Merge branch 'main' into glue-4

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

@@ -408,6 +408,13 @@ export enum SpotAllocationStrategy {
    * honors the instance type priorities on a best-effort basis but optimizes for capacity first.
    */
   CAPACITY_OPTIMIZED_PRIORITIZED = 'capacity-optimized-prioritized',
+
+  /**
+   * The price and capacity optimized allocation strategy looks at both price and
+   * capacity to select the Spot Instance pools that are the least likely to be
+   * interrupted and have the lowest possible price.
+   */
+  PRICE_CAPACITY_OPTIMIZED = 'price-capacity-optimized',
 }
 
 /**

packages/@aws-cdk/aws-autoscaling/test/auto-scaling-group.test.ts

@@ -1915,6 +1915,47 @@ test('can use Vpc imported from unparseable list tokens', () => {
   });
 });
 
+test('add price-capacity-optimized', () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+
+  // WHEN
+  const lt = LaunchTemplate.fromLaunchTemplateAttributes(stack, 'imported-lt', {
+    launchTemplateId: 'test-lt-id',
+    versionNumber: '0',
+  });
+
+  new autoscaling.AutoScalingGroup(stack, 'mip-asg', {
+    mixedInstancesPolicy: {
+      launchTemplate: lt,
+      launchTemplateOverrides: [{
+        instanceType: new InstanceType('t4g.micro'),
+        launchTemplate: lt,
+        weightedCapacity: 9,
+      }],
+      instancesDistribution: {
+        onDemandAllocationStrategy: OnDemandAllocationStrategy.PRIORITIZED,
+        onDemandBaseCapacity: 1,
+        onDemandPercentageAboveBaseCapacity: 2,
+        spotAllocationStrategy: SpotAllocationStrategy.PRICE_CAPACITY_OPTIMIZED,
+        spotInstancePools: 3,
+        spotMaxPrice: '4',
+      },
+    },
+    vpc: mockVpc(stack),
+  });
+
+  // THEN
+  Template.fromStack(stack).hasResourceProperties('AWS::AutoScaling::AutoScalingGroup', {
+    MixedInstancesPolicy: {
+      InstancesDistribution: {
+        SpotAllocationStrategy: 'price-capacity-optimized',
+      },
+    },
+  });
+});
+
+
 function mockSecurityGroup(stack: cdk.Stack) {
   return ec2.SecurityGroup.fromSecurityGroupId(stack, 'MySG', 'most-secure');
 }

packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts

@@ -251,18 +251,8 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute('access_logs.s3.bucket', bucket.bucketName.toString());
     this.setAttribute('access_logs.s3.prefix', prefix);
 
-    const region = Stack.of(this).region;
-    if (Token.isUnresolved(region)) {
-      throw new Error('Region is required to enable ELBv2 access logging');
-    }
-
-    const account = RegionInfo.get(region).elbv2Account;
-    if (!account) {
-      throw new Error(`Cannot enable access logging; don't know ELBv2 account for region ${region}`);
-    }
-
     const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com');
-    bucket.grantPut(new iam.AccountPrincipal(account), `${(prefix ? prefix + '/' : '')}AWSLogs/${Stack.of(this).account}/*`);
+    bucket.grantPut(this.resourcePolicyPrincipal(), `${(prefix ? prefix + '/' : '')}AWSLogs/${Stack.of(this).account}/*`);
     bucket.addToResourcePolicy(
       new PolicyStatement({
         actions: ['s3:PutObject'],
@@ -303,6 +293,22 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute(key, undefined);
   }
 
+  protected resourcePolicyPrincipal(): iam.IPrincipal {
+    const region = Stack.of(this).region;
+    if (Token.isUnresolved(region)) {
+      throw new Error('Region is required to enable ELBv2 access logging');
+    }
+
+    const account = RegionInfo.get(region).elbv2Account;
+    if (!account) {
+      // New Regions use a service principal
+      // https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy
+      return new iam.ServicePrincipal('logdelivery.elasticloadbalancing.amazonaws.com');
+    }
+
+    return new iam.AccountPrincipal(account);
+  }
+
   protected validateLoadBalancer(): string[] {
     const ret = new Array<string>();
 

packages/@aws-cdk/aws-s3/lib/rule.ts

@@ -24,6 +24,9 @@ export interface LifecycleRule {
    * When Amazon S3 aborts a multipart upload, it deletes all parts
    * associated with the multipart upload.
    *
+   * The underlying configuration is expressed in whole numbers of days. Providing a Duration that
+   * does not represent a whole number of days will result in a runtime or deployment error.
+   *
    * @default - Incomplete uploads are never aborted
    */
   readonly abortIncompleteMultipartUploadAfter?: Duration;
@@ -48,6 +51,9 @@ export interface LifecycleRule {
    * time unit for both properties (either in days or by date). The
    * expiration time must also be later than the transition time.
    *
+   * The underlying configuration is expressed in whole numbers of days. Providing a Duration that
+   * does not represent a whole number of days will result in a runtime or deployment error.
+   *
    * @default - No expiration timeout
    */
   readonly expiration?: Duration;
@@ -62,6 +68,9 @@ export interface LifecycleRule {
    * and expiration time, the expiration time must be later than the
    * transition time.
    *
+   * The underlying configuration is expressed in whole numbers of days. Providing a Duration that
+   * does not represent a whole number of days will result in a runtime or deployment error.
+   *
    * @default - No noncurrent version expiration
    */
   readonly noncurrentVersionExpiration?: Duration;

packages/@aws-cdk/pipelines/README.md

@@ -15,7 +15,7 @@ CDK Pipelines is an *opinionated construct library*. It is purpose-built to
 deploy one or more copies of your CDK applications using CloudFormation with a
 minimal amount of effort on your part. It is *not* intended to support arbitrary
 deployment pipelines, and very specifically it is not built to use CodeDeploy to
-applications to instances, or deploy your custom-built ECR images to an ECS
+deploy applications to instances, or deploy your custom-built ECR images to an ECS
 cluster directly: use CDK file assets with CloudFormation Init for instances, or
 CDK container assets for ECS clusters instead.
 

packages/@aws-cdk/region-info/build-tools/fact-tables.ts

@@ -25,6 +25,7 @@ export const AWS_CDK_METADATA = new Set([
   'eu-north-1',
   'eu-south-1',
   'me-south-1',
+  // 'me-central-1',
   'sa-east-1',
 ]);
 
@@ -52,6 +53,7 @@ export const ROUTE_53_BUCKET_WEBSITE_ZONE_IDS: { [region: string]: string } = {
   'eu-west-2': 'Z3GKZC51ZF0DB4',
   'eu-west-3': 'Z3R1K369G5AVDG',
   'me-south-1': 'Z1MPMWCPA7YB62',
+  'me-central-1': 'Z06143092I8HRXZRUZROF',
   'sa-east-1': 'Z7KQH4QJS55SO',
   'us-east-1': 'Z3AQBSTGFYJSTF',
   'us-east-2': 'Z2O1EMRO9K5GLX',
@@ -104,6 +106,7 @@ export const PARTITION_MAP: { [region: string]: Region } = {
 
 // https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
 // https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy
+// Any not listed regions use the service principal "logdelivery.elasticloadbalancing.amazonaws.com"
 export const ELBV2_ACCOUNTS: { [region: string]: string } = {
   'af-south-1': '098369216593',
   'ap-east-1': '754344448648',

packages/@aws-cdk/region-info/lib/aws-entities.ts

@@ -70,7 +70,7 @@ export const AWS_REGIONS = AWS_REGIONS_AND_RULES
   .sort() as readonly string[];
 
 /**
- * Possibly non-exaustive list of all service names, used to locate service principals.
+ * Possibly non-exhaustive list of all service names, used to locate service principals.
  *
  * Not in the list ==> default service principal mappings.
  */

packages/@aws-cdk/region-info/lib/region-info.ts

@@ -131,7 +131,6 @@ export class RegionInfo {
 
   /**
    * The account ID for ELBv2 in this region
-   *
    */
   public get elbv2Account(): string | undefined {
     return Fact.find(this.name, FactName.ELBV2_ACCOUNT);

yarn.lock

@@ -3031,7 +3031,6 @@ [email protected]:
   version "2.0.28"
   resolved "https://registry.npmjs.org/cdk8s-plus-24/-/cdk8s-plus-24-2.0.28.tgz#cd5fbf531a7e4477491e44492001767e11a7f175"
   integrity sha512-fnR3k4djVriOZNi4sTIqbvkmrVbhYa/+/jfgfsU7h3wA6+JzMiUWE860GEoE5FRKKJZPFqnL/PZL1MFfh7JoIg==
-
   dependencies:
     minimatch "^3.1.2"
 
@@ -3770,9 +3769,9 @@ decimal.js@^10.2.1:
   integrity sha512-ic1yEvwT6GuvaYwBLLY6/aFFgjZdySKTE8en/fkU3QICTmRtgtSlFn0u0BXN06InZwtfCelR7j8LRiDI/02iGA==
 
 decode-uri-component@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
-  integrity sha512-hjf+xovcEn31w/EUYdTXQh/8smFL/dzYjohQGEIgjyNavaJfBY2p5F527Bo1VPATxv0VYTUC2bOcXvqFwk78Og==
+  version "0.2.2"
+  resolved "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9"
+  integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==
 
 decompress-response@^3.3.0:
   version "3.3.0"