feat(ec2): add options for Cfn init proxies #19480

maafk · 2022-03-20T12:31:04Z

Closes #19479

All Submissions:

Have you followed the guidelines in our Contributing guide?

Adding new Unconventional Dependencies:

This PR adds new unconventional dependencies following the process described here

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

gitpod-io · 2022-03-20T12:31:14Z

maafk · 2022-03-22T21:26:54Z

@corymhall I must not be understanding the prlint failure I'm getting

Error: Features must contain a change to an integration test file

I've tried adding and altering integration tests and continue to get this error. Am I missing something simple?

Thanks!

peterwoodworth · 2022-03-23T06:20:59Z

@maafk I've put in a fix for this #19521, hang tight!

maafk · 2022-03-23T13:20:39Z

Integration test was updated, but erroring due to different orders in an IAM policy.

@aws-cdk/aws-ec2: Verifying integ.instance-init.js against integ.instance-init.expected.json ... CHANGED.
@aws-cdk/aws-ec2: Resources
@aws-cdk/aws-ec2: [~] AWS::IAM::Policy Instance2InstanceRoleDefaultPolicy610B37CD 
@aws-cdk/aws-ec2:  â””â”€ [~] PolicyDocument
@aws-cdk/aws-ec2:      â””â”€ [~] .Statement:
@aws-cdk/aws-ec2:          â””â”€ @@ -1,8 +1,8 @@
@aws-cdk/aws-ec2:             [ ] [
@aws-cdk/aws-ec2:             [ ]   {
@aws-cdk/aws-ec2:             [ ]     "Action": [
@aws-cdk/aws-ec2:             [+]       "s3:GetBucket*",
@aws-cdk/aws-ec2:             [ ]       "s3:GetObject*",
@aws-cdk/aws-ec2:             [-]       "s3:GetBucket*",
@aws-cdk/aws-ec2:             [ ]       "s3:List*"
@aws-cdk/aws-ec2:             [ ]     ],
@aws-cdk/aws-ec2:             [ ]     "Effect": "Allow",
@aws-cdk/aws-ec2:             @@ -18,7 +18,8 @@
@aws-cdk/aws-ec2:             [ ]       ":s3:::",
@aws-cdk/aws-ec2:             [ ]       {
@aws-cdk/aws-ec2:             [ ]         "Ref": "Asset1S3Bucket"
@aws-cdk/aws-ec2:             [-]       }
@aws-cdk/aws-ec2:             [+]       },
@aws-cdk/aws-ec2:             [+]       "/*"
@aws-cdk/aws-ec2:             [ ]     ]
@aws-cdk/aws-ec2:             [ ]   ]
@aws-cdk/aws-ec2:             [ ] },
@aws-cdk/aws-ec2:             @@ -33,8 +34,7 @@
@aws-cdk/aws-ec2:             [ ]       ":s3:::",
@aws-cdk/aws-ec2:             [ ]       {
@aws-cdk/aws-ec2:             [ ]         "Ref": "Asset1S3Bucket"
@aws-cdk/aws-ec2:             [-]       },
@aws-cdk/aws-ec2:             [-]       "/*"
@aws-cdk/aws-ec2:             [+]       }
@aws-cdk/aws-ec2:             [ ]     ]
@aws-cdk/aws-ec2:             [ ]   ]
@aws-cdk/aws-ec2:             [ ] }

These are exactly the same policies, but synthesized with actions/resources in a different order

maafk · 2022-04-06T16:39:48Z

@corymhall Anything I can clarify on this PR?

aws-cdk-automation · 2022-04-12T14:27:07Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
Commit ID: 32bf602
Result: FAILED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

LukvonStrom · 2022-04-23T14:10:05Z

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

+   *
+   * @default
+   */
+  readonly httpsProxy?: string;


as these are secrets, I would like to propose an alternative way:
An interface like this:

enum ProxyProtocol { HTTP= "http", HTTPS = "https", } interface IProxyConfig { protocol: ProxyProtocol, user?: string, password?: ISecret, host: string, port?: number } // [...] readonly proxy?: IProxyConfig;

take only one argument called proxy here and decide wether -http-proxy or -https-proxy is appropriate.

Finally getting back to this. Currently figuring out how to deal with circular dependencies between packages.

aws-secretsmanager has a dependency on the aws-ec2 package, causing issues when doing a yarn build within the aws-ec2 package after adding secrets manager.

Trying to figure out how to handle this if possible

Articulated this in #19479

github-actions · 2022-04-27T23:35:21Z