '../lib'; + +export = { + 'dropTypelessAttributes works correctly'(test: Test) { + const spec: schema.Specification = { + Fingerprint: 'some-fingerprint', + PropertyTypes: { + 'CDK::Test::Property': { + Properties: { + Type: ({ + PrimitiveType: "String", + } as schema.ScalarProperty), // ts is being weird and doesn't correctly match the type + }, + } + }, + ResourceTypes: { + 'CDK::Test::Resource': { + Attributes: { + Attribute1: ({ + PrimitiveType: 'String' + } as schema.PrimitiveAttribute), // ts is being weird and doesn't correctly match the type + Attribute2: ({} as schema.PrimitiveAttribute), + }, + Documentation: "https://documentation-url/cdk/test/resource", + Properties: { + ResourceArn: ({ + PrimitiveType: "String", + } as schema.PrimitiveProperty), // ts is being weird and doesn't correctly match the type + } + } + } + }; + + massageSpec(spec); + + test.deepEqual(spec, { + Fingerprint: 'some-fingerprint', + PropertyTypes: { + 'CDK::Test::Property': { + Properties: { + Type: ({ + PrimitiveType: "String", + } as schema.ScalarProperty), // ts is being weird and doesn't correctly match the type + }, + } + }, + ResourceTypes: { + 'CDK::Test::Resource': { + Attributes: { + Attribute1: ({ + PrimitiveType: 'String' + }), + }, + Documentation: "https://documentation-url/cdk/test/resource", + Properties: { + ResourceArn: { + PrimitiveType: "String", + }, + } + } + } + }); + + test.done(); + } +}; diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 67557c0f9ab45..310ed6c10618e 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -185,4 +185,4 @@ "engines": { "node": ">= 8.10.0" } -} \ No newline at end of file +} diff --git a/packages/monocdk-experiment/package.json b/packages/monocdk-experiment/package.json index 905fc3009d753..b2c4fb659b230 100644 --- a/packages/monocdk-experiment/package.json +++ b/packages/monocdk-experiment/package.json @@ -164,4 +164,4 @@ "engines": { "node": ">= 10.3.0" } -} \ No newline at end of file +} From 4e813345b62c0db73b0c2116d5592ebcb9def3d2 Mon Sep 17 00:00:00 2001 From: andrestone Date: Fri, 6 Mar 2020 21:11:17 +0100 Subject: [PATCH 08/42] fix(batch): managed compute environment now properly works with compute resources and instanceRole has correct docstring and type definition (#6549) --- .../aws-batch/lib/compute-environment.ts | 93 +++++---- .../test/compute-environment.test.ts | 57 +++--- .../aws-batch/test/integ.batch.expected.json | 178 ++++++++++++++++-- .../@aws-cdk/aws-batch/test/integ.batch.ts | 10 +- .../@aws-cdk/aws-batch/test/job-queue.test.ts | 4 +- 5 files changed, 254 insertions(+), 88 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts index 663d806f0fff7..39054245acb5c 100644 --- a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts +++ b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts @@ -51,11 +51,33 @@ export enum AllocationStrategy { */ export interface ComputeResources { /** - * The IAM role applied to EC2 resources in the compute environment. + * The allocation strategy to use for the compute resource in case not enough instances of the best + * fitting instance type can be allocated. This could be due to availability of the instance type in + * the region or Amazon EC2 service limits. If this is not specified, the default for the EC2 + * ComputeResourceType is BEST_FIT, which will use only the best fitting instance type, waiting for + * additional capacity if it's not available. This allocation strategy keeps costs lower but can limit + * scaling. If you are using Spot Fleets with BEST_FIT then the Spot Fleet IAM Role must be specified. + * BEST_FIT_PROGRESSIVE will select an additional instance type that is large enough to meet the + * requirements of the jobs in the queue, with a preference for an instance type with a lower cost. + * The default value for the SPOT instance type is SPOT_CAPACITY_OPTIMIZED, which is only available for + * for this type of compute resources and will select an additional instance type that is large enough + * to meet the requirements of the jobs in the queue, with a preference for an instance type that is + * less likely to be interrupted. + * + * @default AllocationStrategy.BEST_FIT + */ + readonly allocationStrategy?: AllocationStrategy; + + /** + * The Amazon ECS instance profile applied to Amazon EC2 instances in a compute environment. You can specify + * the short name or full Amazon Resource Name (ARN) of an instance profile. For example, ecsInstanceRole or + * arn:aws:iam:::instance-profile/ecsInstanceRole . For more information, see Amazon ECS + * Instance Role in the AWS Batch User Guide. * * @default - a new role will be created. + * @link https://docs.aws.amazon.com/batch/latest/userguide/instance_IAM_role.html */ - readonly instanceRole?: iam.IRole; + readonly instanceRole?: string; /** * The types of EC2 instances that may be launched in the compute environment. You can specify instance @@ -70,7 +92,7 @@ export interface ComputeResources { /** * The EC2 security group(s) associated with instances launched in the compute environment. * - * @default AWS default security group. + * @default - AWS default security group. */ readonly securityGroups?: ec2.ISecurityGroup[]; @@ -133,7 +155,7 @@ export interface ComputeResources { * The EC2 key pair that is used for instances launched in the compute environment. * If no key is defined, then SSH access is not allowed to provisioned compute resources. * - * @default - No SSH access will be possible. + * @default - no SSH access will be possible. */ readonly ec2KeyPair?: string; @@ -169,40 +191,25 @@ export interface ComputeResources { * Properties for creating a new Compute Environment */ export interface ComputeEnvironmentProps { - /** - * The allocation strategy to use for the compute resource in case not enough instances ofthe best - * fitting instance type can be allocated. This could be due to availability of the instance type in - * the region or Amazon EC2 service limits. If this is not specified, the default is BEST_FIT, which - * will use only the best fitting instance type, waiting for additional capacity if it's not available. - * This allocation strategy keeps costs lower but can limit scaling. If you are using Spot Fleets with - * BEST_FIT then the Spot Fleet IAM Role must be specified. BEST_FIT_PROGRESSIVE will select an additional - * instance type that is large enough to meet the requirements of the jobs in the queue, with a preference - * for an instance type with a lower cost. SPOT_CAPACITY_OPTIMIZED is only available for Spot Instance - * compute resources and will select an additional instance type that is large enough to meet the requirements - * of the jobs in the queue, with a preference for an instance type that is less likely to be interrupted. - * - * @default AllocationStrategy.BEST_FIT - */ - readonly allocationStrategy?: AllocationStrategy; - /** * A name for the compute environment. * * Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. * - * @default Cloudformation-generated name + * @default - CloudFormation-generated name */ readonly computeEnvironmentName?: string; /** - * The details of the compute resources managed by this environment. + * The details of the required compute resources for the managed compute environment. * - * If specified, and this is an managed compute environment, the property will be ignored. + * If specified, and this is an unmanaged compute environment, will throw an error. * * By default, AWS Batch managed compute environments use a recent, approved version of the * Amazon ECS-optimized AMI for compute resources. * - * @default - AWS-managed compute resources + * @default - CloudFormation defaults + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-computeenvironment-computeresources.html */ readonly computeResources?: ComputeResources; @@ -302,19 +309,29 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment const spotFleetRole = this.getSpotFleetRole(props); let computeResources: CfnComputeEnvironment.ComputeResourcesProperty | undefined; - // Only allow compute resources to be set when using UNMANAGED type - if (props.computeResources && !this.isManaged(props)) { + // Only allow compute resources to be set when using MANAGED type + if (props.computeResources && this.isManaged(props)) { computeResources = { - allocationStrategy: props.allocationStrategy || AllocationStrategy.BEST_FIT, + allocationStrategy: props.computeResources.allocationStrategy + || ( + props.computeResources.type === ComputeResourceType.SPOT + ? AllocationStrategy.SPOT_CAPACITY_OPTIMIZED + : AllocationStrategy.BEST_FIT + ), bidPercentage: props.computeResources.bidPercentage, desiredvCpus: props.computeResources.desiredvCpus, ec2KeyPair: props.computeResources.ec2KeyPair, imageId: props.computeResources.image && props.computeResources.image.getImage(this).imageId, instanceRole: props.computeResources.instanceRole - ? props.computeResources.instanceRole.roleArn - : new iam.Role(this, 'Resource-Instance-Role', { - assumedBy: new iam.ServicePrincipal('batch.amazonaws.com'), - }).roleArn, + ? props.computeResources.instanceRole + : new iam.CfnInstanceProfile(this, 'Instance-Profile', { + roles: [ new iam.Role(this, 'Ecs-Instance-Role', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonEC2ContainerServiceforEC2Role') + ] + }).roleName] + }).attrArn, instanceTypes: this.buildInstanceTypes(props.computeResources.instanceTypes), maxvCpus: props.computeResources.maxvCpus || 256, minvCpus: props.computeResources.minvCpus || 0, @@ -338,7 +355,7 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment assumedBy: new iam.ServicePrincipal('batch.amazonaws.com'), }).roleArn, state: props.enabled === undefined ? 'ENABLED' : (props.enabled ? 'ENABLED' : 'DISABLED'), - type: this.isManaged(props) ? 'UNMANAGED' : 'MANAGED', + type: this.isManaged(props) ? 'MANAGED' : 'UNMANAGED', }); if (props.computeResources && props.computeResources.vpc) { @@ -365,12 +382,12 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment return; } - if (this.isManaged(props) && props.computeResources !== undefined) { - throw new Error('It is not allowed to set computeResources on an AWS managed compute environment'); + if (!this.isManaged(props) && props.computeResources !== undefined) { + throw new Error('It is not allowed to set computeResources on an AWS unmanaged compute environment'); } - if (!this.isManaged(props) && props.computeResources === undefined) { - throw new Error('computeResources is missing but required on an unmanaged compute environment'); + if (this.isManaged(props) && props.computeResources === undefined) { + throw new Error('computeResources is missing but required on a managed compute environment'); } // Setting a bid percentage is only allowed on SPOT resources + @@ -385,7 +402,7 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment } // SPOT_CAPACITY_OPTIMIZED allocation is not allowed - if (props.allocationStrategy && props.allocationStrategy === AllocationStrategy.SPOT_CAPACITY_OPTIMIZED) { + if (props.computeResources.allocationStrategy && props.computeResources.allocationStrategy === AllocationStrategy.SPOT_CAPACITY_OPTIMIZED) { throw new Error('The SPOT_CAPACITY_OPTIMIZED allocation strategy is only allowed if the environment is a SPOT type compute environment'); } } else { @@ -440,7 +457,7 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment * @param props - the compute environment construct properties */ private getSpotFleetRole(props: ComputeEnvironmentProps): iam.IRole | undefined { - if (props.allocationStrategy && props.allocationStrategy !== AllocationStrategy.BEST_FIT) { + if (props.computeResources?.allocationStrategy && props.computeResources.allocationStrategy !== AllocationStrategy.BEST_FIT) { return undefined; } diff --git a/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts b/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts index 18cd77e5f3b15..fcee90c1ef92f 100644 --- a/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts +++ b/packages/@aws-cdk/aws-batch/test/compute-environment.test.ts @@ -1,11 +1,11 @@ -import { expect, haveResource, haveResourceLike, ResourcePart } from '@aws-cdk/assert'; +import {expect, haveResource, haveResourceLike, ResourcePart} from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecs from '@aws-cdk/aws-ecs'; import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; -import { throws } from 'assert'; -import * as batch from '../lib'; +import {throws} from 'assert'; +import * as batch from "../lib"; describe('Batch Compute Evironment', () => { let expectedManagedDefaultComputeProps: any; @@ -34,7 +34,7 @@ describe('Batch Compute Evironment', () => { AllocationStrategy: batch.AllocationStrategy.BEST_FIT, InstanceRole: { 'Fn::GetAtt': [ - 'testcomputeenvResourceInstanceRole7FD819B9', + 'testcomputeenvInstanceProfileCBD87EAB', 'Arn' ] }, @@ -59,37 +59,39 @@ describe('Batch Compute Evironment', () => { }); describe('when validating props', () => { - test('should deny setting compute resources when using type managed', () => { + test('should deny setting compute resources when using type unmanaged', () => { // THEN throws(() => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { + managed: false, computeResources: { - vpc, + vpc }, }); }); }); - test('should deny if creating an unmanged environment with no provided compute resource props', () => { + test('should deny if creating a managed environment with no provided compute resource props', () => { // THEN throws(() => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, }); }); }); }); describe('using spot resources', () => { - test('should provide a spotfleet role if one is not given', () => { + test('should provide a spot fleet role if one is not given and allocationStrategy is BEST_FIT', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { type: batch.ComputeResourceType.SPOT, - vpc, + allocationStrategy: batch.AllocationStrategy.BEST_FIT, + vpc }, }); @@ -124,7 +126,7 @@ describe('Batch Compute Evironment', () => { throws(() => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, type: batch.ComputeResourceType.SPOT, @@ -139,7 +141,7 @@ describe('Batch Compute Evironment', () => { throws(() => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, type: batch.ComputeResourceType.SPOT, @@ -155,9 +157,9 @@ describe('Batch Compute Evironment', () => { test('renders the correct cloudformation properties', () => { // WHEN const props = { - allocationStrategy: batch.AllocationStrategy.BEST_FIT, computeEnvironmentName: 'my-test-compute-env', computeResources: { + allocationStrategy: batch.AllocationStrategy.BEST_FIT, vpc, computeResourcesTags: new cdk.Tag('foo', 'bar'), desiredvCpus: 1, @@ -166,9 +168,14 @@ describe('Batch Compute Evironment', () => { generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2, hardwareType: ecs.AmiHardwareType.STANDARD, }), - instanceRole: new iam.Role(stack, 'test-compute-env-instance-role', { - assumedBy: new iam.ServicePrincipal('batch.amazonaws.com'), - }), + instanceRole: new iam.CfnInstanceProfile(stack, 'Instance-Profile', { + roles: [ new iam.Role(stack, 'Ecs-Instance-Role', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonEC2ContainerServiceforEC2Role') + ] + }).roleName] + }).attrArn, instanceTypes: [ ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO), ], @@ -186,7 +193,7 @@ describe('Batch Compute Evironment', () => { }, } as batch.ComputeResources, enabled: false, - managed: false, + managed: true, }; new batch.ComputeEnvironment(stack, 'test-compute-env', props); @@ -211,7 +218,7 @@ describe('Batch Compute Evironment', () => { }, InstanceRole: { 'Fn::GetAtt': [ - props.computeResources.instanceRole ? `${props.computeResources.instanceRole.node.uniqueId}F3B86D94` : '', + props.computeResources.instanceRole ? "InstanceProfile" : '', 'Arn' ] }, @@ -251,7 +258,7 @@ describe('Batch Compute Evironment', () => { test('should default to a best_fit strategy', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, }, @@ -303,7 +310,7 @@ describe('Batch Compute Evironment', () => { test('should default to 0', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, }, @@ -323,7 +330,7 @@ describe('Batch Compute Evironment', () => { test('should default to 256', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, }, @@ -342,7 +349,7 @@ describe('Batch Compute Evironment', () => { test('should generate a role for me', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, }, @@ -358,7 +365,7 @@ describe('Batch Compute Evironment', () => { test('should default to optimal matching', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, }, @@ -377,7 +384,7 @@ describe('Batch Compute Evironment', () => { test('should default to EC2', () => { // WHEN new batch.ComputeEnvironment(stack, 'test-compute-env', { - managed: false, + managed: true, computeResources: { vpc, }, diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json b/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json index 7c367e0d37a08..936888ce29321 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json +++ b/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json @@ -514,7 +514,7 @@ } } }, - "batchmanagedcomputeenvResourceServiceInstanceRole3A9DC7D6": { + "batchunmanagedcomputeenvResourceServiceInstanceRoleCA40AF77": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -545,12 +545,12 @@ ] } }, - "batchmanagedcomputeenv1AA975A9": { + "batchunmanagedcomputeenvED550298": { "Type": "AWS::Batch::ComputeEnvironment", "Properties": { "ServiceRole": { "Fn::GetAtt": [ - "batchmanagedcomputeenvResourceServiceInstanceRole3A9DC7D6", + "batchunmanagedcomputeenvResourceServiceInstanceRoleCA40AF77", "Arn" ] }, @@ -558,7 +558,7 @@ "State": "ENABLED" } }, - "batchdemandcomputeenvResourceInstanceRole8989496E": { + "batchdemandcomputeenvlaunchtemplateEcsInstanceRole24D4E799": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -567,12 +567,36 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "batch.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } } } ], "Version": "2012-10-17" - } + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] }, "DependsOn": [ "vpcIGWE57CBDCA", @@ -610,10 +634,55 @@ "vpcVPCGW7984C166" ] }, - "batchdemandcomputeenvResourceSecurityGroup64711D4D": { + "batchdemandcomputeenvlaunchtemplateInstanceProfile2DEC3A97": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "batchdemandcomputeenvlaunchtemplateEcsInstanceRole24D4E799" + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "batch-stack/batch-demand-compute-env/Resource-Security-Group", + "GroupDescription": "batch-stack/batch-demand-compute-env-launch-template/Resource-Security-Group", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -661,7 +730,7 @@ "vpcVPCGW7984C166" ] }, - "batchdemandcomputeenvResourceServiceInstanceRole8DF7CB96": { + "batchdemandcomputeenvlaunchtemplateResourceServiceInstanceRole76AD99CC": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -727,12 +796,12 @@ "vpcVPCGW7984C166" ] }, - "batchdemandcomputeenv6131030A": { + "batchdemandcomputeenvlaunchtemplateF8A5B233": { "Type": "AWS::Batch::ComputeEnvironment", "Properties": { "ServiceRole": { "Fn::GetAtt": [ - "batchdemandcomputeenvResourceServiceInstanceRole8DF7CB96", + "batchdemandcomputeenvlaunchtemplateResourceServiceInstanceRole76AD99CC", "Arn" ] }, @@ -741,7 +810,7 @@ "AllocationStrategy": "BEST_FIT", "InstanceRole": { "Fn::GetAtt": [ - "batchdemandcomputeenvResourceInstanceRole8989496E", + "batchdemandcomputeenvlaunchtemplateInstanceProfile2DEC3A97", "Arn" ] }, @@ -753,7 +822,7 @@ "SecurityGroupIds": [ { "Fn::GetAtt": [ - "batchdemandcomputeenvResourceSecurityGroup64711D4D", + "batchdemandcomputeenvlaunchtemplateResourceSecurityGroup23599B84", "GroupId" ] } @@ -809,7 +878,7 @@ "vpcVPCGW7984C166" ] }, - "batchspotcomputeenvResourceInstanceRoleF6188F15": { + "batchspotcomputeenvEcsInstanceRoleE976826B": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -818,12 +887,81 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "batch.amazonaws.com" + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } } } ], "Version": "2012-10-17" - } + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "batchspotcomputeenvInstanceProfileFA613AC2": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "batchspotcomputeenvEcsInstanceRoleE976826B" + } + ] }, "DependsOn": [ "vpcIGWE57CBDCA", @@ -989,11 +1127,11 @@ }, "Type": "MANAGED", "ComputeResources": { - "AllocationStrategy": "BEST_FIT", + "AllocationStrategy": "SPOT_CAPACITY_OPTIMIZED", "BidPercentage": 80, "InstanceRole": { "Fn::GetAtt": [ - "batchspotcomputeenvResourceInstanceRoleF6188F15", + "batchspotcomputeenvInstanceProfileFA613AC2", "Arn" ] }, @@ -1083,13 +1221,13 @@ "ComputeEnvironmentOrder": [ { "ComputeEnvironment": { - "Ref": "batchmanagedcomputeenv1AA975A9" + "Ref": "batchunmanagedcomputeenvED550298" }, "Order": 1 }, { "ComputeEnvironment": { - "Ref": "batchdemandcomputeenv6131030A" + "Ref": "batchdemandcomputeenvlaunchtemplateF8A5B233" }, "Order": 2 }, diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch.ts b/packages/@aws-cdk/aws-batch/test/integ.batch.ts index c28d7d4f2e159..174e0bd5e5ba2 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch.ts +++ b/packages/@aws-cdk/aws-batch/test/integ.batch.ts @@ -13,12 +13,14 @@ const vpc = new ec2.Vpc(stack, 'vpc'); new batch.JobQueue(stack, 'batch-job-queue', { computeEnvironments: [ { - computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-managed-compute-env'), + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-unmanaged-compute-env', { + managed: false + }), order: 1, }, { - computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-demand-compute-env', { - managed: false, + computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-demand-compute-env-launch-template', { + managed: true, computeResources: { type: batch.ComputeResourceType.ON_DEMAND, vpc, @@ -28,7 +30,7 @@ new batch.JobQueue(stack, 'batch-job-queue', { }, { computeEnvironment: new batch.ComputeEnvironment(stack, 'batch-spot-compute-env', { - managed: false, + managed: true, computeResources: { type: batch.ComputeResourceType.SPOT, vpc, diff --git a/packages/@aws-cdk/aws-batch/test/job-queue.test.ts b/packages/@aws-cdk/aws-batch/test/job-queue.test.ts index d99a6ad82e8fe..9a20f0334a8ce 100644 --- a/packages/@aws-cdk/aws-batch/test/job-queue.test.ts +++ b/packages/@aws-cdk/aws-batch/test/job-queue.test.ts @@ -9,7 +9,9 @@ describe('Batch Job Queue', () => { beforeEach(() => { stack = new cdk.Stack(); - computeEnvironment = new batch.ComputeEnvironment(stack, 'test-compute-env'); + computeEnvironment = new batch.ComputeEnvironment(stack, 'test-compute-env', { + managed: false + }); }); it('can be imported from an ARN', () => { From f40b666f19c5244b680d4584d8a64c7f5ebedb4d Mon Sep 17 00:00:00 2001 From: Mike Rogers Date: Fri, 6 Mar 2020 20:55:05 +0000 Subject: [PATCH 09/42] refactor: Correcting a few spelling mistakes (#6596) Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- design/aws-guidelines.md | 2 +- design/cloud-assembly.md | 10 +++++----- design/code-asset-metadata.md | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/design/aws-guidelines.md b/design/aws-guidelines.md index 2f24f59eca01a..56d0516417505 100644 --- a/design/aws-guidelines.md +++ b/design/aws-guidelines.md @@ -437,7 +437,7 @@ class ImportedFoo extends FooBase { - [ ] Metrics (`metricXxx`) - [ ] Events (`onXxx`) - [ ] Security Groups (`connections`) -- [ ] Pipeline Actions (`addToPipline`) +- [ ] Pipeline Actions (`addToPipeline`) - [ ] SNS Targets - [ ] `_asFooTarget` - [ ] TODO: other cross AWS patterns diff --git a/design/cloud-assembly.md b/design/cloud-assembly.md index 63d8d808ceda1..a1f2854abc833 100644 --- a/design/cloud-assembly.md +++ b/design/cloud-assembly.md @@ -62,7 +62,7 @@ In other words, *Logical IDs* are expected to match the following regular expres ``` ### Droplet -Clouds are made of Droplets. Thet are the building blocks of *Cloud Assemblies*. They model a part of the +Clouds are made of Droplets. They are the building blocks of *Cloud Assemblies*. They model a part of the *cloud application* that can be deployed independently, provided its dependencies are fulfilled. Droplets are specified using [JSON] objects that **MUST** conform to the following schema: @@ -197,7 +197,7 @@ Key |Type |Description Here is a schematic example: ```js { - // When this attestation doucment was created + // When this attestation document was created "timestamp": "2018-11-15T11:08:52", // The hashing algorithm for the attestation is SHA256 "algorithm": "SHA256", @@ -216,7 +216,7 @@ Here is a schematic example: ``` Once the attestation is ready, it is digitally *signed* using the configured [PGP][RFC 4880] key. The key **MUST** be -valid as of the `timestamp` field included in the attestation. The siganture **MUST** not be detached, and is +valid as of the `timestamp` field included in the attestation. The signature **MUST** not be detached, and is **RECOMMENDED** to use the *cleartext signature framework* described in section 7 of [RFC 4880] so the attestation can be read by a human. @@ -229,7 +229,7 @@ Deployment systems that support verifying signed *Cloud Assemblies*: be returned when attempting to deploy an un-signed *Cloud Assembly*. * **MUST** verify the integrity and authenticity of signed *Cloud Assemblies* prior to attempting to load any file included in it, except for `signature.asc`. - * An error **MUST** be raised if the *Cloud Assembly*'s integirty is not verified by the signature. + * An error **MUST** be raised if the *Cloud Assembly*'s integrity is not verified by the signature. * An error **MUST** be raised if the [PGP][RFC 4880] key has expired according to the signature timestamp. * An error **MUST** be raised if the [PGP][RFC 4880] key is known to have been revoked. Deployment systems **MAY** trust locally available information pertaining to the key's validity. @@ -470,4 +470,4 @@ Hash: SHA256 [ISO/IEC 21320-1:2015]: https://www.iso.org/standard/60101.html [JSON]: https://www.json.org [RFC 4880]: https://tools.ietf.org/html/rfc4880 -[ISO 8601]: https://www.iso.org/standard/40874.html \ No newline at end of file +[ISO 8601]: https://www.iso.org/standard/40874.html diff --git a/design/code-asset-metadata.md b/design/code-asset-metadata.md index 1e771754dc169..9c6366bb33af0 100644 --- a/design/code-asset-metadata.md +++ b/design/code-asset-metadata.md @@ -56,8 +56,8 @@ well as through the key `assetMetadata` in `cdk.json`. Very similar design to ho We considered alternatives that will "enforce" the embedding of metadata when an asset is referenced by a resource. Since a single asset can be referenced by multiple resources, it means that the _relationship_ is what should trigger the -metadata addition. There currently isn't support in the framework for such hooks, but there is a possiblility that -the changes in [#1436](https://github.com/aws/aws-cdk/pull/1436) might enable hooking into the relationnship, and then we might be able to use this mechanism to produce the metadata. +metadata addition. There currently isn't support in the framework for such hooks, but there is a possibility that +the changes in [#1436](https://github.com/aws/aws-cdk/pull/1436) might enable hooking into the relationship, and then we might be able to use this mechanism to produce the metadata. Having said that, the need to embed asset metadata on resources is mainly confined to authors of L2 constructs, and not applicable for the general user population, so the value of automation is not high. From b3145fa0c97174d502fdea66b587e8dd9f234f02 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2020 03:22:15 +0000 Subject: [PATCH 10/42] chore(deps-dev): bump @types/jest from 25.1.3 to 25.1.4 (#6614) Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 25.1.3 to 25.1.4. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/assert/package.json | 2 +- packages/@aws-cdk/aws-sam/package.json | 2 +- .../@aws-cdk/cdk-assets-schema/package.json | 2 +- .../@aws-cdk/cloudformation-diff/package.json | 2 +- packages/@aws-cdk/cx-api/package.json | 2 +- .../@monocdk-experiment/assert/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- packages/cdk-dasm/package.json | 2 +- packages/decdk/package.json | 2 +- tools/cdk-build-tools/package.json | 2 +- tools/cfn2ts/package.json | 2 +- yarn.lock | 17 +++++------------ 13 files changed, 17 insertions(+), 24 deletions(-) diff --git a/packages/@aws-cdk/assert/package.json b/packages/@aws-cdk/assert/package.json index 5631aa386ec2d..b36243c58f53a 100644 --- a/packages/@aws-cdk/assert/package.json +++ b/packages/@aws-cdk/assert/package.json @@ -29,7 +29,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "cdk-build-tools": "0.0.0", "jest": "^24.9.0", "pkglint": "0.0.0", diff --git a/packages/@aws-cdk/aws-sam/package.json b/packages/@aws-cdk/aws-sam/package.json index 50e79ec1f9982..197d98acb19f4 100644 --- a/packages/@aws-cdk/aws-sam/package.json +++ b/packages/@aws-cdk/aws-sam/package.json @@ -64,7 +64,7 @@ "license": "Apache-2.0", "devDependencies": { "@aws-cdk/assert": "0.0.0", - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "cdk-build-tools": "0.0.0", "cfn2ts": "0.0.0", "jest": "^24.9.0", diff --git a/packages/@aws-cdk/cdk-assets-schema/package.json b/packages/@aws-cdk/cdk-assets-schema/package.json index 289b65d20ec40..95c7811dc2ac6 100644 --- a/packages/@aws-cdk/cdk-assets-schema/package.json +++ b/packages/@aws-cdk/cdk-assets-schema/package.json @@ -66,7 +66,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "cdk-build-tools": "0.0.0", "jest": "^24.9.0", "pkglint": "0.0.0" diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index dcc45fbfbb4ee..71b4dd40fd174 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -38,7 +38,7 @@ "table": "^5.4.6" }, "devDependencies": { - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/string-width": "^4.0.1", "@types/table": "^4.0.7", "cdk-build-tools": "0.0.0", diff --git a/packages/@aws-cdk/cx-api/package.json b/packages/@aws-cdk/cx-api/package.json index 5d337f674bd0e..20c4de5d1d208 100644 --- a/packages/@aws-cdk/cx-api/package.json +++ b/packages/@aws-cdk/cx-api/package.json @@ -66,7 +66,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/mock-fs": "^4.10.0", "@types/semver": "^7.1.0", "cdk-build-tools": "0.0.0", diff --git a/packages/@monocdk-experiment/assert/package.json b/packages/@monocdk-experiment/assert/package.json index 7b6cab93a0c1b..0ac59369e38fc 100644 --- a/packages/@monocdk-experiment/assert/package.json +++ b/packages/@monocdk-experiment/assert/package.json @@ -40,7 +40,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "cdk-build-tools": "0.0.0", "jest": "^24.9.0", "pkglint": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 8cf79ed4ac0af..126e02338604c 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -44,7 +44,7 @@ "@types/archiver": "^3.1.0", "@types/fs-extra": "^8.1.0", "@types/glob": "^7.1.1", - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/jszip": "^3.1.7", "@types/minimatch": "^3.0.3", "@types/mockery": "^1.4.29", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index 783d669defae9..db1d7539c59fd 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -30,7 +30,7 @@ "devDependencies": { "@types/archiver": "^3.1.0", "@types/glob": "^7.1.1", - "@types/jest": "^24.0.25", + "@types/jest": "^25.1.4", "@types/mock-fs": "^4.10.0", "@types/node": "^10.17.17", "@types/yargs": "^15.0.4", diff --git a/packages/cdk-dasm/package.json b/packages/cdk-dasm/package.json index 397e45109048e..7716fb047069a 100644 --- a/packages/cdk-dasm/package.json +++ b/packages/cdk-dasm/package.json @@ -30,7 +30,7 @@ "yaml": "1.7.2" }, "devDependencies": { - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/yaml": "1.2.0", "jest": "^24.9.0" }, diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 310ed6c10618e..10a4614c56454 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -171,7 +171,7 @@ }, "devDependencies": { "@types/fs-extra": "^8.1.0", - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/yaml": "1.2.0", "@types/yargs": "^15.0.4", "jest": "^24.9.0", diff --git a/tools/cdk-build-tools/package.json b/tools/cdk-build-tools/package.json index 5d5c6af7cd026..105dd2cbae077 100644 --- a/tools/cdk-build-tools/package.json +++ b/tools/cdk-build-tools/package.json @@ -32,7 +32,7 @@ "license": "Apache-2.0", "devDependencies": { "@types/fs-extra": "^8.1.0", - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/yargs": "^15.0.4", "pkglint": "0.0.0" }, diff --git a/tools/cfn2ts/package.json b/tools/cfn2ts/package.json index 3b2c20a8863c7..2938bc63ed94d 100644 --- a/tools/cfn2ts/package.json +++ b/tools/cfn2ts/package.json @@ -37,7 +37,7 @@ }, "devDependencies": { "@types/fs-extra": "^8.1.0", - "@types/jest": "^25.1.2", + "@types/jest": "^25.1.4", "@types/yargs": "^15.0.4", "cdk-build-tools": "0.0.0", "jest": "^24.9.0", diff --git a/yarn.lock b/yarn.lock index 86a450009c537..0f176ba343a16 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1992,17 +1992,10 @@ "@types/istanbul-lib-coverage" "*" "@types/istanbul-lib-report" "*" -"@types/jest@^24.0.25": - version "24.9.1" - resolved "https://registry.yarnpkg.com/@types/jest/-/jest-24.9.1.tgz#02baf9573c78f1b9974a5f36778b366aa77bd534" - integrity sha512-Fb38HkXSVA4L8fGKEZ6le5bB8r6MRWlOCZbVuWZcmOMSCd2wCYOwN1ibj8daIoV9naq7aaOZjrLCoCMptKU/4Q== - dependencies: - jest-diff "^24.3.0" - -"@types/jest@^25.1.2": - version "25.1.3" - resolved "https://registry.yarnpkg.com/@types/jest/-/jest-25.1.3.tgz#9b0b5addebccfb631175870be8ba62182f1bc35a" - integrity sha512-jqargqzyJWgWAJCXX96LBGR/Ei7wQcZBvRv0PLEu9ZByMfcs23keUJrKv9FMR6YZf9YCbfqDqgmY+JUBsnqhrg== +"@types/jest@^25.1.4": + version "25.1.4" + resolved "https://registry.yarnpkg.com/@types/jest/-/jest-25.1.4.tgz#9e9f1e59dda86d3fd56afce71d1ea1b331f6f760" + integrity sha512-QDDY2uNAhCV7TMCITrxz+MRk1EizcsevzfeS6LykIlq2V1E5oO4wXG8V2ZEd9w7Snxeeagk46YbMgZ8ESHx3sw== dependencies: jest-diff "^25.1.0" pretty-format "^25.1.0" @@ -6679,7 +6672,7 @@ jest-config@^24.9.0: pretty-format "^24.9.0" realpath-native "^1.1.0" -jest-diff@^24.3.0, jest-diff@^24.9.0: +jest-diff@^24.9.0: version "24.9.0" resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-24.9.0.tgz#931b7d0d5778a1baf7452cb816e325e3724055da" integrity sha512-qMfrTs8AdJE2iqrTp0hzh7kTd2PQWrsFyj9tORoKmu32xjPjeE4NyjVRDz8ybYwqS2ik8N4hsIpiVTyFeo2lBQ== From 2b02693d1432ce7bce5bf0a78fe4a9175dd6ad91 Mon Sep 17 00:00:00 2001 From: andrestone Date: Sat, 7 Mar 2020 11:59:02 +0100 Subject: [PATCH 11/42] feat(batch): ec2 launch template support (#6602) Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-batch/README.md | 35 +++++++++++++++++++ .../aws-batch/lib/compute-environment.ts | 26 ++++++++++++++ .../aws-batch/test/integ.batch.expected.json | 21 +++++++++++ .../@aws-cdk/aws-batch/test/integ.batch.ts | 19 ++++++++++ 4 files changed, 101 insertions(+) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index aab1e7afc99c5..0945b8bea050c 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -18,3 +18,38 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +## Launch template support + +### Usage +Simply define your Launch Template: +```typescript + const myLaunchTemplate = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { + launchTemplateName: 'extra-storage-template', + launchTemplateData: { + blockDeviceMappings: [ + { + deviceName: '/dev/xvdcz', + ebs: { + encrypted: true, + volumeSize: 100, + volumeType: 'gp2' + } + } + ] + } + }); +``` +and use it: + +```typescript + const myComputeEnv = new batch.ComputeEnvironment(this, 'ComputeEnv', { + computeResources: { + launchTemplate: { + launchTemplateName: myLaunchTemplate.launchTemplateName as string, //or simply use an existing template name + }, + vpc, + }, + computeEnvironmentName: 'MyStorageCapableComputeEnvironment', + }); +``` diff --git a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts index 39054245acb5c..49d4810d64f2e 100644 --- a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts +++ b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts @@ -46,6 +46,22 @@ export enum AllocationStrategy { SPOT_CAPACITY_OPTIMIZED = 'SPOT_CAPACITY_OPTIMIZED', } +/** + * Launch template property specification + */ +export interface LaunchTemplateSpecification { + /** + * The Launch template name + */ + readonly launchTemplateName: string; + /** + * The launch template version to be used (optional). + * + * @default - the default version of the launch template + */ + readonly version?: string; +} + /** * Properties for defining the structure of the batch compute cluster. */ @@ -79,6 +95,15 @@ export interface ComputeResources { */ readonly instanceRole?: string; + /** + * An optional launch template to associate with your compute resources. + * For more information, see README file. + * + * @default - no custom launch template will be used + * @link https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html + */ + readonly launchTemplate?: LaunchTemplateSpecification; + /** * The types of EC2 instances that may be launched in the compute environment. You can specify instance * families to launch any instance type within those families (for example, c4 or p3), or you can specify @@ -333,6 +358,7 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment }).roleName] }).attrArn, instanceTypes: this.buildInstanceTypes(props.computeResources.instanceTypes), + launchTemplate: props.computeResources.launchTemplate, maxvCpus: props.computeResources.maxvCpus || 256, minvCpus: props.computeResources.minvCpus || 0, securityGroupIds: this.buildSecurityGroupIds(props.computeResources.vpc, props.computeResources.securityGroups), diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json b/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json index 936888ce29321..6519a5c34bb36 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json +++ b/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json @@ -514,6 +514,24 @@ } } }, + "ec2launchtemplate": { + "Type": "AWS::EC2::LaunchTemplate", + "Properties": { + "LaunchTemplateData": { + "BlockDeviceMappings": [ + { + "DeviceName": "/dev/xvdcz", + "Ebs": { + "Encrypted": true, + "VolumeSize": 100, + "VolumeType": "gp2" + } + } + ] + }, + "LaunchTemplateName": "EC2LaunchTemplate" + } + }, "batchunmanagedcomputeenvResourceServiceInstanceRoleCA40AF77": { "Type": "AWS::IAM::Role", "Properties": { @@ -817,6 +835,9 @@ "InstanceTypes": [ "optimal" ], + "LaunchTemplate": { + "LaunchTemplateName": "EC2LaunchTemplate" + }, "MaxvCpus": 256, "MinvCpus": 0, "SecurityGroupIds": [ diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch.ts b/packages/@aws-cdk/aws-batch/test/integ.batch.ts index 174e0bd5e5ba2..37c95d925cbec 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch.ts +++ b/packages/@aws-cdk/aws-batch/test/integ.batch.ts @@ -10,6 +10,22 @@ const stack = new cdk.Stack(app, 'batch-stack'); const vpc = new ec2.Vpc(stack, 'vpc'); +const launchTemplate = new ec2.CfnLaunchTemplate(stack, 'ec2-launch-template', { + launchTemplateName: 'EC2LaunchTemplate', + launchTemplateData: { + blockDeviceMappings: [ + { + deviceName: '/dev/xvdcz', + ebs: { + encrypted: true, + volumeSize: 100, + volumeType: 'gp2' + } + } + ] + } +}); + new batch.JobQueue(stack, 'batch-job-queue', { computeEnvironments: [ { @@ -24,6 +40,9 @@ new batch.JobQueue(stack, 'batch-job-queue', { computeResources: { type: batch.ComputeResourceType.ON_DEMAND, vpc, + launchTemplate: { + launchTemplateName: launchTemplate.launchTemplateName as string, + }, }, }), order: 2, From fc70e40a14f25f5da31cd2f71e838e8c100be87c Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2020 20:30:27 +0000 Subject: [PATCH 12/42] chore(deps): bump yaml from 1.7.2 to 1.8.0 (#6619) Bumps [yaml](https://github.com/eemeli/yaml) from 1.7.2 to 1.8.0. - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](https://github.com/eemeli/yaml/compare/v1.7.2...v1.8.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/aws-cdk/package.json | 2 +- packages/cdk-dasm/package.json | 2 +- packages/decdk/package.json | 2 +- yarn.lock | 28 ++++++++++++++-------------- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 126e02338604c..345944c58e38f 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -86,7 +86,7 @@ "source-map-support": "^0.5.16", "table": "^5.4.6", "uuid": "^7.0.2", - "yaml": "^1.7.2", + "yaml": "^1.8.0", "yargs": "^15.2.0" }, "repository": { diff --git a/packages/cdk-dasm/package.json b/packages/cdk-dasm/package.json index 7716fb047069a..a0c496e0b8ca6 100644 --- a/packages/cdk-dasm/package.json +++ b/packages/cdk-dasm/package.json @@ -27,7 +27,7 @@ "license": "Apache-2.0", "dependencies": { "codemaker": "^1.0.0", - "yaml": "1.7.2" + "yaml": "1.8.0" }, "devDependencies": { "@types/jest": "^25.1.4", diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 10a4614c56454..5c43c4823e0af 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -166,7 +166,7 @@ "fs-extra": "^8.1.0", "jsii-reflect": "^1.0.0", "jsonschema": "^1.2.5", - "yaml": "1.7.2", + "yaml": "1.8.0", "yargs": "^15.2.0" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index 0f176ba343a16..6fb9fe4b4fbc9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -714,12 +714,12 @@ levenary "^1.1.0" semver "^5.5.0" -"@babel/runtime@^7.4.4", "@babel/runtime@^7.6.3": - version "7.8.3" - resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.8.3.tgz#0811944f73a6c926bb2ad35e918dcc1bfab279f1" - integrity sha512-fVHx1rzEmwB130VTkLnxR+HmxcTjGzH12LYQcFFoBwakMd3aOMD4OsRN7tGG/UOYE2ektgFrS8uACAoRk1CY0w== +"@babel/runtime@^7.4.4", "@babel/runtime@^7.8.7": + version "7.8.7" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.8.7.tgz#8fefce9802db54881ba59f90bb28719b4996324d" + integrity sha512-+AATMUFppJDw6aiR5NVPHqIQBlV/Pj8wY/EZH+lmvRdUo9xBaz/rF3alAwFJQavvKfeOlPE7oaaDHVbcySbCsg== dependencies: - regenerator-runtime "^0.13.2" + regenerator-runtime "^0.13.4" "@babel/template@^7.4.0", "@babel/template@^7.4.4", "@babel/template@^7.7.4", "@babel/template@^7.8.3": version "7.8.3" @@ -9932,10 +9932,10 @@ regenerator-runtime@^0.11.0: resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz#be05ad7f9bf7d22e056f9726cee5017fbf19e2e9" integrity sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg== -regenerator-runtime@^0.13.2: - version "0.13.3" - resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.3.tgz#7cf6a77d8f5c6f60eb73c5fc1955b2ceb01e6bf5" - integrity sha512-naKIZz2GQ8JWh///G7L3X6LaQUAMp2lvb1rvwwsURe/VXwD6VMfr+/1NuNw3ag8v2kY1aQ/go5SNn79O9JU7yw== +regenerator-runtime@^0.13.4: + version "0.13.4" + resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.4.tgz#e96bf612a3362d12bb69f7e8f74ffeab25c7ac91" + integrity sha512-plpwicqEzfEyTQohIKktWigcLzmNStMGwbOUbykx51/29Z3JOGYldaaNGK7ngNXV+UcoqvIMmloZ48Sr74sd+g== regenerator-transform@^0.14.0: version "0.14.1" @@ -12181,12 +12181,12 @@ yallist@^3.0.0, yallist@^3.0.2, yallist@^3.0.3: resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== -yaml@1.7.2, yaml@^1.7.2: - version "1.7.2" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.7.2.tgz#f26aabf738590ab61efaca502358e48dc9f348b2" - integrity sha512-qXROVp90sb83XtAoqE8bP9RwAkTTZbugRUTm5YeFCBfNRPEp2YzTeqWiz7m5OORHzEvrA/qcGS8hp/E+MMROYw== +yaml@1.8.0, yaml@^1.8.0: + version "1.8.0" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.8.0.tgz#169fbcfa2081302dc9441d02b0b6fe667e4f74c9" + integrity sha512-6qI/tTx7OVtA4qNqD0OyutbM6Z9EKu4rxWm/2Y3FDEBQ4/2X2XAnyuRXMzAE2+1BPyqzksJZtrIwblOHg0IEzA== dependencies: - "@babel/runtime" "^7.6.3" + "@babel/runtime" "^7.8.7" yapool@^1.0.0: version "1.0.0" From a5c9d4e23a84d31e65b04bbc9bcea0fddcde371a Mon Sep 17 00:00:00 2001 From: Eli Polonsky Date: Sun, 8 Mar 2020 11:54:40 +0200 Subject: [PATCH 13/42] chore(batch): include breaking change in previous PR (#6621) BREAKING CHANGE: the `allocationStrategy` property was moved from `ComputeEnvironmentProps` to the `ComputeResources` interface, which is where it semantically belongs. --- .github/workflows/pr-linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml index 10af00c534ccc..fa76388ac6802 100644 --- a/.github/workflows/pr-linter.yml +++ b/.github/workflows/pr-linter.yml @@ -21,3 +21,4 @@ jobs: check: MANDATORY_CHANGES env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + From f538c4836fc4f3feeead6bcb7f54f83dceb224b0 Mon Sep 17 00:00:00 2001 From: Chris Fife <38083827+ccfife@users.noreply.github.com> Date: Sun, 8 Mar 2020 03:45:08 -0700 Subject: [PATCH 14/42] docs(ROADMAP): add ROADMAP.md and update README.md with links to the roadmap (#6593) * add ROADMAP.md and update README.md to link to ROADMAP * fix some errant spaces Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> From 2f75318aa8a191a1871a2b5052572b8a7adb843c Mon Sep 17 00:00:00 2001 From: Eli Polonsky Date: Sun, 8 Mar 2020 13:28:53 +0200 Subject: [PATCH 15/42] chore(prlinter): added commit message validation (#6573) --- .github/PULL_REQUEST_TEMPLATE.md | 29 ++++++++++++- .github/actions/prlinter/index.js | 5 ++- CONTRIBUTING.md | 52 +++++++++------------- tools/prlint/index.js | 71 +++++++++++++++++++++++++++++-- 4 files changed, 118 insertions(+), 39 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index caa7b80a94a8c..99093538f6b52 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,10 +1,37 @@ +## Description + + +## Commit Message + +{*replace-with-pr-title*} (#{*replace-with-pr-number*}) + + +{replace-with-extended-commit-message} + + + + + + + + + + +## End Commit Message ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* - diff --git a/.github/actions/prlinter/index.js b/.github/actions/prlinter/index.js index e36cc7aa9ffba..b15aad8a9ca1a 100644 --- a/.github/actions/prlinter/index.js +++ b/.github/actions/prlinter/index.js @@ -3,7 +3,8 @@ const github = require('@actions/github'); const linter = require('prlint') const checks = { - "MANDATORY_CHANGES": linter.mandatoryChanges + "MANDATORY_CHANGES": linter.mandatoryChanges, + "COMMIT_MESSAGE": linter.commitMessage } async function run() { @@ -20,7 +21,7 @@ async function run() { } await check(number); - + } catch (error) { core.setFailed(error.message); diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 20c5277e90b23..1c34721284646 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,9 +11,8 @@ and let us know if it's not up-to-date (even better, submit a PR with your corr - [Step 1: Open Issue](#step-1-open-issue) - [Step 2: Design (optional)](#step-2-design-optional) - [Step 3: Work your Magic](#step-3-work-your-magic) - - [Step 4: Commit](#step-4-commit) - - [Step 5: Pull Request](#step-5-pull-request) - - [Step 6: Merge](#step-6-merge) + - [Step 4: Pull Request](#step-4-pull-request) + - [Step 5: Merge](#step-5-merge) - [Tools](#tools) - [Main build scripts](#main-build-scripts) - [Partial build tools](#partial-build-tools) @@ -53,7 +52,7 @@ For day-to-day development and normal contributions, the following SDKs and tool - [.NET Core SDK 3.0](https://www.microsoft.com/net/download) - [Python 3.6.5](https://www.python.org/downloads/release/python-365/) - [Ruby 2.5.1](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/) - + The basic commands to get the repository cloned and built locally follow: ```console @@ -142,7 +141,7 @@ Integration tests perform a few functions in the CDK code base - 3. (Optionally) Acts as a way to validate that constructs set up the CloudFormation resources as expected. A successful CloudFormation deployment does not mean that the resources are set up correctly. -If you are working on a new feature that is using previously unused CloudFormation resource types, or involves +If you are working on a new feature that is using previously unused CloudFormation resource types, or involves configuring resource types across services, you need to write integration tests that use these resource types or features. @@ -162,48 +161,37 @@ Examples: * [integ.destinations.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-lambda-destinations/test/integ.destinations.ts#L7) * [integ.token-authorizer.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer.ts#L6) -### Step 4: Commit +### Step 4: Pull Request -Create a commit with the proposed change changes: +* Push to a GitHub fork or to a branch (naming convention: `/`) +* Submit a Pull Request on GitHub and assign the PR for a review to the "aws/aws-cdk-team" team. The title and description will be used to format the commit message when its merged to master. This in turn, will translate to CHANGELOG entries. It is therefore important we be consistent and informative. Here is an example PR you should use as a reference: https://github.com/aws/aws-cdk/pull/6553. -* Commit title and message (and PR title and description) must adhere to [conventionalcommits](https://www.conventionalcommits.org). - * The title must begin with `feat(module): title`, `fix(module): title`, `refactor(module): title` or - `chore(module): title`. - * Title should be lowercase. - * No period at the end of the title. + ### Title -* Commit message should describe _motivation_. Think about your code reviewers and what information they need in - order to understand what you did. If it's a big commit (hopefully not), try to provide some good entry points so - it will be easier to follow. + * Must adhere to [conventionalcommits](https://www.conventionalcommits.org). + * The title must begin with one of: + - `feat(module): title` + - `fix(module): title` + - `refactor(module): title` + - `chore(module): title` + * Should be lowercase. + * No period at the end. -* Commit message should indicate which issues are fixed: `fixes #` or `closes #`. -* Shout out to collaborators. + ### Description -* If not obvious (i.e. from unit tests), describe how you verified that your change works. + * Simply follow the PR template carefully. -* If this commit includes breaking changes, they must be listed at the end in the following format (notice how multiple breaking changes should be formatted): -``` -BREAKING CHANGE: Description of what broke and how to achieve this behavior now -* **module-name:** Another breaking change -* **module-name:** Yet another breaking change -``` - -### Step 5: Pull Request - -* Push to a GitHub fork or to a branch (naming convention: `/`) -* Submit a Pull Requests on GitHub and assign the PR for a review to the "awslabs/aws-cdk" team. * Please follow the PR checklist written below. We trust our contributors to self-check, and this helps that process! * Discuss review comments and iterate until you get at least one “Approve”. When iterating, push new commits to the same branch. Usually all these are going to be squashed when you merge to master. The commit messages should be hints for you when you finalize your merge commit message. -* Make sure to update the PR title/description if things change. The PR title/description are going to be used as the - commit title/message and will appear in the CHANGELOG, so maintain them all the way throughout the process. +* Make sure to update the PR title/description if things change. -### Step 6: Merge +### Step 5: Merge * Make sure your PR builds successfully (we have CodeBuild setup to automatically build all PRs) * Once approved and tested, a maintainer will squash-merge to master and will use your PR title/description as the diff --git a/tools/prlint/index.js b/tools/prlint/index.js index 7e4212d1ef9ea..b5b0d55c3ba6e 100755 --- a/tools/prlint/index.js +++ b/tools/prlint/index.js @@ -18,7 +18,7 @@ function createGitHubClient() { } else { console.log("Creating un-authenticated GitHub Client") } - + return new GitHub({'token': token}); } @@ -67,10 +67,10 @@ async function mandatoryChanges(number) { } const gh = createGitHubClient(); - + const issues = gh.getIssues(OWNER, REPO); const repo = gh.getRepo(OWNER, REPO); - + console.log(`⌛ Fetching PR number ${number}`) const issue = (await issues.getIssue(number)).data; @@ -84,7 +84,69 @@ async function mandatoryChanges(number) { fixContainsTest(issue, files); console.log("✅ Success") - + +} + +async function commitMessage(number) { + + function validate() { + + // this is the commit message mergify will use. + // see https://doc.mergify.io/actions.html#commit-message-and-squash-method. + const commitMessageSection = issue.body.match(/## Commit Message([\s|\S]*)## End Commit Message/); + + if (!commitMessageSection || commitMessageSection.length !== 2) { + throw new LinterError("Your PR description doesn't specify the commit" + + " message properly. See for details.") + } + + const commitMessage = commitMessageSection[1].trim(); + + const paragraphs = commitMessage.split(/\r\n\r\n|\n\n/); + const title = paragraphs[0]; + const expectedCommitTitle = `${issue.title} (#${number})` + + if (title !== expectedCommitTitle) { + throw new LinterError("First paragraph of '## Commit Message' section" + + ` must be: '${expectedCommitTitle}'`) + } + + for (i in paragraphs) { + if (i != paragraphs.length - 1 && paragraphs[i].startsWith("BREAKING CHANGE:")) { + throw new LinterError("'BREAKING CHANGE:' must be specified as the last paragraph"); + } + } + } + + if (!number) { + throw new Error('Must provide a PR number') + } + + const gh = createGitHubClient(); + + const issues = gh.getIssues(OWNER, REPO); + + console.log(`⌛ Fetching PR number ${number}`) + const issue = (await issues.getIssue(number)).data; + + const noSquash = issue.labels.some(function (l) { + return l.name.includes("no-squash"); + }); + + if (issue.user.login === "dependabot[bot]" || issue.user.login === "dependabot-preview[bot]") { + // dependabot PR's are ok even without following this convention because they only contain + // a single commit in conventional commit form. + console.log("⏭️ Validation skipped because its a dependabot PR"); + } else if (noSquash) { + // if the PR isn't merged as a squash commit, all this validation is irrelevant. + // this is the case for our automatic PR's to the 'release' branch. + console.log("⏭️ Validation skipped because the PR is labeled with 'no-squash'"); + } else { + console.log("⌛ Validating..."); + validate(); + } + + console.log("✅ Success") } // we don't use the 'export' prefix because github actions @@ -92,6 +154,7 @@ async function mandatoryChanges(number) { // TODO need to verify this. module.exports.mandatoryChanges = mandatoryChanges module.exports.LinterError = LinterError +module.exports.commitMessage = commitMessage require('make-runnable/custom')({ printOutputFrame: false From 2a2cac1b5eacc23a693bc2098c28b61a5ab6ce17 Mon Sep 17 00:00:00 2001 From: rubanour Date: Sun, 8 Mar 2020 15:36:54 +0000 Subject: [PATCH 16/42] fix(apigateway): update documentation for `retainDeployments` (#6625) --- packages/@aws-cdk/aws-apigateway/lib/deployment.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/deployment.ts b/packages/@aws-cdk/aws-apigateway/lib/deployment.ts index 4a5397ce5b6eb..f9f3cbcd56920 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/deployment.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/deployment.ts @@ -18,7 +18,7 @@ export interface DeploymentProps { /** * When an API Gateway model is updated, a new deployment will automatically be created. - * If this is true (default), the old API Gateway Deployment resource will not be deleted. + * If this is true, the old API Gateway Deployment resource will not be deleted. * This will allow manually reverting back to a previous deployment in case for example * * @default false From 602140857dc585c788838a317737313f7a0eab57 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Sun, 8 Mar 2020 20:57:33 +0000 Subject: [PATCH 17/42] chore(deps): bump yargs from 15.2.0 to 15.3.0 (#6627) Bumps [yargs](https://github.com/yargs/yargs) from 15.2.0 to 15.3.0. - [Release notes](https://github.com/yargs/yargs/releases) - [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/yargs/compare/v15.2.0...v15.3.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- packages/decdk/package.json | 2 +- tools/awslint/package.json | 2 +- tools/cdk-build-tools/package.json | 2 +- tools/cdk-integ-tools/package.json | 2 +- tools/cfn2ts/package.json | 2 +- tools/pkglint/package.json | 2 +- tools/pkgtools/package.json | 2 +- yarn.lock | 18 +++++++++--------- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 345944c58e38f..ed766c3a1d29a 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -87,7 +87,7 @@ "table": "^5.4.6", "uuid": "^7.0.2", "yaml": "^1.8.0", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "repository": { "url": "https://github.com/aws/aws-cdk.git", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index db1d7539c59fd..b54cf14a47292 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -44,7 +44,7 @@ "archiver": "^3.1.1", "aws-sdk": "^2.634.0", "glob": "^7.1.6", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "repository": { "url": "https://github.com/aws/aws-cdk.git", diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 5c43c4823e0af..c441a741d1759 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -167,7 +167,7 @@ "jsii-reflect": "^1.0.0", "jsonschema": "^1.2.5", "yaml": "1.8.0", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "devDependencies": { "@types/fs-extra": "^8.1.0", diff --git a/tools/awslint/package.json b/tools/awslint/package.json index 2763a93b69a91..a0a43c416c76f 100644 --- a/tools/awslint/package.json +++ b/tools/awslint/package.json @@ -21,7 +21,7 @@ "colors": "^1.4.0", "fs-extra": "^8.1.0", "jsii-reflect": "^1.0.0", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "devDependencies": { "@types/fs-extra": "^8.1.0", diff --git a/tools/cdk-build-tools/package.json b/tools/cdk-build-tools/package.json index 105dd2cbae077..8af402b88033a 100644 --- a/tools/cdk-build-tools/package.json +++ b/tools/cdk-build-tools/package.json @@ -54,7 +54,7 @@ "ts-jest": "^25.2.0", "tslint": "^5.20.1", "typescript": "~3.8.3", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "keywords": [ "aws", diff --git a/tools/cdk-integ-tools/package.json b/tools/cdk-integ-tools/package.json index 717fb95215fc5..9258715a1fcf8 100644 --- a/tools/cdk-integ-tools/package.json +++ b/tools/cdk-integ-tools/package.json @@ -39,7 +39,7 @@ "@aws-cdk/cx-api": "0.0.0", "aws-cdk": "0.0.0", "fs-extra": "^8.1.0", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "keywords": [ "aws", diff --git a/tools/cfn2ts/package.json b/tools/cfn2ts/package.json index 2938bc63ed94d..85fa539473309 100644 --- a/tools/cfn2ts/package.json +++ b/tools/cfn2ts/package.json @@ -33,7 +33,7 @@ "codemaker": "^1.0.0", "fast-json-patch": "^3.0.0-1", "fs-extra": "^8.1.0", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "devDependencies": { "@types/fs-extra": "^8.1.0", diff --git a/tools/pkglint/package.json b/tools/pkglint/package.json index 52110d963a6da..1b5d6691444c4 100644 --- a/tools/pkglint/package.json +++ b/tools/pkglint/package.json @@ -43,6 +43,6 @@ "colors": "^1.4.0", "fs-extra": "^8.1.0", "semver": "^7.1.3", - "yargs": "^15.2.0" + "yargs": "^15.3.0" } } \ No newline at end of file diff --git a/tools/pkgtools/package.json b/tools/pkgtools/package.json index 3e603f4c0c339..a4395f79c9067 100644 --- a/tools/pkgtools/package.json +++ b/tools/pkgtools/package.json @@ -36,7 +36,7 @@ }, "dependencies": { "fs-extra": "^8.1.0", - "yargs": "^15.2.0" + "yargs": "^15.3.0" }, "keywords": [ "aws", diff --git a/yarn.lock b/yarn.lock index 6fb9fe4b4fbc9..5c681195fe3aa 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12224,10 +12224,10 @@ yargs-parser@^16.1.0: camelcase "^5.0.0" decamelize "^1.2.0" -yargs-parser@^17.1.0: - version "17.1.0" - resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-17.1.0.tgz#b95ff3201e98b89e86070f92bef636016a0b0766" - integrity sha512-67zLl4/kWtp9eyVuxX+fHZ2Ey4ySWh0awDJlk/EtT0vzspsXbzrFsh76WjYSP3L++zhSwHQRUE3MCBe754RuEg== +yargs-parser@^18.1.0: + version "18.1.0" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-18.1.0.tgz#1b0ab1118ebd41f68bb30e729f4c83df36ae84c3" + integrity sha512-o/Jr6JBOv6Yx3pL+5naWSoIA2jJ+ZkMYQG/ie9qFbukBe4uzmBatlXFOiu/tNKRWEtyf+n5w7jc/O16ufqOTdQ== dependencies: camelcase "^5.0.0" decamelize "^1.2.0" @@ -12290,10 +12290,10 @@ yargs@^14.0.0, yargs@^14.2.2: y18n "^4.0.0" yargs-parser "^15.0.0" -yargs@^15.0.2, yargs@^15.1.0, yargs@^15.2.0: - version "15.2.0" - resolved "https://registry.yarnpkg.com/yargs/-/yargs-15.2.0.tgz#cb9fc7f7ec429f7e9329b623f5c707a62dae506a" - integrity sha512-E+o8C37U+M7N15rBJVxr0MoInp+O7XNhMqveSGWA5uhddqs8qtkZ+uvT9FI32QML0SKidXdDONr40Xe3tDO9FA== +yargs@^15.0.2, yargs@^15.1.0, yargs@^15.3.0: + version "15.3.0" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-15.3.0.tgz#403af6edc75b3ae04bf66c94202228ba119f0976" + integrity sha512-g/QCnmjgOl1YJjGsnUg2SatC7NUYEiLXJqxNOQU9qSpjzGtGXda9b+OKccr1kLTy8BN9yqEyqfq5lxlwdc13TA== dependencies: cliui "^6.0.0" decamelize "^1.2.0" @@ -12305,7 +12305,7 @@ yargs@^15.0.2, yargs@^15.1.0, yargs@^15.2.0: string-width "^4.2.0" which-module "^2.0.0" y18n "^4.0.0" - yargs-parser "^17.1.0" + yargs-parser "^18.1.0" yargs@^4.7.1: version "4.8.1" From 0b6c86559d641c1ef0b8c200be84356010a88b70 Mon Sep 17 00:00:00 2001 From: andrestone Date: Mon, 9 Mar 2020 10:57:50 +0100 Subject: [PATCH 18/42] fix(batch): `computeEnvironments` is now required for JobQueue (#6616) Fixes: #6615 BREAKING CHANGE: `computeEnvironments` is now required --- packages/@aws-cdk/aws-batch/lib/job-queue.ts | 25 ++++++++----------- .../@aws-cdk/aws-batch/test/job-queue.test.ts | 2 +- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/lib/job-queue.ts b/packages/@aws-cdk/aws-batch/lib/job-queue.ts index 9e285e45c0ed8..b32e3a33a4748 100644 --- a/packages/@aws-cdk/aws-batch/lib/job-queue.ts +++ b/packages/@aws-cdk/aws-batch/lib/job-queue.ts @@ -1,6 +1,6 @@ import { Construct, IResource, Resource, Stack } from '@aws-cdk/core'; import { CfnJobQueue } from './batch.generated'; -import { ComputeEnvironment, IComputeEnvironment } from './compute-environment'; +import { IComputeEnvironment } from './compute-environment'; /** * Properties for mapping a compute environment to a job queue. @@ -26,7 +26,7 @@ export interface JobQueueProps { * * Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. * - * @default Cloudformation-generated name + * @default - Cloudformation-generated name */ readonly jobQueueName?: string; @@ -35,9 +35,8 @@ export interface JobQueueProps { * determine which compute environment should execute a given job. Compute environments must be in the VALID state before you can associate them * with a job queue. You can associate up to three compute environments with a job queue. * - * @default Default-Compute-Environment */ - readonly computeEnvironments?: JobQueueComputeEnvironment[]; + readonly computeEnvironments: JobQueueComputeEnvironment[]; /** * The priority of the job queue. Job queues with a higher priority (or a higher integer value for the priority parameter) are evaluated first @@ -106,24 +105,20 @@ export class JobQueue extends Resource implements IJobQueue { public readonly jobQueueArn: string; public readonly jobQueueName: string; - constructor(scope: Construct, id: string, props: JobQueueProps = {}) { + constructor(scope: Construct, id: string, props: JobQueueProps) { super(scope, id, { physicalName: props.jobQueueName, }); + if (props.computeEnvironments.length === 0) { + throw new Error('computeEnvironments must be non-empty'); + } + const jobQueue = new CfnJobQueue(this, 'Resource', { - computeEnvironmentOrder: props.computeEnvironments - ? props.computeEnvironments.map(cp => ({ + computeEnvironmentOrder: props.computeEnvironments.map(cp => ({ computeEnvironment: cp.computeEnvironment.computeEnvironmentArn, order: cp.order, - } as CfnJobQueue.ComputeEnvironmentOrderProperty)) - : [ - { - // Get an AWS Managed Compute Environment - computeEnvironment: new ComputeEnvironment(this, 'Resource-Batch-Compute-Environment').computeEnvironmentArn, - order: 1, - }, - ], + } as CfnJobQueue.ComputeEnvironmentOrderProperty)), jobQueueName: this.physicalName, priority: props.priority || 1, state: props.enabled === undefined ? 'ENABLED' : (props.enabled ? 'ENABLED' : 'DISABLED'), diff --git a/packages/@aws-cdk/aws-batch/test/job-queue.test.ts b/packages/@aws-cdk/aws-batch/test/job-queue.test.ts index 9a20f0334a8ce..033db60073f03 100644 --- a/packages/@aws-cdk/aws-batch/test/job-queue.test.ts +++ b/packages/@aws-cdk/aws-batch/test/job-queue.test.ts @@ -32,7 +32,7 @@ describe('Batch Job Queue', () => { expect(jobQFromArn.jobQueueArn).toEqual(existingJobQ.jobQueueArn); }); - it('renders the correct cloudformation properties', () => { + it('renders the correct CloudFormation properties', () => { // WHEN const props: batch.JobQueueProps = { priority: 1, From 4e91cb47b9fd9d6dc74872531256bc40966ed1c6 Mon Sep 17 00:00:00 2001 From: Shiv Lakshminarayan Date: Mon, 9 Mar 2020 04:57:08 -0700 Subject: [PATCH 19/42] chore(stepfunctions): clean up aws-stepfunctions linter exclusions (#6552) * chore: clean up aws-stepfunctions linter exclusions * addressing PR feedback Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- .../aws-stepfunctions/lib/activity.ts | 11 ++++++-- .../@aws-cdk/aws-stepfunctions/lib/fields.ts | 5 ++++ .../@aws-cdk/aws-stepfunctions/lib/input.ts | 27 +++++++++++++++++++ .../aws-stepfunctions/lib/state-graph.ts | 6 ++++- .../aws-stepfunctions/lib/states/pass.ts | 4 +++ .../aws-stepfunctions/lib/states/wait.ts | 4 +++ .../@aws-cdk/aws-stepfunctions/lib/types.ts | 1 + .../@aws-cdk/aws-stepfunctions/package.json | 15 +---------- 8 files changed, 56 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/activity.ts b/packages/@aws-cdk/aws-stepfunctions/lib/activity.ts index d84e52bb63380..5d3528808accd 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/activity.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/activity.ts @@ -2,17 +2,20 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import { Construct, IResource, Lazy, Resource, Stack } from '@aws-cdk/core'; import { CfnActivity } from './stepfunctions.generated'; +/** + * Properties for defining a new Step Functions Activity + */ export interface ActivityProps { /** * The name for this activity. * - * @default If not supplied, a name is generated + * @default - If not supplied, a name is generated */ readonly activityName?: string; } /** - * Define a new StepFunctions activity + * Define a new Step Functions Activity */ export class Activity extends Resource implements IActivity { /** @@ -175,6 +178,10 @@ export class Activity extends Resource implements IActivity { } } +/** + * Represents a Step Functions Activity + * https://docs.aws.amazon.com/step-functions/latest/dg/concepts-activities.html + */ export interface IActivity extends IResource { /** * The ARN of the activity diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/fields.ts b/packages/@aws-cdk/aws-stepfunctions/lib/fields.ts index 8792fe02776ee..f482c57b82182 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/fields.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/fields.ts @@ -39,6 +39,11 @@ export class Data { return new JsonPathToken('$').toString(); } + /** + * Determines if the indicated string is an encoded JSON path + * + * @param value string to be evaluated + */ public static isJsonPathString(value: string): boolean { return !!jsonPathString(value); } diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/input.ts b/packages/@aws-cdk/aws-stepfunctions/lib/input.ts index 73273f13de457..6d36d0709fcc4 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/input.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/input.ts @@ -45,6 +45,12 @@ export class TaskInput { return new TaskInput(InputType.TEXT, Context.stringAt(path)); } + /** + * + * @param type type of task input + * @param value payload for the corresponding input type. + * It can be a JSON-encoded object, context, data, etc. + */ private constructor(public readonly type: InputType, public readonly value: any) { } } @@ -53,6 +59,27 @@ export class TaskInput { * The type of task input */ export enum InputType { + /** + * Use a literal string + * This might be a JSON-encoded object, or just text. + * valid JSON text: standalone, quote-delimited strings; objects; arrays; numbers; Boolean values; and null. + * + * example: `literal string` + * example: {"json": "encoded"} + */ TEXT, + /** + * Use an object which may contain Data and Context fields + * as object values, if desired. + * + * example: + * { + * literal: 'literal', + * SomeInput: sfn.Data.stringAt('$.someField') + * } + * + * @see https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-data.html + * @see https://docs.aws.amazon.com/step-functions/latest/dg/input-output-contextobject.html + */ OBJECT } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/state-graph.ts b/packages/@aws-cdk/aws-stepfunctions/lib/state-graph.ts index 7d6b871fd1077..47228b0baa64b 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/state-graph.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/state-graph.ts @@ -10,7 +10,7 @@ import { State } from "./states/state"; * a Parallel's branches: those are their own StateGraphs, but the graphs * themselves have a hierarchical relationship as well. * - * By assigning states to a definintive StateGraph, we verify that no state + * By assigning states to a definitive StateGraph, we verify that no state * machines are constructed. In particular: * * - Every state object can only ever be in 1 StateGraph, and not inadvertently @@ -55,6 +55,10 @@ export class StateGraph { */ private superGraph?: StateGraph; + /** + * @param startState state that gets executed when the state machine is launched + * @param graphDescription description of the state machine + */ constructor(public readonly startState: State, private readonly graphDescription: string) { this.allStates.add(startState); startState.bindToGraph(this); diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/states/pass.ts b/packages/@aws-cdk/aws-stepfunctions/lib/states/pass.ts index 13aa412e0acfe..c8215c9f03d85 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/states/pass.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/states/pass.ts @@ -43,6 +43,10 @@ export class Result { return new Result(value); } + /** + * + * @param value result of the Pass operation + */ protected constructor(public readonly value: any) { } } diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/states/wait.ts b/packages/@aws-cdk/aws-stepfunctions/lib/states/wait.ts index e485e43bfe2c2..1597c8b7853ce 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/states/wait.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/states/wait.ts @@ -4,6 +4,10 @@ import { IChainable, INextable } from '../types'; import { StateType } from './private/state-type'; import { State } from './state'; +/** + * Represents the Wait state which delays a state machine from continuing for a specified time + * @see https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-wait-state.html + */ export class WaitTime { /** * Wait a fixed amount of time. diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/types.ts b/packages/@aws-cdk/aws-stepfunctions/lib/types.ts index a3ce6ae96f946..1d49329b2c495 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/types.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/types.ts @@ -36,6 +36,7 @@ export interface IChainable { /** * Predefined error strings + * Error names in Amazon States Language - https://docs.aws.amazon.com/step-functions/latest/dg/concepts-error-handling.html */ export class Errors { /** diff --git a/packages/@aws-cdk/aws-stepfunctions/package.json b/packages/@aws-cdk/aws-stepfunctions/package.json index f5dcfe668d701..6bd5abcb60006 100644 --- a/packages/@aws-cdk/aws-stepfunctions/package.json +++ b/packages/@aws-cdk/aws-stepfunctions/package.json @@ -88,21 +88,8 @@ }, "awslint": { "exclude": [ - "import-props-interface:@aws-cdk/aws-stepfunctions.ActivityImportProps", - "export:@aws-cdk/aws-stepfunctions.IActivity", - "duration-prop-type:@aws-cdk/aws-stepfunctions.WaitProps.duration", "duration-prop-type:@aws-cdk/aws-stepfunctions.Errors.TIMEOUT", - "no-unused-type:@aws-cdk/aws-stepfunctions.ServiceIntegrationPattern", - "docs-public-apis:@aws-cdk/aws-stepfunctions.TaskInput.value", - "docs-public-apis:@aws-cdk/aws-stepfunctions.InputType.OBJECT", - "docs-public-apis:@aws-cdk/aws-stepfunctions.Data.isJsonPathString", - "docs-public-apis:@aws-cdk/aws-stepfunctions.Result.value", - "docs-public-apis:@aws-cdk/aws-stepfunctions.StateGraph.startState", - "docs-public-apis:@aws-cdk/aws-stepfunctions.TaskInput.type", - "docs-public-apis:@aws-cdk/aws-stepfunctions.InputType.TEXT", - "docs-public-apis:@aws-cdk/aws-stepfunctions.WaitTime", - "docs-public-apis:@aws-cdk/aws-stepfunctions.ActivityProps", - "docs-public-apis:@aws-cdk/aws-stepfunctions.IActivity" + "no-unused-type:@aws-cdk/aws-stepfunctions.ServiceIntegrationPattern" ] }, "stability": "experimental" From 76bdccb62fc49a16ad798503de87490799a6ee75 Mon Sep 17 00:00:00 2001 From: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com> Date: Mon, 9 Mar 2020 12:50:32 +0000 Subject: [PATCH 20/42] chore(codebuild): props parameter of metric() method to be optional (#6633) All properties of `MethodOptions` are optional. --- packages/@aws-cdk/aws-codebuild/lib/project.ts | 4 ++-- .../@aws-cdk/aws-codebuild/test/test.project.ts | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts index d99653f449361..fe7768a3512e1 100644 --- a/packages/@aws-cdk/aws-codebuild/lib/project.ts +++ b/packages/@aws-cdk/aws-codebuild/lib/project.ts @@ -101,7 +101,7 @@ export interface IProject extends IResource, iam.IGrantable, ec2.IConnectable { * @param metricName The name of the metric * @param props Customization properties */ - metric(metricName: string, props: cloudwatch.MetricOptions): cloudwatch.Metric; + metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric; /** * Measures the number of builds triggered. @@ -316,7 +316,7 @@ abstract class ProjectBase extends Resource implements IProject { * @param metricName The name of the metric * @param props Customization properties */ - public metric(metricName: string, props: cloudwatch.MetricOptions) { + public metric(metricName: string, props?: cloudwatch.MetricOptions) { return new cloudwatch.Metric({ namespace: 'AWS/CodeBuild', metricName, diff --git a/packages/@aws-cdk/aws-codebuild/test/test.project.ts b/packages/@aws-cdk/aws-codebuild/test/test.project.ts index 3d3a7061c4c92..7aa22faf2d3f6 100644 --- a/packages/@aws-cdk/aws-codebuild/test/test.project.ts +++ b/packages/@aws-cdk/aws-codebuild/test/test.project.ts @@ -416,4 +416,21 @@ export = { test.done(); }, + + 'metric method generates a valid CloudWatch metric'(test: Test) { + const stack = new cdk.Stack(); + + const project = new codebuild.Project(stack, 'Project', { + source: codebuild.Source.gitHubEnterprise({ + httpsCloneUrl: 'https://mygithub-enterprise.com/myuser/myrepo', + }) + }); + + const metric = project.metric('Builds'); + test.equal(metric.metricName, 'Builds'); + test.equal(metric.period.toSeconds(), cdk.Duration.minutes(5).toSeconds()); + test.equal(metric.statistic, 'Average'); + + test.done(); + } }; \ No newline at end of file From 05cf78bc9395bb3b46565bb89a264f4ede76a827 Mon Sep 17 00:00:00 2001 From: netanir Date: Mon, 9 Mar 2020 06:09:00 -0700 Subject: [PATCH 21/42] fix(cli): codepipeline cloudformation action in cross account fail writing outputArtifacts (#6594) To allow cross account actions in codepipeline we create a role in the other account which is assumable by codepipeline. Since the artifacts are stored in an encrypted S3 bucket in the code pipeline account, the role in the other account must have permission to access the bucket and KMS key in the codepipeline account. To give the role permissions to access the bucket and key two type of policies are required: 1. The policy defined on the bucket and key must give the other account permissions to perform all required actions. 2. The role policy must allow all required actions Policy **1** is defined by the codepipeline construct. The role in the other account is created via the (new) bootstrap command and is defined as `DeploymentActionRole` in the `bootstrap-template.json` file. To satisfy **2**, the policy attached to the role must allow the required S3 and KMS actions. The policy attached to the role was missing the required KMS actions to allow writing the output artifacts to the S3 bucket. This commits adds `kms:Encrypt`, `kms:ReEncrypt `, `kms:GenerateDataKey ` to the `DeploymentActionRole` attached policy --- packages/aws-cdk/lib/api/bootstrap/bootstrap-template.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.json b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.json index 1a448254a0cfd..5e523b98a90ca 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.json +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.json @@ -337,7 +337,8 @@ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:Abort*", "s3:DeleteObject*", "s3:PutObject*", - "kms:Decrypt", "kms:DescribeKey" + "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", + "kms:ReEncrypt*", "kms:GenerateDataKey*" ], "Resource": "*", "Effect": "Allow" From c3ee41366b3f0a59864decd47d2feea9849fd095 Mon Sep 17 00:00:00 2001 From: Lapderk Date: Mon, 9 Mar 2020 14:53:50 +0100 Subject: [PATCH 22/42] feat(elbv2): support pathpattern array (#6558) * Adding support for an array of path patterns for application listener rule config. Closes #6497 * Introduce `pathPatterns` prop for listener rule * Introduce `pathPatterns` prop for listener rule * Deperecate `pathPattern`. Co-authored-by: Derk Schooltink Co-authored-by: Rico Huijbers Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- .../aws-elasticloadbalancingv2/README.md | 17 ++++-- .../lib/alb/application-listener-rule.ts | 28 +++++++--- .../lib/alb/application-listener.ts | 22 ++++++-- .../test/alb/test.listener.ts | 55 +++++++++++++++++++ 4 files changed, 104 insertions(+), 18 deletions(-) diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/README.md b/packages/@aws-cdk/aws-elasticloadbalancingv2/README.md index 89f5712782b74..4d96b83dce785 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/README.md +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/README.md @@ -73,23 +73,28 @@ listener.addFixedResponse('Fixed', { #### Conditions It's possible to route traffic to targets based on conditions in the incoming -HTTP request. Path- and host-based conditions are supported. For example, -the following will route requests to the indicated AutoScalingGroup -only if the requested host in the request is `example.com`: +HTTP request. Path- and host-based conditions are supported. For example, the +following will route requests to the indicated AutoScalingGroup only if the +requested host in the request is either for `example.com/ok` or +`example.com/path`: ```ts listener.addTargets('Example.Com Fleet', { priority: 10, + pathPatterns: ['/ok', '/path'], hostHeader: 'example.com', port: 8080, targets: [asg] }); ``` -`priority` is a required field when you add targets with conditions. The lowest -number wins. +A target with a condition contains either `pathPatterns` or `hostHeader`, or +both. If both are specified, both conditions must be met for the requests to +be routed to the given target. `priority` is a required field when you add +targets with conditions. The lowest number wins. -Every listener must have at least one target without conditions. +Every listener must have at least one target without conditions, which is +where all requests that didn't match any of the conditions will be sent. ### Defining a Network Load Balancer diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-rule.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-rule.ts index abfeae0b015e9..a496e013f0596 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-rule.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-rule.ts @@ -54,13 +54,21 @@ export interface BaseApplicationListenerRuleProps { /** * Rule applies if the requested path matches the given path pattern * - * May contain up to three '*' wildcards. - * * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions - * * @default - No path condition. + * @deprecated Use `pathPatterns` instead. */ readonly pathPattern?: string; + + /** + * Rule applies if the requested path matches any of the given patterns. + * + * Paths may contain up to three '*' wildcards. + * + * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions + * @default - No path conditions. + */ + readonly pathPatterns?: string[]; } /** @@ -169,8 +177,9 @@ export class ApplicationListenerRule extends cdk.Construct { constructor(scope: cdk.Construct, id: string, props: ApplicationListenerRuleProps) { super(scope, id); - if (!props.hostHeader && !props.pathPattern) { - throw new Error(`At least one of 'hostHeader' or 'pathPattern' is required when defining a load balancing rule.`); + const hasPathPatterns = props.pathPatterns || props.pathPattern; + if (!props.hostHeader && !hasPathPatterns) { + throw new Error(`At least one of 'hostHeader', 'pathPattern' or 'pathPatterns' is required when defining a load balancing rule.`); } const possibleActions: Array = ['targetGroups', 'fixedResponse', 'redirectResponse']; @@ -195,8 +204,13 @@ export class ApplicationListenerRule extends cdk.Construct { if (props.hostHeader) { this.setCondition('host-header', [props.hostHeader]); } - if (props.pathPattern) { - this.setCondition('path-pattern', [props.pathPattern]); + + if (hasPathPatterns) { + if (props.pathPattern && props.pathPatterns) { + throw new Error('Both `pathPatterns` and `pathPattern` are specified, specify only one'); + } + const pathPattern = props.pathPattern ? [props.pathPattern] : props.pathPatterns; + this.setCondition('path-pattern', pathPattern); } (props.targetGroups || []).forEach(this.addTargetGroup.bind(this)); diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index f72d35d3ae28d..3864a2e3b2f14 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -209,6 +209,7 @@ export class ApplicationListener extends BaseListener implements IApplicationLis listener: this, hostHeader: props.hostHeader, pathPattern: props.pathPattern, + pathPatterns: props.pathPatterns, priority: props.priority, targetGroups: props.targetGroups }); @@ -252,6 +253,7 @@ export class ApplicationListener extends BaseListener implements IApplicationLis this.addTargetGroups(id, { hostHeader: props.hostHeader, pathPattern: props.pathPattern, + pathPatterns: props.pathPatterns, priority: props.priority, targetGroups: [group], }); @@ -480,9 +482,7 @@ class ImportedApplicationListener extends Resource implements IApplicationListen * At least one TargetGroup must be added without conditions. */ public addTargetGroups(id: string, props: AddApplicationTargetGroupsProps): void { - if ((props.hostHeader !== undefined || props.pathPattern !== undefined) !== (props.priority !== undefined)) { - throw new Error(`Setting 'pathPattern' or 'hostHeader' also requires 'priority', and vice versa`); - } + checkAddRuleProps(props); if (props.priority !== undefined) { // New rule @@ -562,10 +562,22 @@ export interface AddRuleProps { * Requires that priority is set. * * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions - * * @default No path condition + * @deprecated Use `pathPatterns` instead. */ readonly pathPattern?: string; + + /** + * Rule applies if the requested path matches any of the given patterns. + * + * May contain up to three '*' wildcards. + * + * Requires that priority is set. + * + * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions + * @default - No path condition. + */ + readonly pathPatterns?: string[]; } /** @@ -667,7 +679,7 @@ export interface AddRedirectResponseProps extends AddRuleProps, RedirectResponse } function checkAddRuleProps(props: AddRuleProps) { - if ((props.hostHeader !== undefined || props.pathPattern !== undefined) !== (props.priority !== undefined)) { + if ((props.hostHeader !== undefined || props.pathPattern !== undefined || props.pathPatterns !== undefined) !== (props.priority !== undefined)) { throw new Error(`Setting 'pathPattern' or 'hostHeader' also requires 'priority', and vice versa`); } } diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/test.listener.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/test.listener.ts index 3704768515cf5..2810075f6c787 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/test.listener.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/test.listener.ts @@ -937,6 +937,61 @@ export = { test.done(); }, + + 'Can add multiple path patterns to listener rule'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + const listener = lb.addListener('Listener', { + port: 443, + certificateArns: ['cert1', 'cert2'], + defaultTargetGroups: [new elbv2.ApplicationTargetGroup(stack, 'Group', { vpc, port: 80 })] + }); + + listener.addTargets('Target1', { + priority: 10, + pathPatterns: ['/test/path/1', '/test/path/2'] + }); + + // THEN + expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::ListenerRule', { + Priority: 10, + Conditions: [ + { + Field: 'path-pattern', + Values: ['/test/path/1', '/test/path/2'] + } + ] + })); + + test.done(); + }, + + 'Cannot add pathPattern and pathPatterns to listener rule'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + const listener = lb.addListener('Listener', { + port: 443, + certificateArns: ['cert1', 'cert2'], + defaultTargetGroups: [new elbv2.ApplicationTargetGroup(stack, 'Group', { vpc, port: 80 })] + }); + + // THEN + test.throws(() => listener.addTargets('Target1', { + priority: 10, + pathPatterns: ['/test/path/1', '/test/path/2'], + pathPattern: '/test/path/3' + }), Error, `At least one of 'hostHeader', 'pathPattern' or 'pathPatterns' is required when defining a load balancing rule.`); + + test.done(); + }, }; class ResourceWithLBDependency extends cdk.CfnResource { From 6961fcad91e605275b079957cfb2e4faecb128fb Mon Sep 17 00:00:00 2001 From: msysyamamoto <491754+msysyamamoto@users.noreply.github.com> Date: Mon, 9 Mar 2020 23:38:18 +0900 Subject: [PATCH 23/42] chore(ecs): fix error message (#6617) * chore(ecs): escape regexp special characters * chore(ecs): fix error message addPortMapping is a nonexistent method Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-ecs/lib/base/task-definition.ts | 2 +- .../@aws-cdk/aws-ecs/test/fargate/test.fargate-service.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs/lib/base/task-definition.ts b/packages/@aws-cdk/aws-ecs/lib/base/task-definition.ts index cf9ed30721e6b..78b1f4225d01c 100644 --- a/packages/@aws-cdk/aws-ecs/lib/base/task-definition.ts +++ b/packages/@aws-cdk/aws-ecs/lib/base/task-definition.ts @@ -322,7 +322,7 @@ export class TaskDefinition extends TaskDefinitionBase { const portMapping = targetContainer.findPortMapping(targetContainerPort, targetProtocol); if (portMapping === undefined) { // tslint:disable-next-line:max-line-length - throw new Error(`Container '${targetContainer}' has no mapping for port ${options.containerPort} and protocol ${targetProtocol}. Did you call "container.addPortMapping()"?`); + throw new Error(`Container '${targetContainer}' has no mapping for port ${options.containerPort} and protocol ${targetProtocol}. Did you call "container.addPortMappings()"?`); } return { containerName: options.containerName, diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/test.fargate-service.ts b/packages/@aws-cdk/aws-ecs/test/fargate/test.fargate-service.ts index a7e52b76077ef..d953b16d78ed7 100644 --- a/packages/@aws-cdk/aws-ecs/test/fargate/test.fargate-service.ts +++ b/packages/@aws-cdk/aws-ecs/test/fargate/test.fargate-service.ts @@ -664,7 +664,7 @@ export = { protocol: ecs.Protocol.TCP })] }); - }, /Container 'FargateTaskDef\/MainContainer' has no mapping for port 8001 and protocol tcp. Did you call "container.addPortMapping()"?/); + }, /Container 'FargateTaskDef\/MainContainer' has no mapping for port 8001 and protocol tcp. Did you call "container.addPortMappings\(\)"\?/); test.done(); }, @@ -699,7 +699,7 @@ export = { containerPort: 8002, })] }); - }, /Container 'FargateTaskDef\/MainContainer' has no mapping for port 8002 and protocol tcp. Did you call "container.addPortMapping()"?/); + }, /Container 'FargateTaskDef\/MainContainer' has no mapping for port 8002 and protocol tcp. Did you call "container.addPortMappings\(\)"\?/); test.done(); }, From 52e8b957a3750431a5e68e62e860441894f9b68c Mon Sep 17 00:00:00 2001 From: Romain Marcadier-Muller Date: Mon, 9 Mar 2020 16:24:17 +0100 Subject: [PATCH 24/42] feat(dynamodb): expose stream features on ITable (#6635) In order to make it possible to use the `DynamoEventSource` feature from `@aws-cdk/aws-lambda-event-sources` with imported tables (`ITable`s obtained from `Table.fromTableAttributes`), the `tableStreamArn` property must be visible on the `ITable` interface, and accepted as part of the `TableAttributes` struct. The necessary `grant` methods that target the table stream were also modified so that they can be used on any `ITable` that was built with a `tableStreamArn`. As a bonus, added documentation text for a couple of previously undocumented enum constants. Fixes #6344 --- packages/@aws-cdk/aws-dynamodb/README.md | 8 +- packages/@aws-cdk/aws-dynamodb/lib/table.ts | 146 +++++++++--------- packages/@aws-cdk/aws-dynamodb/package.json | 8 +- .../aws-dynamodb/test/test.dynamodb.ts | 86 ++++++++++- .../aws-lambda-event-sources/lib/dynamodb.ts | 2 +- 5 files changed, 167 insertions(+), 83 deletions(-) diff --git a/packages/@aws-cdk/aws-dynamodb/README.md b/packages/@aws-cdk/aws-dynamodb/README.md index 1b254f0d17e90..2cd974543da38 100644 --- a/packages/@aws-cdk/aws-dynamodb/README.md +++ b/packages/@aws-cdk/aws-dynamodb/README.md @@ -21,16 +21,20 @@ const table = new dynamodb.Table(this, 'Table', { ### Importing existing tables -To import an existing table into your CDK application, use the `Table.fromTableName` or `Table.fromTableArn` +To import an existing table into your CDK application, use the `Table.fromTableName`, `Table.fromTableArn` or `Table.fromTableAttributes` factory method. This method accepts table name or table ARN which describes the properties of an already existing table: ```ts -const table = Table.fromTableArn(this, 'ImportedTable', 'arn:aws:dynamodb:us-east-1:111111111:table/my-table'); +const table = Table.fromTableArn(this, 'ImportedTable', 'arn:aws:dynamodb:us-east-1:111111111:table/my-table'); // now you can just call methods on the table table.grantReadWriteData(user); ``` +If you intend to use the `tableStreamArn` (including indirectly, for example by creating an +`@aws-cdk/aws-lambda-event-source.DynamoEventSource` on the imported table), you *must* use the +`Table.fromTableAttributes` method and the `tableStreamArn` property *must* be populated. + ### Keys When a table is defined, you must define it's schema using the `partitionKey` diff --git a/packages/@aws-cdk/aws-dynamodb/lib/table.ts b/packages/@aws-cdk/aws-dynamodb/lib/table.ts index bfe9d69b5f85b..722faed5f3eb9 100644 --- a/packages/@aws-cdk/aws-dynamodb/lib/table.ts +++ b/packages/@aws-cdk/aws-dynamodb/lib/table.ts @@ -212,6 +212,13 @@ export interface ITable extends IResource { */ readonly tableName: string; + /** + * ARN of the table's stream, if there is one. + * + * @attribute + */ + readonly tableStreamArn?: string; + /** * Permits an IAM principal all data read operations from this table: * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan. @@ -305,7 +312,7 @@ export interface TableAttributes { * The ARN of the dynamodb table. * One of this, or {@link tabeName}, is required. * - * @default no table arn + * @default - no table arn */ readonly tableArn?: string; @@ -313,9 +320,16 @@ export interface TableAttributes { * The table name of the dynamodb table. * One of this, or {@link tabeArn}, is required. * - * @default no table name + * @default - no table name */ readonly tableName?: string; + + /** + * The ARN of the table's stream. + * + * @default - no table stream + */ + readonly tableStreamArn?: string; } abstract class TableBase extends Resource implements ITable { @@ -329,6 +343,11 @@ abstract class TableBase extends Resource implements ITable { */ public abstract readonly tableName: string; + /** + * @attribute + */ + public abstract readonly tableStreamArn?: string; + /** * Adds an IAM policy statement associated with this table to an IAM * principal's policy. @@ -347,6 +366,25 @@ abstract class TableBase extends Resource implements ITable { }); } + /** + * Adds an IAM policy statement associated with this table's stream to an + * IAM principal's policy. + * @param grantee The principal (no-op if undefined) + * @param actions The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...) + */ + public grantStream(grantee: iam.IGrantable, ...actions: string[]): iam.Grant { + if (!this.tableStreamArn) { + throw new Error(`DynamoDB Streams must be enabled on the table ${this.node.path}`); + } + + return iam.Grant.addToPrincipal({ + grantee, + actions, + resourceArns: [this.tableStreamArn], + scope: this, + }); + } + /** * Permits an IAM principal all data read operations from this table: * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan. @@ -359,9 +397,20 @@ abstract class TableBase extends Resource implements ITable { /** * Permits an IAM Principal to list streams attached to current dynamodb table. * - * @param _grantee The principal (no-op if undefined) + * @param grantee The principal (no-op if undefined) */ - public abstract grantTableListStreams(_grantee: iam.IGrantable): iam.Grant; + public grantTableListStreams(grantee: iam.IGrantable): iam.Grant { + if (!this.tableStreamArn) { + throw new Error(`DynamoDB Streams must be enabled on the table ${this.node.path}`); + } + return iam.Grant.addToPrincipal({ + grantee, + actions: ['dynamodb:ListStreams'], + resourceArns: [ + Lazy.stringValue({ produce: () => `${this.tableArn}/stream/*` }) + ], + }); + } /** * Permits an IAM principal all stream data read operations for this @@ -369,7 +418,10 @@ abstract class TableBase extends Resource implements ITable { * DescribeStream, GetRecords, GetShardIterator, ListStreams. * @param grantee The principal to grant access to */ - public abstract grantStreamRead(grantee: iam.IGrantable): iam.Grant; + public grantStreamRead(grantee: iam.IGrantable): iam.Grant { + this.grantTableListStreams(grantee); + return this.grantStream(grantee, ...READ_STREAM_DATA_ACTIONS); + } /** * Permits an IAM principal all data write operations to this table: @@ -521,47 +573,41 @@ export class Table extends TableBase { public readonly tableName: string; public readonly tableArn: string; + public readonly tableStreamArn?: string; - constructor(_scope: Construct, _id: string, _tableArn: string, _tableName: string) { - super(_scope, _id); + constructor(_tableArn: string, tableName: string, tableStreamArn?: string) { + super(scope, id); this.tableArn = _tableArn; - this.tableName = _tableName; + this.tableName = tableName; + this.tableStreamArn = tableStreamArn; } protected get hasIndex(): boolean { return false; } - - public grantTableListStreams(_grantee: iam.IGrantable): iam.Grant { - throw new Error("Method not implemented."); - } - - public grantStreamRead(_grantee: iam.IGrantable): iam.Grant { - throw new Error("Method not implemented."); - } } - let tableName: string; - let tableArn: string; + let name: string; + let arn: string; const stack = Stack.of(scope); if (!attrs.tableName) { if (!attrs.tableArn) { throw new Error('One of tableName or tableArn is required!'); } - tableArn = attrs.tableArn; + arn = attrs.tableArn; const maybeTableName = stack.parseArn(attrs.tableArn).resourceName; if (!maybeTableName) { throw new Error('ARN for DynamoDB table must be in the form: ...'); } - tableName = maybeTableName; + name = maybeTableName; } else { if (attrs.tableArn) { throw new Error("Only one of tableArn or tableName can be provided"); } - tableName = attrs.tableName; - tableArn = stack.formatArn({ + name = attrs.tableName; + arn = stack.formatArn({ service: 'dynamodb', resource: 'table', resourceName: attrs.tableName, }); } - return new Import(scope, id, tableArn, tableName); + return new Import(arn, name, attrs.tableStreamArn); } /** @@ -664,54 +710,6 @@ export class Table extends TableBase { } } - /** - * Adds an IAM policy statement associated with this table's stream to an - * IAM principal's policy. - * @param grantee The principal (no-op if undefined) - * @param actions The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...) - */ - public grantStream(grantee: iam.IGrantable, ...actions: string[]): iam.Grant { - if (!this.tableStreamArn) { - throw new Error(`DynamoDB Streams must be enabled on the table ${this.node.path}`); - } - - return iam.Grant.addToPrincipal({ - grantee, - actions, - resourceArns: [this.tableStreamArn], - scope: this, - }); - } - - /** - * Permits an IAM Principal to list streams attached to current dynamodb table. - * - * @param grantee The principal (no-op if undefined) - */ - public grantTableListStreams(grantee: iam.IGrantable): iam.Grant { - if (!this.tableStreamArn) { - throw new Error(`DynamoDB Streams must be enabled on the table ${this.node.path}`); - } - return iam.Grant.addToPrincipal({ - grantee, - actions: ['dynamodb:ListStreams'], - resourceArns: [ - Lazy.stringValue({ produce: () => `${this.tableArn}/stream/*` }) - ], - }); - } - - /** - * Permits an IAM principal all stream data read operations for this - * table's stream: - * DescribeStream, GetRecords, GetShardIterator, ListStreams. - * @param grantee The principal to grant access to - */ - public grantStreamRead(grantee: iam.IGrantable): iam.Grant { - this.grantTableListStreams(grantee); - return this.grantStream(grantee, ...READ_STREAM_DATA_ACTIONS); - } - /** * Add a global secondary index of table. * @@ -1088,8 +1086,11 @@ export class Table extends TableBase { } export enum AttributeType { + /** Up to 400KiB of binary data (which must be encoded as base64 before sending to DynamoDB) */ BINARY = 'B', + /** Numeric values made of up to 38 digits (positive, negative or zero) */ NUMBER = 'N', + /** Up to 400KiB of UTF-8 encoded text */ STRING = 'S', } @@ -1108,8 +1109,11 @@ export enum BillingMode { } export enum ProjectionType { + /** Only the index and primary keys are projected into the index. */ KEYS_ONLY = 'KEYS_ONLY', + /** Only the specified table attributes are projected into the index. The list of projected attributes is in `nonKeyAttributes`. */ INCLUDE = 'INCLUDE', + /** All of the table attributes are projected into the index. */ ALL = 'ALL' } diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index ad1e6435cd970..5b7aa1f8a659a 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -99,7 +99,6 @@ "awslint": { "exclude": [ "docs-public-apis:@aws-cdk/aws-dynamodb.TableProps", - "docs-public-apis:@aws-cdk/aws-dynamodb.ProjectionType.ALL", "docs-public-apis:@aws-cdk/aws-dynamodb.Table.tableName", "docs-public-apis:@aws-cdk/aws-dynamodb.Table.tableStreamArn", "docs-public-apis:@aws-cdk/aws-dynamodb.Attribute", @@ -109,12 +108,7 @@ "docs-public-apis:@aws-cdk/aws-dynamodb.TableOptions", "docs-public-apis:@aws-cdk/aws-dynamodb.Table.tableArn", "docs-public-apis:@aws-cdk/aws-dynamodb.AttributeType", - "docs-public-apis:@aws-cdk/aws-dynamodb.AttributeType.BINARY", - "docs-public-apis:@aws-cdk/aws-dynamodb.AttributeType.NUMBER", - "docs-public-apis:@aws-cdk/aws-dynamodb.AttributeType.STRING", - "docs-public-apis:@aws-cdk/aws-dynamodb.ProjectionType", - "docs-public-apis:@aws-cdk/aws-dynamodb.ProjectionType.KEYS_ONLY", - "docs-public-apis:@aws-cdk/aws-dynamodb.ProjectionType.INCLUDE" + "docs-public-apis:@aws-cdk/aws-dynamodb.ProjectionType" ] } } diff --git a/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts b/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts index dd4fc1c30d54d..83d3709d1e9a7 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts +++ b/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts @@ -1461,7 +1461,7 @@ export = { test.done(); }, - 'static import(ref) allows importing an external/existing table from arn'(test: Test) { + 'static fromTableArn(arn) allows importing an external/existing table from arn'(test: Test) { const stack = new Stack(); const tableArn = 'arn:aws:dynamodb:us-east-1:11111111:table/MyTable'; @@ -1502,7 +1502,7 @@ export = { test.deepEqual(stack.resolve(table.tableName), 'MyTable'); test.done(); }, - 'static import(ref) allows importing an external/existing table from table name'(test: Test) { + 'static fromTableName(name) allows importing an external/existing table from table name'(test: Test) { const stack = new Stack(); const tableName = 'MyTable'; @@ -1568,6 +1568,88 @@ export = { test.deepEqual(stack.resolve(table.tableName), tableName); test.done(); }, + 'stream permissions on imported tables': { + 'throw if no tableStreamArn is specified'(test: Test) { + const stack = new Stack(); + + const tableName = 'MyTable'; + const table = Table.fromTableAttributes(stack, 'ImportedTable', { tableName }); + + const role = new iam.Role(stack, 'NewRole', { + assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'), + }); + + test.throws(() => table.grantTableListStreams(role), /DynamoDB Streams must be enabled on the table/); + test.throws(() => table.grantStreamRead(role), /DynamoDB Streams must be enabled on the table/); + + test.done(); + }, + + 'creates the correct list streams grant'(test: Test) { + const stack = new Stack(); + + const tableName = 'MyTable'; + const tableStreamArn = 'arn:foo:bar:baz:TrustMeThisIsATableStream'; + const table = Table.fromTableAttributes(stack, 'ImportedTable', { tableName, tableStreamArn }); + + const role = new iam.Role(stack, 'NewRole', { + assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'), + }); + + test.notEqual(table.grantTableListStreams(role), null); + + expect(stack).to(haveResource('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: "dynamodb:ListStreams", + Effect: 'Allow', + Resource: stack.resolve(`${table.tableArn}/stream/*`), + }, + ], + Version: '2012-10-17' + }, + Roles: [stack.resolve(role.roleName)] + })); + + test.done(); + }, + + 'creates the correct stream read grant'(test: Test) { + const stack = new Stack(); + + const tableName = 'MyTable'; + const tableStreamArn = 'arn:foo:bar:baz:TrustMeThisIsATableStream'; + const table = Table.fromTableAttributes(stack, 'ImportedTable', { tableName, tableStreamArn }); + + const role = new iam.Role(stack, 'NewRole', { + assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'), + }); + + test.notEqual(table.grantStreamRead(role), null); + + expect(stack).to(haveResource('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: "dynamodb:ListStreams", + Effect: 'Allow', + Resource: stack.resolve(`${table.tableArn}/stream/*`), + }, + { + Action: ['dynamodb:DescribeStream', 'dynamodb:GetRecords', 'dynamodb:GetShardIterator'], + Effect: 'Allow', + Resource: tableStreamArn, + } + ], + Version: '2012-10-17' + }, + Roles: [stack.resolve(role.roleName)] + })); + + test.done(); + }, + } }, 'global': { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/lib/dynamodb.ts b/packages/@aws-cdk/aws-lambda-event-sources/lib/dynamodb.ts index 9e520a6edd5f7..d5bad30634d2e 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/lib/dynamodb.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/lib/dynamodb.ts @@ -11,7 +11,7 @@ export interface DynamoEventSourceProps extends StreamEventSourceProps { export class DynamoEventSource extends StreamEventSource { private _eventSourceMappingId?: string = undefined; - constructor(private readonly table: dynamodb.Table, props: DynamoEventSourceProps) { + constructor(private readonly table: dynamodb.ITable, props: DynamoEventSourceProps) { super(props); if (this.props.batchSize !== undefined && (this.props.batchSize < 1 || this.props.batchSize > 1000)) { From 20f792086147e64d6ddbafab75409f729798d0b2 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2020 16:54:52 +0000 Subject: [PATCH 25/42] chore(deps): bump aws-sdk from 2.634.0 to 2.635.0 (#6637) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.634.0 to 2.635.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.634.0...v2.635.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-cloudfront/package.json | 2 +- packages/@aws-cdk/aws-cloudtrail/package.json | 2 +- packages/@aws-cdk/aws-codebuild/package.json | 2 +- packages/@aws-cdk/aws-codecommit/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-route53/package.json | 2 +- packages/@aws-cdk/aws-sqs/package.json | 2 +- packages/@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- yarn.lock | 8 ++++---- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/package.json b/packages/@aws-cdk/aws-cloudfront/package.json index 9d5e62c7f4194..70218a50ac1df 100644 --- a/packages/@aws-cdk/aws-cloudfront/package.json +++ b/packages/@aws-cdk/aws-cloudfront/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-cloudtrail/package.json b/packages/@aws-cdk/aws-cloudtrail/package.json index 8dc324a789c65..3cf4b2a9296cb 100644 --- a/packages/@aws-cdk/aws-cloudtrail/package.json +++ b/packages/@aws-cdk/aws-cloudtrail/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index 9cc6a90e66e13..eee5e6a8e56bf 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -70,7 +70,7 @@ "@aws-cdk/aws-sns": "0.0.0", "@aws-cdk/aws-sqs": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codecommit/package.json b/packages/@aws-cdk/aws-codecommit/package.json index 15a8ed670e9f4..093cdb8a20122 100644 --- a/packages/@aws-cdk/aws-codecommit/package.json +++ b/packages/@aws-cdk/aws-codecommit/package.json @@ -70,7 +70,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 5b7aa1f8a659a..5327856a37b1f 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index 97de559591bd2..6f11bc5f0f023 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index 5b6de1712e8fe..67a9e5c41fa2b 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -86,7 +86,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index 33cbac5981a42..be11ff4589fad 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -71,7 +71,7 @@ "@types/lodash": "^4.14.149", "@types/nodeunit": "^0.0.30", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-route53/package.json b/packages/@aws-cdk/aws-route53/package.json index cc500cdb9e753..d394b624f2853 100644 --- a/packages/@aws-cdk/aws-route53/package.json +++ b/packages/@aws-cdk/aws-route53/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-sqs/package.json b/packages/@aws-cdk/aws-sqs/package.json index 31ae40fb2b228..8bbff37c8e7b2 100644 --- a/packages/@aws-cdk/aws-sqs/package.json +++ b/packages/@aws-cdk/aws-sqs/package.json @@ -65,7 +65,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index 73a998d65fbb1..f032541ed9468 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -73,7 +73,7 @@ "@types/aws-lambda": "^8.10.39", "@types/fs-extra": "^8.1.0", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index ed766c3a1d29a..5a247e4778627 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -71,7 +71,7 @@ "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "camelcase": "^5.3.1", "colors": "^1.4.0", "decamelize": "^4.0.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index b54cf14a47292..354cdd165f40f 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -42,7 +42,7 @@ "dependencies": { "@aws-cdk/cdk-assets-schema": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.634.0", + "aws-sdk": "^2.635.0", "glob": "^7.1.6", "yargs": "^15.3.0" }, diff --git a/yarn.lock b/yarn.lock index 5c681195fe3aa..18377bed08b18 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2639,10 +2639,10 @@ aws-sdk-mock@^5.0.0: sinon "^8.0.1" traverse "^0.6.6" -aws-sdk@^2.596.0, aws-sdk@^2.634.0: - version "2.634.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.634.0.tgz#95077c191107b9cb696e922b06e79949dcd13434" - integrity sha512-cZfRD7bcKBHOLoHUJuqB9xaLs/z1/xsc9zfGLIzyuxKLJa7Z0pxy8Y/0GrhWO98yXLBvLLET7btj2iDI2oWWhQ== +aws-sdk@^2.596.0, aws-sdk@^2.635.0: + version "2.635.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.635.0.tgz#a440e465ad44e5a982680acd3bf0747eef9f7818" + integrity sha512-NlKqMB4HqMqSutY6YmPzQVa+mMhqo0655hYYl8G2zkUvrYy+YxDitvwDEUkSsNKVFkEvmHtZggFCgVYIUu/sXg== dependencies: buffer "4.9.1" events "1.1.1" From 3b370d78bea54fc66eddfa5daf1514f7bea97894 Mon Sep 17 00:00:00 2001 From: Elad Ben-Israel Date: Mon, 9 Mar 2020 19:43:11 +0200 Subject: [PATCH 26/42] chore(eks): consolidate integ tests (#6636) chore(eks): consolidate integ tests (#6636) Since creating a VPC and an EKS cluster takes about ~30 minutes and integration tests had to be executed for any change in one of the resource providers' code, the EKS integration tests became a major barrier for contributions and evolution of the EKS module. Pragmatically, this change consolidates all "kubectl-enabled" tests into a single integration test which exercises all the relevant features. This is not perfect, but at least will allow us to evolve. --- packages/@aws-cdk/aws-eks/README.md | 2 - .../test/integ.eks-cluster.defaults.ts | 24 - ...d.json => integ.eks-cluster.expected.json} | 733 ++++++-- .../integ.eks-cluster.kubectl-disabled.ts | 2 - .../test/integ.eks-cluster.lit.expected.json | 1377 --------------- .../aws-eks/test/integ.eks-cluster.lit.ts | 32 - .../aws-eks/test/integ.eks-cluster.ts | 65 + .../test/integ.eks-fargate.expected.json | 1249 -------------- .../aws-eks/test/integ.eks-fargate.ts | 38 - .../test/integ.eks-helm.lit.expected.json | 1329 -------------- .../aws-eks/test/integ.eks-helm.lit.ts | 54 - .../test/integ.eks-kubectl.lit.expected.json | 1298 -------------- .../aws-eks/test/integ.eks-kubectl.lit.ts | 53 - .../aws-eks/test/integ.eks-spot.expected.json | 1522 ----------------- .../@aws-cdk/aws-eks/test/integ.eks-spot.ts | 33 - 15 files changed, 700 insertions(+), 7111 deletions(-) delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.ts rename packages/@aws-cdk/aws-eks/test/{integ.eks-cluster.defaults.expected.json => integ.eks-cluster.expected.json} (57%) delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.ts create mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-fargate.ts delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.ts delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.ts delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json delete mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-spot.ts diff --git a/packages/@aws-cdk/aws-eks/README.md b/packages/@aws-cdk/aws-eks/README.md index 0369f13137416..346642a2e55a9 100644 --- a/packages/@aws-cdk/aws-eks/README.md +++ b/packages/@aws-cdk/aws-eks/README.md @@ -47,8 +47,6 @@ cluster.addResource('mypod', { }); ``` -Here is a [complete sample](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-eks/test/integ.eks-kubectl.lit.ts). - ### Capacity By default, `eks.Cluster` is created with x2 `m5.large` instances. diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.ts deleted file mode 100644 index ac10abda4a41a..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.ts +++ /dev/null @@ -1,24 +0,0 @@ -import { App, CfnOutput } from '@aws-cdk/core'; -import * as eks from '../lib'; -import { TestStack } from './util'; - -class EksClusterStack extends TestStack { - constructor(scope: App, id: string) { - super(scope, id); - - const cluster = new eks.Cluster(this, 'Cluster'); - - new CfnOutput(this, 'ClusterEndpoint', { value: cluster.clusterEndpoint }); - new CfnOutput(this, 'ClusterArn', { value: cluster.clusterArn }); - new CfnOutput(this, 'ClusterCertificateAuthorityData', { value: cluster.clusterCertificateAuthorityData }); - new CfnOutput(this, 'ClusterName', { value: cluster.clusterName }); - } -} - -const app = new App(); - -// since the EKS optimized AMI is hard-coded here based on the region, -// we need to actually pass in a specific region. -new EksClusterStack(app, 'eks-integ-defaults-2'); - -app.synth(); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json similarity index 57% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 787f452e4041f..0960d52117a47 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -1,5 +1,33 @@ { "Resources": { + "AdminRole38563C57": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, "ClusterDefaultVpcFA9F2722": { "Type": "AWS::EC2::VPC", "Properties": { @@ -10,7 +38,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc" } ] } @@ -27,7 +55,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet1" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet1" }, { "Key": "aws-cdk:subnet-name", @@ -53,7 +81,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet1" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet1" }, { "Key": "kubernetes.io/role/elb", @@ -95,7 +123,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet1" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet1" }, { "Key": "kubernetes.io/role/elb", @@ -119,7 +147,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet1" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet1" }, { "Key": "kubernetes.io/role/elb", @@ -140,7 +168,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet2" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet2" }, { "Key": "aws-cdk:subnet-name", @@ -166,7 +194,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet2" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet2" }, { "Key": "kubernetes.io/role/elb", @@ -208,7 +236,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet2" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet2" }, { "Key": "kubernetes.io/role/elb", @@ -232,7 +260,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet2" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet2" }, { "Key": "kubernetes.io/role/elb", @@ -253,7 +281,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet3" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet3" }, { "Key": "aws-cdk:subnet-name", @@ -279,7 +307,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet3" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet3" }, { "Key": "kubernetes.io/role/elb", @@ -321,7 +349,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet3" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet3" }, { "Key": "kubernetes.io/role/elb", @@ -345,7 +373,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PublicSubnet3" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PublicSubnet3" }, { "Key": "kubernetes.io/role/elb", @@ -366,7 +394,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PrivateSubnet1" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PrivateSubnet1" }, { "Key": "aws-cdk:subnet-name", @@ -392,7 +420,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PrivateSubnet1" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PrivateSubnet1" }, { "Key": "kubernetes.io/role/internal-elb", @@ -436,7 +464,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PrivateSubnet2" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PrivateSubnet2" }, { "Key": "aws-cdk:subnet-name", @@ -462,7 +490,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PrivateSubnet2" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PrivateSubnet2" }, { "Key": "kubernetes.io/role/internal-elb", @@ -506,7 +534,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PrivateSubnet3" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PrivateSubnet3" }, { "Key": "aws-cdk:subnet-name", @@ -532,7 +560,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc/PrivateSubnet3" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc/PrivateSubnet3" }, { "Key": "kubernetes.io/role/internal-elb", @@ -570,7 +598,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultVpc" + "Value": "aws-cdk-eks-cluster-test/Cluster/DefaultVpc" } ] } @@ -645,11 +673,32 @@ } } }, - "ClusterControlPlaneSecurityGroupfromeksintegdefaults2ClusterDefaultCapacityInstanceSecurityGroupF57DD9BE443C12103E7": { + "ClusterControlPlaneSecurityGroupfromawscdkeksclustertestClusterNodesInstanceSecurityGroupD0B64C54443795AF111": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclustertestClusterNodesInstanceSecurityGroupD0B64C54:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterNodesInstanceSecurityGroup899246BD", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "ClusterControlPlaneSecurityGroupfromawscdkeksclustertestClusterspotInstanceSecurityGroupF50F5D474431DE5485F": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", - "Description": "from eksintegdefaults2ClusterDefaultCapacityInstanceSecurityGroupF57DD9BE:443", + "Description": "from awscdkeksclustertestClusterspotInstanceSecurityGroupF50F5D47:443", "FromPort": 443, "GroupId": { "Fn::GetAtt": [ @@ -659,7 +708,7 @@ }, "SourceSecurityGroupId": { "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48", + "ClusterspotInstanceSecurityGroup01F7B1CE", "GroupId" ] }, @@ -679,13 +728,13 @@ { "Fn::GetAtt": [ "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.eksintegdefaults2awscdkawseksClusterResourceProviderOnEventHandlerServiceRoleFABA4092Arn" + "Outputs.awscdkeksclustertestawscdkawseksClusterResourceProviderOnEventHandlerServiceRole5B783C71Arn" ] }, { "Fn::GetAtt": [ "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.eksintegdefaults2awscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole3A491B05Arn" + "Outputs.awscdkeksclustertestawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole970DAC30Arn" ] } ] @@ -698,7 +747,7 @@ "AWS": { "Fn::GetAtt": [ "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.eksintegdefaults2awscdkawseksKubectlProviderHandlerServiceRoleDC956DD6Arn" + "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderHandlerServiceRoleA9A610CBArn" ] } } @@ -775,7 +824,7 @@ "ServiceToken": { "Fn::GetAtt": [ "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.eksintegdefaults2awscdkawseksClusterResourceProviderframeworkonEvent08F2BEB1Arn" + "Outputs.awscdkeksclustertestawscdkawseksClusterResourceProviderframeworkonEvent503C1667Arn" ] }, "Config": { @@ -830,10 +879,134 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48": { + "ClusterAwsAuthmanifestFE51F8AE": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterNodesInstanceRoleC3C01328", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterspotInstanceRole39043830", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterfargateprofiledefaultPodExecutionRole09952CFF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks-fargate-pods.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy" + ] + ] + } + ] + } + }, + "ClusterfargateprofiledefaultEFC59F14": { + "Type": "Custom::AWSCDK-EKS-FargateProfile", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.awscdkeksclustertestawscdkawseksClusterResourceProviderframeworkonEvent503C1667Arn" + ] + }, + "AssumeRoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Config": { + "clusterName": { + "Ref": "Cluster9EE0221C" + }, + "podExecutionRoleArn": { + "Fn::GetAtt": [ + "ClusterfargateprofiledefaultPodExecutionRole09952CFF", + "Arn" + ] + }, + "selectors": [ + { + "namespace": "default" + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterNodesInstanceSecurityGroup899246BD": { "Type": "AWS::EC2::SecurityGroup", "Properties": { - "GroupDescription": "eks-integ-defaults-2/Cluster/DefaultCapacity/InstanceSecurityGroup", + "GroupDescription": "aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -844,7 +1017,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultCapacity" + "Value": "aws-cdk-eks-cluster-test/Cluster/Nodes" }, { "Key": { @@ -866,34 +1039,34 @@ } } }, - "ClusterDefaultCapacityInstanceSecurityGroupfromeksintegdefaults2ClusterDefaultCapacityInstanceSecurityGroupF57DD9BEALLTRAFFIC38BFC934": { + "ClusterNodesInstanceSecurityGroupfromawscdkeksclustertestClusterNodesInstanceSecurityGroupD0B64C54ALLTRAFFICBC5FBE2E": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "-1", - "Description": "from eksintegdefaults2ClusterDefaultCapacityInstanceSecurityGroupF57DD9BE:ALL TRAFFIC", + "Description": "from awscdkeksclustertestClusterNodesInstanceSecurityGroupD0B64C54:ALL TRAFFIC", "GroupId": { "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48", + "ClusterNodesInstanceSecurityGroup899246BD", "GroupId" ] }, "SourceSecurityGroupId": { "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48", + "ClusterNodesInstanceSecurityGroup899246BD", "GroupId" ] } } }, - "ClusterDefaultCapacityInstanceSecurityGroupfromeksintegdefaults2ClusterControlPlaneSecurityGroup11B762614438EAFCC4C": { + "ClusterNodesInstanceSecurityGroupfromawscdkeksclustertestClusterControlPlaneSecurityGroup2F130134443AE10EB12": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", - "Description": "from eksintegdefaults2ClusterControlPlaneSecurityGroup11B76261:443", + "Description": "from awscdkeksclustertestClusterControlPlaneSecurityGroup2F130134:443", "FromPort": 443, "GroupId": { "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48", + "ClusterNodesInstanceSecurityGroup899246BD", "GroupId" ] }, @@ -906,15 +1079,15 @@ "ToPort": 443 } }, - "ClusterDefaultCapacityInstanceSecurityGroupfromeksintegdefaults2ClusterControlPlaneSecurityGroup11B76261102565535AFFD2324": { + "ClusterNodesInstanceSecurityGroupfromawscdkeksclustertestClusterControlPlaneSecurityGroup2F1301341025655359F401D0D": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "IpProtocol": "tcp", - "Description": "from eksintegdefaults2ClusterControlPlaneSecurityGroup11B76261:1025-65535", + "Description": "from awscdkeksclustertestClusterControlPlaneSecurityGroup2F130134:1025-65535", "FromPort": 1025, "GroupId": { "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48", + "ClusterNodesInstanceSecurityGroup899246BD", "GroupId" ] }, @@ -927,7 +1100,7 @@ "ToPort": 65535 } }, - "ClusterDefaultCapacityInstanceRole3E209969": { + "ClusterNodesInstanceRoleC3C01328": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -993,7 +1166,7 @@ "Tags": [ { "Key": "Name", - "Value": "eks-integ-defaults-2/Cluster/DefaultCapacity" + "Value": "aws-cdk-eks-cluster-test/Cluster/Nodes" }, { "Key": { @@ -1012,30 +1185,30 @@ ] } }, - "ClusterDefaultCapacityInstanceProfile70387741": { + "ClusterNodesInstanceProfileF2DD0E21": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Roles": [ { - "Ref": "ClusterDefaultCapacityInstanceRole3E209969" + "Ref": "ClusterNodesInstanceRoleC3C01328" } ] } }, - "ClusterDefaultCapacityLaunchConfig72790CF7": { + "ClusterNodesLaunchConfig7C420A27": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "ImageId": { "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" }, - "InstanceType": "m5.large", + "InstanceType": "t2.medium", "IamInstanceProfile": { - "Ref": "ClusterDefaultCapacityInstanceProfile70387741" + "Ref": "ClusterNodesInstanceProfileF2DD0E21" }, "SecurityGroups": [ { "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceSecurityGroup8FDF4D48", + "ClusterNodesInstanceSecurityGroup899246BD", "GroupId" ] } @@ -1049,29 +1222,29 @@ { "Ref": "Cluster9EE0221C" }, - " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack eks-integ-defaults-2 --resource ClusterDefaultCapacityASG00CC9431 --region test-region" + " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack aws-cdk-eks-cluster-test --resource ClusterNodesASGF172BD19 --region test-region" ] ] } } }, "DependsOn": [ - "ClusterDefaultCapacityInstanceRole3E209969" + "ClusterNodesInstanceRoleC3C01328" ] }, - "ClusterDefaultCapacityASG00CC9431": { + "ClusterNodesASGF172BD19": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { - "MaxSize": "2", - "MinSize": "2", + "MaxSize": "3", + "MinSize": "3", "LaunchConfigurationName": { - "Ref": "ClusterDefaultCapacityLaunchConfig72790CF7" + "Ref": "ClusterNodesLaunchConfig7C420A27" }, "Tags": [ { "Key": "Name", "PropagateAtLaunch": true, - "Value": "eks-integ-defaults-2/Cluster/DefaultCapacity" + "Value": "aws-cdk-eks-cluster-test/Cluster/Nodes" }, { "Key": { @@ -1118,30 +1291,328 @@ } } }, - "ClusterAwsAuthmanifestFE51F8AE": { + "ClusterspotInstanceSecurityGroup01F7B1CE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-test/Cluster/spot" + }, + { + "Key": { + "Fn::Join": [ + "", + [ + "kubernetes.io/cluster/", + { + "Ref": "Cluster9EE0221C" + } + ] + ] + }, + "Value": "owned" + } + ], + "VpcId": { + "Ref": "ClusterDefaultVpcFA9F2722" + } + } + }, + "ClusterspotInstanceSecurityGroupfromawscdkeksclustertestClusterspotInstanceSecurityGroupF50F5D47ALLTRAFFIC2B1A12D9": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "-1", + "Description": "from awscdkeksclustertestClusterspotInstanceSecurityGroupF50F5D47:ALL TRAFFIC", + "GroupId": { + "Fn::GetAtt": [ + "ClusterspotInstanceSecurityGroup01F7B1CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterspotInstanceSecurityGroup01F7B1CE", + "GroupId" + ] + } + } + }, + "ClusterspotInstanceSecurityGroupfromawscdkeksclustertestClusterControlPlaneSecurityGroup2F1301344430650F325": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclustertestClusterControlPlaneSecurityGroup2F130134:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "ClusterspotInstanceSecurityGroup01F7B1CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "ClusterspotInstanceSecurityGroupfromawscdkeksclustertestClusterControlPlaneSecurityGroup2F130134102565535C7203235": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclustertestClusterControlPlaneSecurityGroup2F130134:1025-65535", + "FromPort": 1025, + "GroupId": { + "Fn::GetAtt": [ + "ClusterspotInstanceSecurityGroup01F7B1CE", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "ClusterspotInstanceRole39043830": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-test/Cluster/spot" + }, + { + "Key": { + "Fn::Join": [ + "", + [ + "kubernetes.io/cluster/", + { + "Ref": "Cluster9EE0221C" + } + ] + ] + }, + "Value": "owned" + } + ] + } + }, + "ClusterspotInstanceProfileAB88D077": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ClusterspotInstanceRole39043830" + } + ] + } + }, + "ClusterspotLaunchConfigCC19F2E6": { + "Type": "AWS::AutoScaling::LaunchConfiguration", + "Properties": { + "ImageId": { + "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.large", + "IamInstanceProfile": { + "Ref": "ClusterspotInstanceProfileAB88D077" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "ClusterspotInstanceSecurityGroup01F7B1CE", + "GroupId" + ] + } + ], + "SpotPrice": "0.1094", + "UserData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", + { + "Ref": "Cluster9EE0221C" + }, + " --kubelet-extra-args \"--node-labels lifecycle=Ec2Spot --register-with-taints=spotInstance=true:PreferNoSchedule --node-labels foo=bar,goo=far\" --use-max-pods true --aws-api-retry-attempts 5\n/opt/aws/bin/cfn-signal --exit-code $? --stack aws-cdk-eks-cluster-test --resource ClusterspotASG857494B6 --region test-region" + ] + ] + } + } + }, + "DependsOn": [ + "ClusterspotInstanceRole39043830" + ] + }, + "ClusterspotASG857494B6": { + "Type": "AWS::AutoScaling::AutoScalingGroup", + "Properties": { + "MaxSize": "10", + "MinSize": "1", + "LaunchConfigurationName": { + "Ref": "ClusterspotLaunchConfigCC19F2E6" + }, + "Tags": [ + { + "Key": "Name", + "PropagateAtLaunch": true, + "Value": "aws-cdk-eks-cluster-test/Cluster/spot" + }, + { + "Key": { + "Fn::Join": [ + "", + [ + "kubernetes.io/cluster/", + { + "Ref": "Cluster9EE0221C" + } + ] + ] + }, + "PropagateAtLaunch": true, + "Value": "owned" + } + ], + "VPCZoneIdentifier": [ + { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409" + }, + { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7" + }, + { + "Ref": "ClusterDefaultVpcPrivateSubnet3SubnetB64BC839" + } + ] + }, + "UpdatePolicy": { + "AutoScalingRollingUpdate": { + "WaitOnResourceSignals": false, + "PauseTime": "PT0S", + "SuspendProcesses": [ + "HealthCheck", + "ReplaceUnhealthy", + "AZRebalance", + "AlarmNotification", + "ScheduledActions" + ] + }, + "AutoScalingScheduledAction": { + "IgnoreUnmodifiedGroupSizeProperties": true + } + } + }, + "ClustermanifestspotinterrupthandlerFB832DCE": { "Type": "Custom::AWSCDK-EKS-KubernetesResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.eksintegdefaults2awscdkawseksKubectlProviderframeworkonEvent58F1426BArn" + "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" ] }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "ClusterDefaultCapacityInstanceRole3E209969", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] + "Manifest": "[{\"kind\":\"ClusterRole\",\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"metadata\":{\"name\":\"node-termination-handler\",\"namespace\":\"default\"},\"rules\":[{\"apiGroups\":[\"apps\"],\"resources\":[\"daemonsets\"],\"verbs\":[\"get\",\"delete\"]},{\"apiGroups\":[\"\"],\"resources\":[\"*\"],\"verbs\":[\"*\"]},{\"apiGroups\":[\"rbac.authorization.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"*\"]},{\"apiGroups\":[\"apiextensions.k8s.io\"],\"resources\":[\"customresourcedefinitions\"],\"verbs\":[\"get\",\"list\",\"watch\",\"create\",\"delete\"]}]},{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"node-termination-handler\"}},{\"kind\":\"ClusterRoleBinding\",\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"metadata\":{\"name\":\"node-termination-handler\",\"namespace\":\"default\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"node-termination-handler\",\"namespace\":\"default\"}],\"roleRef\":{\"kind\":\"ClusterRole\",\"name\":\"node-termination-handler\",\"apiGroup\":\"rbac.authorization.k8s.io\"}},{\"apiVersion\":\"apps/v1beta2\",\"kind\":\"DaemonSet\",\"metadata\":{\"name\":\"node-termination-handler\",\"namespace\":\"default\"},\"spec\":{\"selector\":{\"matchLabels\":{\"app\":\"node-termination-handler\"}},\"template\":{\"metadata\":{\"labels\":{\"app\":\"node-termination-handler\"}},\"spec\":{\"serviceAccountName\":\"node-termination-handler\",\"containers\":[{\"name\":\"node-termination-handler\",\"image\":\"amazon/aws-node-termination-handler:v1.0.0\",\"imagePullPolicy\":\"Always\",\"env\":[{\"name\":\"NODE_NAME\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"spec.nodeName\"}}},{\"name\":\"POD_NAME\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"metadata.name\"}}},{\"name\":\"NAMESPACE\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"metadata.namespace\"}}},{\"name\":\"SPOT_POD_IP\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"status.podIP\"}}}],\"resources\":{\"requests\":{\"memory\":\"64Mi\",\"cpu\":\"50m\"},\"limits\":{\"memory\":\"128Mi\",\"cpu\":\"100m\"}}}],\"nodeSelector\":{\"lifecycle\":\"Ec2Spot\"}}}}}]", + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClustermanifestHelloApp078A45D8": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" ] }, + "Manifest": "[{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"hello-kubernetes\"},\"spec\":{\"type\":\"LoadBalancer\",\"ports\":[{\"port\":80,\"targetPort\":8080}],\"selector\":{\"app\":\"hello-kubernetes\"}}},{\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"name\":\"hello-kubernetes\"},\"spec\":{\"replicas\":1,\"selector\":{\"matchLabels\":{\"app\":\"hello-kubernetes\"}},\"template\":{\"metadata\":{\"labels\":{\"app\":\"hello-kubernetes\"}},\"spec\":{\"containers\":[{\"name\":\"hello-kubernetes\",\"image\":\"paulbouwer/hello-kubernetes:1.5\",\"ports\":[{\"containerPort\":8080}]}]}}}}]", "ClusterName": { "Ref": "Cluster9EE0221C" }, @@ -1155,6 +1626,60 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "Clusterchartdashboard4AA45F3F": { + "Type": "Custom::AWSCDK-EKS-HelmChart", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Release": "awscdkeksclustertestclusterchartdashboard1f3d83fe", + "Chart": "kubernetes-dashboard", + "Wait": false, + "Namespace": "default", + "Repository": "https://kubernetes-charts.storage.googleapis.com" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Clusterchartnginxingress1193EC3F": { + "Type": "Custom::AWSCDK-EKS-HelmChart", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Release": "awscdkeksclustertestclusterchartnginxingressa7f70129", + "Chart": "nginx-ingress", + "Wait": false, + "Namespace": "kube-system", + "Repository": "https://helm.nginx.com/stable" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { "Type": "AWS::CloudFormation::Stack", "Properties": { @@ -1168,7 +1693,7 @@ }, "/", { - "Ref": "AssetParameters37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0S3Bucket937729F1" + "Ref": "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0S3BucketEF51ACE0" }, "/", { @@ -1178,7 +1703,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0S3VersionKeyB0E727C3" + "Ref": "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0S3VersionKey942A5054" } ] } @@ -1191,7 +1716,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0S3VersionKeyB0E727C3" + "Ref": "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0S3VersionKey942A5054" } ] } @@ -1201,16 +1726,16 @@ ] }, "Parameters": { - "referencetoeksintegdefaults2AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB45011B6Ref": { + "referencetoawscdkeksclustertestAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketC817AB9CRef": { "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7" }, - "referencetoeksintegdefaults2AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey98942C4DRef": { + "referencetoawscdkeksclustertestAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey0EB1A4B6Ref": { "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E" }, - "referencetoeksintegdefaults2AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketA568AD22Ref": { + "referencetoawscdkeksclustertestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket24E1CF9DRef": { "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" }, - "referencetoeksintegdefaults2AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1F44662CRef": { + "referencetoawscdkeksclustertestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKeyD2CCFEDERef": { "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" } } @@ -1229,7 +1754,7 @@ }, "/", { - "Ref": "AssetParameters4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428eS3Bucket3E4D83F8" + "Ref": "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3BucketA606F9D6" }, "/", { @@ -1239,7 +1764,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428eS3VersionKeyD7B81F18" + "Ref": "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3VersionKeyFE7BFE80" } ] } @@ -1252,7 +1777,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428eS3VersionKeyD7B81F18" + "Ref": "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3VersionKeyFE7BFE80" } ] } @@ -1262,16 +1787,16 @@ ] }, "Parameters": { - "referencetoeksintegdefaults2AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket71C019FBRef": { + "referencetoawscdkeksclustertestAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket6D4B3C92Ref": { "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" }, - "referencetoeksintegdefaults2AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyFA4A205ERef": { + "referencetoawscdkeksclustertestAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKey1728B833Ref": { "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" }, - "referencetoeksintegdefaults2AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketA568AD22Ref": { + "referencetoawscdkeksclustertestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket24E1CF9DRef": { "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" }, - "referencetoeksintegdefaults2AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1F44662CRef": { + "referencetoawscdkeksclustertestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKeyD2CCFEDERef": { "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" } } @@ -1288,7 +1813,13 @@ { "Ref": "Cluster9EE0221C" }, - " --region test-region" + " --region test-region --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } ] ] } @@ -1302,7 +1833,13 @@ { "Ref": "Cluster9EE0221C" }, - " --region test-region" + " --region test-region --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } ] ] } @@ -1374,29 +1911,29 @@ "Type": "String", "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" }, - "AssetParameters4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428eS3Bucket3E4D83F8": { + "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3BucketA606F9D6": { "Type": "String", - "Description": "S3 bucket for asset \"4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428e\"" + "Description": "S3 bucket for asset \"1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03e\"" }, - "AssetParameters4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428eS3VersionKeyD7B81F18": { + "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3VersionKeyFE7BFE80": { "Type": "String", - "Description": "S3 key for asset version \"4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428e\"" + "Description": "S3 key for asset version \"1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03e\"" }, - "AssetParameters4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428eArtifactHash2AB482BA": { + "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eArtifactHashFB2BBA58": { "Type": "String", - "Description": "Artifact hash for asset \"4dd58c778ce9bf0be6031537b4555ac9cbdd628b5770b5ec68016ff16b44428e\"" + "Description": "Artifact hash for asset \"1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03e\"" }, - "AssetParameters37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0S3Bucket937729F1": { + "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0S3BucketEF51ACE0": { "Type": "String", - "Description": "S3 bucket for asset \"37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0\"" + "Description": "S3 bucket for asset \"6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0\"" }, - "AssetParameters37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0S3VersionKeyB0E727C3": { + "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0S3VersionKey942A5054": { "Type": "String", - "Description": "S3 key for asset version \"37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0\"" + "Description": "S3 key for asset version \"6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0\"" }, - "AssetParameters37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0ArtifactHash6377B7AB": { + "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0ArtifactHash681AB1F7": { "Type": "String", - "Description": "Artifact hash for asset \"37fd1d0168a2cf8132ed8641e24d6f11ab85da83ad379a7b71f4bc87e6eccfb0\"" + "Description": "Artifact hash for asset \"6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0\"" }, "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.kubectl-disabled.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.kubectl-disabled.ts index cffa45e2fb4ee..e1a25dd64185a 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.kubectl-disabled.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.kubectl-disabled.ts @@ -7,7 +7,6 @@ class EksClusterStack extends TestStack { constructor(scope: cdk.App, id: string) { super(scope, id); - /// !show const vpc = new ec2.Vpc(this, 'VPC'); const cluster = new eks.Cluster(this, 'EKSCluster', { @@ -20,7 +19,6 @@ class EksClusterStack extends TestStack { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 1, // Raise this number to add more nodes }); - /// !hide } } diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json deleted file mode 100644 index 9e5d4761b2b56..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json +++ /dev/null @@ -1,1377 +0,0 @@ -{ - "Resources": { - "VPCB9E5F0B4": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC" - } - ] - } - }, - "VPCPublicSubnet1SubnetB4246D30": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet1RouteTableFEE4B781": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet1RouteTableAssociation0B0896DC": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - } - } - }, - "VPCPublicSubnet1DefaultRoute91CEF279": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VPCIGWB7E252D3" - } - }, - "DependsOn": [ - "VPCVPCGW99B986DC" - ] - }, - "VPCPublicSubnet1EIP6AD938E8": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet1NATGatewayE0556630": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "VPCPublicSubnet1EIP6AD938E8", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet2Subnet74179F39": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.32.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet2RouteTable6F1A15F1": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet2RouteTableAssociation5A808732": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - } - } - }, - "VPCPublicSubnet2DefaultRouteB7481BBA": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VPCIGWB7E252D3" - } - }, - "DependsOn": [ - "VPCVPCGW99B986DC" - ] - }, - "VPCPublicSubnet2EIP4947BC00": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet2NATGateway3C070193": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "VPCPublicSubnet2EIP4947BC00", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet3Subnet631C5E25": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": "test-region-1c", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet3" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet3RouteTable98AE0E14": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet3" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet3RouteTableAssociation427FE0C6": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet3RouteTable98AE0E14" - }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - } - } - }, - "VPCPublicSubnet3DefaultRouteA0D29D46": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet3RouteTable98AE0E14" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VPCIGWB7E252D3" - } - }, - "DependsOn": [ - "VPCVPCGW99B986DC" - ] - }, - "VPCPublicSubnet3EIPAD4BC883": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet3" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPublicSubnet3NATGatewayD3048F5C": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "VPCPublicSubnet3EIPAD4BC883", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PublicSubnet3" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet1Subnet8BCA10E0": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.96.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PrivateSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet1RouteTableBE8A6027": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PrivateSubnet1" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet1RouteTableAssociation347902D1": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" - }, - "SubnetId": { - "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" - } - } - }, - "VPCPrivateSubnet1DefaultRouteAE1D6490": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet1NATGatewayE0556630" - } - } - }, - "VPCPrivateSubnet2SubnetCFCDAA7A": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PrivateSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet2RouteTable0A19E10E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PrivateSubnet2" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet2RouteTableAssociation0C73D413": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" - }, - "SubnetId": { - "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" - } - } - }, - "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet2NATGateway3C070193" - } - } - }, - "VPCPrivateSubnet3Subnet3EDCD457": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.160.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": "test-region-1c", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PrivateSubnet3" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet3RouteTable192186F8": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC/PrivateSubnet3" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "VPCPrivateSubnet3RouteTableAssociationC28D144E": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet3RouteTable192186F8" - }, - "SubnetId": { - "Ref": "VPCPrivateSubnet3Subnet3EDCD457" - } - } - }, - "VPCPrivateSubnet3DefaultRoute27F311AE": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet3RouteTable192186F8" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet3NATGatewayD3048F5C" - } - } - }, - "VPCIGWB7E252D3": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/VPC" - } - ] - } - }, - "VPCVPCGW99B986DC": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "InternetGatewayId": { - "Ref": "VPCIGWB7E252D3" - } - } - }, - "EKSClusterRoleC0AEAC3D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSServicePolicy" - ] - ] - } - ] - } - }, - "EKSClusterControlPlaneSecurityGroup580AD1FE": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "VPCB9E5F0B4" - } - } - }, - "EKSClusterControlPlaneSecurityGroupfromeksintegtestbasicEKSClusterNodesInstanceSecurityGroup5B890E254434E08C84B": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from eksintegtestbasicEKSClusterNodesInstanceSecurityGroup5B890E25:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "EKSClusterControlPlaneSecurityGroup580AD1FE", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceSecurityGroup460A275E", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "EKSClusterCreationRoleB865C9E8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": [ - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.eksintegtestbasicawscdkawseksClusterResourceProviderOnEventHandlerServiceRoleA72FE2EBArn" - ] - }, - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.eksintegtestbasicawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole7B1EF602Arn" - ] - } - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.eksintegtestbasicawscdkawseksKubectlProviderHandlerServiceRoleFC58D0AAArn" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "EKSClusterCreationRoleDefaultPolicy27A5F6BE": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "EKSClusterRoleC0AEAC3D", - "Arn" - ] - } - }, - { - "Action": "ec2:DescribeSubnets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "EKSClusterCreationRoleDefaultPolicy27A5F6BE", - "Roles": [ - { - "Ref": "EKSClusterCreationRoleB865C9E8" - } - ] - } - }, - "EKSClusterE11008B6": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.eksintegtestbasicawscdkawseksClusterResourceProviderframeworkonEvent5B69E138Arn" - ] - }, - "Config": { - "roleArn": { - "Fn::GetAtt": [ - "EKSClusterRoleC0AEAC3D", - "Arn" - ] - }, - "resourcesVpcConfig": { - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "EKSClusterControlPlaneSecurityGroup580AD1FE", - "GroupId" - ] - } - ], - "subnetIds": [ - { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, - { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, - { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, - { - "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" - }, - { - "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" - }, - { - "Ref": "VPCPrivateSubnet3Subnet3EDCD457" - } - ] - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "EKSClusterCreationRoleB865C9E8", - "Arn" - ] - } - }, - "DependsOn": [ - "EKSClusterCreationRoleDefaultPolicy27A5F6BE", - "EKSClusterCreationRoleB865C9E8" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "EKSClusterNodesInstanceSecurityGroup460A275E": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "eks-integ-test-basic/EKSCluster/Nodes/InstanceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/EKSCluster/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "EKSClusterE11008B6" - } - ] - ] - }, - "Value": "owned" - } - ], - "VpcId": { - "Ref": "VPCB9E5F0B4" - } - } - }, - "EKSClusterNodesInstanceSecurityGroupfromeksintegtestbasicEKSClusterNodesInstanceSecurityGroup5B890E25ALLTRAFFIC17050541": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "-1", - "Description": "from eksintegtestbasicEKSClusterNodesInstanceSecurityGroup5B890E25:ALL TRAFFIC", - "GroupId": { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceSecurityGroup460A275E", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceSecurityGroup460A275E", - "GroupId" - ] - } - } - }, - "EKSClusterNodesInstanceSecurityGroupfromeksintegtestbasicEKSClusterControlPlaneSecurityGroup389B14F14436EFF5343": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from eksintegtestbasicEKSClusterControlPlaneSecurityGroup389B14F1:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceSecurityGroup460A275E", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "EKSClusterControlPlaneSecurityGroup580AD1FE", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "EKSClusterNodesInstanceSecurityGroupfromeksintegtestbasicEKSClusterControlPlaneSecurityGroup389B14F1102565535BB0D6C6D": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from eksintegtestbasicEKSClusterControlPlaneSecurityGroup389B14F1:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceSecurityGroup460A275E", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "EKSClusterControlPlaneSecurityGroup580AD1FE", - "GroupId" - ] - }, - "ToPort": 65535 - } - }, - "EKSClusterNodesInstanceRoleEE5595D6": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "eks-integ-test-basic/EKSCluster/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "EKSClusterE11008B6" - } - ] - ] - }, - "Value": "owned" - } - ] - } - }, - "EKSClusterNodesInstanceProfile0F2DB3B9": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Roles": [ - { - "Ref": "EKSClusterNodesInstanceRoleEE5595D6" - } - ] - } - }, - "EKSClusterNodesLaunchConfig921F1106": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "t2.medium", - "IamInstanceProfile": { - "Ref": "EKSClusterNodesInstanceProfile0F2DB3B9" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceSecurityGroup460A275E", - "GroupId" - ] - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", - { - "Ref": "EKSClusterE11008B6" - }, - " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack eks-integ-test-basic --resource EKSClusterNodesASGC2597E34 --region test-region" - ] - ] - } - } - }, - "DependsOn": [ - "EKSClusterNodesInstanceRoleEE5595D6" - ] - }, - "EKSClusterNodesASGC2597E34": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "MaxSize": "1", - "MinSize": "1", - "LaunchConfigurationName": { - "Ref": "EKSClusterNodesLaunchConfig921F1106" - }, - "Tags": [ - { - "Key": "Name", - "PropagateAtLaunch": true, - "Value": "eks-integ-test-basic/EKSCluster/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "EKSClusterE11008B6" - } - ] - ] - }, - "PropagateAtLaunch": true, - "Value": "owned" - } - ], - "VPCZoneIdentifier": [ - { - "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" - }, - { - "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" - }, - { - "Ref": "VPCPrivateSubnet3Subnet3EDCD457" - } - ] - }, - "UpdatePolicy": { - "AutoScalingRollingUpdate": { - "WaitOnResourceSignals": false, - "PauseTime": "PT0S", - "SuspendProcesses": [ - "HealthCheck", - "ReplaceUnhealthy", - "AZRebalance", - "AlarmNotification", - "ScheduledActions" - ] - }, - "AutoScalingScheduledAction": { - "IgnoreUnmodifiedGroupSizeProperties": true - } - } - }, - "EKSClusterAwsAuthmanifestA4E0796C": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.eksintegtestbasicawscdkawseksKubectlProviderframeworkonEvent78B92FFCArn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "EKSClusterNodesInstanceRoleEE5595D6", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "EKSClusterE11008B6" - }, - "RoleArn": { - "Fn::GetAtt": [ - "EKSClusterCreationRoleB865C9E8", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParameters13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99S3BucketA40CAB91" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99S3VersionKeyE6E23B5A" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99S3VersionKeyE6E23B5A" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetoeksintegtestbasicAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3Bucket3CEBA0B1Ref": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7" - }, - "referencetoeksintegtestbasicAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey5FA2597BRef": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E" - }, - "referencetoeksintegtestbasicAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket19E256B7Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetoeksintegtestbasicAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKeyF24CFA3DRef": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParameters92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aaS3BucketC6E89549" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aaS3VersionKeyA0F82996" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aaS3VersionKeyA0F82996" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetoeksintegtestbasicAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket10A14724Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" - }, - "referencetoeksintegtestbasicAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyB5382963Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" - }, - "referencetoeksintegtestbasicAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket19E256B7Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetoeksintegtestbasicAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKeyF24CFA3DRef": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - } - }, - "Outputs": { - "EKSClusterConfigCommand3809C9C9": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "EKSClusterE11008B6" - }, - " --region test-region" - ] - ] - } - }, - "EKSClusterGetTokenCommand10DBF41A": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "EKSClusterE11008B6" - }, - " --region test-region" - ] - ] - } - } - }, - "Parameters": { - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7": { - "Type": "String", - "Description": "S3 bucket for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E": { - "Type": "String", - "Description": "S3 key for asset version \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843ArtifactHashBB23B423": { - "Type": "String", - "Description": "Artifact hash for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48": { - "Type": "String", - "Description": "S3 bucket for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F": { - "Type": "String", - "Description": "S3 key for asset version \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044ArtifactHashF11F33A4": { - "Type": "String", - "Description": "Artifact hash for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B": { - "Type": "String", - "Description": "S3 bucket for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56": { - "Type": "String", - "Description": "S3 key for asset version \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aArtifactHash741C1231": { - "Type": "String", - "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aaS3BucketC6E89549": { - "Type": "String", - "Description": "S3 bucket for asset \"92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aa\"" - }, - "AssetParameters92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aaS3VersionKeyA0F82996": { - "Type": "String", - "Description": "S3 key for asset version \"92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aa\"" - }, - "AssetParameters92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aaArtifactHashC921C55E": { - "Type": "String", - "Description": "Artifact hash for asset \"92afe6807a8647e2c99dd075bdfd1c4f1d2935be88e63867c9f956c1b75798aa\"" - }, - "AssetParameters13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99S3BucketA40CAB91": { - "Type": "String", - "Description": "S3 bucket for asset \"13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99\"" - }, - "AssetParameters13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99S3VersionKeyE6E23B5A": { - "Type": "String", - "Description": "S3 key for asset version \"13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99\"" - }, - "AssetParameters13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99ArtifactHashDD73EBF5": { - "Type": "String", - "Description": "Artifact hash for asset \"13160a85623b226afb7cb7267c1ca05bd54fb3b8c768d1c245c8b22b7746bb99\"" - }, - "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.ts deleted file mode 100644 index e899a4443ea11..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.ts +++ /dev/null @@ -1,32 +0,0 @@ -import * as ec2 from '@aws-cdk/aws-ec2'; -import * as cdk from '@aws-cdk/core'; -import * as eks from '../lib'; -import { TestStack } from './util'; - -class EksClusterStack extends TestStack { - constructor(scope: cdk.App, id: string) { - super(scope, id); - - /// !show - const vpc = new ec2.Vpc(this, 'VPC'); - - const cluster = new eks.Cluster(this, 'EKSCluster', { - vpc, - defaultCapacity: 0, - }); - - cluster.addCapacity('Nodes', { - instanceType: new ec2.InstanceType('t2.medium'), - minCapacity: 1, // Raise this number to add more nodes - }); - /// !hide - } -} - -const app = new cdk.App(); - -// since the EKS optimized AMI is hard-coded here based on the region, -// we need to actually pass in a specific region. -new EksClusterStack(app, 'eks-integ-test-basic'); - -app.synth(); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts new file mode 100644 index 0000000000000..198da6bcedb37 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts @@ -0,0 +1,65 @@ +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as iam from '@aws-cdk/aws-iam'; +import { App, CfnOutput } from '@aws-cdk/core'; +import * as eks from '../lib'; +import * as hello from './hello-k8s'; +import { TestStack } from './util'; + +class EksClusterStack extends TestStack { + constructor(scope: App, id: string) { + super(scope, id); + + // allow all account users to assume this role in order to admin the cluster + const mastersRole = new iam.Role(this, 'AdminRole', { + assumedBy: new iam.AccountRootPrincipal() + }); + + const cluster = new eks.Cluster(this, 'Cluster', { + mastersRole, + defaultCapacity: 0, + }); + + // fargate profile for resources in the "default" namespace + cluster.addFargateProfile('default', { + selectors: [ { namespace: 'default' } ] + }); + + // add some capacity to the cluster. The IAM instance role will + // automatically be mapped via aws-auth to allow nodes to join the cluster. + cluster.addCapacity('Nodes', { + instanceType: new ec2.InstanceType('t2.medium'), + minCapacity: 3, + }); + + // spot instances (up to 10) + cluster.addCapacity('spot', { + spotPrice: '0.1094', + instanceType: new ec2.InstanceType('t3.large'), + maxCapacity: 10, + bootstrapOptions: { + kubeletExtraArgs: '--node-labels foo=bar,goo=far', + awsApiRetryAttempts: 5 + } + }); + + // apply a kubernetes manifest + cluster.addResource('HelloApp', ...hello.resources); + + // add two Helm charts to the cluster. This will be the Kubernetes dashboard and the Nginx Ingress Controller + cluster.addChart('dashboard', { chart: 'kubernetes-dashboard', repository: 'https://kubernetes-charts.storage.googleapis.com' }); + cluster.addChart('nginx-ingress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); + + new CfnOutput(this, 'ClusterEndpoint', { value: cluster.clusterEndpoint }); + new CfnOutput(this, 'ClusterArn', { value: cluster.clusterArn }); + new CfnOutput(this, 'ClusterCertificateAuthorityData', { value: cluster.clusterCertificateAuthorityData }); + new CfnOutput(this, 'ClusterName', { value: cluster.clusterName }); + } +} + +const app = new App(); + +// since the EKS optimized AMI is hard-coded here based on the region, +// we need to actually pass in a specific region. +new EksClusterStack(app, 'aws-cdk-eks-cluster-test'); + +app.synth(); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json deleted file mode 100644 index 86d47b2655a15..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json +++ /dev/null @@ -1,1249 +0,0 @@ -{ - "Resources": { - "AdminRole38563C57": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "MyClusterDefaultVpc76C24A38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet1SubnetFAE5A9B6": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/19", - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet1RouteTable3FBFE83A": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet1RouteTableAssociation7623C883": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPublicSubnet1RouteTable3FBFE83A" - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPublicSubnet1SubnetFAE5A9B6" - } - } - }, - "MyClusterDefaultVpcPublicSubnet1DefaultRoute32A2FE28": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPublicSubnet1RouteTable3FBFE83A" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "MyClusterDefaultVpcIGW72978E63" - } - }, - "DependsOn": [ - "MyClusterDefaultVpcVPCGWC6F048F0" - ] - }, - "MyClusterDefaultVpcPublicSubnet1EIPE30F4CB6": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet1NATGateway407335D7": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "MyClusterDefaultVpcPublicSubnet1EIPE30F4CB6", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPublicSubnet1SubnetFAE5A9B6" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet2SubnetF6D028A0": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.32.0/19", - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet2RouteTable6F95E0F5": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet2RouteTableAssociation9AB12519": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPublicSubnet2RouteTable6F95E0F5" - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPublicSubnet2SubnetF6D028A0" - } - } - }, - "MyClusterDefaultVpcPublicSubnet2DefaultRouteA051F5E8": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPublicSubnet2RouteTable6F95E0F5" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "MyClusterDefaultVpcIGW72978E63" - } - }, - "DependsOn": [ - "MyClusterDefaultVpcVPCGWC6F048F0" - ] - }, - "MyClusterDefaultVpcPublicSubnet2EIPB1C5462C": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet2NATGateway16CBC0B0": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "MyClusterDefaultVpcPublicSubnet2EIPB1C5462C", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPublicSubnet2SubnetF6D028A0" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet3SubnetBD60CEE0": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/19", - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "AvailabilityZone": "test-region-1c", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet3" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet3RouteTable43D2188B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet3" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet3RouteTableAssociation162ACA1F": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPublicSubnet3RouteTable43D2188B" - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPublicSubnet3SubnetBD60CEE0" - } - } - }, - "MyClusterDefaultVpcPublicSubnet3DefaultRouteBF440C56": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPublicSubnet3RouteTable43D2188B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "MyClusterDefaultVpcIGW72978E63" - } - }, - "DependsOn": [ - "MyClusterDefaultVpcVPCGWC6F048F0" - ] - }, - "MyClusterDefaultVpcPublicSubnet3EIP404F460F": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet3" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPublicSubnet3NATGateway01E81DF2": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "MyClusterDefaultVpcPublicSubnet3EIP404F460F", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPublicSubnet3SubnetBD60CEE0" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PublicSubnet3" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet1SubnetE1D0DCDB": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.96.0/19", - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PrivateSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet1RouteTable904F736B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PrivateSubnet1" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet1RouteTableAssociation22E3F7A8": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet1RouteTable904F736B" - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet1SubnetE1D0DCDB" - } - } - }, - "MyClusterDefaultVpcPrivateSubnet1DefaultRouteE64795EB": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet1RouteTable904F736B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "MyClusterDefaultVpcPublicSubnet1NATGateway407335D7" - } - } - }, - "MyClusterDefaultVpcPrivateSubnet2Subnet11FEA8D0": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/19", - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PrivateSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet2RouteTableF149DC2C": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PrivateSubnet2" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet2RouteTableAssociationBD3ECBF6": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet2RouteTableF149DC2C" - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet2Subnet11FEA8D0" - } - } - }, - "MyClusterDefaultVpcPrivateSubnet2DefaultRouteBF28E8EB": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet2RouteTableF149DC2C" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "MyClusterDefaultVpcPublicSubnet2NATGateway16CBC0B0" - } - } - }, - "MyClusterDefaultVpcPrivateSubnet3Subnet41A3E52D": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.160.0/19", - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "AvailabilityZone": "test-region-1c", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PrivateSubnet3" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet3RouteTable1E0E3445": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc/PrivateSubnet3" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "MyClusterDefaultVpcPrivateSubnet3RouteTableAssociationCF6A6C28": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet3RouteTable1E0E3445" - }, - "SubnetId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet3Subnet41A3E52D" - } - } - }, - "MyClusterDefaultVpcPrivateSubnet3DefaultRoute7DFB503D": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "MyClusterDefaultVpcPrivateSubnet3RouteTable1E0E3445" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "MyClusterDefaultVpcPublicSubnet3NATGateway01E81DF2" - } - } - }, - "MyClusterDefaultVpcIGW72978E63": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "fargate-integ-test/MyCluster/DefaultVpc" - } - ] - } - }, - "MyClusterDefaultVpcVPCGWC6F048F0": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - }, - "InternetGatewayId": { - "Ref": "MyClusterDefaultVpcIGW72978E63" - } - } - }, - "MyClusterRoleBA20FE72": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSServicePolicy" - ] - ] - } - ] - } - }, - "MyClusterControlPlaneSecurityGroup6B658F79": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "MyClusterDefaultVpc76C24A38" - } - } - }, - "MyClusterCreationRoleB5FA4FF3": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": [ - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.fargateintegtestawscdkawseksClusterResourceProviderOnEventHandlerServiceRole491F3806Arn" - ] - }, - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.fargateintegtestawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole22076CC2Arn" - ] - } - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.fargateintegtestawscdkawseksKubectlProviderHandlerServiceRoleE1E98F33Arn" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "MyClusterCreationRoleDefaultPolicyE6AD26A7": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyClusterRoleBA20FE72", - "Arn" - ] - } - }, - { - "Action": "ec2:DescribeSubnets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MyClusterCreationRoleDefaultPolicyE6AD26A7", - "Roles": [ - { - "Ref": "MyClusterCreationRoleB5FA4FF3" - } - ] - } - }, - "MyCluster8AD82BF8": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.fargateintegtestawscdkawseksClusterResourceProviderframeworkonEvent03EF7206Arn" - ] - }, - "Config": { - "roleArn": { - "Fn::GetAtt": [ - "MyClusterRoleBA20FE72", - "Arn" - ] - }, - "resourcesVpcConfig": { - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "MyClusterControlPlaneSecurityGroup6B658F79", - "GroupId" - ] - } - ], - "subnetIds": [ - { - "Ref": "MyClusterDefaultVpcPublicSubnet1SubnetFAE5A9B6" - }, - { - "Ref": "MyClusterDefaultVpcPublicSubnet2SubnetF6D028A0" - }, - { - "Ref": "MyClusterDefaultVpcPublicSubnet3SubnetBD60CEE0" - }, - { - "Ref": "MyClusterDefaultVpcPrivateSubnet1SubnetE1D0DCDB" - }, - { - "Ref": "MyClusterDefaultVpcPrivateSubnet2Subnet11FEA8D0" - }, - { - "Ref": "MyClusterDefaultVpcPrivateSubnet3Subnet41A3E52D" - } - ] - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "MyClusterCreationRoleB5FA4FF3", - "Arn" - ] - } - }, - "DependsOn": [ - "MyClusterCreationRoleDefaultPolicyE6AD26A7", - "MyClusterCreationRoleB5FA4FF3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "MyClusterAwsAuthmanifest001945C0": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.fargateintegtestawscdkawseksKubectlProviderframeworkonEvent14175BD0Arn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"groups\\\":[\\\"system:masters\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "MyCluster8AD82BF8" - }, - "RoleArn": { - "Fn::GetAtt": [ - "MyClusterCreationRoleB5FA4FF3", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "MyClusterCoreDnsComputeTypePatchE79C4FA4": { - "Type": "Custom::AWSCDK-EKS-KubernetesPatch", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.fargateintegtestawscdkawseksKubectlProviderframeworkonEvent14175BD0Arn" - ] - }, - "ResourceName": "deployment/coredns", - "ResourceNamespace": "kube-system", - "ApplyPatchJson": "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"eks.amazonaws.com/compute-type\":\"fargate\"}}}}}", - "RestorePatchJson": "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"eks.amazonaws.com/compute-type\":\"ec2\"}}}}}", - "ClusterName": { - "Ref": "MyCluster8AD82BF8" - }, - "RoleArn": { - "Fn::GetAtt": [ - "MyClusterCreationRoleB5FA4FF3", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "MyClusterfargateprofiledefaultPodExecutionRole286A15D7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks-fargate-pods.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy" - ] - ] - } - ] - } - }, - "MyClusterfargateprofiledefault7ADDCB43": { - "Type": "Custom::AWSCDK-EKS-FargateProfile", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.fargateintegtestawscdkawseksClusterResourceProviderframeworkonEvent03EF7206Arn" - ] - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "MyClusterCreationRoleB5FA4FF3", - "Arn" - ] - }, - "Config": { - "clusterName": { - "Ref": "MyCluster8AD82BF8" - }, - "podExecutionRoleArn": { - "Fn::GetAtt": [ - "MyClusterfargateprofiledefaultPodExecutionRole286A15D7", - "Arn" - ] - }, - "selectors": [ - { - "namespace": "default" - }, - { - "namespace": "kube-system" - } - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "MyClustermanifestHelloApp7FE3E30A": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.fargateintegtestawscdkawseksKubectlProviderframeworkonEvent14175BD0Arn" - ] - }, - "Manifest": "[{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"hello-kubernetes\"},\"spec\":{\"type\":\"LoadBalancer\",\"ports\":[{\"port\":80,\"targetPort\":8080}],\"selector\":{\"app\":\"hello-kubernetes\"}}},{\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"name\":\"hello-kubernetes\"},\"spec\":{\"replicas\":1,\"selector\":{\"matchLabels\":{\"app\":\"hello-kubernetes\"}},\"template\":{\"metadata\":{\"labels\":{\"app\":\"hello-kubernetes\"}},\"spec\":{\"containers\":[{\"name\":\"hello-kubernetes\",\"image\":\"paulbouwer/hello-kubernetes:1.5\",\"ports\":[{\"containerPort\":8080}]}]}}}}]", - "ClusterName": { - "Ref": "MyCluster8AD82BF8" - }, - "RoleArn": { - "Fn::GetAtt": [ - "MyClusterCreationRoleB5FA4FF3", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParameters9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54eS3Bucket359D9364" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54eS3VersionKey1DF7B625" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54eS3VersionKey1DF7B625" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetofargateintegtestAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketBD0DF36DRef": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7" - }, - "referencetofargateintegtestAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey2A709E32Ref": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E" - }, - "referencetofargateintegtestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket1C5DA0A7Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetofargateintegtestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey5C8956F1Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersdb4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738cS3Bucket2F8C9C68" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersdb4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738cS3VersionKey1E20E550" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersdb4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738cS3VersionKey1E20E550" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetofargateintegtestAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket32469B14Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" - }, - "referencetofargateintegtestAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKey590D06B1Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" - }, - "referencetofargateintegtestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket1C5DA0A7Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetofargateintegtestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey5C8956F1Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - } - }, - "Outputs": { - "MyClusterConfigCommand57F2C98B": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "MyCluster8AD82BF8" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - } - ] - ] - } - }, - "MyClusterGetTokenCommand6DD6BED9": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "MyCluster8AD82BF8" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - } - ] - ] - } - } - }, - "Parameters": { - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7": { - "Type": "String", - "Description": "S3 bucket for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E": { - "Type": "String", - "Description": "S3 key for asset version \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843ArtifactHashBB23B423": { - "Type": "String", - "Description": "Artifact hash for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48": { - "Type": "String", - "Description": "S3 bucket for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F": { - "Type": "String", - "Description": "S3 key for asset version \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044ArtifactHashF11F33A4": { - "Type": "String", - "Description": "Artifact hash for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B": { - "Type": "String", - "Description": "S3 bucket for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56": { - "Type": "String", - "Description": "S3 key for asset version \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aArtifactHash741C1231": { - "Type": "String", - "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParametersdb4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738cS3Bucket2F8C9C68": { - "Type": "String", - "Description": "S3 bucket for asset \"db4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738c\"" - }, - "AssetParametersdb4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738cS3VersionKey1E20E550": { - "Type": "String", - "Description": "S3 key for asset version \"db4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738c\"" - }, - "AssetParametersdb4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738cArtifactHash67082D53": { - "Type": "String", - "Description": "Artifact hash for asset \"db4a527fcce20926278a1a6ad57fd5ab4412a107b967021bf27aa95bb1e5738c\"" - }, - "AssetParameters9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54eS3Bucket359D9364": { - "Type": "String", - "Description": "S3 bucket for asset \"9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54e\"" - }, - "AssetParameters9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54eS3VersionKey1DF7B625": { - "Type": "String", - "Description": "S3 key for asset version \"9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54e\"" - }, - "AssetParameters9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54eArtifactHash4FA7B841": { - "Type": "String", - "Description": "Artifact hash for asset \"9a3058bad5905c15bdd04e4c90fdbe95d0421512b1f1a04300f3ab3b5931d54e\"" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.ts deleted file mode 100644 index 6142d002e81f9..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.ts +++ /dev/null @@ -1,38 +0,0 @@ -import * as iam from '@aws-cdk/aws-iam'; -import { App, Construct, Stack, StackProps } from "@aws-cdk/core"; -import * as eks from '../lib'; -import * as hello from './hello-k8s'; - -class FargateTest extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - // allow all account users to assume this role in order to admin the cluster - const mastersRole = new iam.Role(this, 'AdminRole', { - assumedBy: new iam.AccountRootPrincipal() - }); - - const cluster = new eks.FargateCluster(this, 'MyCluster', { - mastersRole - }); - - cluster.addResource('HelloApp', ...hello.resources); - - // - // bear in mind that since Fargate doesn't yet support NLB/CLB, you will only - // be able to access this service from within the cluster or through a kubectl proxy: - // - // start the proxy: - // $ kubectl proxy - // Starting to serve on 127.0.0.1:8001 - // - // and then (in another terminal): - // $ curl -L http://localhost:8001/api/v1/namespaces/default/services/hello-kubernetes/proxy - // .... - // - } -} - -const app = new App(); -new FargateTest(app, 'fargate-integ-test'); -app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json deleted file mode 100644 index 7e34b9ca43dd0..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json +++ /dev/null @@ -1,1329 +0,0 @@ -[ - { - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc" - } - ] - } - }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } - }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - }, - "DependsOn": [ - "vpcVPCGW7984C166" - ] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "vpcPublicSubnet1EIPDA49DCBE", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } - } - }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - }, - "DependsOn": [ - "vpcVPCGW7984C166" - ] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "vpcPublicSubnet2EIP9B3743B1", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet1" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } - }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - } - } - }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.192.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet2" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } - }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - } - } - }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc" - } - ] - } - }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - } - } - }, - "Outputs": { - "ExportsOutputRefvpcA2121C384D1B3CDE": { - "Value": { - "Ref": "vpcA2121C38" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcA2121C384D1B3CDE" - } - }, - "ExportsOutputRefvpcPublicSubnet1Subnet2E65531ECCB85041": { - "Value": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPublicSubnet1Subnet2E65531ECCB85041" - } - }, - "ExportsOutputRefvpcPublicSubnet2Subnet009B674FB900C242": { - "Value": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPublicSubnet2Subnet009B674FB900C242" - } - }, - "ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271": { - "Value": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271" - } - }, - "ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE": { - "Value": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE" - } - } - } - }, - { - "Resources": { - "cluster22Role6F752780": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSServicePolicy" - ] - ] - } - ] - } - }, - "cluster22ControlPlaneSecurityGroup2648B9CD": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcA2121C384D1B3CDE" - } - } - }, - "cluster22ControlPlaneSecurityGroupfromk8sclustercluster22NodesInstanceSecurityGroupF903AE86443C3EDA943": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from k8sclustercluster22NodesInstanceSecurityGroupF903AE86:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "cluster22CreationRole8343FFAB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": [ - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.k8sclusterawscdkawseksClusterResourceProviderOnEventHandlerServiceRoleB0E0C79CArn" - ] - }, - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.k8sclusterawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole47C757F4Arn" - ] - } - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderHandlerServiceRole86663150Arn" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "cluster22CreationRoleDefaultPolicy0015FEEF": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "cluster22Role6F752780", - "Arn" - ] - } - }, - { - "Action": "ec2:DescribeSubnets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "cluster22CreationRoleDefaultPolicy0015FEEF", - "Roles": [ - { - "Ref": "cluster22CreationRole8343FFAB" - } - ] - } - }, - "cluster227BD1CB20": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.k8sclusterawscdkawseksClusterResourceProviderframeworkonEventF31E5604Arn" - ] - }, - "Config": { - "roleArn": { - "Fn::GetAtt": [ - "cluster22Role6F752780", - "Arn" - ] - }, - "resourcesVpcConfig": { - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - } - ], - "subnetIds": [ - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPublicSubnet1Subnet2E65531ECCB85041" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPublicSubnet2Subnet009B674FB900C242" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE" - } - ] - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - } - }, - "DependsOn": [ - "cluster22CreationRoleDefaultPolicy0015FEEF", - "cluster22CreationRole8343FFAB" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "cluster22AwsAuthmanifest4685C84D": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderframeworkonEvent99400C2DArn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "cluster22NodesInstanceRole51CD052F", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "cluster227BD1CB20" - }, - "RoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "cluster22NodesInstanceSecurityGroup4A3CDC24": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "k8s-cluster/cluster22/Nodes/InstanceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "k8s-cluster/cluster22/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "cluster227BD1CB20" - } - ] - ] - }, - "Value": "owned" - } - ], - "VpcId": { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcA2121C384D1B3CDE" - } - } - }, - "cluster22NodesInstanceSecurityGroupfromk8sclustercluster22NodesInstanceSecurityGroupF903AE86ALLTRAFFIC774C7781": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "-1", - "Description": "from k8sclustercluster22NodesInstanceSecurityGroupF903AE86:ALL TRAFFIC", - "GroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - } - } - }, - "cluster22NodesInstanceSecurityGroupfromk8sclustercluster22ControlPlaneSecurityGroup3B5F21B44434A6E344D": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from k8sclustercluster22ControlPlaneSecurityGroup3B5F21B4:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "cluster22NodesInstanceSecurityGroupfromk8sclustercluster22ControlPlaneSecurityGroup3B5F21B41025655355658FCAA": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from k8sclustercluster22ControlPlaneSecurityGroup3B5F21B4:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - }, - "ToPort": 65535 - } - }, - "cluster22NodesInstanceRole51CD052F": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "k8s-cluster/cluster22/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "cluster227BD1CB20" - } - ] - ] - }, - "Value": "owned" - } - ] - } - }, - "cluster22NodesInstanceProfile3D4963ED": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Roles": [ - { - "Ref": "cluster22NodesInstanceRole51CD052F" - } - ] - } - }, - "cluster22NodesLaunchConfig184BF3BA": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "t2.medium", - "IamInstanceProfile": { - "Ref": "cluster22NodesInstanceProfile3D4963ED" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", - { - "Ref": "cluster227BD1CB20" - }, - " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack k8s-cluster --resource cluster22NodesASGC0A97398 --region test-region" - ] - ] - } - } - }, - "DependsOn": [ - "cluster22NodesInstanceRole51CD052F" - ] - }, - "cluster22NodesASGC0A97398": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "MaxSize": "3", - "MinSize": "3", - "LaunchConfigurationName": { - "Ref": "cluster22NodesLaunchConfig184BF3BA" - }, - "Tags": [ - { - "Key": "Name", - "PropagateAtLaunch": true, - "Value": "k8s-cluster/cluster22/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "cluster227BD1CB20" - } - ] - ] - }, - "PropagateAtLaunch": true, - "Value": "owned" - } - ], - "VPCZoneIdentifier": [ - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE" - } - ] - }, - "UpdatePolicy": { - "AutoScalingRollingUpdate": { - "WaitOnResourceSignals": false, - "PauseTime": "PT0S", - "SuspendProcesses": [ - "HealthCheck", - "ReplaceUnhealthy", - "AZRebalance", - "AlarmNotification", - "ScheduledActions" - ] - }, - "AutoScalingScheduledAction": { - "IgnoreUnmodifiedGroupSizeProperties": true - } - } - }, - "cluster22chartdashboard616811AB": { - "Type": "Custom::AWSCDK-EKS-HelmChart", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderframeworkonEvent99400C2DArn" - ] - }, - "ClusterName": { - "Ref": "cluster227BD1CB20" - }, - "RoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - }, - "Release": "k8sclustercluster22chartdashboard3844c297", - "Chart": "kubernetes-dashboard", - "Wait": false, - "Namespace": "default", - "Repository": "https://kubernetes-charts.storage.googleapis.com" - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "cluster22chartnginxingress90C2D506": { - "Type": "Custom::AWSCDK-EKS-HelmChart", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderframeworkonEvent99400C2DArn" - ] - }, - "ClusterName": { - "Ref": "cluster227BD1CB20" - }, - "RoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - }, - "Release": "k8sclustercluster22chartnginxingress8b03389e", - "Chart": "nginx-ingress", - "Wait": false, - "Namespace": "kube-system", - "Repository": "https://helm.nginx.com/stable" - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3BucketC7079F0F" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3VersionKey343815BD" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3VersionKey343815BD" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetok8sclusterAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketCB2FD604Ref": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7" - }, - "referencetok8sclusterAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey74721DDBRef": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketAC1E446FRef": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey2740EA54Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - }, - "AdminRole38563C57": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::12345678:root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3Bucket0CA34290" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3VersionKey161D7473" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3VersionKey161D7473" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetok8sclusterAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket7C022AA5Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" - }, - "referencetok8sclusterAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKey7099737CRef": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketAC1E446FRef": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey2740EA54Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - } - }, - "Outputs": { - "cluster22ConfigCommand96B20279": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "cluster227BD1CB20" - }, - " --region test-region" - ] - ] - } - }, - "cluster22GetTokenCommand99DB9B02": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "cluster227BD1CB20" - }, - " --region test-region" - ] - ] - } - } - }, - "Parameters": { - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7": { - "Type": "String", - "Description": "S3 bucket for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E": { - "Type": "String", - "Description": "S3 key for asset version \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843ArtifactHashBB23B423": { - "Type": "String", - "Description": "Artifact hash for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48": { - "Type": "String", - "Description": "S3 bucket for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F": { - "Type": "String", - "Description": "S3 key for asset version \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044ArtifactHashF11F33A4": { - "Type": "String", - "Description": "Artifact hash for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B": { - "Type": "String", - "Description": "S3 bucket for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56": { - "Type": "String", - "Description": "S3 key for asset version \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aArtifactHash741C1231": { - "Type": "String", - "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3Bucket0CA34290": { - "Type": "String", - "Description": "S3 bucket for asset \"c5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086\"" - }, - "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3VersionKey161D7473": { - "Type": "String", - "Description": "S3 key for asset version \"c5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086\"" - }, - "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086ArtifactHash9658E6F4": { - "Type": "String", - "Description": "Artifact hash for asset \"c5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086\"" - }, - "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3BucketC7079F0F": { - "Type": "String", - "Description": "S3 bucket for asset \"fdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2\"" - }, - "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3VersionKey343815BD": { - "Type": "String", - "Description": "S3 key for asset version \"fdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2\"" - }, - "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2ArtifactHashEDE1C61F": { - "Type": "String", - "Description": "Artifact hash for asset \"fdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2\"" - }, - "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id" - } - } - } -] \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.ts deleted file mode 100644 index dab62b18d39b0..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.ts +++ /dev/null @@ -1,54 +0,0 @@ -/// !cdk-integ * - -import * as ec2 from '@aws-cdk/aws-ec2'; -import * as iam from '@aws-cdk/aws-iam'; -import { App, Construct } from '@aws-cdk/core'; -import { Cluster } from '../lib'; -import { TestStack } from './util'; - -class VpcStack extends TestStack { - public readonly vpc: ec2.Vpc; - - constructor(scope: Construct, id: string) { - super(scope, id); - this.vpc = new ec2.Vpc(this, 'vpc', { maxAzs: 2 }); - } -} - -class ClusterStack extends TestStack { - public readonly cluster: Cluster; - - constructor(scope: Construct, id: string, props: { vpc: ec2.Vpc }) { - super(scope, id); - - /// !show - // define the cluster. kubectl is enabled by default. - this.cluster = new Cluster(this, 'cluster22', { - vpc: props.vpc, - defaultCapacity: 0, - }); - - // define an IAM role assumable by anyone in the account and map it to the k8s - // `system:masters` group this is required if you want to be able to issue - // manual `kubectl` commands against the cluster. - const mastersRole = new iam.Role(this, 'AdminRole', { assumedBy: new iam.AccountRootPrincipal() }); - this.cluster.awsAuth.addMastersRole(mastersRole); - - // add some capacity to the cluster. The IAM instance role will - // automatically be mapped via aws-auth to allow nodes to join the cluster. - this.cluster.addCapacity('Nodes', { - instanceType: new ec2.InstanceType('t2.medium'), - minCapacity: 3, - }); - - // add two Helm charts to the cluster. This will be the Kubernetes dashboard and the Nginx Ingress Controller - this.cluster.addChart('dashboard', { chart: 'kubernetes-dashboard', repository: 'https://kubernetes-charts.storage.googleapis.com' }); - this.cluster.addChart('nginx-ingress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); - /// !hide - } -} - -const app = new App(); -const vpcStack = new VpcStack(app, 'k8s-vpc'); -new ClusterStack(app, 'k8s-cluster', { vpc: vpcStack.vpc }); -app.synth(); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json deleted file mode 100644 index 948f6f7d3a919..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json +++ /dev/null @@ -1,1298 +0,0 @@ -[ - { - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc" - } - ] - } - }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } - }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - }, - "DependsOn": [ - "vpcVPCGW7984C166" - ] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "vpcPublicSubnet1EIPDA49DCBE", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } - } - }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - }, - "DependsOn": [ - "vpcVPCGW7984C166" - ] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "vpcPublicSubnet2EIP9B3743B1", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet1" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } - }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - } - } - }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.192.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc/PrivateSubnet2" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } - }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - } - } - }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "k8s-vpc/vpc" - } - ] - } - }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - } - } - }, - "Outputs": { - "ExportsOutputRefvpcA2121C384D1B3CDE": { - "Value": { - "Ref": "vpcA2121C38" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcA2121C384D1B3CDE" - } - }, - "ExportsOutputRefvpcPublicSubnet1Subnet2E65531ECCB85041": { - "Value": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPublicSubnet1Subnet2E65531ECCB85041" - } - }, - "ExportsOutputRefvpcPublicSubnet2Subnet009B674FB900C242": { - "Value": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPublicSubnet2Subnet009B674FB900C242" - } - }, - "ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271": { - "Value": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271" - } - }, - "ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE": { - "Value": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - }, - "Export": { - "Name": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE" - } - } - } - }, - { - "Resources": { - "cluster22Role6F752780": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSServicePolicy" - ] - ] - } - ] - } - }, - "cluster22ControlPlaneSecurityGroup2648B9CD": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcA2121C384D1B3CDE" - } - } - }, - "cluster22ControlPlaneSecurityGroupfromk8sclustercluster22NodesInstanceSecurityGroupF903AE86443C3EDA943": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from k8sclustercluster22NodesInstanceSecurityGroupF903AE86:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "cluster22CreationRole8343FFAB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": [ - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.k8sclusterawscdkawseksClusterResourceProviderOnEventHandlerServiceRoleB0E0C79CArn" - ] - }, - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.k8sclusterawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole47C757F4Arn" - ] - } - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderHandlerServiceRole86663150Arn" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "cluster22CreationRoleDefaultPolicy0015FEEF": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "cluster22Role6F752780", - "Arn" - ] - } - }, - { - "Action": "ec2:DescribeSubnets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "cluster22CreationRoleDefaultPolicy0015FEEF", - "Roles": [ - { - "Ref": "cluster22CreationRole8343FFAB" - } - ] - } - }, - "cluster227BD1CB20": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.k8sclusterawscdkawseksClusterResourceProviderframeworkonEventF31E5604Arn" - ] - }, - "Config": { - "roleArn": { - "Fn::GetAtt": [ - "cluster22Role6F752780", - "Arn" - ] - }, - "resourcesVpcConfig": { - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - } - ], - "subnetIds": [ - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPublicSubnet1Subnet2E65531ECCB85041" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPublicSubnet2Subnet009B674FB900C242" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE" - } - ] - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - } - }, - "DependsOn": [ - "cluster22CreationRoleDefaultPolicy0015FEEF", - "cluster22CreationRole8343FFAB" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "cluster22AwsAuthmanifest4685C84D": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderframeworkonEvent99400C2DArn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "cluster22NodesInstanceRole51CD052F", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "cluster227BD1CB20" - }, - "RoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "cluster22NodesInstanceSecurityGroup4A3CDC24": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "k8s-cluster/cluster22/Nodes/InstanceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "k8s-cluster/cluster22/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "cluster227BD1CB20" - } - ] - ] - }, - "Value": "owned" - } - ], - "VpcId": { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcA2121C384D1B3CDE" - } - } - }, - "cluster22NodesInstanceSecurityGroupfromk8sclustercluster22NodesInstanceSecurityGroupF903AE86ALLTRAFFIC774C7781": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "-1", - "Description": "from k8sclustercluster22NodesInstanceSecurityGroupF903AE86:ALL TRAFFIC", - "GroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - } - } - }, - "cluster22NodesInstanceSecurityGroupfromk8sclustercluster22ControlPlaneSecurityGroup3B5F21B44434A6E344D": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from k8sclustercluster22ControlPlaneSecurityGroup3B5F21B4:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "cluster22NodesInstanceSecurityGroupfromk8sclustercluster22ControlPlaneSecurityGroup3B5F21B41025655355658FCAA": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from k8sclustercluster22ControlPlaneSecurityGroup3B5F21B4:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "cluster22ControlPlaneSecurityGroup2648B9CD", - "GroupId" - ] - }, - "ToPort": 65535 - } - }, - "cluster22NodesInstanceRole51CD052F": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "k8s-cluster/cluster22/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "cluster227BD1CB20" - } - ] - ] - }, - "Value": "owned" - } - ] - } - }, - "cluster22NodesInstanceProfile3D4963ED": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Roles": [ - { - "Ref": "cluster22NodesInstanceRole51CD052F" - } - ] - } - }, - "cluster22NodesLaunchConfig184BF3BA": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "t2.medium", - "IamInstanceProfile": { - "Ref": "cluster22NodesInstanceProfile3D4963ED" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "cluster22NodesInstanceSecurityGroup4A3CDC24", - "GroupId" - ] - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", - { - "Ref": "cluster227BD1CB20" - }, - " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack k8s-cluster --resource cluster22NodesASGC0A97398 --region test-region" - ] - ] - } - } - }, - "DependsOn": [ - "cluster22NodesInstanceRole51CD052F" - ] - }, - "cluster22NodesASGC0A97398": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "MaxSize": "3", - "MinSize": "3", - "LaunchConfigurationName": { - "Ref": "cluster22NodesLaunchConfig184BF3BA" - }, - "Tags": [ - { - "Key": "Name", - "PropagateAtLaunch": true, - "Value": "k8s-cluster/cluster22/Nodes" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "cluster227BD1CB20" - } - ] - ] - }, - "PropagateAtLaunch": true, - "Value": "owned" - } - ], - "VPCZoneIdentifier": [ - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet1Subnet934893E8236E2271" - }, - { - "Fn::ImportValue": "k8s-vpc:ExportsOutputRefvpcPrivateSubnet2Subnet7031C2BA60DCB1EE" - } - ] - }, - "UpdatePolicy": { - "AutoScalingRollingUpdate": { - "WaitOnResourceSignals": false, - "PauseTime": "PT0S", - "SuspendProcesses": [ - "HealthCheck", - "ReplaceUnhealthy", - "AZRebalance", - "AlarmNotification", - "ScheduledActions" - ] - }, - "AutoScalingScheduledAction": { - "IgnoreUnmodifiedGroupSizeProperties": true - } - } - }, - "cluster22manifesthellokubernetes849F52EA": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.k8sclusterawscdkawseksKubectlProviderframeworkonEvent99400C2DArn" - ] - }, - "Manifest": "[{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"hello-kubernetes\"},\"spec\":{\"type\":\"LoadBalancer\",\"ports\":[{\"port\":80,\"targetPort\":8080}],\"selector\":{\"app\":\"hello-kubernetes\"}}},{\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"name\":\"hello-kubernetes\"},\"spec\":{\"replicas\":1,\"selector\":{\"matchLabels\":{\"app\":\"hello-kubernetes\"}},\"template\":{\"metadata\":{\"labels\":{\"app\":\"hello-kubernetes\"}},\"spec\":{\"containers\":[{\"name\":\"hello-kubernetes\",\"image\":\"paulbouwer/hello-kubernetes:1.5\",\"ports\":[{\"containerPort\":8080}]}]}}}}]", - "ClusterName": { - "Ref": "cluster227BD1CB20" - }, - "RoleArn": { - "Fn::GetAtt": [ - "cluster22CreationRole8343FFAB", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3BucketC7079F0F" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3VersionKey343815BD" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3VersionKey343815BD" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetok8sclusterAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketCB2FD604Ref": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7" - }, - "referencetok8sclusterAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey74721DDBRef": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketAC1E446FRef": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey2740EA54Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - }, - "AdminRole38563C57": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::12345678:root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3Bucket0CA34290" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3VersionKey161D7473" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3VersionKey161D7473" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetok8sclusterAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket7C022AA5Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" - }, - "referencetok8sclusterAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKey7099737CRef": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketAC1E446FRef": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetok8sclusterAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey2740EA54Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - } - }, - "Outputs": { - "cluster22ConfigCommand96B20279": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "cluster227BD1CB20" - }, - " --region test-region" - ] - ] - } - }, - "cluster22GetTokenCommand99DB9B02": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "cluster227BD1CB20" - }, - " --region test-region" - ] - ] - } - } - }, - "Parameters": { - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7": { - "Type": "String", - "Description": "S3 bucket for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E": { - "Type": "String", - "Description": "S3 key for asset version \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843ArtifactHashBB23B423": { - "Type": "String", - "Description": "Artifact hash for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48": { - "Type": "String", - "Description": "S3 bucket for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F": { - "Type": "String", - "Description": "S3 key for asset version \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044ArtifactHashF11F33A4": { - "Type": "String", - "Description": "Artifact hash for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B": { - "Type": "String", - "Description": "S3 bucket for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56": { - "Type": "String", - "Description": "S3 key for asset version \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aArtifactHash741C1231": { - "Type": "String", - "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3Bucket0CA34290": { - "Type": "String", - "Description": "S3 bucket for asset \"c5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086\"" - }, - "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086S3VersionKey161D7473": { - "Type": "String", - "Description": "S3 key for asset version \"c5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086\"" - }, - "AssetParametersc5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086ArtifactHash9658E6F4": { - "Type": "String", - "Description": "Artifact hash for asset \"c5c0e89b5fcb10a0aa8d83cbd2c20cbfdac3cb8dd32f0b7d644e16b503de9086\"" - }, - "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3BucketC7079F0F": { - "Type": "String", - "Description": "S3 bucket for asset \"fdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2\"" - }, - "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2S3VersionKey343815BD": { - "Type": "String", - "Description": "S3 key for asset version \"fdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2\"" - }, - "AssetParametersfdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2ArtifactHashEDE1C61F": { - "Type": "String", - "Description": "Artifact hash for asset \"fdc905ecbc3f530037fdffcd0747d626ac7f327c391ecdaddd56b11c1be17fd2\"" - }, - "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id" - } - } - } -] \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.ts deleted file mode 100644 index 48db08ac71da9..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.ts +++ /dev/null @@ -1,53 +0,0 @@ -/// !cdk-integ * - -import * as ec2 from '@aws-cdk/aws-ec2'; -import * as iam from '@aws-cdk/aws-iam'; -import { App, Construct } from '@aws-cdk/core'; -import { Cluster } from '../lib'; -import * as hello from './hello-k8s'; -import { TestStack } from './util'; - -class VpcStack extends TestStack { - public readonly vpc: ec2.Vpc; - - constructor(scope: Construct, id: string) { - super(scope, id); - this.vpc = new ec2.Vpc(this, 'vpc', { maxAzs: 2 }); - } -} - -class ClusterStack extends TestStack { - public readonly cluster: Cluster; - - constructor(scope: Construct, id: string, props: { vpc: ec2.Vpc }) { - super(scope, id); - - // define the cluster. kubectl is enabled by default. - this.cluster = new Cluster(this, 'cluster22', { - vpc: props.vpc, - defaultCapacity: 0, - }); - - // define an IAM role assumable by anyone in the account and map it to the k8s - // `system:masters` group this is required if you want to be able to issue - // manual `kubectl` commands against the cluster. - const mastersRole = new iam.Role(this, 'AdminRole', { assumedBy: new iam.AccountRootPrincipal() }); - this.cluster.awsAuth.addMastersRole(mastersRole); - - // add some capacity to the cluster. The IAM instance role will - // automatically be mapped via aws-auth to allow nodes to join the cluster. - this.cluster.addCapacity('Nodes', { - instanceType: new ec2.InstanceType('t2.medium'), - minCapacity: 3, - }); - - // add an arbitrary k8s manifest to the cluster. This will `kubectl apply` - // these resources upon creation or `kubectl delete` upon removal. - this.cluster.addResource('hello-kubernetes', ...hello.resources); - } -} - -const app = new App(); -const vpcStack = new VpcStack(app, 'k8s-vpc'); -new ClusterStack(app, 'k8s-cluster', { vpc: vpcStack.vpc }); -app.synth(); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json deleted file mode 100644 index 257e69e076944..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json +++ /dev/null @@ -1,1522 +0,0 @@ -{ - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc" - } - ] - } - }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } - }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - }, - "DependsOn": [ - "vpcVPCGW7984C166" - ] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "vpcPublicSubnet1EIPDA49DCBE", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet1" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } - } - }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - }, - "DependsOn": [ - "vpcVPCGW7984C166" - ] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "vpcPublicSubnet2EIP9B3743B1", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PublicSubnet2" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1a", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PrivateSubnet1" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PrivateSubnet1" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } - }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - } - } - }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.192.0/18", - "VpcId": { - "Ref": "vpcA2121C38" - }, - "AvailabilityZone": "test-region-1b", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PrivateSubnet2" - }, - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc/PrivateSubnet2" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - } - ] - } - }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } - }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - } - } - }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/vpc" - } - ] - } - }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "vpcA2121C38" - }, - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - } - } - }, - "myClusterRole0D8296A4": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSServicePolicy" - ] - ] - } - ] - } - }, - "myClusterControlPlaneSecurityGroupD42800D0": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } - }, - "myClusterControlPlaneSecurityGroupfromintegeksspotmyClusterDefaultCapacityInstanceSecurityGroup8EBC6D914435857A9D2": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from integeksspotmyClusterDefaultCapacityInstanceSecurityGroup8EBC6D91:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "myClusterControlPlaneSecurityGroupfromintegeksspotmyClusterspotInstanceSecurityGroup4D0BAA4D443BF12370D": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from integeksspotmyClusterspotInstanceSecurityGroup4D0BAA4D:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterspotInstanceSecurityGroupE76CC584", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "myClusterCreationRole32535C76": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": [ - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.integeksspotawscdkawseksClusterResourceProviderOnEventHandlerServiceRoleFAE56881Arn" - ] - }, - { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.integeksspotawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRoleABA3B752Arn" - ] - } - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.integeksspotawscdkawseksKubectlProviderHandlerServiceRole583FC177Arn" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "myClusterCreationRoleDefaultPolicy942AD3ED": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "myClusterRole0D8296A4", - "Arn" - ] - } - }, - { - "Action": "ec2:DescribeSubnets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "myClusterCreationRoleDefaultPolicy942AD3ED", - "Roles": [ - { - "Ref": "myClusterCreationRole32535C76" - } - ] - } - }, - "myClusterE51CD07F": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.integeksspotawscdkawseksClusterResourceProviderframeworkonEvent8482DC0FArn" - ] - }, - "Config": { - "roleArn": { - "Fn::GetAtt": [ - "myClusterRole0D8296A4", - "Arn" - ] - }, - "resourcesVpcConfig": { - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - } - ], - "subnetIds": [ - { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "myClusterCreationRole32535C76", - "Arn" - ] - } - }, - "DependsOn": [ - "myClusterCreationRoleDefaultPolicy942AD3ED", - "myClusterCreationRole32535C76" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "integ-eks-spot/myCluster/DefaultCapacity/InstanceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/myCluster/DefaultCapacity" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "myClusterE51CD07F" - } - ] - ] - }, - "Value": "owned" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } - }, - "myClusterDefaultCapacityInstanceSecurityGroupfromintegeksspotmyClusterDefaultCapacityInstanceSecurityGroup8EBC6D91ALLTRAFFIC50C0DBE7": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "-1", - "Description": "from integeksspotmyClusterDefaultCapacityInstanceSecurityGroup8EBC6D91:ALL TRAFFIC", - "GroupId": { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B", - "GroupId" - ] - } - } - }, - "myClusterDefaultCapacityInstanceSecurityGroupfromintegeksspotmyClusterControlPlaneSecurityGroupC4434A844430734956F": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from integeksspotmyClusterControlPlaneSecurityGroupC4434A84:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "myClusterDefaultCapacityInstanceSecurityGroupfromintegeksspotmyClusterControlPlaneSecurityGroupC4434A84102565535234C3C38": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from integeksspotmyClusterControlPlaneSecurityGroupC4434A84:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - }, - "ToPort": 65535 - } - }, - "myClusterDefaultCapacityInstanceRoleA36E0984": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/myCluster/DefaultCapacity" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "myClusterE51CD07F" - } - ] - ] - }, - "Value": "owned" - } - ] - } - }, - "myClusterDefaultCapacityInstanceProfileE7E48198": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Roles": [ - { - "Ref": "myClusterDefaultCapacityInstanceRoleA36E0984" - } - ] - } - }, - "myClusterDefaultCapacityLaunchConfigCF6D4B81": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "m5.large", - "IamInstanceProfile": { - "Ref": "myClusterDefaultCapacityInstanceProfileE7E48198" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceSecurityGroup22595F6B", - "GroupId" - ] - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", - { - "Ref": "myClusterE51CD07F" - }, - " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack integ-eks-spot --resource myClusterDefaultCapacityASGF3FE3A19 --region test-region" - ] - ] - } - } - }, - "DependsOn": [ - "myClusterDefaultCapacityInstanceRoleA36E0984" - ] - }, - "myClusterDefaultCapacityASGF3FE3A19": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "MaxSize": "2", - "MinSize": "2", - "LaunchConfigurationName": { - "Ref": "myClusterDefaultCapacityLaunchConfigCF6D4B81" - }, - "Tags": [ - { - "Key": "Name", - "PropagateAtLaunch": true, - "Value": "integ-eks-spot/myCluster/DefaultCapacity" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "myClusterE51CD07F" - } - ] - ] - }, - "PropagateAtLaunch": true, - "Value": "owned" - } - ], - "VPCZoneIdentifier": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - }, - "UpdatePolicy": { - "AutoScalingRollingUpdate": { - "WaitOnResourceSignals": false, - "PauseTime": "PT0S", - "SuspendProcesses": [ - "HealthCheck", - "ReplaceUnhealthy", - "AZRebalance", - "AlarmNotification", - "ScheduledActions" - ] - }, - "AutoScalingScheduledAction": { - "IgnoreUnmodifiedGroupSizeProperties": true - } - } - }, - "myClusterAwsAuthmanifest66DDDCBC": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.integeksspotawscdkawseksKubectlProviderframeworkonEvent54BAB825Arn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\"},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "myClusterDefaultCapacityInstanceRoleA36E0984", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "myClusterspotInstanceRole03AE80B5", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "myClusterE51CD07F" - }, - "RoleArn": { - "Fn::GetAtt": [ - "myClusterCreationRole32535C76", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "myClusterspotInstanceSecurityGroupE76CC584": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "integ-eks-spot/myCluster/spot/InstanceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/myCluster/spot" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "myClusterE51CD07F" - } - ] - ] - }, - "Value": "owned" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } - }, - "myClusterspotInstanceSecurityGroupfromintegeksspotmyClusterspotInstanceSecurityGroup4D0BAA4DALLTRAFFIC6AB5F7A7": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "-1", - "Description": "from integeksspotmyClusterspotInstanceSecurityGroup4D0BAA4D:ALL TRAFFIC", - "GroupId": { - "Fn::GetAtt": [ - "myClusterspotInstanceSecurityGroupE76CC584", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterspotInstanceSecurityGroupE76CC584", - "GroupId" - ] - } - } - }, - "myClusterspotInstanceSecurityGroupfromintegeksspotmyClusterControlPlaneSecurityGroupC4434A84443CAF82847": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from integeksspotmyClusterControlPlaneSecurityGroupC4434A84:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "myClusterspotInstanceSecurityGroupE76CC584", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "myClusterspotInstanceSecurityGroupfromintegeksspotmyClusterControlPlaneSecurityGroupC4434A8410256553577BCEBCC": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from integeksspotmyClusterControlPlaneSecurityGroupC4434A84:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "myClusterspotInstanceSecurityGroupE76CC584", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "myClusterControlPlaneSecurityGroupD42800D0", - "GroupId" - ] - }, - "ToPort": 65535 - } - }, - "myClusterspotInstanceRole03AE80B5": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "integ-eks-spot/myCluster/spot" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "myClusterE51CD07F" - } - ] - ] - }, - "Value": "owned" - } - ] - } - }, - "myClusterspotInstanceProfile93D80EE5": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Roles": [ - { - "Ref": "myClusterspotInstanceRole03AE80B5" - } - ] - } - }, - "myClusterspotLaunchConfig6681F311": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "t3.large", - "IamInstanceProfile": { - "Ref": "myClusterspotInstanceProfile93D80EE5" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "myClusterspotInstanceSecurityGroupE76CC584", - "GroupId" - ] - } - ], - "SpotPrice": "0.1094", - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", - { - "Ref": "myClusterE51CD07F" - }, - " --kubelet-extra-args \"--node-labels lifecycle=Ec2Spot --register-with-taints=spotInstance=true:PreferNoSchedule --node-labels foo=bar,goo=far\" --use-max-pods true --aws-api-retry-attempts 5\n/opt/aws/bin/cfn-signal --exit-code $? --stack integ-eks-spot --resource myClusterspotASG5D95FD2F --region test-region" - ] - ] - } - } - }, - "DependsOn": [ - "myClusterspotInstanceRole03AE80B5" - ] - }, - "myClusterspotASG5D95FD2F": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "MaxSize": "10", - "MinSize": "1", - "LaunchConfigurationName": { - "Ref": "myClusterspotLaunchConfig6681F311" - }, - "Tags": [ - { - "Key": "Name", - "PropagateAtLaunch": true, - "Value": "integ-eks-spot/myCluster/spot" - }, - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "myClusterE51CD07F" - } - ] - ] - }, - "PropagateAtLaunch": true, - "Value": "owned" - } - ], - "VPCZoneIdentifier": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - }, - "UpdatePolicy": { - "AutoScalingRollingUpdate": { - "WaitOnResourceSignals": false, - "PauseTime": "PT0S", - "SuspendProcesses": [ - "HealthCheck", - "ReplaceUnhealthy", - "AZRebalance", - "AlarmNotification", - "ScheduledActions" - ] - }, - "AutoScalingScheduledAction": { - "IgnoreUnmodifiedGroupSizeProperties": true - } - } - }, - "myClustermanifestspotinterrupthandler0542CCD2": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.integeksspotawscdkawseksKubectlProviderframeworkonEvent54BAB825Arn" - ] - }, - "Manifest": "[{\"kind\":\"ClusterRole\",\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"metadata\":{\"name\":\"node-termination-handler\",\"namespace\":\"default\"},\"rules\":[{\"apiGroups\":[\"apps\"],\"resources\":[\"daemonsets\"],\"verbs\":[\"get\",\"delete\"]},{\"apiGroups\":[\"\"],\"resources\":[\"*\"],\"verbs\":[\"*\"]},{\"apiGroups\":[\"rbac.authorization.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"*\"]},{\"apiGroups\":[\"apiextensions.k8s.io\"],\"resources\":[\"customresourcedefinitions\"],\"verbs\":[\"get\",\"list\",\"watch\",\"create\",\"delete\"]}]},{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"node-termination-handler\"}},{\"kind\":\"ClusterRoleBinding\",\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"metadata\":{\"name\":\"node-termination-handler\",\"namespace\":\"default\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"node-termination-handler\",\"namespace\":\"default\"}],\"roleRef\":{\"kind\":\"ClusterRole\",\"name\":\"node-termination-handler\",\"apiGroup\":\"rbac.authorization.k8s.io\"}},{\"apiVersion\":\"apps/v1beta2\",\"kind\":\"DaemonSet\",\"metadata\":{\"name\":\"node-termination-handler\",\"namespace\":\"default\"},\"spec\":{\"selector\":{\"matchLabels\":{\"app\":\"node-termination-handler\"}},\"template\":{\"metadata\":{\"labels\":{\"app\":\"node-termination-handler\"}},\"spec\":{\"serviceAccountName\":\"node-termination-handler\",\"containers\":[{\"name\":\"node-termination-handler\",\"image\":\"amazon/aws-node-termination-handler:v1.0.0\",\"imagePullPolicy\":\"Always\",\"env\":[{\"name\":\"NODE_NAME\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"spec.nodeName\"}}},{\"name\":\"POD_NAME\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"metadata.name\"}}},{\"name\":\"NAMESPACE\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"metadata.namespace\"}}},{\"name\":\"SPOT_POD_IP\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"status.podIP\"}}}],\"resources\":{\"requests\":{\"memory\":\"64Mi\",\"cpu\":\"50m\"},\"limits\":{\"memory\":\"128Mi\",\"cpu\":\"100m\"}}}],\"nodeSelector\":{\"lifecycle\":\"Ec2Spot\"}}}}}]", - "ClusterName": { - "Ref": "myClusterE51CD07F" - }, - "RoleArn": { - "Fn::GetAtt": [ - "myClusterCreationRole32535C76", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersacceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480S3Bucket9711D41B" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersacceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480S3VersionKey43D4C7F7" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersacceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480S3VersionKey43D4C7F7" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetointegeksspotAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3Bucket673C1471Ref": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7" - }, - "referencetointegeksspotAssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey0C03D79ERef": { - "Ref": "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E" - }, - "referencetointegeksspotAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketAB571814Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetointegeksspotAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey290B49B6Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.test-region.", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParameters741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9S3BucketEE58FB96" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9S3VersionKey04B8567E" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9S3VersionKey04B8567E" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetointegeksspotAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketA7810B98Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" - }, - "referencetointegeksspotAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyC8A48879Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" - }, - "referencetointegeksspotAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3BucketAB571814Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" - }, - "referencetointegeksspotAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey290B49B6Ref": { - "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F" - } - } - } - } - }, - "Outputs": { - "myClusterConfigCommandAC521B60": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "myClusterE51CD07F" - }, - " --region test-region" - ] - ] - } - }, - "myClusterGetTokenCommandF3F07390": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "myClusterE51CD07F" - }, - " --region test-region" - ] - ] - } - } - }, - "Parameters": { - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3BucketB1B98CB7": { - "Type": "String", - "Description": "S3 bucket for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843S3VersionKey3E52B70E": { - "Type": "String", - "Description": "S3 key for asset version \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843ArtifactHashBB23B423": { - "Type": "String", - "Description": "Artifact hash for asset \"52b3b8ab304639fa78abb311c605789b1593cf287bfe0d52aafa2821a11c5843\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48": { - "Type": "String", - "Description": "S3 bucket for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3VersionKey1DD5E19F": { - "Type": "String", - "Description": "S3 key for asset version \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044ArtifactHashF11F33A4": { - "Type": "String", - "Description": "Artifact hash for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B": { - "Type": "String", - "Description": "S3 bucket for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56": { - "Type": "String", - "Description": "S3 key for asset version \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aArtifactHash741C1231": { - "Type": "String", - "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" - }, - "AssetParameters741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9S3BucketEE58FB96": { - "Type": "String", - "Description": "S3 bucket for asset \"741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9\"" - }, - "AssetParameters741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9S3VersionKey04B8567E": { - "Type": "String", - "Description": "S3 key for asset version \"741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9\"" - }, - "AssetParameters741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9ArtifactHash8244A1B2": { - "Type": "String", - "Description": "Artifact hash for asset \"741b934350d5a035a4285a1fb5ce2cc8c53136d99ff01c51a3d7049b2b3f38d9\"" - }, - "AssetParametersacceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480S3Bucket9711D41B": { - "Type": "String", - "Description": "S3 bucket for asset \"acceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480\"" - }, - "AssetParametersacceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480S3VersionKey43D4C7F7": { - "Type": "String", - "Description": "S3 key for asset version \"acceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480\"" - }, - "AssetParametersacceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480ArtifactHash40F192C2": { - "Type": "String", - "Description": "Artifact hash for asset \"acceae4f247a389ba7bd30504ecf85dcbde42bfd6408e84ecf157d1209488480\"" - }, - "SsmParameterValueawsserviceeksoptimizedami114amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-spot.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-spot.ts deleted file mode 100644 index bf99f9c62a4f7..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-spot.ts +++ /dev/null @@ -1,33 +0,0 @@ -import * as ec2 from '@aws-cdk/aws-ec2'; -import { App, Construct } from '@aws-cdk/core'; -import * as eks from '../lib'; -import { TestStack } from './util'; - -class MyStack extends TestStack { - constructor(scope: Construct, id: string) { - super(scope, id); - - const vpc = new ec2.Vpc(this, 'vpc', { maxAzs: 2 }); - - // two on-demand instances - const cluster = new eks.Cluster(this, 'myCluster', { - defaultCapacity: 2, - vpc, - }); - - // up to ten spot instances - cluster.addCapacity('spot', { - spotPrice: '0.1094', - instanceType: new ec2.InstanceType('t3.large'), - maxCapacity: 10, - bootstrapOptions: { - kubeletExtraArgs: '--node-labels foo=bar,goo=far', - awsApiRetryAttempts: 5 - } - }); - } -} - -const app = new App(); -new MyStack(app, 'integ-eks-spot'); -app.synth(); From f14405a97681fdf027fb27dd20479754ff7ba8e7 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2020 18:54:57 +0000 Subject: [PATCH 27/42] chore(deps): bump @typescript-eslint/eslint-plugin from 2.22.0 to 2.23.0 (#6640) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 2.22.0 to 2.23.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v2.23.0/packages/eslint-plugin) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- tools/cdk-build-tools/package.json | 2 +- yarn.lock | 28 ++++++++++++++-------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tools/cdk-build-tools/package.json b/tools/cdk-build-tools/package.json index 8af402b88033a..1a71f78e4be00 100644 --- a/tools/cdk-build-tools/package.json +++ b/tools/cdk-build-tools/package.json @@ -37,7 +37,7 @@ "pkglint": "0.0.0" }, "dependencies": { - "@typescript-eslint/eslint-plugin": "^2.22.0", + "@typescript-eslint/eslint-plugin": "^2.23.0", "@typescript-eslint/parser": "^2.19.2", "awslint": "0.0.0", "colors": "^1.4.0", diff --git a/yarn.lock b/yarn.lock index 18377bed08b18..58a649ba75f67 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2151,12 +2151,12 @@ dependencies: "@types/yargs-parser" "*" -"@typescript-eslint/eslint-plugin@^2.22.0": - version "2.22.0" - resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-2.22.0.tgz#218ce6d4aa0244c6a40baba39ca1e021b26bb017" - integrity sha512-BvxRLaTDVQ3N+Qq8BivLiE9akQLAOUfxNHIEhedOcg8B2+jY8Rc4/D+iVprvuMX1AdezFYautuGDwr9QxqSxBQ== +"@typescript-eslint/eslint-plugin@^2.23.0": + version "2.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-2.23.0.tgz#aa7133bfb7b685379d9eafe4ae9e08b9037e129d" + integrity sha512-8iA4FvRsz8qTjR0L/nK9RcRUN3QtIHQiOm69FzV7WS3SE+7P7DyGGwh3k4UNR2JBbk+Ej2Io+jLAaqKibNhmtw== dependencies: - "@typescript-eslint/experimental-utils" "2.22.0" + "@typescript-eslint/experimental-utils" "2.23.0" eslint-utils "^1.4.3" functional-red-black-tree "^1.0.1" regexpp "^3.0.0" @@ -2171,13 +2171,13 @@ "@typescript-eslint/typescript-estree" "2.20.0" eslint-scope "^5.0.0" -"@typescript-eslint/experimental-utils@2.22.0": - version "2.22.0" - resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-2.22.0.tgz#4d00c91fbaaa68e56e7869be284999a265707f85" - integrity sha512-sJt1GYBe6yC0dWOQzXlp+tiuGglNhJC9eXZeC8GBVH98Zv9jtatccuhz0OF5kC/DwChqsNfghHx7OlIDQjNYAQ== +"@typescript-eslint/experimental-utils@2.23.0": + version "2.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-2.23.0.tgz#5d2261c8038ec1698ca4435a8da479c661dc9242" + integrity sha512-OswxY59RcXH3NNPmq+4Kis2CYZPurRU6mG5xPcn24CjFyfdVli5mySwZz/g/xDbJXgDsYqNGq7enV0IziWGXVQ== dependencies: "@types/json-schema" "^7.0.3" - "@typescript-eslint/typescript-estree" "2.22.0" + "@typescript-eslint/typescript-estree" "2.23.0" eslint-scope "^5.0.0" "@typescript-eslint/parser@^2.19.2": @@ -2203,10 +2203,10 @@ semver "^6.3.0" tsutils "^3.17.1" -"@typescript-eslint/typescript-estree@2.22.0": - version "2.22.0" - resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-2.22.0.tgz#a16ed45876abf743e1f5857e2f4a1c3199fd219e" - integrity sha512-2HFZW2FQc4MhIBB8WhDm9lVFaBDy6h9jGrJ4V2Uzxe/ON29HCHBTj3GkgcsgMWfsl2U5as+pTOr30Nibaw7qRQ== +"@typescript-eslint/typescript-estree@2.23.0": + version "2.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-2.23.0.tgz#d355960fab96bd550855488dcc34b9a4acac8d36" + integrity sha512-pmf7IlmvXdlEXvE/JWNNJpEvwBV59wtJqA8MLAxMKLXNKVRC3HZBXR/SlZLPWTCcwOSg9IM7GeRSV3SIerGVqw== dependencies: debug "^4.1.1" eslint-visitor-keys "^1.1.0" From 1de2952fcb4c284547ee71a3a2816dbc2c2b982a Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2020 19:47:25 +0000 Subject: [PATCH 28/42] chore(deps): bump aws-sdk from 2.635.0 to 2.636.0 (#6641) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.635.0 to 2.636.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.635.0...v2.636.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-cloudfront/package.json | 2 +- packages/@aws-cdk/aws-cloudtrail/package.json | 2 +- packages/@aws-cdk/aws-codebuild/package.json | 2 +- packages/@aws-cdk/aws-codecommit/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-route53/package.json | 2 +- packages/@aws-cdk/aws-sqs/package.json | 2 +- packages/@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- yarn.lock | 8 ++++---- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/package.json b/packages/@aws-cdk/aws-cloudfront/package.json index 70218a50ac1df..c82ab1f86bb67 100644 --- a/packages/@aws-cdk/aws-cloudfront/package.json +++ b/packages/@aws-cdk/aws-cloudfront/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-cloudtrail/package.json b/packages/@aws-cdk/aws-cloudtrail/package.json index 3cf4b2a9296cb..39f9d2dd497b9 100644 --- a/packages/@aws-cdk/aws-cloudtrail/package.json +++ b/packages/@aws-cdk/aws-cloudtrail/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index eee5e6a8e56bf..25e6b8d97244f 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -70,7 +70,7 @@ "@aws-cdk/aws-sns": "0.0.0", "@aws-cdk/aws-sqs": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codecommit/package.json b/packages/@aws-cdk/aws-codecommit/package.json index 093cdb8a20122..2444bc0f1fafb 100644 --- a/packages/@aws-cdk/aws-codecommit/package.json +++ b/packages/@aws-cdk/aws-codecommit/package.json @@ -70,7 +70,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 5327856a37b1f..8d18214e403c3 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index 6f11bc5f0f023..c394e1cf0807a 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index 67a9e5c41fa2b..d909b9a098f4d 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -86,7 +86,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index be11ff4589fad..ac2ca57c0c9ce 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -71,7 +71,7 @@ "@types/lodash": "^4.14.149", "@types/nodeunit": "^0.0.30", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-route53/package.json b/packages/@aws-cdk/aws-route53/package.json index d394b624f2853..329cddd53d3d3 100644 --- a/packages/@aws-cdk/aws-route53/package.json +++ b/packages/@aws-cdk/aws-route53/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-sqs/package.json b/packages/@aws-cdk/aws-sqs/package.json index 8bbff37c8e7b2..682be7373aa5c 100644 --- a/packages/@aws-cdk/aws-sqs/package.json +++ b/packages/@aws-cdk/aws-sqs/package.json @@ -65,7 +65,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index f032541ed9468..dd60bfb5ad77f 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -73,7 +73,7 @@ "@types/aws-lambda": "^8.10.39", "@types/fs-extra": "^8.1.0", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 5a247e4778627..a7d248b806fd1 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -71,7 +71,7 @@ "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "camelcase": "^5.3.1", "colors": "^1.4.0", "decamelize": "^4.0.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index 354cdd165f40f..984a1ae0425da 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -42,7 +42,7 @@ "dependencies": { "@aws-cdk/cdk-assets-schema": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.635.0", + "aws-sdk": "^2.636.0", "glob": "^7.1.6", "yargs": "^15.3.0" }, diff --git a/yarn.lock b/yarn.lock index 58a649ba75f67..e41b287bea629 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2639,10 +2639,10 @@ aws-sdk-mock@^5.0.0: sinon "^8.0.1" traverse "^0.6.6" -aws-sdk@^2.596.0, aws-sdk@^2.635.0: - version "2.635.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.635.0.tgz#a440e465ad44e5a982680acd3bf0747eef9f7818" - integrity sha512-NlKqMB4HqMqSutY6YmPzQVa+mMhqo0655hYYl8G2zkUvrYy+YxDitvwDEUkSsNKVFkEvmHtZggFCgVYIUu/sXg== +aws-sdk@^2.596.0, aws-sdk@^2.636.0: + version "2.636.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.636.0.tgz#247124540b5b88a217aa6c282ce662b2f539721f" + integrity sha512-Zd/jed8qSNCm4pT2+8BuFfveouZrqUqmsOdhzpi3ZB3GYqV5eD+dmsl8OY+qvMgIJIFCB34a1SMucsC4zdBokg== dependencies: buffer "4.9.1" events "1.1.1" From 03df1f1c5f152ff0a14e872095df3b97b0d25fa0 Mon Sep 17 00:00:00 2001 From: Elad Ben-Israel Date: Tue, 10 Mar 2020 10:31:12 +0200 Subject: [PATCH 29/42] fix(eks): sporadic broken pipe when deploying helm charts (#6522) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix(eks): sporadic broken pipe when deploying helm charts (#6522) Retry three times if helm fails if a “broken pipe” error. Fixes #6381 --- .../lib/kubectl-handler/helm/__init__.py | 52 +++++++++++-------- .../test/integ.eks-cluster.expected.json | 38 +++++++------- 2 files changed, 50 insertions(+), 40 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py b/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py index 531d1ba0dc4d0..05d0fbdaba614 100644 --- a/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py +++ b/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py @@ -54,24 +54,34 @@ def helm_handler(event, context): def helm(verb, release, chart = None, repo = None, file = None, namespace = None, version = None, wait = False): import subprocess - try: - cmnd = ['helm', verb, release] - if not chart is None: - cmnd.append(chart) - if verb == 'upgrade': - cmnd.append('--install') - if not repo is None: - cmnd.extend(['--repo', repo]) - if not file is None: - cmnd.extend(['--values', file]) - if not version is None: - cmnd.extend(['--version', version]) - if not namespace is None: - cmnd.extend(['--namespace', namespace]) - if wait: - cmnd.append('--wait') - cmnd.extend(['--kubeconfig', kubeconfig]) - output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir) - logger.info(output) - except subprocess.CalledProcessError as exc: - raise Exception(exc.output) + + cmnd = ['helm', verb, release] + if not chart is None: + cmnd.append(chart) + if verb == 'upgrade': + cmnd.append('--install') + if not repo is None: + cmnd.extend(['--repo', repo]) + if not file is None: + cmnd.extend(['--values', file]) + if not version is None: + cmnd.extend(['--version', version]) + if not namespace is None: + cmnd.extend(['--namespace', namespace]) + if wait: + cmnd.append('--wait') + cmnd.extend(['--kubeconfig', kubeconfig]) + + retry = 3 + while retry > 0: + try: + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir) + logger.info(output) + return + except subprocess.CalledProcessError as exc: + output = exc.output + if b'Broken pipe' in output: + logger.info("Broken pipe, retries left: %s" % retry) + retry = retry - 1 + else: + raise Exception(output) diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 0960d52117a47..15efc8f231f2c 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -1754,7 +1754,7 @@ }, "/", { - "Ref": "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3BucketA606F9D6" + "Ref": "AssetParameters5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690S3BucketE6BD216D" }, "/", { @@ -1764,7 +1764,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3VersionKeyFE7BFE80" + "Ref": "AssetParameters5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690S3VersionKey27D33001" } ] } @@ -1777,7 +1777,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3VersionKeyFE7BFE80" + "Ref": "AssetParameters5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690S3VersionKey27D33001" } ] } @@ -1787,11 +1787,11 @@ ] }, "Parameters": { - "referencetoawscdkeksclustertestAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3Bucket6D4B3C92Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B" + "referencetoawscdkeksclustertestAssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2S3Bucket5C1311C2Ref": { + "Ref": "AssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2S3Bucket8A1A4BE8" }, - "referencetoawscdkeksclustertestAssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKey1728B833Ref": { - "Ref": "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56" + "referencetoawscdkeksclustertestAssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2S3VersionKey33922910Ref": { + "Ref": "AssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2S3VersionKeyB580A234" }, "referencetoawscdkeksclustertestAssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket24E1CF9DRef": { "Ref": "AssetParameters6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044S3Bucket75CDEB48" @@ -1899,29 +1899,29 @@ "Type": "String", "Description": "Artifact hash for asset \"6c3e21f76e4ba0bc4b901f71bfa9c1eaf7929edcfd9a1591690d12b024100044\"" }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3BucketF848983B": { + "AssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2S3Bucket8A1A4BE8": { "Type": "String", - "Description": "S3 bucket for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" + "Description": "S3 bucket for asset \"809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2\"" }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aS3VersionKeyAE869E56": { + "AssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2S3VersionKeyB580A234": { "Type": "String", - "Description": "S3 key for asset version \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" + "Description": "S3 key for asset version \"809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2\"" }, - "AssetParameters7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25aArtifactHash741C1231": { + "AssetParameters809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2ArtifactHash5CE7C76A": { "Type": "String", - "Description": "Artifact hash for asset \"7885982e43353796b16117389f19d46f133d2b866759b8b87c714aa408d6a25a\"" + "Description": "Artifact hash for asset \"809b8ac7e88704d37fac32bbd5cfa56be7ea4d3e9ddb682d216c4b6868cd8fa2\"" }, - "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3BucketA606F9D6": { + "AssetParameters5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690S3BucketE6BD216D": { "Type": "String", - "Description": "S3 bucket for asset \"1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03e\"" + "Description": "S3 bucket for asset \"5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690\"" }, - "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eS3VersionKeyFE7BFE80": { + "AssetParameters5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690S3VersionKey27D33001": { "Type": "String", - "Description": "S3 key for asset version \"1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03e\"" + "Description": "S3 key for asset version \"5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690\"" }, - "AssetParameters1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03eArtifactHashFB2BBA58": { + "AssetParameters5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690ArtifactHash19392521": { "Type": "String", - "Description": "Artifact hash for asset \"1e3bad756cb56d3cc78162a37a1a4b0226bdc7176cf3ed9128b0241f2799d03e\"" + "Description": "Artifact hash for asset \"5736fa6dc98806541544f2c33f17a2495fe0723bd1e59ec62991d68ac3a6e690\"" }, "AssetParameters6348c4414dfcbc19ed407c51ecc75d12faf4ee3219e972437d4ceed53e5b79a0S3BucketEF51ACE0": { "Type": "String", From 348a952db68c838d73258cd8355322e151ae1080 Mon Sep 17 00:00:00 2001 From: Ben Bryant Date: Tue, 10 Mar 2020 10:16:29 +0100 Subject: [PATCH 30/42] fix(iam): cannot add multiple conditions using same operator --- packages/@aws-cdk/aws-iam/lib/policy-statement.ts | 3 ++- .../@aws-cdk/aws-iam/test/policy-document.test.ts | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts index 2c07104874c1a..425a69e6b8a4d 100644 --- a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts +++ b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts @@ -167,7 +167,8 @@ export class PolicyStatement { * Add a condition to the Policy */ public addCondition(key: string, value: any) { - this.condition[key] = value; + const existingValue = this.condition[key]; + this.condition[key] = existingValue ? { ...existingValue, ...value } : value; } /** diff --git a/packages/@aws-cdk/aws-iam/test/policy-document.test.ts b/packages/@aws-cdk/aws-iam/test/policy-document.test.ts index 3f5388e6d75de..1b4e359e98d4b 100644 --- a/packages/@aws-cdk/aws-iam/test/policy-document.test.ts +++ b/packages/@aws-cdk/aws-iam/test/policy-document.test.ts @@ -572,4 +572,19 @@ describe('IAM polocy document', () => { expect(stack.resolve(doc1)).toEqual(stack.resolve(doc2)); }); + + test('adding another condition with the same operator does not delete the original', () => { + const stack = new Stack(); + + const p = new PolicyStatement(); + + p.addCondition('StringEquals', { 'kms:ViaService': 'service' }); + + p.addAccountCondition('12221121221'); + + expect(stack.resolve(p.toStatementJson())).toEqual({ + Effect: 'Allow', + Condition: { StringEquals: { 'kms:ViaService': 'service', 'sts:ExternalId': '12221121221' } } + }); + }); }); From de1a36bb5d4c78e617f3b78a06b42dfbd45475dc Mon Sep 17 00:00:00 2001 From: Ayush Goyal Date: Tue, 10 Mar 2020 15:30:19 +0530 Subject: [PATCH 31/42] feat(stepfunctions-tasks): run batch job (#6396) Adding implementation to run batch job from step functions based on [docs](https://docs.aws.amazon.com/step-functions/latest/dg/connect-batch.html) closes #6467 --- .../aws-stepfunctions-tasks/lib/index.ts | 1 + .../lib/run-batch-job.ts | 340 ++++++ .../aws-stepfunctions-tasks/package.json | 2 + .../test/batchjob-image/Dockerfile | 5 + .../test/batchjob-image/index.py | 6 + .../test/integ.run-batch-job.expected.json | 1036 +++++++++++++++++ .../test/integ.run-batch-job.ts | 80 ++ .../test/run-batch-job.test.ts | 253 ++++ packages/@aws-cdk/aws-stepfunctions/README.md | 34 + 9 files changed, 1757 insertions(+) create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-batch-job.ts create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/Dockerfile create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/index.py create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.expected.json create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.ts create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/run-batch-job.test.ts diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts index 9908c6bb4e422..2057acaf632e8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts @@ -20,3 +20,4 @@ export * from './emr-cancel-step'; export * from './emr-modify-instance-fleet-by-name'; export * from './emr-modify-instance-group-by-name'; export * from './run-glue-job-task'; +export * from './run-batch-job'; diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-batch-job.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-batch-job.ts new file mode 100644 index 0000000000000..67868f402f44f --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-batch-job.ts @@ -0,0 +1,340 @@ +import * as batch from '@aws-cdk/aws-batch'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as iam from '@aws-cdk/aws-iam'; +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import { Duration, Stack } from '@aws-cdk/core'; +import { getResourceArn } from './resource-arn-suffix'; + +/** + * The overrides that should be sent to a container. + */ +export interface ContainerOverrides { + /** + * The command to send to the container that overrides + * the default command from the Docker image or the job definition. + * + * @default - No command overrides + */ + readonly command?: string[]; + + /** + * The environment variables to send to the container. + * You can add new environment variables, which are added to the container + * at launch, or you can override the existing environment variables from + * the Docker image or the job definition. + * + * @default - No environment overrides + */ + readonly environment?: { [key: string]: string }; + + /** + * The instance type to use for a multi-node parallel job. + * This parameter is not valid for single-node container jobs. + * + * @default - No instance type overrides + */ + readonly instanceType?: ec2.InstanceType; + + /** + * The number of MiB of memory reserved for the job. + * This value overrides the value set in the job definition. + * + * @default - No memory overrides + */ + readonly memory?: number; + + /** + * The number of physical GPUs to reserve for the container. + * The number of GPUs reserved for all containers in a job + * should not exceed the number of available GPUs on the compute + * resource that the job is launched on. + * + * @default - No GPU reservation + */ + readonly gpuCount?: number; + + /** + * The number of vCPUs to reserve for the container. + * This value overrides the value set in the job definition. + * + * @default - No vCPUs overrides + */ + readonly vcpus?: number; +} + +/** + * An object representing an AWS Batch job dependency. + */ +export interface JobDependency { + /** + * The job ID of the AWS Batch job associated with this dependency. + * + * @default - No jobId + */ + readonly jobId?: string; + + /** + * The type of the job dependency. + * + * @default - No type + */ + readonly type?: string; +} + +/** + * Properties for RunBatchJob + */ +export interface RunBatchJobProps { + /** + * The job definition used by this job. + */ + readonly jobDefinition: batch.IJobDefinition; + + /** + * The name of the job. + * The first character must be alphanumeric, and up to 128 letters (uppercase and lowercase), + * numbers, hyphens, and underscores are allowed. + */ + readonly jobName: string; + + /** + * The job queue into which the job is submitted. + */ + readonly jobQueue: batch.IJobQueue; + + /** + * The array size can be between 2 and 10,000. + * If you specify array properties for a job, it becomes an array job. + * For more information, see Array Jobs in the AWS Batch User Guide. + * + * @default - No array size + */ + readonly arraySize?: number; + + /** + * A list of container overrides in JSON format that specify the name of a container + * in the specified job definition and the overrides it should receive. + * + * @see https://docs.aws.amazon.com/batch/latest/APIReference/API_SubmitJob.html#Batch-SubmitJob-request-containerOverrides + * + * @default - No container overrides + */ + readonly containerOverrides?: ContainerOverrides; + + /** + * A list of dependencies for the job. + * A job can depend upon a maximum of 20 jobs. + * + * @see https://docs.aws.amazon.com/batch/latest/APIReference/API_SubmitJob.html#Batch-SubmitJob-request-dependsOn + * + * @default - No dependencies + */ + readonly dependsOn?: JobDependency[]; + + /** + * The payload to be passed as parametrs to the batch job + * + * @default - No parameters are passed + */ + readonly payload?: { [key: string]: any }; + + /** + * The number of times to move a job to the RUNNABLE status. + * You may specify between 1 and 10 attempts. + * If the value of attempts is greater than one, + * the job is retried on failure the same number of attempts as the value. + * + * @default - 1 + */ + readonly attempts?: number; + + /** + * The timeout configuration for this SubmitJob operation. + * The minimum value for the timeout is 60 seconds. + * + * @see https://docs.aws.amazon.com/batch/latest/APIReference/API_SubmitJob.html#Batch-SubmitJob-request-timeout + * + * @default - No timeout + */ + readonly timeout?: Duration; + + /** + * The service integration pattern indicates different ways to call TerminateCluster. + * + * The valid value is either FIRE_AND_FORGET or SYNC. + * + * @default SYNC + */ + readonly integrationPattern?: sfn.ServiceIntegrationPattern; +} + +/** + * A Step Functions Task to run AWS Batch + */ +export class RunBatchJob implements sfn.IStepFunctionsTask { + private readonly integrationPattern: sfn.ServiceIntegrationPattern; + + constructor(private readonly props: RunBatchJobProps) { + // validate integrationPattern + this.integrationPattern = + props.integrationPattern || sfn.ServiceIntegrationPattern.SYNC; + + const supportedPatterns = [ + sfn.ServiceIntegrationPattern.FIRE_AND_FORGET, + sfn.ServiceIntegrationPattern.SYNC + ]; + + if (!supportedPatterns.includes(this.integrationPattern)) { + throw new Error( + `Invalid Service Integration Pattern: ${this.integrationPattern} is not supported to call RunBatchJob.` + ); + } + + // validate arraySize limits + if ( + props.arraySize !== undefined && + (props.arraySize < 2 || props.arraySize > 10000) + ) { + throw new Error( + `Invalid value of arraySize. The array size can be between 2 and 10,000.` + ); + } + + // validate dependency size + if (props.dependsOn && props.dependsOn.length > 20) { + throw new Error( + `Invalid number of dependencies. A job can depend upon a maximum of 20 jobs.` + ); + } + + // validate attempts + if ( + props.attempts !== undefined && + (props.attempts < 1 || props.attempts > 10) + ) { + throw new Error( + `Invalid value of attempts. You may specify between 1 and 10 attempts.` + ); + } + + // validate timeout + if (props.timeout && props.timeout.toSeconds() < 60) { + throw new Error( + `Invalid value of timrout. The minimum value for the timeout is 60 seconds.` + ); + } + + // This is reuqired since environment variables must not start with AWS_BATCH; + // this naming convention is reserved for variables that are set by the AWS Batch service. + if (props.containerOverrides?.environment) { + Object.keys(props.containerOverrides.environment).forEach(key => { + if (key.match(/^AWS_BATCH/)) { + throw new Error( + `Invalid environment variable name: ${key}. Environment variable names starting with 'AWS_BATCH' are reserved.` + ); + } + }); + } + } + + public bind(_task: sfn.Task): sfn.StepFunctionsTaskConfig { + return { + resourceArn: getResourceArn( + 'batch', + 'submitJob', + this.integrationPattern + ), + policyStatements: this.configurePolicyStatements(_task), + parameters: { + JobDefinition: this.props.jobDefinition.jobDefinitionArn, + JobName: this.props.jobName, + JobQueue: this.props.jobQueue.jobQueueArn, + Parameters: this.props.payload, + + ArrayProperties: + this.props.arraySize !== undefined + ? { Size: this.props.arraySize } + : undefined, + + ContainerOverrides: this.props.containerOverrides + ? this.configureContainerOverrides(this.props.containerOverrides) + : undefined, + + DependsOn: this.props.dependsOn + ? this.props.dependsOn.map(jobDependency => ({ + JobId: jobDependency.jobId, + Type: jobDependency.type + })) + : undefined, + + RetryStrategy: + this.props.attempts !== undefined + ? { Attempts: this.props.attempts } + : undefined, + + Timeout: this.props.timeout + ? { AttemptDurationSeconds: this.props.timeout.toSeconds() } + : undefined + } + }; + } + + private configurePolicyStatements(task: sfn.Task): iam.PolicyStatement[] { + return [ + // Resource level access control for job-definition requires revision which batch does not support yet + // Using the alternative permissions as mentioned here: + // https://docs.aws.amazon.com/batch/latest/userguide/batch-supported-iam-actions-resources.html + new iam.PolicyStatement({ + resources: [ + Stack.of(task).formatArn({ + service: 'batch', + resource: 'job-definition', + resourceName: '*' + }), + this.props.jobQueue.jobQueueArn + ], + actions: ['batch:SubmitJob'] + }), + new iam.PolicyStatement({ + resources: [ + Stack.of(task).formatArn({ + service: 'events', + resource: 'rule/StepFunctionsGetEventsForBatchJobsRule' + }) + ], + actions: ['events:PutTargets', 'events:PutRule', 'events:DescribeRule'] + }) + ]; + } + + private configureContainerOverrides(containerOverrides: ContainerOverrides) { + let environment; + if (containerOverrides.environment) { + environment = Object.entries(containerOverrides.environment).map( + ([key, value]) => ({ + Name: key, + Value: value + }) + ); + } + + let resources; + if (containerOverrides.gpuCount) { + resources = [ + { + Type: 'GPU', + Value: `${containerOverrides.gpuCount}` + } + ]; + } + + return { + Command: containerOverrides.command, + Environment: environment, + InstanceType: containerOverrides.instanceType?.toString(), + Memory: containerOverrides.memory, + ResourceRequirements: resources, + Vcpus: containerOverrides.vcpus + }; + } +} diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/package.json b/packages/@aws-cdk/aws-stepfunctions-tasks/package.json index 7f29cd1fffd52..8ff438593eb38 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/package.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/package.json @@ -89,6 +89,7 @@ "dependencies": { "@aws-cdk/assets": "0.0.0", "@aws-cdk/aws-cloudwatch": "0.0.0", + "@aws-cdk/aws-batch": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", "@aws-cdk/aws-ecr": "0.0.0", "@aws-cdk/aws-ecr-assets": "0.0.0", @@ -106,6 +107,7 @@ "homepage": "https://github.com/aws/aws-cdk", "peerDependencies": { "@aws-cdk/assets": "0.0.0", + "@aws-cdk/aws-batch": "0.0.0", "@aws-cdk/aws-cloudwatch": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", "@aws-cdk/aws-ecr": "0.0.0", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/Dockerfile b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/Dockerfile new file mode 100644 index 0000000000000..123b5670febc8 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/Dockerfile @@ -0,0 +1,5 @@ +FROM python:3.6 +EXPOSE 8000 +WORKDIR /src +ADD . /src +CMD python3 index.py diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/index.py b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/index.py new file mode 100644 index 0000000000000..337ed86e5f2ec --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batchjob-image/index.py @@ -0,0 +1,6 @@ +#!/usr/bin/python +import os +import pprint + +print('Hello from Batch!') +pprint.pprint(dict(os.environ)) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.expected.json new file mode 100644 index 0000000000000..2959dd9d50551 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.expected.json @@ -0,0 +1,1036 @@ +{ + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.0.0/19", + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet1" + }, + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + } + ] + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.32.0/19", + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet2" + }, + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + } + ] + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet3Subnet11B92D7C": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.64.0/19", + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet3" + }, + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + } + ] + } + }, + "vpcPublicSubnet3RouteTableA3C00665": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet3" + } + ] + } + }, + "vpcPublicSubnet3RouteTableAssociationD102D1C4": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet3RouteTableA3C00665" + }, + "SubnetId": { + "Ref": "vpcPublicSubnet3Subnet11B92D7C" + } + } + }, + "vpcPublicSubnet3DefaultRoute3F356A11": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet3RouteTableA3C00665" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet3EIP2C3B9D91": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet3" + } + ] + } + }, + "vpcPublicSubnet3NATGateway82F6CA9E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet3EIP2C3B9D91", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet3Subnet11B92D7C" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PublicSubnet3" + } + ] + } + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.96.0/19", + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PrivateSubnet1" + }, + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + } + ] + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PrivateSubnet1" + } + ] + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.128.0/19", + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PrivateSubnet2" + }, + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + } + ] + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PrivateSubnet2" + } + ] + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" + } + } + }, + "vpcPrivateSubnet3Subnet985AC459": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.160.0/19", + "VpcId": { + "Ref": "vpcA2121C38" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PrivateSubnet3" + }, + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + } + ] + } + }, + "vpcPrivateSubnet3RouteTable24DA79A0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc/PrivateSubnet3" + } + ] + } + }, + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet3RouteTable24DA79A0" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet3Subnet985AC459" + } + } + }, + "vpcPrivateSubnet3DefaultRoute30C45F47": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet3RouteTable24DA79A0" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet3NATGateway82F6CA9E" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-integ/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "vpcA2121C38" + }, + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + } + } + }, + "ComputeEnvEcsInstanceRoleCFB290F9": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "ComputeEnvInstanceProfile81AFCCF2": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ComputeEnvEcsInstanceRoleCFB290F9" + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "ComputeEnvResourceSecurityGroupB84CF86B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-stepfunctions-integ/ComputeEnv/Resource-Security-Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "ComputeEnvResourceServiceInstanceRoleCF89E9E1": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSBatchServiceRole" + ] + ] + } + ] + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "ComputeEnv2C40ACC2": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "ServiceRole": { + "Fn::GetAtt": [ + "ComputeEnvResourceServiceInstanceRoleCF89E9E1", + "Arn" + ] + }, + "Type": "MANAGED", + "ComputeResources": { + "AllocationStrategy": "BEST_FIT", + "InstanceRole": { + "Fn::GetAtt": [ + "ComputeEnvInstanceProfile81AFCCF2", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ComputeEnvResourceSecurityGroupB84CF86B", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + }, + { + "Ref": "vpcPrivateSubnet3Subnet985AC459" + } + ], + "Type": "EC2" + }, + "State": "ENABLED" + }, + "DependsOn": [ + "vpcIGWE57CBDCA", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableB41A48CC", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet1Subnet934893E8", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTable7280F23E", + "vpcPrivateSubnet2RouteTableAssociation007E94D3", + "vpcPrivateSubnet2Subnet7031C2BA", + "vpcPrivateSubnet3DefaultRoute30C45F47", + "vpcPrivateSubnet3RouteTable24DA79A0", + "vpcPrivateSubnet3RouteTableAssociationC58B3C2C", + "vpcPrivateSubnet3Subnet985AC459", + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1EIPDA49DCBE", + "vpcPublicSubnet1NATGateway9C16659E", + "vpcPublicSubnet1RouteTable48A2DF9B", + "vpcPublicSubnet1RouteTableAssociation5D3F4579", + "vpcPublicSubnet1Subnet2E65531E", + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2EIP9B3743B1", + "vpcPublicSubnet2NATGateway9B8AE11A", + "vpcPublicSubnet2RouteTableEB40D4CB", + "vpcPublicSubnet2RouteTableAssociation21F81B59", + "vpcPublicSubnet2Subnet009B674F", + "vpcPublicSubnet3DefaultRoute3F356A11", + "vpcPublicSubnet3EIP2C3B9D91", + "vpcPublicSubnet3NATGateway82F6CA9E", + "vpcPublicSubnet3RouteTableA3C00665", + "vpcPublicSubnet3RouteTableAssociationD102D1C4", + "vpcPublicSubnet3Subnet11B92D7C", + "vpcA2121C38", + "vpcVPCGW7984C166" + ] + }, + "JobQueueEE3AD499": { + "Type": "AWS::Batch::JobQueue", + "Properties": { + "ComputeEnvironmentOrder": [ + { + "ComputeEnvironment": { + "Ref": "ComputeEnv2C40ACC2" + }, + "Order": 1 + } + ], + "Priority": 1, + "State": "ENABLED" + } + }, + "JobDefinition24FFE3ED": { + "Type": "AWS::Batch::JobDefinition", + "Properties": { + "Type": "container", + "ContainerProperties": { + "Image": { + "Fn::Join": [ + "", + [ + { + "Ref": "AWS::AccountId" + }, + ".dkr.ecr.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/aws-cdk/assets:4ba4a660dbcc1e71f0bf07105626a5bc65d95ae71724dc57bbb94c8e14202342" + ] + ] + }, + "Memory": 4, + "Privileged": false, + "ReadonlyRootFilesystem": false, + "Vcpus": 1 + }, + "RetryStrategy": { + "Attempts": 1 + }, + "Timeout": {} + } + }, + "StateMachineRoleB840431D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "StateMachineRoleDefaultPolicyDF1E6607": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "batch:SubmitJob", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":batch:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":job-definition/*" + ] + ] + }, + { + "Ref": "JobQueueEE3AD499" + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForBatchJobsRule" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "StateMachineRoleDefaultPolicyDF1E6607", + "Roles": [ + { + "Ref": "StateMachineRoleB840431D" + } + ] + } + }, + "StateMachine2E01A3A5": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start\",\"States\":{\"Start\":{\"Type\":\"Pass\",\"Result\":{\"bar\":\"SomeValue\"},\"Next\":\"Submit Job\"},\"Submit Job\":{\"End\":true,\"Parameters\":{\"JobDefinition\":\"", + { + "Ref": "JobDefinition24FFE3ED" + }, + "\",\"JobName\":\"MyJob\",\"JobQueue\":\"", + { + "Ref": "JobQueueEE3AD499" + }, + "\",\"Parameters\":{\"foo.$\":\"$.bar\"},\"ContainerOverrides\":{\"Environment\":[{\"Name\":\"key\",\"Value\":\"value\"}],\"Memory\":256,\"Vcpus\":1},\"RetryStrategy\":{\"Attempts\":3},\"Timeout\":{\"AttemptDurationSeconds\":60}},\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::batch:submitJob.sync\"}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDF1E6607", + "StateMachineRoleB840431D" + ] + } + }, + "Outputs": { + "JobQueueArn": { + "Value": { + "Ref": "JobQueueEE3AD499" + } + }, + "StateMachineArn": { + "Value": { + "Ref": "StateMachine2E01A3A5" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.ts new file mode 100644 index 0000000000000..ecffd83190a13 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.run-batch-job.ts @@ -0,0 +1,80 @@ +import * as batch from '@aws-cdk/aws-batch'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as ecs from '@aws-cdk/aws-ecs'; +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import * as cdk from '@aws-cdk/core'; +import * as path from 'path'; +import * as tasks from '../lib'; + +/* + * Stack verification steps: + * * aws stepfunctions start-execution --state-machine-arn : should return execution arn + * * aws batch list-jobs --job-queue --job-status RUNNABLE : should return jobs-list with size greater than 0 + * * + * * aws batch describe-jobs --jobs --query 'jobs[0].status': wait until the status is 'SUCCEEDED' + * * aws stepfunctions describe-execution --execution-arn --query 'status': should return status as SUCCEEDED + */ + +class RunBatchStack extends cdk.Stack { + constructor(scope: cdk.App, id: string, props: cdk.StackProps = {}) { + super(scope, id, props); + + const vpc = new ec2.Vpc(this, 'vpc'); + + const batchQueue = new batch.JobQueue(this, 'JobQueue', { + computeEnvironments: [ + { + order: 1, + computeEnvironment: new batch.ComputeEnvironment(this, 'ComputeEnv', { + computeResources: { vpc } + }) + } + ] + }); + + const batchJobDefinition = new batch.JobDefinition(this, 'JobDefinition', { + container: { + image: ecs.ContainerImage.fromAsset( + path.resolve(__dirname, 'batchjob-image') + ) + } + }); + + const submitJob = new sfn.Task(this, 'Submit Job', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'MyJob', + jobQueue: batchQueue, + containerOverrides: { + environment: { key: 'value' }, + memory: 256, + vcpus: 1 + }, + payload: { + foo: sfn.Data.stringAt('$.bar') + }, + attempts: 3, + timeout: cdk.Duration.seconds(60) + }) + }); + + const definition = new sfn.Pass(this, 'Start', { + result: sfn.Result.fromObject({ bar: 'SomeValue' }) + }).next(submitJob); + + const stateMachine = new sfn.StateMachine(this, 'StateMachine', { + definition + }); + + new cdk.CfnOutput(this, 'JobQueueArn', { + value: batchQueue.jobQueueArn + }); + new cdk.CfnOutput(this, 'StateMachineArn', { + value: stateMachine.stateMachineArn + }); + } +} + +const app = new cdk.App(); +new RunBatchStack(app, 'aws-stepfunctions-integ'); +app.synth(); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/run-batch-job.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/run-batch-job.test.ts new file mode 100644 index 0000000000000..1e6adba6038a7 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/run-batch-job.test.ts @@ -0,0 +1,253 @@ +import * as batch from '@aws-cdk/aws-batch'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as ecs from '@aws-cdk/aws-ecs'; +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import * as cdk from '@aws-cdk/core'; +import * as path from 'path'; +import * as tasks from '../lib'; + +let stack: cdk.Stack; +let batchJobDefinition: batch.IJobDefinition; +let batchJobQueue: batch.IJobQueue; + +beforeEach(() => { + // GIVEN + stack = new cdk.Stack(); + + batchJobDefinition = new batch.JobDefinition(stack, 'JobDefinition', { + container: { + image: ecs.ContainerImage.fromAsset( + path.join(__dirname, 'batchjob-image') + ) + } + }); + + batchJobQueue = new batch.JobQueue(stack, 'JobQueue', { + computeEnvironments: [ + { + order: 1, + computeEnvironment: new batch.ComputeEnvironment(stack, 'ComputeEnv', { + computeResources: { vpc: new ec2.Vpc(stack, 'vpc') } + }) + } + ] + }); +}); + +test('Task with only the required parameters', () => { + // WHEN + const task = new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue + }) + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition' + }, + ':states:::batch:submitJob.sync' + ] + ] + }, + End: true, + Parameters: { + JobDefinition: { Ref: 'JobDefinition24FFE3ED' }, + JobName: 'JobName', + JobQueue: { Ref: 'JobQueueEE3AD499' } + } + }); +}); + +test('Task with all the parameters', () => { + // WHEN + const task = new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + arraySize: 15, + containerOverrides: { + command: ['sudo', 'rm'], + environment: { key: 'value' }, + instanceType: new ec2.InstanceType('MULTI'), + memory: 1024, + gpuCount: 1, + vcpus: 10 + }, + dependsOn: [{ jobId: '1234', type: 'some_type' }], + payload: { + foo: sfn.Data.stringAt('$.bar') + }, + attempts: 3, + timeout: cdk.Duration.seconds(60), + integrationPattern: sfn.ServiceIntegrationPattern.FIRE_AND_FORGET + }) + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition' + }, + ':states:::batch:submitJob' + ] + ] + }, + End: true, + Parameters: { + JobDefinition: { Ref: 'JobDefinition24FFE3ED' }, + JobName: 'JobName', + JobQueue: { Ref: 'JobQueueEE3AD499' }, + ArrayProperties: { Size: 15 }, + ContainerOverrides: { + Command: ['sudo', 'rm'], + Environment: [{ Name: 'key', Value: 'value' }], + InstanceType: 'MULTI', + Memory: 1024, + ResourceRequirements: [{ Type: 'GPU', Value: '1' }], + Vcpus: 10 + }, + DependsOn: [{ JobId: '1234', Type: 'some_type' }], + Parameters: { 'foo.$': '$.bar' }, + RetryStrategy: { Attempts: 3 }, + Timeout: { AttemptDurationSeconds: 60 } + } + }); +}); + +test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration pattern', () => { + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + integrationPattern: sfn.ServiceIntegrationPattern.WAIT_FOR_TASK_TOKEN + }) + }); + }).toThrow( + /Invalid Service Integration Pattern: WAIT_FOR_TASK_TOKEN is not supported to call RunBatchJob./i + ); +}); + +test('Task throws if environment in containerOverrides contain env with name starting with AWS_BATCH', () => { + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + containerOverrides: { + environment: { AWS_BATCH_MY_NAME: 'MY_VALUE' } + } + }) + }); + }).toThrow( + /Invalid environment variable name: AWS_BATCH_MY_NAME. Environment variable names starting with 'AWS_BATCH' are reserved./i + ); +}); + +test('Task throws if arraySize is out of limits 2-10000', () => { + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + arraySize: 1 + }) + }); + }).toThrow( + /Invalid value of arraySize. The array size can be between 2 and 10,000./i + ); + + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + arraySize: 10001 + }) + }); + }).toThrow( + /Invalid value of arraySize. The array size can be between 2 and 10,000./i + ); +}); + +test('Task throws if dependencies exceeds 20', () => { + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + dependsOn: [...Array(21).keys()].map(i => ({ + jobId: `${i}`, + type: `some_type-${i}` + })) + }) + }); + }).toThrow( + /Invalid number of dependencies. A job can depend upon a maximum of 20 jobs./i + ); +}); + +test('Task throws if attempts is out of limits 1-10', () => { + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + attempts: 0 + }) + }); + }).toThrow( + /Invalid value of attempts. You may specify between 1 and 10 attempts./i + ); + + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + attempts: 11 + }) + }); + }).toThrow( + /Invalid value of attempts. You may specify between 1 and 10 attempts./i + ); +}); + +test('Task throws if timeout is less than 60 sec', () => { + expect(() => { + new sfn.Task(stack, 'Task', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'JobName', + jobQueue: batchJobQueue, + timeout: cdk.Duration.seconds(59) + }) + }); + }).toThrow( + /Invalid value of timrout. The minimum value for the timeout is 60 seconds./i + ); +}); diff --git a/packages/@aws-cdk/aws-stepfunctions/README.md b/packages/@aws-cdk/aws-stepfunctions/README.md index 8768da56376bc..fd09f84de1270 100644 --- a/packages/@aws-cdk/aws-stepfunctions/README.md +++ b/packages/@aws-cdk/aws-stepfunctions/README.md @@ -127,6 +127,7 @@ couple of the tasks available are: * `tasks.InvokeActivity` -- start an Activity (Activities represent a work queue that you poll on a compute fleet you manage yourself) * `tasks.InvokeFunction` -- invoke a Lambda function with function ARN +* `tasks.RunBatchJob` -- run a Batch job * `tasks.RunLambdaTask` -- call Lambda as integrated service with magic ARN * `tasks.RunGlueJobTask` -- call Glue Job as integrated service * `tasks.PublishToTopic` -- publish a message to an SNS topic @@ -203,6 +204,39 @@ task.next(nextState); [Example CDK app](../aws-stepfunctions-tasks/test/integ.glue-task.ts) +#### Batch example + +```ts +import batch = require('@aws-cdk/aws-batch'); + +const batchQueue = new batch.JobQueue(this, 'JobQueue', { + computeEnvironments: [ + { + order: 1, + computeEnvironment: new batch.ComputeEnvironment(this, 'ComputeEnv', { + computeResources: { vpc } + }) + } + ] +}); + +const batchJobDefinition = new batch.JobDefinition(this, 'JobDefinition', { + container: { + image: ecs.ContainerImage.fromAsset( + path.resolve(__dirname, 'batchjob-image') + ) + } +}); + +const task = new sfn.Task(this, 'Submit Job', { + task: new tasks.RunBatchJob({ + jobDefinition: batchJobDefinition, + jobName: 'MyJob', + jobQueue: batchQueue + }) +}); +``` + #### SNS example ```ts From 1dd7104ff4510005a0b6ff14372846747c572ed1 Mon Sep 17 00:00:00 2001 From: Moataz Elmasry Date: Tue, 10 Mar 2020 12:19:29 +0100 Subject: [PATCH 32/42] fix(eks): cannot upgrade version of clusters with an explicit name (#6064) * fix(eks): eks:UpdateClusterConfig gets the resourceArn/* permission in order to do an eks stack update * only add /* when it is a specific resource also update test expectations Co-authored-by: Elad Ben-Israel --- .../@aws-cdk/aws-eks/lib/cluster-resource.ts | 13 +++++++----- .../test/integ.eks-cluster.expected.json | 4 +++- .../@aws-cdk/aws-eks/test/test.cluster.ts | 21 ++++++++++++++++--- 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts index 346f5e049ac3c..0cdbfd957f4f6 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts @@ -57,10 +57,13 @@ export class ClusterResource extends Construct { // this role to manage all clusters in the account. this must be lazy since // `props.name` may contain a lazy value that conditionally resolves to a // physical name. - const resourceArn = Lazy.stringValue({ - produce: () => stack.resolve(props.name) - ? stack.formatArn(clusterArnComponents(stack.resolve(props.name))) - : '*' + const resourceArns = Lazy.listValue({ + produce: () => { + const arn = stack.formatArn(clusterArnComponents(stack.resolve(props.name))); + return stack.resolve(props.name) + ? [ arn, `${arn}/*` ] // see https://github.com/aws/aws-cdk/issues/6060 + : [ '*' ]; + } }); const fargateProfileResourceArn = Lazy.stringValue({ @@ -76,7 +79,7 @@ export class ClusterResource extends Construct { this.creationRole.addToPolicy(new iam.PolicyStatement({ actions: [ 'eks:CreateCluster', 'eks:DescribeCluster', 'eks:DeleteCluster', 'eks:UpdateClusterVersion', 'eks:UpdateClusterConfig', 'eks:CreateFargateProfile' ], - resources: [ resourceArn ] + resources: resourceArns })); this.creationRole.addToPolicy(new iam.PolicyStatement({ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 15efc8f231f2c..e8d6c0434be84 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -787,7 +787,9 @@ "eks:CreateFargateProfile" ], "Effect": "Allow", - "Resource": "*" + "Resource": [ + "*" + ] }, { "Action": [ diff --git a/packages/@aws-cdk/aws-eks/test/test.cluster.ts b/packages/@aws-cdk/aws-eks/test/test.cluster.ts index 5127af9e1c7f2..477add829c524 100644 --- a/packages/@aws-cdk/aws-eks/test/test.cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/test.cluster.ts @@ -684,7 +684,7 @@ export = { "eks:CreateFargateProfile" ], Effect: "Allow", - Resource: { + Resource: [ { "Fn::Join": [ "", [ @@ -699,7 +699,22 @@ export = { ":cluster/my-cluster-name" ] ] - } + }, { + "Fn::Join": [ + "", + [ + "arn:", + { + Ref: "AWS::Partition" + }, + ":eks:us-east-1:", + { + Ref: "AWS::AccountId" + }, + ":cluster/my-cluster-name/*" + ] + ] + } ] }, { Action: [ @@ -777,7 +792,7 @@ export = { "eks:CreateFargateProfile" ], Effect: "Allow", - Resource: "*" + Resource: [ "*" ] }, { Action: [ From 2d3e7b1daeb7b7459383f687ef1b33c639cfda80 Mon Sep 17 00:00:00 2001 From: Niranjan Jayakar Date: Tue, 10 Mar 2020 18:58:46 +0000 Subject: [PATCH 33/42] fix(apigateway): type mismatch in C# when setting identitySources (#6649) The `identitySources` property in `RequestAuthorizerProps` was incorrectly set to the type `IdentitySource[]` instead of `string[]`. This caused a type mismatch in languages with stricter type checks, such as C#. Added to `allowed-breaking-changes.txt` since this property would never have worked in Java and C#, and is [not a breaking change in typescript][1]. fixes #6538 [1]: https://github.com/aws/aws-cdk/blob/de1a36bb5d4c78e617f3b78a06b42dfbd45475dc/packages/%40aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.ts#L26 --- allowed-breaking-changes.txt | 1 + packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt index 48d35a18122ba..427980fb5be9c 100644 --- a/allowed-breaking-changes.txt +++ b/allowed-breaking-changes.txt @@ -31,6 +31,7 @@ incompatible-argument:@aws-cdk/aws-apigateway.ProxyResource.addProxy incompatible-argument:@aws-cdk/aws-apigateway.Resource.addProxy incompatible-argument:@aws-cdk/aws-apigateway.ResourceBase.addProxy incompatible-argument:@aws-cdk/aws-apigateway.IResource.addProxy +incompatible-argument:@aws-cdk/aws-apigateway.RequestAuthorizer. incompatible-argument:@aws-cdk/aws-servicediscovery.Service.fromServiceAttributes removed:@aws-cdk/core.ConstructNode.addReference removed:@aws-cdk/core.ConstructNode.references diff --git a/packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts b/packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts index d984ca6d320fc..0e455d6dfeb68 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts @@ -4,7 +4,6 @@ import { Construct, Duration, Lazy, Stack } from '@aws-cdk/core'; import { CfnAuthorizer } from '../apigateway.generated'; import { Authorizer, IAuthorizer } from '../authorizer'; import { RestApi } from '../restapi'; -import { IdentitySource } from './identity-source'; /** * Base properties for all lambda authorizers @@ -190,7 +189,7 @@ export interface RequestAuthorizerProps extends LambdaAuthorizerProps { * * @see https://docs.aws.amazon.com/apigateway/api-reference/link-relation/authorizer-create/#identitySource */ - readonly identitySources: IdentitySource[]; + readonly identitySources: string[]; } /** From e9ef100023f70c18464e64afa34a5d3ce2f6627b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2020 19:49:47 +0000 Subject: [PATCH 34/42] chore(deps-dev): bump sinon from 9.0.0 to 9.0.1 (#6650) Bumps [sinon](https://github.com/sinonjs/sinon) from 9.0.0 to 9.0.1. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md) - [Commits](https://github.com/sinonjs/sinon/compare/v9.0.0...v9.0.1) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/assets/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-s3-assets/package.json | 2 +- .../@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- yarn.lock | 23 +++++++++---------- 8 files changed, 18 insertions(+), 19 deletions(-) diff --git a/packages/@aws-cdk/assets/package.json b/packages/@aws-cdk/assets/package.json index c7ea66f8c95d9..976c324e0e9b6 100644 --- a/packages/@aws-cdk/assets/package.json +++ b/packages/@aws-cdk/assets/package.json @@ -72,7 +72,7 @@ "cdk-integ-tools": "0.0.0", "nodeunit": "^0.11.3", "pkglint": "0.0.0", - "sinon": "^9.0.0", + "sinon": "^9.0.1", "ts-mock-imports": "^1.2.6" }, "dependencies": { diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 8d18214e403c3..ab7b1e0c64aca 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -71,7 +71,7 @@ "cfn2ts": "0.0.0", "nodeunit": "^0.11.3", "pkglint": "0.0.0", - "sinon": "^9.0.0" + "sinon": "^9.0.1" }, "dependencies": { "@aws-cdk/aws-applicationautoscaling": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index c394e1cf0807a..6eb94a518e806 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -70,7 +70,7 @@ "cfn2ts": "0.0.0", "nodeunit": "^0.11.3", "pkglint": "0.0.0", - "sinon": "^9.0.0" + "sinon": "^9.0.1" }, "dependencies": { "@aws-cdk/aws-autoscaling": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index ac2ca57c0c9ce..62dfde205eb9e 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -80,7 +80,7 @@ "nock": "^12.0.2", "nodeunit": "^0.11.3", "pkglint": "0.0.0", - "sinon": "^9.0.0" + "sinon": "^9.0.1" }, "dependencies": { "@aws-cdk/aws-cloudwatch": "0.0.0", diff --git a/packages/@aws-cdk/aws-s3-assets/package.json b/packages/@aws-cdk/aws-s3-assets/package.json index 672f29a395286..386a75c48bb53 100644 --- a/packages/@aws-cdk/aws-s3-assets/package.json +++ b/packages/@aws-cdk/aws-s3-assets/package.json @@ -67,7 +67,7 @@ "cdk-integ-tools": "0.0.0", "nodeunit": "^0.11.3", "pkglint": "0.0.0", - "sinon": "^9.0.0", + "sinon": "^9.0.1", "ts-mock-imports": "^1.2.6" }, "dependencies": { diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index dd60bfb5ad77f..effe70f315b12 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -81,7 +81,7 @@ "fs-extra": "^8.1.0", "nock": "^12.0.2", "pkglint": "0.0.0", - "sinon": "^9.0.0" + "sinon": "^9.0.1" }, "dependencies": { "@aws-cdk/aws-cloudformation": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index a7d248b806fd1..e615a3e4a2d17 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -63,7 +63,7 @@ "jszip": "^3.2.2", "mockery": "^2.1.0", "pkglint": "0.0.0", - "sinon": "^9.0.0", + "sinon": "^9.0.1", "ts-jest": "^25.2.0" }, "dependencies": { diff --git a/yarn.lock b/yarn.lock index e41b287bea629..bff49ee8c201b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1859,7 +1859,7 @@ "@sinonjs/commons" "^1" "@sinonjs/samsam" "^4.2.0" -"@sinonjs/formatio@^5.0.0", "@sinonjs/formatio@^5.0.1": +"@sinonjs/formatio@^5.0.1": version "5.0.1" resolved "https://registry.yarnpkg.com/@sinonjs/formatio/-/formatio-5.0.1.tgz#f13e713cb3313b1ab965901b01b0828ea6b77089" integrity sha512-KaiQ5pBf1MpS09MuA0kp6KBQt2JUOQycqVG1NZXvzeaXe5LGFqAKueIS0bw4w0P9r7KuBSVdUk5QjXsUdu2CxQ== @@ -1876,13 +1876,12 @@ lodash.get "^4.4.2" type-detect "^4.0.8" -"@sinonjs/samsam@^5.0.1", "@sinonjs/samsam@^5.0.2": - version "5.0.2" - resolved "https://registry.yarnpkg.com/@sinonjs/samsam/-/samsam-5.0.2.tgz#2c4772ec4a3a9b00971be32e843dc1be27a02c89" - integrity sha512-p3yrEVB5F/1wI+835n+X8llOGRgV8+jw5BHQ/cJoLBUXXZ5U8Tr5ApwPc4L4av/vjla48kVPoN0t6dykQm+Rvg== +"@sinonjs/samsam@^5.0.2", "@sinonjs/samsam@^5.0.3": + version "5.0.3" + resolved "https://registry.yarnpkg.com/@sinonjs/samsam/-/samsam-5.0.3.tgz#86f21bdb3d52480faf0892a480c9906aa5a52938" + integrity sha512-QucHkc2uMJ0pFGjJUDP3F9dq5dx8QIaqISl9QgwLOh6P9yv877uONPGXh/OH/0zmM3tW1JjuJltAZV2l7zU+uQ== dependencies: "@sinonjs/commons" "^1.6.0" - "@sinonjs/formatio" "^5.0.0" lodash.get "^4.4.2" type-detect "^4.0.8" @@ -10489,15 +10488,15 @@ sinon@^8.0.1: nise "^3.0.1" supports-color "^7.1.0" -sinon@^9.0.0: - version "9.0.0" - resolved "https://registry.yarnpkg.com/sinon/-/sinon-9.0.0.tgz#9f1ed502fa2e287e65220de08f6a44f33e314006" - integrity sha512-c4bREcvuK5VuEGyMW/Oim9I3Rq49Vzb0aMdxouFaA44QCFpilc5LJOugrX+mkrvikbqCimxuK+4cnHVNnLR41g== +sinon@^9.0.1: + version "9.0.1" + resolved "https://registry.yarnpkg.com/sinon/-/sinon-9.0.1.tgz#dbb18f7d8f5835bcf91578089c0a97b2fffdd73b" + integrity sha512-iTTyiQo5T94jrOx7X7QLBZyucUJ2WvL9J13+96HMfm2CGoJYbIPqRfl6wgNcqmzk0DI28jeGx5bUTXizkrqBmg== dependencies: "@sinonjs/commons" "^1.7.0" "@sinonjs/fake-timers" "^6.0.0" - "@sinonjs/formatio" "^5.0.0" - "@sinonjs/samsam" "^5.0.1" + "@sinonjs/formatio" "^5.0.1" + "@sinonjs/samsam" "^5.0.3" diff "^4.0.2" nise "^4.0.1" supports-color "^7.1.0" From abf4df9d716fe6631abfc180739191f7de2dc6c7 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2020 00:52:49 +0000 Subject: [PATCH 35/42] chore(deps): bump aws-sdk from 2.636.0 to 2.637.0 (#6659) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.636.0 to 2.637.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/commits) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-cloudfront/package.json | 2 +- packages/@aws-cdk/aws-cloudtrail/package.json | 2 +- packages/@aws-cdk/aws-codebuild/package.json | 2 +- packages/@aws-cdk/aws-codecommit/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-route53/package.json | 2 +- packages/@aws-cdk/aws-sqs/package.json | 2 +- packages/@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- yarn.lock | 8 ++++---- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/package.json b/packages/@aws-cdk/aws-cloudfront/package.json index c82ab1f86bb67..3383c1e6e7e02 100644 --- a/packages/@aws-cdk/aws-cloudfront/package.json +++ b/packages/@aws-cdk/aws-cloudfront/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-cloudtrail/package.json b/packages/@aws-cdk/aws-cloudtrail/package.json index 39f9d2dd497b9..1f1f3d2a7d703 100644 --- a/packages/@aws-cdk/aws-cloudtrail/package.json +++ b/packages/@aws-cdk/aws-cloudtrail/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index 25e6b8d97244f..5452f2080d5fe 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -70,7 +70,7 @@ "@aws-cdk/aws-sns": "0.0.0", "@aws-cdk/aws-sqs": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codecommit/package.json b/packages/@aws-cdk/aws-codecommit/package.json index 2444bc0f1fafb..9efae1b9217fb 100644 --- a/packages/@aws-cdk/aws-codecommit/package.json +++ b/packages/@aws-cdk/aws-codecommit/package.json @@ -70,7 +70,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index ab7b1e0c64aca..3226842f93060 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index 6eb94a518e806..cbdbe28a60e4c 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index d909b9a098f4d..1e67bc1fd1de0 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -86,7 +86,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index 62dfde205eb9e..6aec835a79dba 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -71,7 +71,7 @@ "@types/lodash": "^4.14.149", "@types/nodeunit": "^0.0.30", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-route53/package.json b/packages/@aws-cdk/aws-route53/package.json index 329cddd53d3d3..f4a7eb9d3e3f0 100644 --- a/packages/@aws-cdk/aws-route53/package.json +++ b/packages/@aws-cdk/aws-route53/package.json @@ -64,7 +64,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-sqs/package.json b/packages/@aws-cdk/aws-sqs/package.json index 682be7373aa5c..5957c20066769 100644 --- a/packages/@aws-cdk/aws-sqs/package.json +++ b/packages/@aws-cdk/aws-sqs/package.json @@ -65,7 +65,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", "@types/nodeunit": "^0.0.30", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index effe70f315b12..7c93b67d0f5c0 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -73,7 +73,7 @@ "@types/aws-lambda": "^8.10.39", "@types/fs-extra": "^8.1.0", "@types/sinon": "^7.5.2", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "aws-sdk-mock": "^5.0.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index e615a3e4a2d17..6f030f1c5ff22 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -71,7 +71,7 @@ "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "camelcase": "^5.3.1", "colors": "^1.4.0", "decamelize": "^4.0.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index 984a1ae0425da..172d423c63d39 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -42,7 +42,7 @@ "dependencies": { "@aws-cdk/cdk-assets-schema": "0.0.0", "archiver": "^3.1.1", - "aws-sdk": "^2.636.0", + "aws-sdk": "^2.637.0", "glob": "^7.1.6", "yargs": "^15.3.0" }, diff --git a/yarn.lock b/yarn.lock index bff49ee8c201b..bb43c5dadc5ef 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2638,10 +2638,10 @@ aws-sdk-mock@^5.0.0: sinon "^8.0.1" traverse "^0.6.6" -aws-sdk@^2.596.0, aws-sdk@^2.636.0: - version "2.636.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.636.0.tgz#247124540b5b88a217aa6c282ce662b2f539721f" - integrity sha512-Zd/jed8qSNCm4pT2+8BuFfveouZrqUqmsOdhzpi3ZB3GYqV5eD+dmsl8OY+qvMgIJIFCB34a1SMucsC4zdBokg== +aws-sdk@^2.596.0, aws-sdk@^2.637.0: + version "2.637.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.637.0.tgz#810e25e53acf2250d35fc74498f9d4492e154217" + integrity sha512-e7EYX5rNtQyEaleQylUtLSNKXOmvOwfifQ4bYkfF80mFsVI3DSydczLHXrqPzXoEJaS/GI/9HqVnlQcPs6Q3ew== dependencies: buffer "4.9.1" events "1.1.1" From fc28d17c3bbe81c9bbd772101aef874d37997489 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2020 01:41:56 +0000 Subject: [PATCH 36/42] chore(deps): bump codemaker from 1.0.0 to 1.1.0 (#6664) Bumps [codemaker](https://github.com/aws/jsii/tree/HEAD/packages/codemaker) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/aws/jsii/releases) - [Changelog](https://github.com/aws/jsii/blob/v1.1.0/packages/codemaker/CHANGELOG.md) - [Commits](https://github.com/aws/jsii/commits/v1.1.0/packages/codemaker) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/cdk-dasm/package.json | 2 +- tools/cfn2ts/package.json | 2 +- yarn.lock | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/cdk-dasm/package.json b/packages/cdk-dasm/package.json index a0c496e0b8ca6..dc0ee1bfbe3da 100644 --- a/packages/cdk-dasm/package.json +++ b/packages/cdk-dasm/package.json @@ -26,7 +26,7 @@ }, "license": "Apache-2.0", "dependencies": { - "codemaker": "^1.0.0", + "codemaker": "^1.1.0", "yaml": "1.8.0" }, "devDependencies": { diff --git a/tools/cfn2ts/package.json b/tools/cfn2ts/package.json index 85fa539473309..85a5082172735 100644 --- a/tools/cfn2ts/package.json +++ b/tools/cfn2ts/package.json @@ -30,7 +30,7 @@ "license": "Apache-2.0", "dependencies": { "@aws-cdk/cfnspec": "0.0.0", - "codemaker": "^1.0.0", + "codemaker": "^1.1.0", "fast-json-patch": "^3.0.0-1", "fs-extra": "^8.1.0", "yargs": "^15.3.0" diff --git a/yarn.lock b/yarn.lock index bb43c5dadc5ef..385e93062ec5e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3394,10 +3394,10 @@ codemaker@^0.22.0: decamelize "^1.2.0" fs-extra "^8.1.0" -codemaker@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/codemaker/-/codemaker-1.0.0.tgz#0f9ba60601735e0ff313c45d3bfd4853b1f9fdb8" - integrity sha512-DhIsSy8arTk7HKUr30DHCqHk/fd5UgLYEHwe8dgnomDXMf96VQL/FfbOyyMx1z/vc34iVW2KSBsDZU6Pt8R5rA== +codemaker@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/codemaker/-/codemaker-1.1.0.tgz#157020837e6bbb6bdae55f6b3ac9fce8d7676b69" + integrity sha512-XkPDpK8tagP+UUo+/d/4xD1nbP9LxefMLWDE772QmOR4tTINc4WYZkLPLdpnU1v+qRKX1kALD1dQ2MtsC3ZHYw== dependencies: camelcase "^5.3.1" decamelize "^1.2.0" From 7318ee250a5f91c57768e635376eddc9470fea70 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2020 02:29:57 +0000 Subject: [PATCH 37/42] chore(deps-dev): bump jsii-diff from 1.0.0 to 1.1.0 (#6662) Bumps [jsii-diff](https://github.com/aws/jsii/tree/HEAD/packages/jsii-diff) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/aws/jsii/releases) - [Changelog](https://github.com/aws/jsii/blob/v1.1.0/packages/jsii-diff/CHANGELOG.md) - [Commits](https://github.com/aws/jsii/commits/v1.1.0/packages/jsii-diff) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 46 +++++++++++++++++++++++----------------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/package.json b/package.json index 7a6e3617842e8..e7308399fc176 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "devDependencies": { "conventional-changelog-cli": "^2.0.31", "fs-extra": "^8.1.0", - "jsii-diff": "^1.0.0", + "jsii-diff": "^1.1.0", "jsii-pacmak": "^0.22.0", "jsii-rosetta": "^0.22.0", "lerna": "^3.20.2", diff --git a/yarn.lock b/yarn.lock index 385e93062ec5e..85216178b6189 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1021,10 +1021,10 @@ dependencies: jsonschema "^1.2.5" -"@jsii/spec@^1.0.0": - version "1.0.0" - resolved "https://registry.yarnpkg.com/@jsii/spec/-/spec-1.0.0.tgz#b5b9e0d67dad9b0e1e5e1e10e7724f67372b2870" - integrity sha512-suMnXDiLLaYg2oBycOIIKJ7ke0DrQOZFQgU4kK/5NEwnfI3YWKyv/VnXAs+QXXr9LYlOQMgkRhhEUyMMc3bBOw== +"@jsii/spec@^1.0.0", "@jsii/spec@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@jsii/spec/-/spec-1.1.0.tgz#1e7093807d191970bf2b22c537b905e298091d1f" + integrity sha512-zi5/k1oqkCGwoWutm9ZXnC9pZXILREvtLOMg4dci8jeotHYxnrAk7Wk6FskLD9StzHzf0hzewa8cJPqfPiZ+ZA== dependencies: jsonschema "^1.2.5" @@ -7091,17 +7091,17 @@ jsesc@~0.5.0: resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d" integrity sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0= -jsii-diff@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/jsii-diff/-/jsii-diff-1.0.0.tgz#565736ba6e8356c1f59384c7ba404ca9902b9d35" - integrity sha512-a66aIBStDZ8xgufrUBmAhKxPDjFnKUYKsxII0WEIiUbNjacG1La5CsBBwP5LWBbPZQcET63/ZZT/fmb/DC8jLQ== +jsii-diff@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/jsii-diff/-/jsii-diff-1.1.0.tgz#2a444b4b54484f58c3351e555754638cae0adbfc" + integrity sha512-akrnN0fuZmUA254WAWBc1YtPSe+FRW3CcZwmr/M5sl20uGkYl36PmDW5iZMnXVcPSMySmVV3VjJDdFDXGTnzRg== dependencies: - "@jsii/spec" "^1.0.0" + "@jsii/spec" "^1.1.0" fs-extra "^8.1.0" - jsii-reflect "^1.0.0" + jsii-reflect "^1.1.0" log4js "^6.1.2" - typescript "~3.7.5" - yargs "^15.1.0" + typescript "~3.8.3" + yargs "^15.3.0" jsii-pacmak@^0.22.0: version "0.22.0" @@ -7133,16 +7133,16 @@ jsii-reflect@^0.22.0: oo-ascii-tree "^0.22.0" yargs "^15.1.0" -jsii-reflect@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/jsii-reflect/-/jsii-reflect-1.0.0.tgz#f948c84ea03c3d0da39e1456ab64f5617ea95d63" - integrity sha512-GW1cQ64TqcjGm8613ho6McOQVs4ZdMLCkPrnmHjblE6fa06kdlJbCEOCSjeZUMby9LB0h9tRaY0vzMDhDKw2rQ== +jsii-reflect@^1.0.0, jsii-reflect@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/jsii-reflect/-/jsii-reflect-1.1.0.tgz#5f013e2d90f8d97299402e14355bb666b1147084" + integrity sha512-/Ik0DKL/PhS5LDbwY4GrgaVIulc2SPqJAIuLJVwGeEQgBqj9kgPto0Huh5icMw3WK4+qwp/B/WCPbYivnkjF+w== dependencies: - "@jsii/spec" "^1.0.0" + "@jsii/spec" "^1.1.0" colors "^1.4.0" fs-extra "^8.1.0" - oo-ascii-tree "^1.0.0" - yargs "^15.1.0" + oo-ascii-tree "^1.1.0" + yargs "^15.3.0" jsii-rosetta@^0.22.0: version "0.22.0" @@ -8528,10 +8528,10 @@ oo-ascii-tree@^0.22.0: resolved "https://registry.yarnpkg.com/oo-ascii-tree/-/oo-ascii-tree-0.22.0.tgz#a2e9a959036cc20b803f05ae84b48f7495e1cbeb" integrity sha512-J+RleN39z6UHpmlyedLC93Sgx4SS2IYwmZ7kbNwmV3hbZ7ir0qXqpduAfEakjfHEfI1qPyppymZSdd5AwP8HcA== -oo-ascii-tree@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/oo-ascii-tree/-/oo-ascii-tree-1.0.0.tgz#044ac58535cc70d330c5751c10d907c6e0ce0986" - integrity sha512-881ufRp1k77ZDObBjABZYgf6/EG8UXFaiZPZJILkwgeZp/xeXZDnBagHHn+rLCTc6dmyOKJf56iT7raK3nb47A== +oo-ascii-tree@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/oo-ascii-tree/-/oo-ascii-tree-1.1.0.tgz#e5bc65db665cfb0d6e4fc750620f7d6c11bc2702" + integrity sha512-GAmkryQIl44INfzyAHEnVSPzG1T2PTG8S+F1BvTvoW3Cr3pbDaPljW4prV6y1hg7YZ4isEI1dcoIQ7k4gyVKeA== opener@^1.5.1: version "1.5.1" From 3a104da0243e569b1d576e03f5f5fd0ea511ba94 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2020 06:36:04 +0000 Subject: [PATCH 38/42] chore(deps): bump yaml from 1.8.0 to 1.8.1 (#6668) Bumps [yaml](https://github.com/eemeli/yaml) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](https://github.com/eemeli/yaml/compare/v1.8.0...v1.8.1) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/aws-cdk/package.json | 2 +- packages/cdk-dasm/package.json | 2 +- packages/decdk/package.json | 2 +- yarn.lock | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 6f030f1c5ff22..2625a081b949f 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -86,7 +86,7 @@ "source-map-support": "^0.5.16", "table": "^5.4.6", "uuid": "^7.0.2", - "yaml": "^1.8.0", + "yaml": "^1.8.1", "yargs": "^15.3.0" }, "repository": { diff --git a/packages/cdk-dasm/package.json b/packages/cdk-dasm/package.json index dc0ee1bfbe3da..c2fb209c63b06 100644 --- a/packages/cdk-dasm/package.json +++ b/packages/cdk-dasm/package.json @@ -27,7 +27,7 @@ "license": "Apache-2.0", "dependencies": { "codemaker": "^1.1.0", - "yaml": "1.8.0" + "yaml": "1.8.1" }, "devDependencies": { "@types/jest": "^25.1.4", diff --git a/packages/decdk/package.json b/packages/decdk/package.json index c441a741d1759..83e0241b63c74 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -166,7 +166,7 @@ "fs-extra": "^8.1.0", "jsii-reflect": "^1.0.0", "jsonschema": "^1.2.5", - "yaml": "1.8.0", + "yaml": "1.8.1", "yargs": "^15.3.0" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index 85216178b6189..0aeb619cc174f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12180,10 +12180,10 @@ yallist@^3.0.0, yallist@^3.0.2, yallist@^3.0.3: resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== -yaml@1.8.0, yaml@^1.8.0: - version "1.8.0" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.8.0.tgz#169fbcfa2081302dc9441d02b0b6fe667e4f74c9" - integrity sha512-6qI/tTx7OVtA4qNqD0OyutbM6Z9EKu4rxWm/2Y3FDEBQ4/2X2XAnyuRXMzAE2+1BPyqzksJZtrIwblOHg0IEzA== +yaml@1.8.1, yaml@^1.8.1: + version "1.8.1" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.8.1.tgz#3a8cdb877ec9da2350f22b476a117e28e30069d8" + integrity sha512-vIXHJILY3e2Ru5s+hFwmO0fSHo0zm30AJ/eBaIUd/54xVocvjzix4bPOtjIGxKm5VDSOt5psTKW6CEv3WHzWdg== dependencies: "@babel/runtime" "^7.8.7" From 88425839230177daed6e827592e84e7bd346e606 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2020 10:21:51 +0000 Subject: [PATCH 39/42] chore(deps): bump yaml from 1.8.1 to 1.8.2 (#6670) Bumps [yaml](https://github.com/eemeli/yaml) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](https://github.com/eemeli/yaml/compare/v1.8.1...v1.8.2) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/aws-cdk/package.json | 2 +- packages/cdk-dasm/package.json | 2 +- packages/decdk/package.json | 2 +- yarn.lock | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 2625a081b949f..e34022b013f00 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -86,7 +86,7 @@ "source-map-support": "^0.5.16", "table": "^5.4.6", "uuid": "^7.0.2", - "yaml": "^1.8.1", + "yaml": "^1.8.2", "yargs": "^15.3.0" }, "repository": { diff --git a/packages/cdk-dasm/package.json b/packages/cdk-dasm/package.json index c2fb209c63b06..650d02c8946df 100644 --- a/packages/cdk-dasm/package.json +++ b/packages/cdk-dasm/package.json @@ -27,7 +27,7 @@ "license": "Apache-2.0", "dependencies": { "codemaker": "^1.1.0", - "yaml": "1.8.1" + "yaml": "1.8.2" }, "devDependencies": { "@types/jest": "^25.1.4", diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 83e0241b63c74..c4b8e0d8752c0 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -166,7 +166,7 @@ "fs-extra": "^8.1.0", "jsii-reflect": "^1.0.0", "jsonschema": "^1.2.5", - "yaml": "1.8.1", + "yaml": "1.8.2", "yargs": "^15.3.0" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index 0aeb619cc174f..ef0917f4436b7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12180,10 +12180,10 @@ yallist@^3.0.0, yallist@^3.0.2, yallist@^3.0.3: resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== -yaml@1.8.1, yaml@^1.8.1: - version "1.8.1" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.8.1.tgz#3a8cdb877ec9da2350f22b476a117e28e30069d8" - integrity sha512-vIXHJILY3e2Ru5s+hFwmO0fSHo0zm30AJ/eBaIUd/54xVocvjzix4bPOtjIGxKm5VDSOt5psTKW6CEv3WHzWdg== +yaml@1.8.2, yaml@^1.8.2: + version "1.8.2" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.8.2.tgz#a29c03f578faafd57dcb27055f9a5d569cb0c3d9" + integrity sha512-omakb0d7FjMo3R1D2EbTKVIk6dAVLRxFXdLZMEUToeAvuqgG/YuHMuQOZ5fgk+vQ8cx+cnGKwyg+8g8PNT0xQg== dependencies: "@babel/runtime" "^7.8.7" From 37144fb88e174e80d460a9c6bad611eb87d25f2b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2020 12:07:37 +0000 Subject: [PATCH 40/42] chore(deps-dev): bump aws-sdk-mock from 5.0.0 to 5.1.0 (#6672) Bumps [aws-sdk-mock](https://github.com/dwyl/aws-sdk-mock) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/dwyl/aws-sdk-mock/releases) - [Commits](https://github.com/dwyl/aws-sdk-mock/compare/v5.0.0...v5.1.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- .../@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- .../@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- yarn.lock | 63 +++---------------- 6 files changed, 12 insertions(+), 61 deletions(-) diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 3226842f93060..c0c4ba9c086b1 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -65,7 +65,7 @@ "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.30", "aws-sdk": "^2.637.0", - "aws-sdk-mock": "^5.0.0", + "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index 1e67bc1fd1de0..c11e08b961e33 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -87,7 +87,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", "aws-sdk": "^2.637.0", - "aws-sdk-mock": "^5.0.0", + "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "jest": "^24.9.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index 6aec835a79dba..6810859b23dd1 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -72,7 +72,7 @@ "@types/nodeunit": "^0.0.30", "@types/sinon": "^7.5.2", "aws-sdk": "^2.637.0", - "aws-sdk-mock": "^5.0.0", + "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index 7c93b67d0f5c0..38264cb2ad94a 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -74,7 +74,7 @@ "@types/fs-extra": "^8.1.0", "@types/sinon": "^7.5.2", "aws-sdk": "^2.637.0", - "aws-sdk-mock": "^5.0.0", + "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index e34022b013f00..e5d064365d782 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -57,7 +57,7 @@ "@types/uuid": "^7.0.0", "@types/yaml": "^1.2.0", "@types/yargs": "^15.0.4", - "aws-sdk-mock": "^5.0.0", + "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "jest": "^24.9.0", "jszip": "^3.2.2", diff --git a/yarn.lock b/yarn.lock index ef0917f4436b7..0691d341bfbf4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1851,14 +1851,6 @@ dependencies: "@sinonjs/commons" "^1.7.0" -"@sinonjs/formatio@^4.0.1": - version "4.0.1" - resolved "https://registry.yarnpkg.com/@sinonjs/formatio/-/formatio-4.0.1.tgz#50ac1da0c3eaea117ca258b06f4f88a471668bdb" - integrity sha512-asIdlLFrla/WZybhm0C8eEzaDNNrzymiTqHMeJl6zPW2881l3uuVRpm0QlRQEjqYWv6CcKMGYME3LbrLJsORBw== - dependencies: - "@sinonjs/commons" "^1" - "@sinonjs/samsam" "^4.2.0" - "@sinonjs/formatio@^5.0.1": version "5.0.1" resolved "https://registry.yarnpkg.com/@sinonjs/formatio/-/formatio-5.0.1.tgz#f13e713cb3313b1ab965901b01b0828ea6b77089" @@ -1867,15 +1859,6 @@ "@sinonjs/commons" "^1" "@sinonjs/samsam" "^5.0.2" -"@sinonjs/samsam@^4.2.0", "@sinonjs/samsam@^4.2.2": - version "4.2.2" - resolved "https://registry.yarnpkg.com/@sinonjs/samsam/-/samsam-4.2.2.tgz#0f6cb40e467865306d8a20a97543a94005204e23" - integrity sha512-z9o4LZUzSD9Hl22zV38aXNykgFeVj8acqfFabCY6FY83n/6s/XwNJyYYldz6/9lBJanpno9h+oL6HTISkviweA== - dependencies: - "@sinonjs/commons" "^1.6.0" - lodash.get "^4.4.2" - type-detect "^4.0.8" - "@sinonjs/samsam@^5.0.2", "@sinonjs/samsam@^5.0.3": version "5.0.3" resolved "https://registry.yarnpkg.com/@sinonjs/samsam/-/samsam-5.0.3.tgz#86f21bdb3d52480faf0892a480c9906aa5a52938" @@ -2629,16 +2612,16 @@ atob@^2.1.2: resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9" integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg== -aws-sdk-mock@^5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/aws-sdk-mock/-/aws-sdk-mock-5.0.0.tgz#2d2e9b6fbdb757c2e8f3787b60589759dcb2d49d" - integrity sha512-8vSdiRj4dEu3z4kkmIqHhP5Wrfiucgu0PaZxuT3KDSpuQIHMtw/SsuRsREkDQRBdkMtBg4BuddLZA8pWOs6QmQ== +aws-sdk-mock@^5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/aws-sdk-mock/-/aws-sdk-mock-5.1.0.tgz#6f2c0bd670d7f378c906a8dd806f812124db71aa" + integrity sha512-Wa5eCSo8HX0Snqb7FdBylaXMmfrAWoWZ+d7MFhiYsgHPvNvMEGjV945FF2qqE1U0Tolr1ALzik1fcwgaOhqUWQ== dependencies: - aws-sdk "^2.596.0" - sinon "^8.0.1" + aws-sdk "^2.637.0" + sinon "^9.0.1" traverse "^0.6.6" -aws-sdk@^2.596.0, aws-sdk@^2.637.0: +aws-sdk@^2.637.0: version "2.637.0" resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.637.0.tgz#810e25e53acf2250d35fc74498f9d4492e154217" integrity sha512-e7EYX5rNtQyEaleQylUtLSNKXOmvOwfifQ4bYkfF80mFsVI3DSydczLHXrqPzXoEJaS/GI/9HqVnlQcPs6Q3ew== @@ -7556,13 +7539,6 @@ log4js@^6.1.1, log4js@^6.1.2: rfdc "^1.1.4" streamroller "^2.2.3" -lolex@^5.0.1, lolex@^5.1.2: - version "5.1.2" - resolved "https://registry.yarnpkg.com/lolex/-/lolex-5.1.2.tgz#953694d098ce7c07bc5ed6d0e42bc6c0c6d5a367" - integrity sha512-h4hmjAvHTmd+25JSwrtTIuwbKdwg5NzZVRMLn9saij4SZaepCrTCxPr35H/3bjwfMJtN+t3CX8672UIkglz28A== - dependencies: - "@sinonjs/commons" "^1.7.0" - loose-envify@^1.0.0: version "1.4.0" resolved "https://registry.yarnpkg.com/loose-envify/-/loose-envify-1.4.0.tgz#71ee51fa7be4caec1a63839f7e682d8132d30caf" @@ -8064,18 +8040,6 @@ nice-try@^1.0.4: resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366" integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ== -nise@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/nise/-/nise-3.0.1.tgz#0659982af515e5aac15592226246243e8da0013d" - integrity sha512-fYcH9y0drBGSoi88kvhpbZEsenX58Yr+wOJ4/Mi1K4cy+iGP/a73gNoyNhu5E9QxPdgTlVChfIaAlnyOy/gHUA== - dependencies: - "@sinonjs/commons" "^1.7.0" - "@sinonjs/formatio" "^4.0.1" - "@sinonjs/text-encoding" "^0.7.1" - just-extend "^4.0.2" - lolex "^5.0.1" - path-to-regexp "^1.7.0" - nise@^4.0.1: version "4.0.2" resolved "https://registry.yarnpkg.com/nise/-/nise-4.0.2.tgz#727167d9392446a0238b28183b374600ddca42f4" @@ -10475,19 +10439,6 @@ simple-swizzle@^0.2.2: dependencies: is-arrayish "^0.3.1" -sinon@^8.0.1: - version "8.1.1" - resolved "https://registry.yarnpkg.com/sinon/-/sinon-8.1.1.tgz#21fffd5ad0a2d072a8aa7f8a3cf7ed2ced497497" - integrity sha512-E+tWr3acRdoe1nXbHMu86SSqA1WGM7Yw3jZRLvlCMnXwTHP8lgFFVn5BnKnF26uc5SfZ3D7pA9sN7S3Y2jG4Ew== - dependencies: - "@sinonjs/commons" "^1.7.0" - "@sinonjs/formatio" "^4.0.1" - "@sinonjs/samsam" "^4.2.2" - diff "^4.0.2" - lolex "^5.1.2" - nise "^3.0.1" - supports-color "^7.1.0" - sinon@^9.0.1: version "9.0.1" resolved "https://registry.yarnpkg.com/sinon/-/sinon-9.0.1.tgz#dbb18f7d8f5835bcf91578089c0a97b2fffdd73b" From d5575926b25cf0df8ea651041c426814153b6647 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 11 Mar 2020 14:29:23 +0100 Subject: [PATCH 41/42] chore(cli): CLI uses `cdk-assets` to upload templates and assets (#6565) * chore(cli): CLI uses `cdk-assets` to upload templates and assets Centralize all logic about how templates, files and container assets are built and uploaded in the `cdk-assets` tool. We need this change first because it's on the critical path of the CLI being able to deploy using the new convention mode roles (which requires the CLI to use the asset publishing role for uploading the CloudFormation templates), which is required for the pipeline being able to do self-mutation using `cdk deploy`. We can roll this change out independently of the framework emitting the asset manifest (the CLI can generate it) and we don't need to assume any roles, while we still get to test the new code path. Also importing a number of improvements to `cdk-assets` from the proof-of-concept branch. * WIP * Bring in partition querying from CDK feature branch * Migrate bugfix from feat/convmode * Make a distinction between an SdkProvider and an SDK * Make docker integ tests actually do something * Add tests for SDK Provider * Fix cdk-assets tests, use 'upload' instead of 'putObject' * Newlines * Purge environment variables that will mess with auth tests * Back to stable, accept breaking change * Remove ECR repository name output again, it's not necessary * Remove remaining rejected patch files * Fix build, we don't need repositoryName * Disable container creds, maybe that helps on CodeBuild * CHeck for file existence * Inspect environment before failing * 'delete' instead of assigning 'undefined' * Respect AWS_CONFIG_FILE variable when setting AWS_SDK_LOAD_CONFIG * Review comments Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- allowed-breaking-changes.txt | 2 +- packages/@aws-cdk/cdk-assets-schema/README.md | 1 - .../cdk-assets-schema/lib/aws-destination.ts | 19 + .../lib/docker-image-asset.ts | 11 - .../cdk-assets-schema/lib/validate.ts | 3 +- .../cdk-assets-schema/test/validate.test.ts | 3 +- packages/aws-cdk/bin/cdk.ts | 11 +- .../api/{util => aws-auth}/account-cache.ts | 26 +- .../lib/api/aws-auth/awscli-compatible.ts | 199 +++++++ .../lib/api/aws-auth/credential-plugins.ts | 54 ++ packages/aws-cdk/lib/api/aws-auth/index.ts | 3 + .../aws-cdk/lib/api/aws-auth/sdk-provider.ts | 356 ++++++++++++ packages/aws-cdk/lib/api/aws-auth/sdk.ts | 69 +++ .../aws-cdk/lib/api/aws-auth/sdk_ini_file.ts | 59 ++ .../aws-cdk/lib/api/bootstrap-environment.ts | 6 +- .../api/bootstrap/bootstrap-environment2.ts | 5 +- .../aws-cdk/lib/api/cxapp/environments.ts | 20 +- packages/aws-cdk/lib/api/cxapp/exec.ts | 15 +- packages/aws-cdk/lib/api/cxapp/stacks.ts | 6 +- packages/aws-cdk/lib/api/deploy-stack.ts | 99 ++-- packages/aws-cdk/lib/api/deployment-target.ts | 9 +- packages/aws-cdk/lib/api/index.ts | 2 +- packages/aws-cdk/lib/api/toolkit-info.ts | 172 +----- .../aws-cdk/lib/api/util/cloudformation.ts | 2 +- packages/aws-cdk/lib/api/util/sdk.ts | 547 ------------------ packages/aws-cdk/lib/api/util/sdk_ini_file.ts | 59 -- packages/aws-cdk/lib/archive.ts | 47 -- packages/aws-cdk/lib/assets.ts | 150 ++--- packages/aws-cdk/lib/cdk-toolkit.ts | 8 +- packages/aws-cdk/lib/command-api.ts | 4 +- packages/aws-cdk/lib/context-providers/ami.ts | 6 +- .../context-providers/availability-zones.ts | 6 +- .../lib/context-providers/hosted-zones.ts | 6 +- .../aws-cdk/lib/context-providers/index.ts | 6 +- .../lib/context-providers/ssm-parameters.ts | 6 +- .../aws-cdk/lib/context-providers/vpcs.ts | 6 +- packages/aws-cdk/lib/docker.ts | 202 ------- .../lib/util/asset-manifest-builder.ts | 32 + packages/aws-cdk/lib/util/asset-publishing.ts | 84 +++ packages/aws-cdk/lib/util/content-hash.ts | 5 + packages/aws-cdk/lib/util/functions.ts | 12 + packages/aws-cdk/package.json | 13 +- packages/aws-cdk/test/account-cache.test.ts | 26 +- .../aws-cdk/test/api/sdk-provider.test.ts | 191 ++++++ packages/aws-cdk/test/api/stacks.test.ts | 6 +- packages/aws-cdk/test/assets.test.ts | 291 +++++++--- packages/aws-cdk/test/bockfs.ts | 40 ++ packages/aws-cdk/test/cdk-toolkit.test.ts | 6 +- .../test/context-providers/amis.test.ts | 13 +- .../context-providers/asymmetric-vpcs.test.ts | 13 +- .../test/context-providers/generic.test.ts | 13 +- .../test/context-providers/vpcs.test.ts | 13 +- packages/aws-cdk/test/diff.test.ts | 4 +- packages/aws-cdk/test/docker-new.test.ts | 384 ------------ packages/aws-cdk/test/docker.test.ts | 378 ------------ .../integ/bootstrap/bootstrap.integ-test.ts | 16 +- packages/aws-cdk/test/integ/cli/app/app.js | 13 +- .../aws-cdk/test/integ/cli/test-cdk-docker.sh | 2 +- packages/aws-cdk/test/util/mock-sdk.ts | 39 +- packages/cdk-assets/bin/cdk-assets.ts | 13 +- packages/cdk-assets/bin/logging.ts | 2 +- packages/cdk-assets/bin/publish.ts | 116 ++-- packages/cdk-assets/lib/asset-manifest.ts | 10 - packages/cdk-assets/lib/aws.ts | 26 +- packages/cdk-assets/lib/private/docker.ts | 9 +- packages/cdk-assets/lib/private/fs-extra.ts | 5 + .../lib/private/handlers/container-images.ts | 38 +- .../cdk-assets/lib/private/handlers/files.ts | 32 +- .../cdk-assets/lib/private/placeholders.ts | 19 +- packages/cdk-assets/package.json | 2 + .../test/archive.test.ts | 20 +- packages/cdk-assets/test/bockfs.ts | 5 +- .../cdk-assets/test/docker-images.test.ts | 5 +- packages/cdk-assets/test/files.test.ts | 6 +- packages/cdk-assets/test/manifest.test.ts | 12 +- packages/cdk-assets/test/mock-aws.ts | 19 +- packages/cdk-assets/test/placeholders.test.ts | 2 +- packages/cdk-assets/test/progress.test.ts | 5 +- .../test/test-archive-follow/data/linked | 0 .../test/test-archive-follow/data/one.txt | 0 .../test/test-archive-follow/linked/two.txt | 0 .../test/test-archive/executable.txt | 0 .../test/test-archive/file1.txt | 0 .../test/test-archive/file2.txt | 0 .../test/test-archive/subdir/file3.txt | 0 packages/cdk-assets/test/zipping.test.ts | 6 +- 86 files changed, 1905 insertions(+), 2246 deletions(-) rename packages/aws-cdk/lib/api/{util => aws-auth}/account-cache.ts (77%) create mode 100644 packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts create mode 100644 packages/aws-cdk/lib/api/aws-auth/credential-plugins.ts create mode 100644 packages/aws-cdk/lib/api/aws-auth/index.ts create mode 100644 packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts create mode 100644 packages/aws-cdk/lib/api/aws-auth/sdk.ts create mode 100644 packages/aws-cdk/lib/api/aws-auth/sdk_ini_file.ts delete mode 100644 packages/aws-cdk/lib/api/util/sdk.ts delete mode 100644 packages/aws-cdk/lib/api/util/sdk_ini_file.ts delete mode 100644 packages/aws-cdk/lib/archive.ts delete mode 100644 packages/aws-cdk/lib/docker.ts create mode 100644 packages/aws-cdk/lib/util/asset-manifest-builder.ts create mode 100644 packages/aws-cdk/lib/util/asset-publishing.ts create mode 100644 packages/aws-cdk/lib/util/content-hash.ts create mode 100644 packages/aws-cdk/lib/util/functions.ts create mode 100644 packages/aws-cdk/test/api/sdk-provider.test.ts create mode 100644 packages/aws-cdk/test/bockfs.ts delete mode 100644 packages/aws-cdk/test/docker-new.test.ts delete mode 100644 packages/aws-cdk/test/docker.test.ts rename packages/{aws-cdk => cdk-assets}/test/archive.test.ts (82%) rename packages/{aws-cdk => cdk-assets}/test/test-archive-follow/data/linked (100%) rename packages/{aws-cdk => cdk-assets}/test/test-archive-follow/data/one.txt (100%) rename packages/{aws-cdk => cdk-assets}/test/test-archive-follow/linked/two.txt (100%) rename packages/{aws-cdk => cdk-assets}/test/test-archive/executable.txt (100%) rename packages/{aws-cdk => cdk-assets}/test/test-archive/file1.txt (100%) rename packages/{aws-cdk => cdk-assets}/test/test-archive/file2.txt (100%) rename packages/{aws-cdk => cdk-assets}/test/test-archive/subdir/file3.txt (100%) diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt index 427980fb5be9c..a84098fb3ab06 100644 --- a/allowed-breaking-changes.txt +++ b/allowed-breaking-changes.txt @@ -40,4 +40,4 @@ change-return-type:@aws-cdk/aws-lambda-destinations.EventBridgeDestination.bind change-return-type:@aws-cdk/aws-lambda-destinations.LambdaDestination.bind change-return-type:@aws-cdk/aws-lambda-destinations.SnsDestination.bind change-return-type:@aws-cdk/aws-lambda-destinations.SqsDestination.bind - +removed:@aws-cdk/cdk-assets-schema.DockerImageDestination.imageUri diff --git a/packages/@aws-cdk/cdk-assets-schema/README.md b/packages/@aws-cdk/cdk-assets-schema/README.md index d9cce2f0049b9..80db1a478bfc7 100644 --- a/packages/@aws-cdk/cdk-assets-schema/README.md +++ b/packages/@aws-cdk/cdk-assets-schema/README.md @@ -1,5 +1,4 @@ # cdk-assets-schema - --- diff --git a/packages/@aws-cdk/cdk-assets-schema/lib/aws-destination.ts b/packages/@aws-cdk/cdk-assets-schema/lib/aws-destination.ts index 1f3688f5dec3a..e4b00ed4d308d 100644 --- a/packages/@aws-cdk/cdk-assets-schema/lib/aws-destination.ts +++ b/packages/@aws-cdk/cdk-assets-schema/lib/aws-destination.ts @@ -22,5 +22,24 @@ export interface AwsDestination { * @default - No ExternalId will be supplied */ readonly assumeRoleExternalId?: string; +} +/** + * Placeholders which can be used in the destinations + */ +export class Placeholders { + /** + * Insert this into the destination fields to be replaced with the current region + */ + public static readonly CURRENT_REGION = '${AWS::Region}'; + + /** + * Insert this into the destination fields to be replaced with the current account + */ + public static readonly CURRENT_ACCOUNT = '${AWS::AccountId}'; + + /** + * Insert this into the destination fields to be replaced with the current partition + */ + public static readonly CURRENT_PARTITION = '${AWS::Partition}'; } \ No newline at end of file diff --git a/packages/@aws-cdk/cdk-assets-schema/lib/docker-image-asset.ts b/packages/@aws-cdk/cdk-assets-schema/lib/docker-image-asset.ts index 24bffa056d2dd..dd56653288dc0 100644 --- a/packages/@aws-cdk/cdk-assets-schema/lib/docker-image-asset.ts +++ b/packages/@aws-cdk/cdk-assets-schema/lib/docker-image-asset.ts @@ -61,15 +61,4 @@ export interface DockerImageDestination extends AwsDestination { * Tag of the image to publish */ readonly imageTag: string; - - /** - * Full Docker tag coordinates (registry and repository and tag) - * - * Example: - * - * ``` - * 1234.dkr.ecr.REGION.amazonaws.com/REPO:TAG - * ``` - */ - readonly imageUri: string; } diff --git a/packages/@aws-cdk/cdk-assets-schema/lib/validate.ts b/packages/@aws-cdk/cdk-assets-schema/lib/validate.ts index 221ffc8524216..2e8279534a833 100644 --- a/packages/@aws-cdk/cdk-assets-schema/lib/validate.ts +++ b/packages/@aws-cdk/cdk-assets-schema/lib/validate.ts @@ -97,9 +97,8 @@ function isDockerImageAsset(entry: object): DockerImageAsset { expectKey(destination, 'assumeRoleExternalId', isString, true); expectKey(destination, 'repositoryName', isString); expectKey(destination, 'imageTag', isString); - expectKey(destination, 'imageUri', isString); return destination; })); return entry; -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/cdk-assets-schema/test/validate.test.ts b/packages/@aws-cdk/cdk-assets-schema/test/validate.test.ts index 5beae92ce626b..88df3f9dea82f 100644 --- a/packages/@aws-cdk/cdk-assets-schema/test/validate.test.ts +++ b/packages/@aws-cdk/cdk-assets-schema/test/validate.test.ts @@ -14,7 +14,6 @@ test('Correctly validate Docker image asset', () => { region: 'us-north-20', repositoryName: 'REPO', imageTag: 'TAG', - imageUri: 'URI', }, }, }, @@ -79,4 +78,4 @@ test('Throw on invalid file asset', () => { }, }); }).toThrow(/Expected a string, got '3'/); -}); \ No newline at end of file +}); diff --git a/packages/aws-cdk/bin/cdk.ts b/packages/aws-cdk/bin/cdk.ts index 075a3e60c97ef..672d676b0d455 100644 --- a/packages/aws-cdk/bin/cdk.ts +++ b/packages/aws-cdk/bin/cdk.ts @@ -6,7 +6,8 @@ import * as colors from 'colors/safe'; import * as path from 'path'; import * as yargs from 'yargs'; -import { bootstrapEnvironment, BootstrapEnvironmentProps, SDK } from '../lib'; +import { bootstrapEnvironment, BootstrapEnvironmentProps } from '../lib'; +import { SdkProvider } from '../lib/api/aws-auth'; import { bootstrapEnvironment2 } from '../lib/api/bootstrap/bootstrap-environment2'; import { environmentsFromDescriptors, globEnvironmentsFromStacks } from '../lib/api/cxapp/environments'; import { execProgram } from '../lib/api/cxapp/exec'; @@ -111,11 +112,13 @@ async function initCommandLine() { debug('CDK toolkit version:', version.DISPLAY_VERSION); debug('Command line arguments:', argv); - const aws = new SDK({ + const aws = await SdkProvider.withAwsCliCompatibleDefaults({ profile: argv.profile, - proxyAddress: argv.proxy, - caBundlePath: argv['ca-bundle-path'], ec2creds: argv.ec2creds, + httpOptions: { + proxyAddress: argv.proxy, + caBundlePath: argv['ca-bundle-path'], + } }); const configuration = new Configuration(argv); diff --git a/packages/aws-cdk/lib/api/util/account-cache.ts b/packages/aws-cdk/lib/api/aws-auth/account-cache.ts similarity index 77% rename from packages/aws-cdk/lib/api/util/account-cache.ts rename to packages/aws-cdk/lib/api/aws-auth/account-cache.ts index 9dbc80ec8970f..4f3e7f2c1c414 100644 --- a/packages/aws-cdk/lib/api/util/account-cache.ts +++ b/packages/aws-cdk/lib/api/aws-auth/account-cache.ts @@ -2,6 +2,7 @@ import * as fs from 'fs-extra'; import * as os from 'os'; import * as path from 'path'; import { debug } from '../../logging'; +import { Account } from './sdk-provider'; /** * Disk cache which maps access key IDs to account IDs. @@ -21,7 +22,7 @@ export class AccountAccessKeyCache { * @param filePath Path to the cache file */ constructor(filePath?: string) { - this.cacheFile = filePath || path.join(os.homedir(), '.cdk', 'cache', 'accounts.json'); + this.cacheFile = filePath || path.join(os.homedir(), '.cdk', 'cache', 'accounts_partitions.json'); } /** @@ -38,31 +39,32 @@ export class AccountAccessKeyCache { * @param accessKeyId * @param resolver */ - public async fetch(accessKeyId: string, resolver: () => Promise) { + public async fetch(accessKeyId: string, resolver: () => Promise) { // try to get account ID based on this access key ID from disk. const cached = await this.get(accessKeyId); if (cached) { - debug(`Retrieved account ID ${cached} from disk cache`); + + debug(`Retrieved account ID ${cached.accountId} from disk cache`); return cached; } // if it's not in the cache, resolve and put in cache. - const accountId = await resolver(); - if (accountId) { - await this.put(accessKeyId, accountId); + const account = await resolver(); + if (account) { + await this.put(accessKeyId, account); } - return accountId; + return account; } /** Get the account ID from an access key or undefined if not in cache */ - public async get(accessKeyId: string): Promise { + public async get(accessKeyId: string): Promise { const map = await this.loadMap(); return map[accessKeyId]; } /** Put a mapping betweenn access key and account ID */ - public async put(accessKeyId: string, accountId: string) { + public async put(accessKeyId: string, account: Account) { let map = await this.loadMap(); // nuke cache if it's too big. @@ -70,11 +72,11 @@ export class AccountAccessKeyCache { map = { }; } - map[accessKeyId] = accountId; + map[accessKeyId] = account; await this.saveMap(map); } - private async loadMap(): Promise<{ [accessKeyId: string]: string }> { + private async loadMap(): Promise<{ [accessKeyId: string]: Account }> { if (!(await fs.pathExists(this.cacheFile))) { return { }; } @@ -82,7 +84,7 @@ export class AccountAccessKeyCache { return await fs.readJson(this.cacheFile); } - private async saveMap(map: { [accessKeyId: string]: string }) { + private async saveMap(map: { [accessKeyId: string]: Account }) { if (!(await fs.pathExists(this.cacheFile))) { await fs.mkdirs(path.dirname(this.cacheFile)); } diff --git a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts new file mode 100644 index 0000000000000..2ad921ae5ed5c --- /dev/null +++ b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts @@ -0,0 +1,199 @@ +import * as AWS from 'aws-sdk'; +import * as child_process from 'child_process'; +import * as fs from 'fs-extra'; +import * as os from 'os'; +import * as path from 'path'; +import * as util from 'util'; +import { debug } from '../../logging'; +import { SharedIniFile } from "./sdk_ini_file"; + +/** + * Behaviors to match AWS CLI + * + * See these links: + * + * https://docs.aws.amazon.com/cli/latest/topic/config-vars.html + * https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html + */ +export class AwsCliCompatible { + /** + * Build an AWS CLI-compatible credential chain provider + * + * This is similar to the default credential provider chain created by the SDK + * except: + * + * 1. Accepts profile argument in the constructor (the SDK must have it prepopulated + * in the environment). + * 2. Conditionally checks EC2 credentials, because checking for EC2 + * credentials on a non-EC2 machine may lead to long delays (in the best case) + * or an exception (in the worst case). + * 3. Respects $AWS_SHARED_CREDENTIALS_FILE. + * 4. Respects $AWS_DEFAULT_PROFILE in addition to $AWS_PROFILE. + */ + public static async credentialChain(profile: string | undefined, ec2creds: boolean | undefined, containerCreds: boolean | undefined) { + await forceSdkToReadConfigIfPresent(); + + profile = profile || process.env.AWS_PROFILE || process.env.AWS_DEFAULT_PROFILE || 'default'; + + const sources = [ + () => new AWS.EnvironmentCredentials('AWS'), + () => new AWS.EnvironmentCredentials('AMAZON'), + ]; + + if (await fs.pathExists(credentialsFileName())) { + sources.push(() => new AWS.SharedIniFileCredentials({ profile, filename: credentialsFileName() })); + } + + if (await fs.pathExists(configFileName())) { + sources.push(() => new AWS.SharedIniFileCredentials({ profile, filename: credentialsFileName() })); + } + + if (containerCreds ?? hasEcsCredentials()) { + sources.push(() => new AWS.ECSCredentials()); + } else if (ec2creds ?? await hasEc2Credentials()) { + // else if: don't get EC2 creds if we should have gotten ECS creds--ECS instances also + // run on EC2 boxes but the creds represent something different. Same behavior as + // upstream code. + sources.push(() => new AWS.EC2MetadataCredentials()); + } + + return new AWS.CredentialProviderChain(sources); + } + + /** + * Return the default region in a CLI-compatible way + * + * Mostly copied from node_loader.js, but with the following differences to make it + * AWS CLI compatible: + * + * 1. Takes a profile name as an argument (instead of forcing it to be taken from $AWS_PROFILE). + * This requires having made a copy of the SDK's `SharedIniFile` (the original + * does not take an argument). + * 2. $AWS_DEFAULT_PROFILE and $AWS_DEFAULT_REGION are also respected. + * + * Lambda and CodeBuild set the $AWS_REGION variable. + * + * FIXME: EC2 instances require querying the metadata service to determine the current region. + */ + public static async region(profile: string | undefined): Promise { + profile = profile || process.env.AWS_PROFILE || process.env.AWS_DEFAULT_PROFILE || 'default'; + + // Defaults inside constructor + const toCheck = [ + { filename: credentialsFileName(), profile }, + { isConfig: true, filename: configFileName(), profile }, + { isConfig: true, filename: configFileName(), profile: 'default' }, + ]; + + let region = process.env.AWS_REGION || process.env.AMAZON_REGION || + process.env.AWS_DEFAULT_REGION || process.env.AMAZON_DEFAULT_REGION; + + while (!region && toCheck.length > 0) { + const options = toCheck.shift()!; + if (await fs.pathExists(options.filename)) { + const configFile = new SharedIniFile(options); + const section = await configFile.getProfile(options.profile); + region = section?.region; + } + } + + if (!region) { + const usedProfile = !profile ? '' : ` (profile: "${profile}")`; + region = 'us-east-1'; // This is what the AWS CLI does + debug(`Unable to determine AWS region from environment or AWS configuration${usedProfile}, defaulting to '${region}'`); + } + + return region; + } +} + +/** + * Return whether it looks like we'll have ECS credentials available + */ +function hasEcsCredentials(): boolean { + return (AWS.ECSCredentials.prototype as any).isConfiguredForEcsCredentials(); +} + +/** + * Return whether we're on an EC2 instance + */ +async function hasEc2Credentials() { + debug("Determining whether we're on an EC2 instance."); + + let instance = false; + if (process.platform === 'win32') { + // https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/identify_ec2_instances.html + const result = await util.promisify(child_process.exec)('wmic path win32_computersystemproduct get uuid', { encoding: 'utf-8' }); + // output looks like + // UUID + // EC2AE145-D1DC-13B2-94ED-01234ABCDEF + const lines = result.stdout.toString().split('\n'); + instance = lines.some(x => matchesRegex(/^ec2/i, x)); + } else { + // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/identify_ec2_instances.html + const files: Array<[string, RegExp]> = [ + // This recognizes the Xen hypervisor based instances (pre-5th gen) + ['/sys/hypervisor/uuid', /^ec2/i], + + // This recognizes the new Hypervisor (5th-gen instances and higher) + // Can't use the advertised file '/sys/devices/virtual/dmi/id/product_uuid' because it requires root to read. + // Instead, sys_vendor contains something like 'Amazon EC2'. + ['/sys/devices/virtual/dmi/id/sys_vendor', /ec2/i], + ]; + for (const [file, re] of files) { + if (matchesRegex(re, readIfPossible(file))) { + instance = true; + break; + } + } + } + + debug(instance ? 'Looks like EC2 instance.' : 'Does not look like EC2 instance.'); + return instance; +} + +function homeDir() { + return process.env.HOME || process.env.USERPROFILE + || (process.env.HOMEPATH ? ((process.env.HOMEDRIVE || 'C:/') + process.env.HOMEPATH) : null) || os.homedir(); +} + +function credentialsFileName() { + return process.env.AWS_SHARED_CREDENTIALS_FILE || path.join(homeDir(), '.aws', 'credentials'); +} + +function configFileName() { + return process.env.AWS_CONFIG_FILE || path.join(homeDir(), '.aws', 'config'); +} + +/** + * Force the JS SDK to honor the ~/.aws/config file (and various settings therein) + * + * For example, ther is just *NO* way to do AssumeRole credentials as long as AWS_SDK_LOAD_CONFIG is not set, + * or read credentials from that file. + * + * The SDK crashes if the variable is set but the file does not exist, so conditionally set it. + */ +async function forceSdkToReadConfigIfPresent() { + if (await fs.pathExists(configFileName())) { + process.env.AWS_SDK_LOAD_CONFIG = '1'; + } +} + +function matchesRegex(re: RegExp, s: string | undefined) { + return s !== undefined && re.exec(s) !== null; +} + +/** + * Read a file if it exists, or return undefined + * + * Not async because it is used in the constructor + */ +function readIfPossible(filename: string): string | undefined { + try { + if (!fs.pathExistsSync(filename)) { return undefined; } + return fs.readFileSync(filename, { encoding: 'utf-8' }); + } catch (e) { + debug(e); + return undefined; + } +} \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/aws-auth/credential-plugins.ts b/packages/aws-cdk/lib/api/aws-auth/credential-plugins.ts new file mode 100644 index 0000000000000..8c5fa66f02285 --- /dev/null +++ b/packages/aws-cdk/lib/api/aws-auth/credential-plugins.ts @@ -0,0 +1,54 @@ +import { debug } from "../../logging"; +import { PluginHost } from "../../plugin"; +import { CredentialProviderSource, Mode } from "./credentials"; + +/** + * Cache for credential providers. + * + * Given an account and an operating mode (read or write) will return an + * appropriate credential provider for credentials for the given account. The + * credential provider will be cached so that multiple AWS clients for the same + * environment will not make multiple network calls to obtain credentials. + * + * Will use default credentials if they are for the right account; otherwise, + * all loaded credential provider plugins will be tried to obtain credentials + * for the given account. + */ +export class CredentialPlugins { + private readonly cache: {[key: string]: AWS.Credentials | undefined} = {}; + + public async fetchCredentialsFor(awsAccountId: string, mode: Mode): Promise { + const key = `${awsAccountId}-${mode}`; + if (!(key in this.cache)) { + this.cache[key] = await this.lookupCredentials(awsAccountId, mode); + } + return this.cache[key]; + } + + public get availablePluginNames(): string[] { + return PluginHost.instance.credentialProviderSources.map(s => s.name); + } + + private async lookupCredentials(awsAccountId: string, mode: Mode): Promise { + const triedSources: CredentialProviderSource[] = []; + // Otherwise, inspect the various credential sources we have + for (const source of PluginHost.instance.credentialProviderSources) { + if (!(await source.isAvailable())) { + debug('Credentials source %s is not available, ignoring it.', source.name); + continue; + } + triedSources.push(source); + if (!(await source.canProvideCredentials(awsAccountId))) { continue; } + debug(`Using ${source.name} credentials for account ${awsAccountId}`); + const providerOrCreds = await source.getProvider(awsAccountId, mode); + + // Backwards compatibility: if the plugin returns a ProviderChain, resolve that chain. + // Otherwise it must have returned credentials. + if ((providerOrCreds as any).resolvePromise) { + return await (providerOrCreds as any).resolvePromise(); + } + return providerOrCreds; + } + return undefined; + } +} diff --git a/packages/aws-cdk/lib/api/aws-auth/index.ts b/packages/aws-cdk/lib/api/aws-auth/index.ts new file mode 100644 index 0000000000000..cade9b2eada26 --- /dev/null +++ b/packages/aws-cdk/lib/api/aws-auth/index.ts @@ -0,0 +1,3 @@ +export * from './sdk'; +export * from './sdk-provider'; +export * from './credentials'; \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts new file mode 100644 index 0000000000000..b8e92a5f4d48f --- /dev/null +++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts @@ -0,0 +1,356 @@ +import * as cxapi from '@aws-cdk/cx-api'; +import * as AWS from 'aws-sdk'; +import { ConfigurationOptions } from 'aws-sdk/lib/config'; +import * as fs from 'fs-extra'; +import * as https from 'https'; +import * as os from 'os'; +import * as path from 'path'; +import { debug } from '../../logging'; +import { cached } from '../../util/functions'; +import { CredentialPlugins } from '../aws-auth/credential-plugins'; +import { Mode } from "../aws-auth/credentials"; +import { AccountAccessKeyCache } from './account-cache'; +import { AwsCliCompatible } from './awscli-compatible'; +import { ISDK, SDK } from './sdk'; + +/** + * Options for the default SDK provider + */ +export interface SdkProviderOptions { + /** + * Profile to read from ~/.aws + * + * @default - No profile + */ + readonly profile?: string; + + /** + * Whether we should check for EC2 credentials + * + * @default - Autodetect + */ + readonly ec2creds?: boolean; + + /** + * Whether we should check for container credentials + * + * @default - Autodetect + */ + readonly containerCreds?: boolean; + + /** + * HTTP options for SDK + */ + readonly httpOptions?: SdkHttpOptions; +} + +/** + * Options for individual SDKs + */ +export interface SdkHttpOptions { + /** + * Proxy address to use + * + * @default No proxy + */ + readonly proxyAddress?: string; + + /** + * A path to a certificate bundle that contains a cert to be trusted. + * + * @default No certificate bundle + */ + readonly caBundlePath?: string; + + /** + * The custom user agent to use. + * + * @default - / + */ + readonly userAgent?: string; +} + +const CACHED_ACCOUNT = Symbol(); +const CACHED_DEFAULT_CREDENTIALS = Symbol(); + +/** + * Creates instances of the AWS SDK appropriate for a given account/region + * + * If an environment is given and the current credentials are NOT for the indicated + * account, will also search the set of credential plugin providers. + * + * If no environment is given, the default credentials will always be used. + */ +export class SdkProvider { + /** + * Create a new SdkProvider which gets its defaults in a way that haves like the AWS CLI does + * + * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the + * class `AwsCliCompatible` for the details. + */ + public static async withAwsCliCompatibleDefaults(options: SdkProviderOptions = {}) { + const chain = await AwsCliCompatible.credentialChain(options.profile, options.ec2creds, options.containerCreds); + const region = await AwsCliCompatible.region(options.profile); + + return new SdkProvider(chain, region, options.httpOptions); + } + + private readonly accountCache = new AccountAccessKeyCache(); + private readonly plugins = new CredentialPlugins(); + private readonly httpOptions: ConfigurationOptions; + + public constructor( + private readonly defaultChain: AWS.CredentialProviderChain, + /** + * Default region + */ + public readonly defaultRegion: string, + httpOptions: SdkHttpOptions = {}) { + this.httpOptions = defaultHttpOptions(httpOptions); + } + + /** + * Return an SDK which can do operations in the given environment + * + * The `region` and `accountId` parameters are interpreted as in `resolveEnvironment()` (which is to + * say, `undefined` doesn't do what you expect). + */ + public async forEnvironment(accountId: string | undefined, region: string | undefined, mode: Mode): Promise { + const env = await this.resolveEnvironment(accountId, region); + const creds = await this.obtainCredentials(env.account, mode); + return new SDK(creds, env.region, this.httpOptions); + } + + /** + * Return an SDK which uses assumed role credentials + * + * The base credentials used to retrieve the assumed role credentials will be the + * current credentials (no plugin lookup will be done!). + * + * If `region` is undefined, the default value will be used. + */ + public async withAssumedRole(roleArn: string, externalId: string | undefined, region: string | undefined) { + debug(`Assuming role '${roleArn}'`); + region = region ?? this.defaultRegion; + + const creds = new AWS.ChainableTemporaryCredentials({ + params: { + RoleArn: roleArn, + ...externalId ? { ExternalId: externalId } : {}, + RoleSessionName: `aws-cdk-${os.userInfo().username}`, + }, + stsConfig: { + region, + ...this.httpOptions, + }, + masterCredentials: await this.defaultCredentials(), + }); + + return new SDK(creds, region, this.httpOptions); + } + + /** + * Resolve the environment for a stack + * + * `undefined` actually means `undefined`, and is NOT changed to default values! Only the magic values UNKNOWN_REGION + * and UNKNOWN_ACCOUNT will be replaced with looked-up values! + */ + public async resolveEnvironment(accountId: string | undefined, region: string | undefined) { + region = region !== cxapi.UNKNOWN_REGION ? region : this.defaultRegion; + accountId = accountId !== cxapi.UNKNOWN_ACCOUNT ? accountId : (await this.defaultAccount())?.accountId; + + if (!region) { + throw new Error(`AWS region must be configured either when you configure your CDK stack or through the environment`); + } + + if (!accountId) { + throw new Error(`Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment`); + } + + const environment: cxapi.Environment = { + region, account: accountId, name: cxapi.EnvironmentUtils.format(accountId, region) + }; + + return environment; + } + + /** + * Use the default credentials to lookup our account number using STS. + * + * Uses a cache to avoid STS calls if we don't need 'em. + */ + public defaultAccount(): Promise { + return cached(this, CACHED_ACCOUNT, async () => { + try { + const creds = await this.defaultCredentials(); + + const accessKeyId = creds.accessKeyId; + if (!accessKeyId) { + throw new Error('Unable to resolve AWS credentials (setup with "aws configure")'); + } + + const account = await this.accountCache.fetch(creds.accessKeyId, async () => { + // if we don't have one, resolve from STS and store in cache. + debug('Looking up default account ID from STS'); + const result = await new AWS.STS({ ...this.httpOptions, credentials: creds, region: this.defaultRegion }).getCallerIdentity().promise(); + const accountId = result.Account; + const partition = result.Arn!.split(':')[1]; + if (!accountId) { + debug('STS didn\'t return an account ID'); + return undefined; + } + debug('Default account ID:', accountId); + return { accountId, partition }; + }); + + return account; + } catch (e) { + debug('Unable to determine the default AWS account (did you configure "aws configure"?):', e); + return undefined; + } + }); + } + + /** + * Get credentials for the given account ID in the given mode + * + * Use the current credentials if the destination account matches the current credentials' account. + * Otherwise try all credential plugins. + */ + protected async obtainCredentials(accountId: string, mode: Mode): Promise { + // First try 'current' credentials + const defaultAccountId = (await this.defaultAccount())?.accountId; + if (defaultAccountId === accountId) { + return this.defaultCredentials(); + } + + // Then try the plugins + const pluginCreds = await this.plugins.fetchCredentialsFor(accountId, mode); + if (pluginCreds) { + return pluginCreds; + } + + // No luck, format a useful error message + const error = [`Need to perform AWS calls for account ${accountId}`]; + error.push(defaultAccountId ? `but the current credentials are for ${defaultAccountId}` : `but no credentials have been configured`); + if (this.plugins.availablePluginNames.length > 0) { + error.push(`and none of these plugins found any: ${this.plugins.availablePluginNames.join(', ')}`); + } + + throw new Error(`${error.join(', ')}.`); + } + + /** + * Resolve the default chain to the first set of credentials that is available + */ + private defaultCredentials(): Promise { + return cached(this, CACHED_DEFAULT_CREDENTIALS, () => { + debug('Resolving default credentials'); + return this.defaultChain.resolvePromise(); + }); + } +} + +/** + * An AWS account + * + * An AWS account always exists in only one partition. Usually we don't care about + * the partition, but when we need to form ARNs we do. + */ +export interface Account { + /** + * The account number + */ + readonly accountId: string; + + /** + * The partition ('aws' or 'aws-cn' or otherwise) + */ + readonly partition: string; +} + +/** + * Get HTTP options for the SDK + * + * Read from user input or environment variables. + */ +function defaultHttpOptions(options: SdkHttpOptions) { + const config: ConfigurationOptions = {}; + config.httpOptions = {}; + + let userAgent = options.userAgent; + if (userAgent == null) { + // Find the package.json from the main toolkit + const pkg = JSON.parse(readIfPossible(path.join(__dirname, '..', '..', '..', 'package.json')) ?? '{}'); + userAgent = `${pkg.name}/${pkg.version}`; + } + config.customUserAgent = userAgent; + + const proxyAddress = options.proxyAddress || httpsProxyFromEnvironment(); + const caBundlePath = options.caBundlePath || caBundlePathFromEnvironment(); + + if (proxyAddress && caBundlePath) { + throw new Error(`At the moment, cannot specify Proxy (${proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https://github.com/aws/aws-cdk/issues/5804`); + // Maybe it's possible after all, but I've been staring at + // https://github.com/TooTallNate/node-proxy-agent/blob/master/index.js#L79 + // a while now trying to figure out what to pass in so that the underlying Agent + // object will get the 'ca' argument. It's not trivial and I don't want to risk it. + } + + if (proxyAddress) { // Ignore empty string on purpose + // https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/ + debug('Using proxy server: %s', proxyAddress); + // eslint-disable-next-line @typescript-eslint/no-require-imports + const ProxyAgent: any = require('proxy-agent'); + config.httpOptions.agent = new ProxyAgent(proxyAddress); + } + if (caBundlePath) { + debug('Using CA bundle path: %s', caBundlePath); + config.httpOptions.agent = new https.Agent({ + ca: readIfPossible(caBundlePath) + }); + } + + return config; +} + +/** + * Find and return the configured HTTPS proxy address + */ +function httpsProxyFromEnvironment(): string | undefined { + if (process.env.https_proxy) { + return process.env.https_proxy; + } + if (process.env.HTTPS_PROXY) { + return process.env.HTTPS_PROXY; + } + return undefined; +} + +/** + * Find and return a CA certificate bundle path to be passed into the SDK. + */ +function caBundlePathFromEnvironment(): string | undefined { + if (process.env.aws_ca_bundle) { + return process.env.aws_ca_bundle; + } + if (process.env.AWS_CA_BUNDLE) { + return process.env.AWS_CA_BUNDLE; + } + return undefined; +} + +/** + * Read a file if it exists, or return undefined + * + * Not async because it is used in the constructor + */ +function readIfPossible(filename: string): string | undefined { + try { + if (!fs.pathExistsSync(filename)) { return undefined; } + return fs.readFileSync(filename, { encoding: 'utf-8' }); + } catch (e) { + debug(e); + return undefined; + } +} \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk.ts b/packages/aws-cdk/lib/api/aws-auth/sdk.ts new file mode 100644 index 0000000000000..cd178d735acec --- /dev/null +++ b/packages/aws-cdk/lib/api/aws-auth/sdk.ts @@ -0,0 +1,69 @@ +import * as AWS from 'aws-sdk'; +import { ConfigurationOptions } from 'aws-sdk/lib/config'; + +/** @experimental */ +export interface ISDK { + cloudFormation(): AWS.CloudFormation; + + ec2(): AWS.EC2; + + ssm(): AWS.SSM; + + s3(): AWS.S3; + + route53(): AWS.Route53; + + ecr(): AWS.ECR; +} + +/** + * Base functionality of SDK without credential fetching + */ +export class SDK implements ISDK { + private readonly config: ConfigurationOptions; + + /** + * Default retry options for SDK clients + * + * Biggest bottleneck is CloudFormation, with a 1tps call rate. We want to be + * a little more tenacious than the defaults, and with a little more breathing + * room between calls (defaults are {retries=3, base=100}). + * + * I've left this running in a tight loop for an hour and the throttle errors + * haven't escaped the retry mechanism. + */ + private readonly retryOptions = { maxRetries: 6, retryDelayOptions: { base: 300 }}; + + constructor(credentials: AWS.Credentials, region: string, httpOptions: ConfigurationOptions = {}) { + this.config = { + ...httpOptions, + ...this.retryOptions, + credentials, + region, + }; + } + + public cloudFormation(): AWS.CloudFormation { + return new AWS.CloudFormation(this.config); + } + + public ec2(): AWS.EC2 { + return new AWS.EC2(this.config); + } + + public ssm(): AWS.SSM { + return new AWS.SSM(this.config); + } + + public s3(): AWS.S3 { + return new AWS.S3(this.config); + } + + public route53(): AWS.Route53 { + return new AWS.Route53(this.config); + } + + public ecr(): AWS.ECR { + return new AWS.ECR(this.config); + } +} \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk_ini_file.ts b/packages/aws-cdk/lib/api/aws-auth/sdk_ini_file.ts new file mode 100644 index 0000000000000..40845d00b8a15 --- /dev/null +++ b/packages/aws-cdk/lib/api/aws-auth/sdk_ini_file.ts @@ -0,0 +1,59 @@ +/** + * A reimplementation of JS AWS SDK's SharedIniFile class + * + * We need that class to parse the ~/.aws/config file to determine the correct + * region at runtime, but unfortunately it is private upstream. + */ + +import * as AWS from 'aws-sdk'; +import * as fs from 'fs-extra'; +import * as os from 'os'; +import * as path from 'path'; + +export interface SharedIniFileOptions { + isConfig?: boolean; + filename?: string; +} + +export class SharedIniFile { + private readonly isConfig: boolean; + private readonly filename: string; + private parsedContents?: { [key: string]: { [key: string]: string } }; + + constructor(options?: SharedIniFileOptions) { + options = options || {}; + this.isConfig = options.isConfig === true; + this.filename = options.filename || this.getDefaultFilepath(); + } + + public async getProfile(profile: string) { + await this.ensureFileLoaded(); + + const profileIndex = profile !== (AWS as any).util.defaultProfile && this.isConfig ? + 'profile ' + profile : profile; + + return this.parsedContents![profileIndex]; + } + + private getDefaultFilepath(): string { + return path.join( + os.homedir(), + '.aws', + this.isConfig ? 'config' : 'credentials' + ); + } + + private async ensureFileLoaded() { + if (this.parsedContents) { + return; + } + + if (!await fs.pathExists(this.filename)) { + this.parsedContents = {}; + return; + } + + const contents: string = (await fs.readFile(this.filename)).toString(); + this.parsedContents = (AWS as any).util.ini.parse(contents); + } +} diff --git a/packages/aws-cdk/lib/api/bootstrap-environment.ts b/packages/aws-cdk/lib/api/bootstrap-environment.ts index e1272e8e6ddc7..72c25eb140a50 100644 --- a/packages/aws-cdk/lib/api/bootstrap-environment.ts +++ b/packages/aws-cdk/lib/api/bootstrap-environment.ts @@ -2,15 +2,17 @@ import * as cxapi from '@aws-cdk/cx-api'; import * as fs from 'fs-extra'; import * as os from 'os'; import * as path from 'path'; +import { SdkProvider } from './aws-auth'; import {Tag} from "./cxapp/stacks"; import { deployStack, DeployStackResult } from './deploy-stack'; -import { ISDK } from './util/sdk'; // tslint:disable:max-line-length /** @experimental */ export const BUCKET_NAME_OUTPUT = 'BucketName'; /** @experimental */ +export const REPOSITORY_NAME_OUTPUT = 'RepositoryName'; +/** @experimental */ export const BUCKET_DOMAIN_NAME_OUTPUT = 'BucketDomainName'; export interface BootstrapEnvironmentProps { @@ -57,7 +59,7 @@ export interface BootstrapEnvironmentProps { } /** @experimental */ -export async function bootstrapEnvironment(environment: cxapi.Environment, aws: ISDK, toolkitStackName: string, roleArn: string | undefined, props: BootstrapEnvironmentProps = {}): Promise { +export async function bootstrapEnvironment(environment: cxapi.Environment, aws: SdkProvider, toolkitStackName: string, roleArn: string | undefined, props: BootstrapEnvironmentProps = {}): Promise { if (props.trustedAccounts?.length) { throw new Error('--trust can only be passed for the new bootstrap experience!'); } diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment2.ts b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment2.ts index 596450cd16939..8d4b9b5159716 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment2.ts +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment2.ts @@ -2,9 +2,10 @@ import * as cxapi from '@aws-cdk/cx-api'; import * as fs from 'fs-extra'; import * as os from 'os'; import * as path from 'path'; -import { BootstrapEnvironmentProps, deployStack, DeployStackResult, ISDK } from '..'; +import { BootstrapEnvironmentProps, deployStack, DeployStackResult } from '..'; +import { SdkProvider } from '../aws-auth'; -export async function bootstrapEnvironment2(environment: cxapi.Environment, sdk: ISDK, +export async function bootstrapEnvironment2(environment: cxapi.Environment, sdk: SdkProvider, toolkitStackName: string, roleArn: string | undefined, props: BootstrapEnvironmentProps = {}): Promise { if (props.trustedAccounts?.length && !props.cloudFormationExecutionPolicies?.length) { diff --git a/packages/aws-cdk/lib/api/cxapp/environments.ts b/packages/aws-cdk/lib/api/cxapp/environments.ts index a4c2aae0376b2..c34c066e010ce 100644 --- a/packages/aws-cdk/lib/api/cxapp/environments.ts +++ b/packages/aws-cdk/lib/api/cxapp/environments.ts @@ -1,9 +1,9 @@ import * as cxapi from '@aws-cdk/cx-api'; import * as minimatch from 'minimatch'; -import { ISDK } from '../util/sdk'; +import { SdkProvider } from '../aws-auth'; import { AppStacks } from './stacks'; -export async function globEnvironmentsFromStacks(appStacks: AppStacks, environmentGlobs: string[], sdk: ISDK): Promise { +export async function globEnvironmentsFromStacks(appStacks: AppStacks, environmentGlobs: string[], sdk: SdkProvider): Promise { if (environmentGlobs.length === 0) { environmentGlobs = [ '**' ]; // default to ALL } @@ -12,7 +12,7 @@ export async function globEnvironmentsFromStacks(appStacks: AppStacks, environme const availableEnvironments = new Array(); for (const stack of stacks) { - const actual = await parseEnvironment(sdk, stack.environment); + const actual = await sdk.resolveEnvironment(stack.environment.account, stack.environment.region); availableEnvironments.push(actual); } @@ -26,20 +26,6 @@ export async function globEnvironmentsFromStacks(appStacks: AppStacks, environme return environments; } -async function parseEnvironment(sdk: ISDK, env: cxapi.Environment): Promise { - const account = env.account === cxapi.UNKNOWN_ACCOUNT ? await sdk.defaultAccount() : env.account; - const region = env.region === cxapi.UNKNOWN_REGION ? await sdk.defaultRegion() : env.region; - - if (!account || !region) { - throw new Error(`Unable to determine default account and/or region`); - } - - return { - account, region, - name: cxapi.EnvironmentUtils.format(account, region) - }; -} - /** * Given a set of "/" strings, construct environments for them */ diff --git a/packages/aws-cdk/lib/api/cxapp/exec.ts b/packages/aws-cdk/lib/api/cxapp/exec.ts index 8b9432140aba9..4de8c73509c01 100644 --- a/packages/aws-cdk/lib/api/cxapp/exec.ts +++ b/packages/aws-cdk/lib/api/cxapp/exec.ts @@ -5,10 +5,10 @@ import * as path from 'path'; import { debug } from '../../logging'; import { Configuration, PROJECT_CONFIG, USER_DEFAULTS } from '../../settings'; import { versionNumber } from '../../version'; -import { ISDK } from '../util/sdk'; +import { SdkProvider } from '../aws-auth'; /** Invokes the cloud executable and returns JSON output */ -export async function execProgram(aws: ISDK, config: Configuration): Promise { +export async function execProgram(aws: SdkProvider, config: Configuration): Promise { const env: { [key: string]: string } = { }; const context = config.context.all; @@ -131,12 +131,15 @@ export async function execProgram(aws: ISDK, config: Configuration): Promise Promise; +type Synthesizer = (aws: SdkProvider, config: Configuration) => Promise; export interface AppStacksProps { /** @@ -43,7 +43,7 @@ export interface AppStacksProps { /** * AWS object (used by synthesizer and contextprovider) */ - aws: ISDK; + aws: SdkProvider; /** * Callback invoked to synthesize the actual stacks diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts index 0a51851080483..51af071a5948a 100644 --- a/packages/aws-cdk/lib/api/deploy-stack.ts +++ b/packages/aws-cdk/lib/api/deploy-stack.ts @@ -3,15 +3,18 @@ import * as aws from 'aws-sdk'; import * as colors from 'colors/safe'; import * as uuid from 'uuid'; import { Tag } from "../api/cxapp/stacks"; -import { prepareAssets } from '../assets'; +import { addMetadataAssetsToManifest } from '../assets'; import { debug, error, print } from '../logging'; import { deserializeStructure, toYAML } from '../serialize'; +import { AssetManifestBuilder } from '../util/asset-manifest-builder'; +import { publishAssets } from '../util/asset-publishing'; +import { contentHash } from '../util/content-hash'; +import { SdkProvider } from './aws-auth'; import { Mode } from './aws-auth/credentials'; import { ToolkitInfo } from './toolkit-info'; import { changeSetHasNoChanges, describeStack, stackExists, stackFailedCreating, waitForChangeSet, waitForStack } from './util/cloudformation'; import { StackActivityMonitor } from './util/cloudformation/stack-activity-monitor'; import { StackStatus } from './util/cloudformation/stack-status'; -import { ISDK } from './util/sdk'; type TemplateBodyParameter = { TemplateBody?: string @@ -29,7 +32,7 @@ export interface DeployStackResult { /** @experimental */ export interface DeployStackOptions { stack: cxapi.CloudFormationStackArtifact; - sdk: ISDK; + sdk: SdkProvider; toolkitInfo?: ToolkitInfo; roleArn?: string; notificationArns?: string[]; @@ -66,34 +69,40 @@ const LARGE_TEMPLATE_SIZE_KB = 50; /** @experimental */ export async function deployStack(options: DeployStackOptions): Promise { - if (!options.stack.environment) { - throw new Error(`The stack ${options.stack.displayName} does not have an environment`); + const stack = options.stack; + + if (!stack.environment) { + throw new Error(`The stack ${stack.displayName} does not have an environment`); } - const cfn = await options.sdk.cloudFormation(options.stack.environment.account, options.stack.environment.region, Mode.ForWriting); - const deployName = options.deployName || options.stack.stackName; + // Translate symbolic/unknown environment references to concrete environment references + const stackEnv = await options.sdk.resolveEnvironment(stack.environment.account, stack.environment.region); + + const cfn = (await options.sdk.forEnvironment(stackEnv.account, stackEnv.region, Mode.ForWriting)).cloudFormation(); + const deployName = options.deployName || stack.stackName; if (!options.force) { + // bail out if the current template is exactly the same as the one we are about to deploy + // in cdk-land, this means nothing changed because assets (and therefore nested stacks) are immutable. debug(`checking if we can skip this stack based on the currently deployed template and tags (use --force to override)`); const deployed = await getDeployedStack(cfn, deployName); const tagsIdentical = compareTags(deployed?.tags ?? [], options.tags ?? []); - if (deployed && JSON.stringify(options.stack.template) === JSON.stringify(deployed.template) && tagsIdentical) { + if (deployed && JSON.stringify(stack.template) === JSON.stringify(deployed.template) && tagsIdentical) { debug(`${deployName}: no change in template and tags, skipping (use --force to override)`); return { noOp: true, outputs: await getStackOutputs(cfn, deployName), stackArn: deployed.stackId, - stackArtifact: options.stack + stackArtifact: stack }; } else { debug(`${deployName}: template changed, deploying...`); } } - // bail out if the current template is exactly the same as the one we are about to deploy - // in cdk-land, this means nothing changed because assets (and therefore nested stacks) are immutable. + const assets = new AssetManifestBuilder(); - const params = await prepareAssets(options.stack, options.toolkitInfo, options.reuseAssets); + const params = await addMetadataAssetsToManifest(stack, assets, options.toolkitInfo, options.reuseAssets); // add passed CloudFormation parameters for (const [paramName, paramValue] of Object.entries((options.parameters || {}))) { @@ -107,7 +116,7 @@ export async function deployStack(options: DeployStackOptions): Promise { +async function makeBodyParameter( + stack: cxapi.CloudFormationStackArtifact, + assetManifest: AssetManifestBuilder, + toolkitInfo?: ToolkitInfo): Promise { const templateJson = toYAML(stack.template); - if (toolkitInfo) { - const s3KeyPrefix = `cdk/${stack.id}/`; - const s3KeySuffix = '.yml'; - const { key } = await toolkitInfo.uploadIfChanged(templateJson, { - s3KeyPrefix, s3KeySuffix, contentType: 'application/x-yaml' - }); - const templateURL = `${toolkitInfo.bucketUrl}/${key}`; - debug('Stored template in S3 at:', templateURL); - return { TemplateURL: templateURL }; - } else if (templateJson.length > LARGE_TEMPLATE_SIZE_KB * 1024) { + + if (templateJson.length <= LARGE_TEMPLATE_SIZE_KB * 1024) { + return { TemplateBody: templateJson }; + } + + if (!toolkitInfo) { error( `The template for stack "${stack.displayName}" is ${Math.round(templateJson.length / 1024)}KiB. ` + `Templates larger than ${LARGE_TEMPLATE_SIZE_KB}KiB must be uploaded to S3.\n` + @@ -204,15 +218,27 @@ async function makeBodyParameter(stack: cxapi.CloudFormationStackArtifact, toolk colors.blue(`\t$ cdk bootstrap ${stack.environment!.name}\n`)); throw new Error(`Template too large to deploy ("cdk bootstrap" is required)`); - } else { - return { TemplateBody: templateJson }; } + + const templateHash = contentHash(templateJson); + const key = `cdk/${stack.id}/${templateHash}.yml`; + const templateURL = `${toolkitInfo.bucketUrl}/${key}`; + + assetManifest.addFileAsset(templateHash, { + path: stack.templateFile, + }, { + bucketName: toolkitInfo.bucketName, + objectKey: key, + }); + + debug('Storing template in S3 at:', templateURL); + return { TemplateURL: templateURL }; } /** @experimental */ export interface DestroyStackOptions { stack: cxapi.CloudFormationStackArtifact; - sdk: ISDK; + sdk: SdkProvider; roleArn?: string; deployName?: string; quiet?: boolean; @@ -225,7 +251,8 @@ export async function destroyStack(options: DestroyStackOptions) { } const deployName = options.deployName || options.stack.stackName; - const cfn = await options.sdk.cloudFormation(options.stack.environment.account, options.stack.environment.region, Mode.ForWriting); + const { account, region } = options.stack.environment; + const cfn = (await options.sdk.forEnvironment(account, region, Mode.ForWriting)).cloudFormation(); if (!await stackExists(cfn, deployName)) { return; } @@ -305,4 +332,4 @@ function compareTags(a: Tag[], b: Tag[]): boolean { } return true; -} +} \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/deployment-target.ts b/packages/aws-cdk/lib/api/deployment-target.ts index bf72c7f40b285..46c74ab61c3bc 100644 --- a/packages/aws-cdk/lib/api/deployment-target.ts +++ b/packages/aws-cdk/lib/api/deployment-target.ts @@ -1,10 +1,9 @@ import { CloudFormationStackArtifact } from '@aws-cdk/cx-api'; import { Tag } from "../api/cxapp/stacks"; import { debug } from '../logging'; -import { Mode } from './aws-auth/credentials'; +import { Mode, SdkProvider } from './aws-auth'; import { deployStack, DeployStackResult, readCurrentTemplate } from './deploy-stack'; import { loadToolkitInfo } from './toolkit-info'; -import { ISDK } from './util/sdk'; export const DEFAULT_TOOLKIT_STACK_NAME = 'CDKToolkit'; @@ -45,14 +44,14 @@ export interface DeployStackOptions { } export interface ProvisionerProps { - aws: ISDK; + aws: SdkProvider; } /** * Default provisioner (applies to CloudFormation). */ export class CloudFormationDeploymentTarget implements IDeploymentTarget { - private readonly aws: ISDK; + private readonly aws: SdkProvider; constructor(props: ProvisionerProps) { this.aws = props.aws; @@ -60,7 +59,7 @@ export class CloudFormationDeploymentTarget implements IDeploymentTarget { public async readCurrentTemplate(stack: CloudFormationStackArtifact): Promise