diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 831a6163a8954..15741bb1f1f30 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.29.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.0-alpha.0...v2.29.1-alpha.0) (2022-06-24) + ## [2.29.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.28.1-alpha.0...v2.29.0-alpha.0) (2022-06-22) ## [2.28.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.28.0-alpha.0...v2.28.1-alpha.0) (2022-06-15) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 6425cd0b1092b..c174cf702a885 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.29.1](https://github.com/aws/aws-cdk/compare/v2.29.0...v2.29.1) (2022-06-24) + + +### Bug Fixes + +* **pipelines:** 'ConfirmPermissionsBroadening' uses wrong node version ([#20861](https://github.com/aws/aws-cdk/issues/20861)) ([47b5ca0](https://github.com/aws/aws-cdk/commit/47b5ca06c50a566af8d1fed4202164b85f793d18)) + ## [2.29.0](https://github.com/aws/aws-cdk/compare/v2.28.1...v2.29.0) (2022-06-22) diff --git a/packages/@aws-cdk/aws-apigateway/lib/stage.ts b/packages/@aws-cdk/aws-apigateway/lib/stage.ts index ab8340243a34b..846eebfc5d613 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/stage.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/stage.ts @@ -310,7 +310,7 @@ export class Stage extends Resource implements IStage { }; // if any of them are defined, add an entry for '/*/*'. - const hasCommonOptions = Object.keys(commonMethodOptions).map(v => (commonMethodOptions as any)[v]).filter(x => x).length > 0; + const hasCommonOptions = Object.keys(commonMethodOptions).map(v => (commonMethodOptions as any)[v]).filter(x => x !== undefined).length > 0; if (hasCommonOptions) { settings.push(renderEntry('/*/*', commonMethodOptions)); } diff --git a/packages/@aws-cdk/aws-apigateway/test/stage.test.ts b/packages/@aws-cdk/aws-apigateway/test/stage.test.ts index 76d07c6e2b4b3..b4181ce2f1af0 100644 --- a/packages/@aws-cdk/aws-apigateway/test/stage.test.ts +++ b/packages/@aws-cdk/aws-apigateway/test/stage.test.ts @@ -2,6 +2,7 @@ import { Template } from '@aws-cdk/assertions'; import * as logs from '@aws-cdk/aws-logs'; import * as cdk from '@aws-cdk/core'; import * as apigateway from '../lib'; +import { ApiDefinition } from '../lib'; describe('stage', () => { test('minimal setup', () => { @@ -396,4 +397,30 @@ describe('stage', () => { accessLogFormat: testFormat, })).toThrow(/Access log format is specified without a destination/); }); + + test('default throttling settings', () => { + // GIVEN + const stack = new cdk.Stack(); + new apigateway.SpecRestApi(stack, 'testapi', { + apiDefinition: ApiDefinition.fromInline({ + openapi: '3.0.2', + }), + deployOptions: { + throttlingBurstLimit: 0, + throttlingRateLimit: 0, + metricsEnabled: false, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Stage', { + MethodSettings: [{ + DataTraceEnabled: false, + HttpMethod: '*', + ResourcePath: '/*', + ThrottlingBurstLimit: 0, + ThrottlingRateLimit: 0, + }], + }); + }); }); diff --git a/packages/@aws-cdk/aws-appmesh/README.md b/packages/@aws-cdk/aws-appmesh/README.md index d168d56c73a7e..9e1f46e84ee96 100644 --- a/packages/@aws-cdk/aws-appmesh/README.md +++ b/packages/@aws-cdk/aws-appmesh/README.md @@ -49,6 +49,17 @@ const mesh = new appmesh.Mesh(this, 'AppMesh', { }); ``` +A mesh with an IP preference can be created by providing the property `serviceDiscovery` that specifes an `ipPreference`. + +```ts +const mesh = new appmesh.Mesh(this, 'AppMesh', { + meshName: 'myAwsMesh', + serviceDiscovery: { + ipPreference: appmesh.IpPreference.IPV4_ONLY, + }, +}); +``` + ## Adding VirtualRouters A _mesh_ uses _virtual routers_ as logical units to route requests to _virtual nodes_. @@ -425,6 +436,48 @@ const gateway = new appmesh.VirtualGateway(this, 'gateway', { }); ``` +### Adding an IP Preference to a Virtual Node + +An `ipPreference` can be specified as part of a Virtual Node's service discovery. An IP preference defines how clients for this Virtual Node will interact with it. + +There a four different IP preferences available to use which each specify what IP versions this Virtual Node will use and prefer. + +- `IPv4_ONLY` - Only use IPv4. For CloudMap service discovery, only IPv4 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv4. + +- `IPv4_PREFERRED` - Prefer IPv4 and fall back to IPv6. For CloudMap service discovery, an IPv4 address will be used if returned from CloudMap. Otherwise, an IPv6 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv4 and fall back to IPv6. + +- `IPv6_ONLY` - Only use IPv6. For CloudMap service discovery, only IPv6 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv6. + +- `IPv6_PREFERRED` - Prefer IPv6 and fall back to IPv4. For CloudMap service discovery, an IPv6 address will be used if returned from CloudMap. Otherwise, an IPv4 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv6 and fall back to IPv4. + +```ts +const mesh = new appmesh.Mesh(stack, 'mesh', { + meshName: 'mesh-with-preference', +}); + +// Virtual Node with DNS service discovery and an IP preference +const dnsNode = new appmesh.VirtualNode(stack, 'dns-node', { + mesh, + serviceDiscovery: appmesh.ServiceDiscovery.dns('test', appmesh.DnsResponseType.LOAD_BALANCER, appmesh.IpPreference.IPV4_ONLY), +}); + +// Virtual Node with CloudMap service discovery and an IP preference +const vpc = new ec2.Vpc(stack, 'vpc'); +const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', { + vpc, + name: 'domain.local', +}); +const service = namespace.createService('Svc'); + +const instanceAttribute : { [key: string]: string} = {}; +instanceAttribute.testKey = 'testValue'; + +const cloudmapNode = new appmesh.VirtualNode(stack, 'cloudmap-node', { + mesh, + serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service, instanceAttribute, appmesh.IpPreference.IPV4_ONLY), +}); +``` + ## Adding a Route A _route_ matches requests with an associated virtual router and distributes traffic to its associated virtual nodes. diff --git a/packages/@aws-cdk/aws-appmesh/lib/mesh.ts b/packages/@aws-cdk/aws-appmesh/lib/mesh.ts index 3983a58c25742..a54689130fb63 100644 --- a/packages/@aws-cdk/aws-appmesh/lib/mesh.ts +++ b/packages/@aws-cdk/aws-appmesh/lib/mesh.ts @@ -1,6 +1,7 @@ import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnMesh } from './appmesh.generated'; +import { MeshServiceDiscovery } from './service-discovery'; import { VirtualGateway, VirtualGatewayBaseProps } from './virtual-gateway'; import { VirtualNode, VirtualNodeBaseProps } from './virtual-node'; import { VirtualRouter, VirtualRouterBaseProps } from './virtual-router'; @@ -124,6 +125,13 @@ export interface MeshProps { * @default DROP_ALL */ readonly egressFilter?: MeshFilterType; + + /** + * Defines how upstream clients will discover VirtualNodes in the Mesh + * + * @default - No Service Discovery + */ + readonly serviceDiscovery?: MeshServiceDiscovery; } /** @@ -187,6 +195,7 @@ export class Mesh extends MeshBase { egressFilter: props.egressFilter ? { type: props.egressFilter, } : undefined, + serviceDiscovery: props.serviceDiscovery, }, }); diff --git a/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts b/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts index 0cd08280c2c28..660e3aeb7ca05 100644 --- a/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts +++ b/packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts @@ -2,6 +2,52 @@ import * as cloudmap from '@aws-cdk/aws-servicediscovery'; import { Construct } from 'constructs'; import { CfnVirtualNode } from './appmesh.generated'; +/** + * Enum of supported IP preferences. + * Used to dictate the IP version for mesh wide and virtual node service discovery. + * Also used to specify the IP version that a sidecar Envoy uses when sending traffic to a local application. + */ + +export enum IpPreference { + /** + * Use IPv4 when sending traffic to a local application. + * Only use IPv4 for service discovery. + */ + IPV4_ONLY = 'IPv4_ONLY', + /** + * Use IPv4 when sending traffic to a local application. + * First attempt to use IPv4 and fall back to IPv6 for service discovery. + */ + IPV4_PREFERRED = 'IPv4_PREFERRED', + /** + * Use IPv6 when sending traffic to a local application. + * Only use IPv6 for service discovery. + */ + IPV6_ONLY = 'IPv6_ONLY', + /** + * Use IPv6 when sending traffic to a local application. + * First attempt to use IPv6 and fall back to IPv4 for service discovery. + */ + IPV6_PREFERRED = 'IPv6_PREFERRED' +} + +/** + * Properties for Mesh Service Discovery + */ +export interface MeshServiceDiscovery { + /** + * IP preference applied to all Virtual Nodes in the Mesh + * + * @default - No IP preference is applied to any of the Virtual Nodes in the Mesh. + * Virtual Nodes without an IP preference will have the following configured. + * Envoy listeners are configured to bind only to IPv4. + * Envoy will use IPv4 when sending traffic to a local application. + * For DNS service discovery, the Envoy DNS resolver to prefer using IPv6 and fall back to IPv4. + * For CloudMap service discovery, App Mesh will prefer using IPv4 and fall back to IPv6 for IPs returned by CloudMap. + */ + readonly ipPreference?: IpPreference; +} + /** * Properties for VirtualNode Service Discovery */ @@ -48,9 +94,10 @@ export abstract class ServiceDiscovery { * @param hostname * @param responseType Specifies the DNS response type for the virtual node. * The default is `DnsResponseType.LOAD_BALANCER`. + * @param ipPreference No IP preference is applied to the Virtual Node. */ - public static dns(hostname: string, responseType?: DnsResponseType): ServiceDiscovery { - return new DnsServiceDiscovery(hostname, responseType); + public static dns(hostname: string, responseType?: DnsResponseType, ipPreference?: IpPreference): ServiceDiscovery { + return new DnsServiceDiscovery(hostname, responseType, ipPreference); } /** @@ -61,9 +108,10 @@ export abstract class ServiceDiscovery { * filter instances by any custom attribute that you specified when you * registered the instance. Only instances that match all of the specified * key/value pairs will be returned. + * @param ipPreference No IP preference is applied to the Virtual Node. */ - public static cloudMap(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}): ServiceDiscovery { - return new CloudMapServiceDiscovery(service, instanceAttributes); + public static cloudMap(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}, ipPreference?: IpPreference): ServiceDiscovery { + return new CloudMapServiceDiscovery(service, instanceAttributes, ipPreference); } /** @@ -75,11 +123,13 @@ export abstract class ServiceDiscovery { class DnsServiceDiscovery extends ServiceDiscovery { private readonly hostname: string; private readonly responseType?: DnsResponseType; + private readonly ipPreference?: IpPreference; - constructor(hostname: string, responseType?: DnsResponseType) { + constructor(hostname: string, responseType?: DnsResponseType, ipPreference?: IpPreference) { super(); this.hostname = hostname; this.responseType = responseType; + this.ipPreference = ipPreference; } public bind(_scope: Construct): ServiceDiscoveryConfig { @@ -87,6 +137,7 @@ class DnsServiceDiscovery extends ServiceDiscovery { dns: { hostname: this.hostname, responseType: this.responseType, + ipPreference: this.ipPreference, }, }; } @@ -95,11 +146,13 @@ class DnsServiceDiscovery extends ServiceDiscovery { class CloudMapServiceDiscovery extends ServiceDiscovery { private readonly service: cloudmap.IService; private readonly instanceAttributes?: {[key: string]: string}; + private readonly ipPreference?: IpPreference; - constructor(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}) { + constructor(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}, ipPreference?: IpPreference) { super(); this.service = service; this.instanceAttributes = instanceAttributes; + this.ipPreference = ipPreference; } public bind(_scope: Construct): ServiceDiscoveryConfig { @@ -108,6 +161,7 @@ class CloudMapServiceDiscovery extends ServiceDiscovery { namespaceName: this.service.namespace.namespaceName, serviceName: this.service.serviceName, attributes: renderAttributes(this.instanceAttributes), + ipPreference: this.ipPreference, }, }; } diff --git a/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts b/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts index b01bb32cde119..7d731d1c41e3e 100644 --- a/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts +++ b/packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts @@ -17,6 +17,11 @@ const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', { }); const mesh = new appmesh.Mesh(stack, 'mesh'); +new appmesh.Mesh(stack, 'mesh-with-preference', { + serviceDiscovery: { + ipPreference: appmesh.IpPreference.IPV4_ONLY, + }, +}); const router = mesh.addVirtualRouter('router', { listeners: [ appmesh.VirtualRouterListener.http(), @@ -29,7 +34,7 @@ const virtualService = new appmesh.VirtualService(stack, 'service', { }); const node = mesh.addVirtualNode('node', { - serviceDiscovery: appmesh.ServiceDiscovery.dns(`node1.${namespace.namespaceName}`), + serviceDiscovery: appmesh.ServiceDiscovery.dns(`node1.${namespace.namespaceName}`, undefined, appmesh.IpPreference.IPV4_ONLY), listeners: [appmesh.VirtualNodeListener.http({ healthCheck: appmesh.HealthCheck.http({ healthyThreshold: 3, diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out index 90bef2e09ad39..588d7b269d34f 100644 --- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out @@ -1 +1 @@ -{"version":"17.0.0"} \ No newline at end of file +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json index 671de3cf8cc9d..ff8d8d70dc87d 100644 --- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json @@ -1,7 +1,7 @@ { - "version": "18.0.0", + "version": "20.0.0", "testCases": { - "aws-appmesh/test/integ.mesh": { + "integ.mesh": { "stacks": [ "mesh-stack" ], diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json index df8e09ee867e7..b9570ecb05daf 100644 --- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "17.0.0", + "version": "20.0.0", "artifacts": { "Tree": { "type": "cdk:tree", @@ -291,6 +291,12 @@ "data": "meshgateway1gateway1routegrpc2FAC1FF36" } ], + "/mesh-stack/mesh-with-preference/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "meshwithpreferenceCC9682C9" + } + ], "/mesh-stack/service/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json new file mode 100644 index 0000000000000..9de4bc9bd2808 --- /dev/null +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "20.0.0", + "files": { + "be244c434fce5ce2d030a96121c147910d423314d1807320ddf66a562a53550d": { + "source": { + "path": "mesh-stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "be244c434fce5ce2d030a96121c147910d423314d1807320ddf66a562a53550d.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json index 8b1fbd80e67cf..4e7ce6d367c42 100644 --- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.template.json @@ -969,7 +969,8 @@ ], "ServiceDiscovery": { "DNS": { - "Hostname": "node1.domain.local" + "Hostname": "node1.domain.local", + "IpPreference": "IPv4_ONLY" } } }, @@ -1672,6 +1673,17 @@ "GatewayRouteName": "meshstackmeshgateway1gateway1routegrpc2AE8379FD" } }, + "meshwithpreferenceCC9682C9": { + "Type": "AWS::AppMesh::Mesh", + "Properties": { + "MeshName": "meshstackmeshwithpreference13C624E1", + "Spec": { + "ServiceDiscovery": { + "IpPreference": "IPv4_ONLY" + } + } + } + }, "service6D174F83": { "Type": "AWS::AppMesh::VirtualService", "Properties": { diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json index 5aeb8219f3405..26fb8d5db0edd 100644 --- a/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/tree.json @@ -8,8 +8,8 @@ "id": "Tree", "path": "Tree", "constructInfo": { - "fqn": "@aws-cdk/core.Construct", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.0.9" } }, "mesh-stack": { @@ -1464,7 +1464,8 @@ ], "serviceDiscovery": { "dns": { - "hostname": "node1.domain.local" + "hostname": "node1.domain.local", + "ipPreference": "IPv4_ONLY" } } }, @@ -2382,6 +2383,35 @@ "version": "0.0.0" } }, + "mesh-with-preference": { + "id": "mesh-with-preference", + "path": "mesh-stack/mesh-with-preference", + "children": { + "Resource": { + "id": "Resource", + "path": "mesh-stack/mesh-with-preference/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppMesh::Mesh", + "aws:cdk:cloudformation:props": { + "meshName": "meshstackmeshwithpreference13C624E1", + "spec": { + "serviceDiscovery": { + "ipPreference": "IPv4_ONLY" + } + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-appmesh.CfnMesh", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-appmesh.Mesh", + "version": "0.0.0" + } + }, "service": { "id": "service", "path": "mesh-stack/service", diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts b/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts index e8f7588e59f4f..7969720001186 100644 --- a/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts +++ b/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts @@ -24,6 +24,29 @@ describe('mesh', () => { }); describe('with spec applied', () => { + test('should take IP preference from props', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new appmesh.Mesh(stack, 'mesh', { + meshName: 'test-mesh', + serviceDiscovery: { + ipPreference: appmesh.IpPreference.IPV4_ONLY, + }, + }); + + // THEN + Template.fromStack(stack). + hasResourceProperties('AWS::AppMesh::Mesh', { + Spec: { + ServiceDiscovery: { + IpPreference: 'IPv4_ONLY', + }, + }, + }); + }); + test('should take egress filter from props', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts b/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts index f419f7ac41733..24712b76d99e6 100644 --- a/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts +++ b/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts @@ -1,7 +1,9 @@ import { Match, Template } from '@aws-cdk/assertions'; import * as acmpca from '@aws-cdk/aws-acmpca'; import * as acm from '@aws-cdk/aws-certificatemanager'; +import * as ec2 from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; +import * as cloudmap from '@aws-cdk/aws-servicediscovery'; import * as cdk from '@aws-cdk/core'; import * as appmesh from '../lib'; @@ -954,6 +956,32 @@ describe('virtual node', () => { }); describe('with DNS service discovery', () => { + test('with basic configuration and without optional fields', () => { + // GIVEN + const stack = new cdk.Stack(); + + const mesh = new appmesh.Mesh(stack, 'mesh', { + meshName: 'test-mesh', + }); + + // WHEN + new appmesh.VirtualNode(stack, 'test-node', { + mesh, + serviceDiscovery: appmesh.ServiceDiscovery.dns('test'), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', { + Spec: { + ServiceDiscovery: { + DNS: { + Hostname: 'test', + }, + }, + }, + }); + }); + test('should allow set response type', () => { // GIVEN const stack = new cdk.Stack(); @@ -980,6 +1008,101 @@ describe('virtual node', () => { }, }); }); + + test('has an IP Preference applied', () => { + // GIVEN + const stack = new cdk.Stack(); + + const mesh = new appmesh.Mesh(stack, 'mesh', { + meshName: 'test-mesh', + }); + + // WHEN + new appmesh.VirtualNode(stack, 'test-node', { + mesh, + serviceDiscovery: appmesh.ServiceDiscovery.dns('test', appmesh.DnsResponseType.LOAD_BALANCER, appmesh.IpPreference.IPV4_ONLY), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', { + Spec: { + ServiceDiscovery: { + DNS: { + Hostname: 'test', + ResponseType: 'LOADBALANCER', + IpPreference: 'IPv4_ONLY', + }, + }, + }, + }); + }); + }); + + describe('with CloudMap service discovery', () => { + test('with basic configuration and without optional fields', () => { + // GIVEN + const stack = new cdk.Stack(); + const mesh = new appmesh.Mesh(stack, 'mesh', { + meshName: 'test-mesh', + }); + const vpc = new ec2.Vpc(stack, 'vpc'); + const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', { + vpc, + name: 'domain.local', + }); + const service = namespace.createService('Svc'); + + // WHEN + new appmesh.VirtualNode(stack, 'test-node', { + mesh, + serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', { + Spec: { + ServiceDiscovery: { + AWSCloudMap: { + NamespaceName: 'domain.local', + ServiceName: { 'Fn::GetAtt': ['testnamespaceSvcB55702EC', 'Name'] }, + }, + }, + }, + }); + }); + + test('has an IP Preference applied', () => { + // GIVEN + const stack = new cdk.Stack(); + const mesh = new appmesh.Mesh(stack, 'mesh', { + meshName: 'test-mesh', + }); + const vpc = new ec2.Vpc(stack, 'vpc'); + const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', { + vpc, + name: 'domain.local', + }); + const service = namespace.createService('Svc'); + + // WHEN + new appmesh.VirtualNode(stack, 'test-node', { + mesh, + serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service, undefined, appmesh.IpPreference.IPV4_ONLY), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppMesh::VirtualNode', { + Spec: { + ServiceDiscovery: { + AWSCloudMap: { + NamespaceName: 'domain.local', + ServiceName: { 'Fn::GetAtt': ['testnamespaceSvcB55702EC', 'Name'] }, + IpPreference: 'IPv4_ONLY', + }, + }, + }, + }); + }); }); describe('with listener and without service discovery', () => { diff --git a/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py b/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py index 9d510f27cc45b..f1bb6a0dbdd9c 100644 --- a/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py +++ b/packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py @@ -94,20 +94,30 @@ def helm_handler(event, context): def get_oci_cmd(repository, version): - + # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently. cmnd = [] - pattern = '\d+.dkr.ecr.[a-z]+-[a-z]+-\d.amazonaws.com' + private_ecr_pattern = '\d+.dkr.ecr.[a-z]+-[a-z]+-\d.amazonaws.com' + public_ecr = 'public.ecr.aws' registry = repository.rsplit('/', 1)[0].replace('oci://', '') - if re.fullmatch(pattern, registry) is not None: + if re.fullmatch(private_ecr_pattern, registry) is not None: + logger.info("Found AWS private repository") region = registry.replace('.amazonaws.com', '').split('.')[-1] cmnd = [ f"aws ecr get-login-password --region {region} | " \ f"helm registry login --username AWS --password-stdin {registry}; helm pull {repository} --version {version} --untar" ] + elif registry.startswith(public_ecr): + logger.info("Found AWS public repository, will use default region as deployment") + region = os.environ.get('AWS_REGION', 'us-east-1') + + cmnd = [ + f"aws ecr-public get-login-password --region {region} | " \ + f"helm registry login --username AWS --password-stdin {public_ecr}; helm pull {repository} --version {version} --untar" + ] else: - logger.info("Non AWS OCI repository found") + logger.error("OCI repository format not recognized, falling back to helm pull") cmnd = ['helm', 'pull', repository, '--version', version, '--untar'] return cmnd @@ -122,8 +132,7 @@ def get_chart_from_oci(tmpdir, release, repository = None, version = None): while retry > 0: try: logger.info(cmnd) - env = get_env_with_oci_flag() - output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, env=env) + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True) logger.info(output) return os.path.join(tmpdir, release) @@ -137,13 +146,6 @@ def get_chart_from_oci(tmpdir, release, repository = None, version = None): raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') -def get_env_with_oci_flag(): - env = os.environ.copy() - env['HELM_EXPERIMENTAL_OCI'] = '1' - - return env - - def helm(verb, release, chart = None, repo = None, file = None, namespace = None, version = None, wait = False, timeout = None, create_namespace = None): import subprocess @@ -172,8 +174,7 @@ def helm(verb, release, chart = None, repo = None, file = None, namespace = None retry = maxAttempts while retry > 0: try: - env = get_env_with_oci_flag() - output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir, env=env) + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir) logger.info(output) return except subprocess.CalledProcessError as exc: diff --git a/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json index 804a7b3d78415..7d2bb8615cb6f 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json @@ -1,1319 +1,1319 @@ { - "Resources": { - "AdminRole38563C57": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "Vpc8378EB38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc" - } - ] - } - }, - "VpcPublicSubnet1Subnet5C2D37C4": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" - } - ] - } - }, - "VpcPublicSubnet1RouteTable6C95E38E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" - } - ] - } - }, - "VpcPublicSubnet1RouteTableAssociation97140677": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - } - } - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VpcIGWD7BA715C" - } - }, - "DependsOn": [ - "VpcVPCGWBF912B6E" - ] - }, - "VpcPublicSubnet1EIPD7E02669": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" - } - ] - } - }, - "VpcPublicSubnet1NATGateway4D7517AA": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, - "AllocationId": { - "Fn::GetAtt": [ - "VpcPublicSubnet1EIPD7E02669", - "AllocationId" - ] - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" - } - ] - } - }, - "VpcPublicSubnet2Subnet691E08A3": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2" - } - ] - } - }, - "VpcPublicSubnet2RouteTable94F7E489": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2" - } - ] - } - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - } - } - }, - "VpcPublicSubnet2DefaultRoute97F91067": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VpcIGWD7BA715C" - } - }, - "DependsOn": [ - "VpcVPCGWBF912B6E" - ] - }, - "VpcPrivateSubnet1Subnet536B997A": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1" - } - ] - } - }, - "VpcPrivateSubnet1RouteTableB2C5B500": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1" - } - ] - } - }, - "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, - "SubnetId": { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - } - } - }, - "VpcPrivateSubnet1DefaultRouteBE02A9ED": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA" - } - } - }, - "VpcPrivateSubnet2Subnet3788AAA1": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2" - } - ] - } - }, - "VpcPrivateSubnet2RouteTableA678073B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2" - } - ] - } - }, - "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, - "SubnetId": { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - } - }, - "VpcPrivateSubnet2DefaultRoute060D2087": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet2RouteTableA678073B" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA" - } - } - }, - "VpcIGWD7BA715C": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-eks-helm-test/Vpc" - } - ] - } - }, - "VpcVPCGWBF912B6E": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, - "InternetGatewayId": { - "Ref": "VpcIGWD7BA715C" - } - } - }, - "ClusterRoleFA261979": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "Resources": { + "AdminRole38563C57": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - } - ] - } - }, - "ClusterControlPlaneSecurityGroupD274242C": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "ClusterCreationRole360249B6": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-helm-test/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "ClusterRoleFA261979": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + } + ] + } + }, + "ClusterControlPlaneSecurityGroupD274242C": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ClusterCreationRole360249B6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "ClusterCreationRoleDefaultPolicyE8BDFC7B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + } + }, + { + "Action": [ + "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:TagResource", + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "eks:DeleteFargateProfile", + "eks:DescribeFargateProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:listAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "Roles": [ + { + "Ref": "ClusterCreationRole360249B6" + } + ] + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "Cluster9EE0221C": { + "Type": "Custom::AWSCDK-EKS-Cluster", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.awscdkekshelmtestawscdkawseksClusterResourceProviderframeworkonEventFCDC8710Arn" + ] + }, + "Config": { + "version": "1.21", + "roleArn": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + }, + "resourcesVpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + } + ], + "endpointPublicAccess": true, + "endpointPrivateAccess": true + }, + "tags": { + "foo": "bar" + }, + "logging": { + "clusterLogging": [ + { + "enabled": true, + "types": [ + "api", + "authenticator", + "scheduler" + ] + } + ] + } + }, + "AssumeRoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "AttributesRevision": 2 + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterKubectlReadyBarrier200052AF": { + "Type": "AWS::SSM::Parameter", + "Properties": { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready" + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C" + ] + }, + "ClusterAwsAuthmanifestFE51F8AE": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6", + "Overwrite": true + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "ClusterNodegroupDefaultCapacityDA0920A3": { + "Type": "AWS::EKS::Nodegroup", + "Properties": { + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "NodeRole": { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "AmiType": "AL2_x86_64", + "ForceUpdateEnabled": true, + "InstanceTypes": [ + "m5.large" + ], + "ScalingConfig": { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2 + } + } + }, + "Clustercharttestchart9FD698EB": { + "Type": "Custom::AWSCDK-EKS-HelmChart", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Release": "awscdkekshelmtestclustercharttestchart0449715f", + "ChartAssetURL": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF" + } + ] + } + ] + } + ] + ] + }, + "Namespace": "default", + "CreateNamespace": true + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Clustercharttestocichart9C188967": { + "Type": "Custom::AWSCDK-EKS-HelmChart", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Release": "s3-chart", + "Chart": "s3-chart", + "Version": "v0.1.0", + "Namespace": "ack-system", + "Repository": "oci://public.ecr.aws/aws-controllers-k8s/s3-chart", + "CreateNamespace": true + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket085ACFA1Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" + }, + "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey455E4CBARef": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" + }, + "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketB798A51DRef": { + "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6" + }, + "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey8F1D43B7Ref": { + "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B" + }, + "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": { + "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90" + }, + "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": { + "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawscdkekshelmtestCluster35BA672BArn": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "Arn" + ] + }, + "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawscdkekshelmtestAssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3Bucket5EAB45FARef": { + "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB" + }, + "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3BucketEC27A5F2Ref": { + "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881" + }, + "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey5772F015Ref": { + "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2" + }, + "referencetoawscdkekshelmtestVpcPrivateSubnet1Subnet3D2B5C0BRef": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "referencetoawscdkekshelmtestVpcPrivateSubnet2SubnetF5E4AFE9Ref": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + "referencetoawscdkekshelmtestCluster35BA672BClusterSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + }, + "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3BucketED778AE5Ref": { + "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470" + }, + "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKey1EF18E8BRef": { + "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192" + }, + "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket8229D3A2Ref": { + "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F" + }, + "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKey0C91EE3ERef": { + "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055" + }, + "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": { + "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90" + }, + "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": { + "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } - } - } - ], - "Version": "2012-10-17" - } - }, - "DependsOn": [ - "VpcIGWD7BA715C", - "VpcPrivateSubnet1DefaultRouteBE02A9ED", - "VpcPrivateSubnet1RouteTableB2C5B500", - "VpcPrivateSubnet1RouteTableAssociation70C59FA6", - "VpcPrivateSubnet1Subnet536B997A", - "VpcPrivateSubnet2DefaultRoute060D2087", - "VpcPrivateSubnet2RouteTableA678073B", - "VpcPrivateSubnet2RouteTableAssociationA89CAD56", - "VpcPrivateSubnet2Subnet3788AAA1", - "VpcPublicSubnet1DefaultRoute3DA9E72A", - "VpcPublicSubnet1EIPD7E02669", - "VpcPublicSubnet1NATGateway4D7517AA", - "VpcPublicSubnet1RouteTable6C95E38E", - "VpcPublicSubnet1RouteTableAssociation97140677", - "VpcPublicSubnet1Subnet5C2D37C4", - "VpcPublicSubnet2DefaultRoute97F91067", - "VpcPublicSubnet2RouteTable94F7E489", - "VpcPublicSubnet2RouteTableAssociationDD5762D8", - "VpcPublicSubnet2Subnet691E08A3", - "Vpc8378EB38", - "VpcVPCGWBF912B6E" - ] - }, - "ClusterCreationRoleDefaultPolicyE8BDFC7B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ClusterRoleFA261979", - "Arn" - ] - } - }, - { - "Action": [ - "eks:CreateCluster", - "eks:CreateFargateProfile", - "eks:DeleteCluster", - "eks:DescribeCluster", - "eks:DescribeUpdate", - "eks:TagResource", - "eks:UntagResource", - "eks:UpdateClusterConfig", - "eks:UpdateClusterVersion" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "eks:DeleteFargateProfile", - "eks:DescribeFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeDhcpOptions", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "iam:listAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", - "Roles": [ - { - "Ref": "ClusterCreationRole360249B6" - } - ] - }, - "DependsOn": [ - "VpcIGWD7BA715C", - "VpcPrivateSubnet1DefaultRouteBE02A9ED", - "VpcPrivateSubnet1RouteTableB2C5B500", - "VpcPrivateSubnet1RouteTableAssociation70C59FA6", - "VpcPrivateSubnet1Subnet536B997A", - "VpcPrivateSubnet2DefaultRoute060D2087", - "VpcPrivateSubnet2RouteTableA678073B", - "VpcPrivateSubnet2RouteTableAssociationA89CAD56", - "VpcPrivateSubnet2Subnet3788AAA1", - "VpcPublicSubnet1DefaultRoute3DA9E72A", - "VpcPublicSubnet1EIPD7E02669", - "VpcPublicSubnet1NATGateway4D7517AA", - "VpcPublicSubnet1RouteTable6C95E38E", - "VpcPublicSubnet1RouteTableAssociation97140677", - "VpcPublicSubnet1Subnet5C2D37C4", - "VpcPublicSubnet2DefaultRoute97F91067", - "VpcPublicSubnet2RouteTable94F7E489", - "VpcPublicSubnet2RouteTableAssociationDD5762D8", - "VpcPublicSubnet2Subnet691E08A3", - "Vpc8378EB38", - "VpcVPCGWBF912B6E" - ] - }, - "Cluster9EE0221C": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.awscdkekshelmtestawscdkawseksClusterResourceProviderframeworkonEventFCDC8710Arn" - ] - }, - "Config": { - "version": "1.21", - "roleArn": { - "Fn::GetAtt": [ - "ClusterRoleFA261979", - "Arn" - ] - }, - "resourcesVpcConfig": { - "subnetIds": [ - { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, - { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ], - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "ClusterControlPlaneSecurityGroupD274242C", - "GroupId" - ] - } - ], - "endpointPublicAccess": true, - "endpointPrivateAccess": true - }, - "tags": { - "foo": "bar" - }, - "logging": { - "clusterLogging": [ - { - "enabled": true, - "types": [ - "api", - "authenticator", - "scheduler" - ] - } - ] - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "AttributesRevision": 2 - }, - "DependsOn": [ - "ClusterCreationRoleDefaultPolicyE8BDFC7B", - "ClusterCreationRole360249B6", - "VpcIGWD7BA715C", - "VpcPrivateSubnet1DefaultRouteBE02A9ED", - "VpcPrivateSubnet1RouteTableB2C5B500", - "VpcPrivateSubnet1RouteTableAssociation70C59FA6", - "VpcPrivateSubnet1Subnet536B997A", - "VpcPrivateSubnet2DefaultRoute060D2087", - "VpcPrivateSubnet2RouteTableA678073B", - "VpcPrivateSubnet2RouteTableAssociationA89CAD56", - "VpcPrivateSubnet2Subnet3788AAA1", - "VpcPublicSubnet1DefaultRoute3DA9E72A", - "VpcPublicSubnet1EIPD7E02669", - "VpcPublicSubnet1NATGateway4D7517AA", - "VpcPublicSubnet1RouteTable6C95E38E", - "VpcPublicSubnet1RouteTableAssociation97140677", - "VpcPublicSubnet1Subnet5C2D37C4", - "VpcPublicSubnet2DefaultRoute97F91067", - "VpcPublicSubnet2RouteTable94F7E489", - "VpcPublicSubnet2RouteTableAssociationDD5762D8", - "VpcPublicSubnet2Subnet691E08A3", - "Vpc8378EB38", - "VpcVPCGWBF912B6E" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "ClusterKubectlReadyBarrier200052AF": { - "Type": "AWS::SSM::Parameter", - "Properties": { - "Type": "String", - "Value": "aws:cdk:eks:kubectl-ready" - }, - "DependsOn": [ - "ClusterCreationRoleDefaultPolicyE8BDFC7B", - "ClusterCreationRole360249B6", - "Cluster9EE0221C" - ] - }, - "ClusterAwsAuthmanifestFE51F8AE": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn" - ] }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - }, - "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c8d0612c947a128ccc926ff6124bd5462ab86f86d6", - "Overwrite": true - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } } - } - } - ], - "Version": "2012-10-17" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "Parameters": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { + "Type": "String", + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { + "Type": "String", + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { + "Type": "String", + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "ClusterNodegroupDefaultCapacityDA0920A3": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "NodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "Subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ], - "AmiType": "AL2_x86_64", - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.large" - ], - "ScalingConfig": { - "DesiredSize": 2, - "MaxSize": 2, - "MinSize": 2 - } - } - }, - "Clustercharttestchart9FD698EB": { - "Type": "Custom::AWSCDK-EKS-HelmChart", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn" - ] - }, - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "Release": "awscdkekshelmtestclustercharttestchart0449715f", - "ChartAssetURL": { - "Fn::Join": [ - "", - [ - "s3://", - { - "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF" - } - ] - } - ] - } - ] - ] - }, - "Namespace": "default", - "CreateNamespace": true - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "Clustercharttestocichart9C188967": { - "Type": "Custom::AWSCDK-EKS-HelmChart", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkekshelmtestawscdkawseksKubectlProviderframeworkonEvent9D93C644Arn" - ] - }, - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "Release": "s3-chart", - "Chart": "s3-chart", - "Version": "v0.0.19", - "Namespace": "ack-system", - "Repository": "oci://public.ecr.aws/aws-controllers-k8s/s3-chart", - "CreateNamespace": true - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket085ACFA1Ref": { - "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" - }, - "referencetoawscdkekshelmtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey455E4CBARef": { - "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" - }, - "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketB798A51DRef": { - "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6" - }, - "referencetoawscdkekshelmtestAssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey8F1D43B7Ref": { - "Ref": "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B" - }, - "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": { - "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90" - }, - "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": { - "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212" - } - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395" - }, - "/", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48" - } - ] - } - ] - } - ] - ] - }, - "Parameters": { - "referencetoawscdkekshelmtestCluster35BA672BArn": { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "Arn" - ] - }, - "referencetoawscdkekshelmtestClusterCreationRole906A8995Arn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "referencetoawscdkekshelmtestAssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3Bucket5EAB45FARef": { - "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB" - }, - "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3BucketEC27A5F2Ref": { - "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881" - }, - "referencetoawscdkekshelmtestAssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey5772F015Ref": { - "Ref": "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2" - }, - "referencetoawscdkekshelmtestVpcPrivateSubnet1Subnet3D2B5C0BRef": { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - "referencetoawscdkekshelmtestVpcPrivateSubnet2SubnetF5E4AFE9Ref": { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - }, - "referencetoawscdkekshelmtestCluster35BA672BClusterSecurityGroupId": { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "ClusterSecurityGroupId" - ] - }, - "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3BucketED778AE5Ref": { - "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470" - }, - "referencetoawscdkekshelmtestAssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKey1EF18E8BRef": { - "Ref": "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192" - }, - "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket8229D3A2Ref": { - "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F" - }, - "referencetoawscdkekshelmtestAssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKey0C91EE3ERef": { - "Ref": "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055" - }, - "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3BucketAF49DDE8Ref": { - "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90" - }, - "referencetoawscdkekshelmtestAssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKeyB958CFB8Ref": { - "Ref": "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212" - } + "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6": { + "Type": "String", + "Description": "S3 bucket for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\"" + }, + "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B": { + "Type": "String", + "Description": "S3 key for asset version \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\"" + }, + "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deArtifactHashF1D4F18A": { + "Type": "String", + "Description": "Artifact hash for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\"" + }, + "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90": { + "Type": "String", + "Description": "S3 bucket for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\"" + }, + "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212": { + "Type": "String", + "Description": "S3 key for asset version \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\"" + }, + "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9ArtifactHash26B5BCAA": { + "Type": "String", + "Description": "Artifact hash for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\"" + }, + "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881": { + "Type": "String", + "Description": "S3 bucket for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\"" + }, + "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2": { + "Type": "String", + "Description": "S3 key for asset version \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\"" + }, + "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963ArtifactHash41646C3F": { + "Type": "String", + "Description": "Artifact hash for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\"" + }, + "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470": { + "Type": "String", + "Description": "S3 bucket for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\"" + }, + "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192": { + "Type": "String", + "Description": "S3 key for asset version \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\"" + }, + "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17ArtifactHash8FBD3E15": { + "Type": "String", + "Description": "Artifact hash for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\"" + }, + "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F": { + "Type": "String", + "Description": "S3 bucket for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\"" + }, + "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055": { + "Type": "String", + "Description": "S3 key for asset version \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\"" + }, + "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedArtifactHash2C972BAF": { + "Type": "String", + "Description": "Artifact hash for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\"" + }, + "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB": { + "Type": "String", + "Description": "S3 bucket for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" + }, + "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF": { + "Type": "String", + "Description": "S3 key for asset version \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" + }, + "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfArtifactHash5A9B7775": { + "Type": "String", + "Description": "Artifact hash for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" + }, + "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5": { + "Type": "String", + "Description": "S3 bucket for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\"" + }, + "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0": { + "Type": "String", + "Description": "S3 key for asset version \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\"" + }, + "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aArtifactHash46D16C3C": { + "Type": "String", + "Description": "Artifact hash for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\"" + }, + "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395": { + "Type": "String", + "Description": "S3 bucket for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" + }, + "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48": { + "Type": "String", + "Description": "S3 key for asset version \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" + }, + "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fArtifactHashDE639E14": { + "Type": "String", + "Description": "Artifact hash for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" + } } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - } - }, - "Outputs": { - "ClusterConfigCommand43AAE40F": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "Cluster9EE0221C" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - } - ] - ] - } - }, - "ClusterGetTokenCommand06AE992E": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "Cluster9EE0221C" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "AdminRole38563C57", - "Arn" - ] - } - ] - ] - } - } - }, - "Parameters": { - "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { - "Type": "String", - "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" - }, - "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { - "Type": "String", - "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" - }, - "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { - "Type": "String", - "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" - }, - "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3BucketE53D10F6": { - "Type": "String", - "Description": "S3 bucket for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\"" - }, - "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deS3VersionKey7F7CB29B": { - "Type": "String", - "Description": "S3 key for asset version \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\"" - }, - "AssetParametersd47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76deArtifactHashF1D4F18A": { - "Type": "String", - "Description": "Artifact hash for asset \"d47e2f3698e3b8daac9abf2ead86e6cc10782d761e194fce8d54874fab7a76de\"" - }, - "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3Bucket40DFAF90": { - "Type": "String", - "Description": "S3 bucket for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\"" - }, - "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9S3VersionKey36104212": { - "Type": "String", - "Description": "S3 key for asset version \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\"" - }, - "AssetParameters8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9ArtifactHash26B5BCAA": { - "Type": "String", - "Description": "Artifact hash for asset \"8dd02cc4ac473ca5b08800e92edaa31a1a7db4005928021d029c5363584f11b9\"" - }, - "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3Bucket9BDF5881": { - "Type": "String", - "Description": "S3 bucket for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\"" - }, - "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963S3VersionKey63AC53A2": { - "Type": "String", - "Description": "S3 key for asset version \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\"" - }, - "AssetParameters07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963ArtifactHash41646C3F": { - "Type": "String", - "Description": "Artifact hash for asset \"07a1c6a504be72dba3e9bc5b12cc2b5b0e83ea5c6ba10a4128da5c2180f3f963\"" - }, - "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3Bucket1232D470": { - "Type": "String", - "Description": "S3 bucket for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\"" - }, - "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17S3VersionKeyBFF4F192": { - "Type": "String", - "Description": "S3 key for asset version \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\"" - }, - "AssetParameters50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17ArtifactHash8FBD3E15": { - "Type": "String", - "Description": "Artifact hash for asset \"50336bec1c378b6b89cb429265ea84d9df45193d8a0a501e3c7b6794aec3ae17\"" - }, - "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3Bucket83B8778F": { - "Type": "String", - "Description": "S3 bucket for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\"" - }, - "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedS3VersionKeyADF6A055": { - "Type": "String", - "Description": "S3 key for asset version \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\"" - }, - "AssetParametersc6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffedArtifactHash2C972BAF": { - "Type": "String", - "Description": "Artifact hash for asset \"c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed\"" - }, - "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB": { - "Type": "String", - "Description": "S3 bucket for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" - }, - "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3VersionKeyD1F874DF": { - "Type": "String", - "Description": "S3 key for asset version \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" - }, - "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfArtifactHash5A9B7775": { - "Type": "String", - "Description": "Artifact hash for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" - }, - "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3BucketEE2D84E5": { - "Type": "String", - "Description": "S3 bucket for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\"" - }, - "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aS3VersionKey65D1EDE0": { - "Type": "String", - "Description": "S3 key for asset version \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\"" - }, - "AssetParametersb383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391aArtifactHash46D16C3C": { - "Type": "String", - "Description": "Artifact hash for asset \"b383506537b8b920e4efce887ad9941f095c53704416ed056bab07b63268391a\"" - }, - "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3BucketE07B0395": { - "Type": "String", - "Description": "S3 bucket for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" - }, - "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fS3VersionKey69ABFE48": { - "Type": "String", - "Description": "S3 key for asset version \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" - }, - "AssetParameters3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012fArtifactHashDE639E14": { - "Type": "String", - "Description": "Artifact hash for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" - } - } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts index 495c1eb19eb64..a347a8e7f2997 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.ts @@ -53,7 +53,7 @@ class EksClusterStack extends Stack { chart: 's3-chart', release: 's3-chart', repository: 'oci://public.ecr.aws/aws-controllers-k8s/s3-chart', - version: 'v0.0.19', + version: 'v0.1.0', namespace: 'ack-system', createNamespace: true, }); diff --git a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts index becd82503f626..c757f6f45d528 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts @@ -501,6 +501,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_10_19 = AuroraPostgresEngineVersion.of('10.19', '10', { s3Import: true, s3Export: true }); /** Version "10.20". */ public static readonly VER_10_20 = AuroraPostgresEngineVersion.of('10.20', '10', { s3Import: true, s3Export: true }); + /** Version "10.21". */ + public static readonly VER_10_21 = AuroraPostgresEngineVersion.of('10.21', '10', { s3Import: true, s3Export: true }); /** Version "11.4". */ public static readonly VER_11_4 = AuroraPostgresEngineVersion.of('11.4', '11', { s3Import: true }); /** Version "11.6". */ @@ -519,6 +521,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_11_14 = AuroraPostgresEngineVersion.of('11.14', '11', { s3Import: true, s3Export: true }); /** Version "11.15". */ public static readonly VER_11_15 = AuroraPostgresEngineVersion.of('11.15', '11', { s3Import: true, s3Export: true }); + /** Version "11.16". */ + public static readonly VER_11_16 = AuroraPostgresEngineVersion.of('11.16', '11', { s3Import: true, s3Export: true }); /** Version "12.4". */ public static readonly VER_12_4 = AuroraPostgresEngineVersion.of('12.4', '12', { s3Import: true, s3Export: true }); /** Version "12.6". */ @@ -529,6 +533,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_12_9 = AuroraPostgresEngineVersion.of('12.9', '12', { s3Import: true, s3Export: true }); /** Version "12.10". */ public static readonly VER_12_10 = AuroraPostgresEngineVersion.of('12.10', '12', { s3Import: true, s3Export: true }); + /** Version "12.11". */ + public static readonly VER_12_11 = AuroraPostgresEngineVersion.of('12.11', '12', { s3Import: true, s3Export: true }); /** Version "13.3". */ public static readonly VER_13_3 = AuroraPostgresEngineVersion.of('13.3', '13', { s3Import: true, s3Export: true }); /** Version "13.4". */ @@ -537,6 +543,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_13_5 = AuroraPostgresEngineVersion.of('13.5', '13', { s3Import: true, s3Export: true }); /** Version "13.6". */ public static readonly VER_13_6 = AuroraPostgresEngineVersion.of('13.6', '13', { s3Import: true, s3Export: true }); + /** Version "13.7". */ + public static readonly VER_13_7 = AuroraPostgresEngineVersion.of('13.7', '13', { s3Import: true, s3Export: true }); /** * Create a new AuroraPostgresEngineVersion with an arbitrary version. diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt index 6586abd3d3147..1b100d40a84b6 100644 --- a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt +++ b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt @@ -1 +1 @@ -awscli==1.25.7 +awscli==1.25.17 diff --git a/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts b/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts index b94324290ac37..38aaa04abf802 100644 --- a/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts +++ b/packages/@aws-cdk/pipelines/lib/private/application-security-check.ts @@ -99,6 +99,9 @@ export class ApplicationSecurityCheck extends Construct { ` --message "${message.join('\n')}"`; this.cdkDiffProject = new codebuild.Project(this, 'CDKSecurityCheck', { + environment: { + buildImage: codebuild.LinuxBuildImage.STANDARD_5_0, + }, buildSpec: codebuild.BuildSpec.fromObject({ version: 0.2, phases: { diff --git a/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts b/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts index f8c53a40e3e37..958145f67ceb3 100644 --- a/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts +++ b/packages/@aws-cdk/pipelines/test/compliance/security-check.test.ts @@ -40,8 +40,9 @@ behavior('security check option generates lambda/codebuild at pipeline scope', ( }); function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).resourceCountIs('AWS::Lambda::Function', 1); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::Lambda::Function', { + const template = Template.fromStack(pipelineStack); + template.resourceCountIs('AWS::Lambda::Function', 1); + template.hasResourceProperties('AWS::Lambda::Function', { Role: { 'Fn::GetAtt': [ stringLike('CdkPipeline*SecurityCheckCDKPipelinesAutoApproveServiceRole*'), @@ -50,7 +51,17 @@ behavior('security check option generates lambda/codebuild at pipeline scope', ( }, }); // 1 for github build, 1 for synth stage, and 1 for the application security check - Template.fromStack(pipelineStack).resourceCountIs('AWS::CodeBuild::Project', 3); + template.resourceCountIs('AWS::CodeBuild::Project', 3); + + // No CodeBuild project has a build image that is not standard:5.0 + const projects = template.findResources('AWS::CodeBuild::Project', { + Properties: { + Environment: { + Image: 'aws/codebuild/standard:5.0', + }, + }, + }); + expect(Object.keys(projects).length).toEqual(3); } }); diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json index c697034eb608a..c218215c95fd8 100644 --- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json +++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.assets.json @@ -27,7 +27,7 @@ } } }, - "89f6e045568a0cd52d21d8215bb87ce0d05485ee8c757b0eb4ac080ddc9f1d6f": { + "7f17b1fbdb3783f2f992a94602a37c674f58741617a65f348b43ba1a7637a115": { "source": { "path": "PipelineSecurityStack.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "89f6e045568a0cd52d21d8215bb87ce0d05485ee8c757b0eb4ac080ddc9f1d6f.json", + "objectKey": "7f17b1fbdb3783f2f992a94602a37c674f58741617a65f348b43ba1a7637a115.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json index 4a198bda45898..c2ecebd2a612a 100644 --- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json +++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/PipelineSecurityStack.template.json @@ -2603,7 +2603,7 @@ }, "Environment": { "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:1.0", + "Image": "aws/codebuild/standard:5.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER" @@ -2947,7 +2947,7 @@ }, "Environment": { "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:1.0", + "Image": "aws/codebuild/standard:5.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER" diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json index 2f600dffd75c4..e9ce1f9e4e7bf 100644 --- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/manifest.json @@ -65,7 +65,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/89f6e045568a0cd52d21d8215bb87ce0d05485ee8c757b0eb4ac080ddc9f1d6f.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7f17b1fbdb3783f2f992a94602a37c674f58741617a65f348b43ba1a7637a115.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json index 66cb3d249a4f4..6a70ad206ee3f 100644 --- a/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json +++ b/packages/@aws-cdk/pipelines/test/pipeline-security.integ.snapshot/tree.json @@ -268,7 +268,7 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Alias", "aws:cdk:cloudformation:props": { - "aliasName": "alias/codepipeline-pipelinesecuritystacktestpipelinef7060861", + "aliasName": "alias/codepipeline-pipelinesecuritystack-testpipeline-f7060861", "targetKeyId": { "Fn::GetAtt": [ "TestPipelineArtifactsBucketEncryptionKey13258842", @@ -3519,7 +3519,7 @@ }, "environment": { "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:1.0", + "image": "aws/codebuild/standard:5.0", "imagePullCredentialsType": "CODEBUILD", "privilegedMode": false, "computeType": "BUILD_GENERAL1_SMALL" @@ -4065,7 +4065,7 @@ }, "environment": { "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:1.0", + "image": "aws/codebuild/standard:5.0", "imagePullCredentialsType": "CODEBUILD", "privilegedMode": false, "computeType": "BUILD_GENERAL1_SMALL" diff --git a/version.v2.json b/version.v2.json index bccd2b9853286..ccbb94cfe0aea 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.29.0", - "alphaVersion": "2.29.0-alpha.0" + "version": "2.29.1", + "alphaVersion": "2.29.1-alpha.0" } \ No newline at end of file