Merge branch 'master' into feature/listenertimeout

packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json

@@ -29,15 +29,15 @@
   "devDependencies": {
     "aws-sdk": "^2.596.0",
     "aws-sdk-mock": "^5.1.0",
-    "eslint": "^7.12.1",
+    "eslint": "^7.13.0",
     "eslint-config-standard": "^14.1.1",
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.2",
+    "eslint-plugin-standard": "^4.1.0",
     "jest": "^26.6.3",
     "lambda-tester": "^3.6.0",
-    "nock": "^13.0.4",
-    "ts-jest": "^26.4.3"
+    "nock": "^13.0.5",
+    "ts-jest": "^26.4.4"
   }
 }

packages/@aws-cdk/aws-dynamodb-global/lambda-packages/aws-global-table-coordinator/package.json

@@ -29,14 +29,14 @@
   "devDependencies": {
     "aws-sdk": "^2.596.0",
     "aws-sdk-mock": "^5.1.0",
-    "eslint": "^7.12.1",
+    "eslint": "^7.13.0",
     "eslint-config-standard": "^14.1.1",
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.2",
+    "eslint-plugin-standard": "^4.1.0",
     "jest": "^26.6.3",
     "lambda-tester": "^3.6.0",
-    "nock": "^13.0.4"
+    "nock": "^13.0.5"
   }
 }

packages/@aws-cdk/aws-ec2/lib/vpc.ts

@@ -1485,6 +1485,12 @@ export class Subnet extends Resource implements ISubnet {
    */
   public readonly subnetIpv6CidrBlocks: string[];
 
+  /**
+   * The Amazon Resource Name (ARN) of the Outpost for this subnet (if one exists).
+   * @attribute
+   */
+  public readonly subnetOutpostArn: string;
+
   /**
    * @attribute
    */
@@ -1525,6 +1531,7 @@ export class Subnet extends Resource implements ISubnet {
     this.subnetVpcId = subnet.attrVpcId;
     this.subnetAvailabilityZone = subnet.attrAvailabilityZone;
     this.subnetIpv6CidrBlocks = subnet.attrIpv6CidrBlocks;
+    this.subnetOutpostArn = subnet.attrOutpostArn;
 
     // subnet.attrNetworkAclAssociationId is the default ACL after the subnet
     // was just created. However, the ACL can be replaced at a later time.

packages/@aws-cdk/aws-efs/README.md

@@ -56,6 +56,25 @@ the access point. You may specify custom path with the `path` property. If `path
 created with the settings defined in the `creationInfo`. See
 [Creating Access Points](https://docs.aws.amazon.com/efs/latest/ug/create-access-point.html) for more details.
 
+Any access point that has been created outside the stack can be imported into your CDK app.
+
+Use the `fromAccessPointAttributes()` API to import an existing access point.
+
+```ts
+efs.AccessPoint.fromAccessPointAttributes(this, 'ap', {
+  accessPointArn: 'fsap-1293c4d9832fo0912',
+  fileSystem: efs.FileSystem.fromFileSystemAttributes(this, 'efs', {
+    fileSystemId: 'fs-099d3e2f',
+    securityGroup: SecurityGroup.fromSecurityGroupId(this, 'sg', 'sg-51530134'),
+  }),
+});
+```
+
+⚠️ Notice: When importing an Access Point using `fromAccessPointAttributes()`, you must make sure the mount targets are deployed and their lifecycle state is `available`. Otherwise, you may encounter the following error when deploying:
+> EFS file system <ARN of efs> referenced by access point <ARN of access point of EFS> has
+mount targets created in all availability zones the function will execute in, but not all are in the available life cycle
+state yet. Please wait for them to become available and try the request again.
+
 ### Connecting
 
 To control who can access the EFS, use the `.connections` attribute. EFS has

packages/@aws-cdk/aws-efs/lib/access-point.ts

@@ -20,11 +20,16 @@ export interface IAccessPoint extends IResource {
    * @attribute
    */
   readonly accessPointArn: string;
+
+  /**
+   * The efs filesystem
+   */
+  readonly fileSystem: IFileSystem;
 }
 
 /**
  * Permissions as POSIX ACL
- */
+*/
 export interface Acl {
   /**
    * Specifies the POSIX user ID to apply to the RootDirectory. Accepts values from 0 to 2^32 (4294967295).
@@ -109,23 +114,71 @@ export interface AccessPointProps extends AccessPointOptions {
   readonly fileSystem: IFileSystem;
 }
 
+/**
+ * Attributes that can be specified when importing an AccessPoint
+ */
+export interface AccessPointAttributes {
+  /**
+   * The ID of the AccessPoint
+   * One of this, of {@link accessPointArn} is required
+   *
+   * @default - determined based on accessPointArn
+   */
+  readonly accessPointId?: string;
+
+  /**
+   * The ARN of the AccessPoint
+   * One of this, of {@link accessPointId} is required
+   *
+   * @default - determined based on accessPointId
+   */
+  readonly accessPointArn?: string;
+
+  /**
+   * The EFS filesystem
+   *
+   * @default - no EFS filesystem
+   */
+  readonly fileSystem?: IFileSystem;
+}
+
+abstract class AccessPointBase extends Resource implements IAccessPoint {
+  /**
+   * The ARN of the Access Point
+   * @attribute
+   */
+  public abstract readonly accessPointArn: string;
+
+  /**
+   * The ID of the Access Point
+   * @attribute
+   */
+  public abstract readonly accessPointId: string;
+
+  /**
+   * The filesystem of the access point
+   */
+  public abstract readonly fileSystem: IFileSystem;
+}
+
 /**
  * Represents the AccessPoint
  */
-export class AccessPoint extends Resource implements IAccessPoint {
+export class AccessPoint extends AccessPointBase {
   /**
-   * Import an existing Access Point
+   * Import an existing Access Point by attributes
+   */
+  public static fromAccessPointAttributes(scope: Construct, id: string, attrs: AccessPointAttributes): IAccessPoint {
+    return new ImportedAccessPoint(scope, id, attrs);
+  }
+
+  /**
+   * Import an existing Access Point by id
    */
   public static fromAccessPointId(scope: Construct, id: string, accessPointId: string): IAccessPoint {
-    class Import extends Resource implements IAccessPoint {
-      public readonly accessPointId = accessPointId;
-      public readonly accessPointArn = Stack.of(scope).formatArn({
-        service: 'elasticfilesystem',
-        resource: 'access-point',
-        resourceName: accessPointId,
-      });
-    }
-    return new Import(scope, id);
+    return new ImportedAccessPoint(scope, id, {
+      accessPointId: accessPointId,
+    });
   }
 
   /**
@@ -174,3 +227,49 @@ export class AccessPoint extends Resource implements IAccessPoint {
     this.fileSystem = props.fileSystem;
   }
 }
+
+class ImportedAccessPoint extends AccessPointBase {
+  public readonly accessPointId: string;
+  public readonly accessPointArn: string;
+  private readonly _fileSystem?: IFileSystem;
+
+  constructor(scope: Construct, id: string, attrs: AccessPointAttributes) {
+    super(scope, id);
+
+    if (!attrs.accessPointId) {
+      if (!attrs.accessPointArn) {
+        throw new Error('One of accessPointId or AccessPointArn is required!');
+      }
+
+      this.accessPointArn = attrs.accessPointArn;
+      let maybeApId = Stack.of(scope).parseArn(attrs.accessPointArn).resourceName;
+
+      if (!maybeApId) {
+        throw new Error('ARN for AccessPoint must provide the resource name.');
+      }
+
+      this.accessPointId = maybeApId;
+    } else {
+      if (attrs.accessPointArn) {
+        throw new Error('Only one of accessPointId or AccessPointArn can be provided!');
+      }
+
+      this.accessPointId = attrs.accessPointId;
+      this.accessPointArn = Stack.of(scope).formatArn({
+        service: 'elasticfilesystem',
+        resource: 'access-point',
+        resourceName: attrs.accessPointId,
+      });
+    }
+
+    this._fileSystem = attrs.fileSystem;
+  }
+
+  public get fileSystem() {
+    if (!this._fileSystem) {
+      throw new Error("fileSystem is not available when 'fromAccessPointId()' is used. Use 'fromAccessPointAttributes()' instead");
+    }
+
+    return this._fileSystem;
+  }
+}

packages/@aws-cdk/aws-efs/lib/efs-file-system.ts

@@ -206,28 +206,18 @@ export interface FileSystemAttributes {
  * @resource AWS::EFS::FileSystem
  */
 export class FileSystem extends Resource implements IFileSystem {
+  /**
+   * The default port File System listens on.
+   */
+  public static readonly DEFAULT_PORT: number = 2049;
 
   /**
    * Import an existing File System from the given properties.
    */
   public static fromFileSystemAttributes(scope: Construct, id: string, attrs: FileSystemAttributes): IFileSystem {
-    class Import extends Resource implements IFileSystem {
-      public readonly fileSystemId = attrs.fileSystemId;
-      public readonly connections = new ec2.Connections({
-        securityGroups: [attrs.securityGroup],
-        defaultPort: ec2.Port.tcp(FileSystem.DEFAULT_PORT),
-      });
-      public readonly mountTargetsAvailable = new ConcreteDependable();
-    }
-
-    return new Import(scope, id);
+    return new ImportedFileSystem(scope, id, attrs);
   }
 
-  /**
-   * The default port File System listens on.
-   */
-  private static readonly DEFAULT_PORT: number = 2049;
-
   /**
    * The security groups/rules used to allow network connections to the file system.
    */
@@ -303,3 +293,36 @@ export class FileSystem extends Resource implements IFileSystem {
     });
   }
 }
+
+
+class ImportedFileSystem extends Resource implements IFileSystem {
+  /**
+   * The security groups/rules used to allow network connections to the file system.
+   */
+  public readonly connections: ec2.Connections;
+
+  /**
+   * @attribute
+   */
+  public readonly fileSystemId: string;
+
+  /**
+   * Dependable that can be depended upon to ensure the mount targets of the filesystem are ready
+   */
+  public readonly mountTargetsAvailable: IDependable;
+
+  constructor(scope: Construct, id: string, attrs: FileSystemAttributes) {
+    super(scope, id);
+
+    this.fileSystemId = attrs.fileSystemId;
+
+    this.connections = new ec2.Connections({
+      securityGroups: [attrs.securityGroup],
+      defaultPort: ec2.Port.tcp(FileSystem.DEFAULT_PORT),
+    });
+
+    this.mountTargetsAvailable = new ConcreteDependable();
+  }
+
+
+}