From 6fbd0ae1dc4a8327a160c85e416ab70b24279574 Mon Sep 17 00:00:00 2001 From: Kazuho Cryer-Shinozuka Date: Fri, 6 Sep 2024 18:25:32 +0900 Subject: [PATCH 01/16] chore(ec2): add interface endpoint for Redshift Serverless (#31273) ### Issue # (if applicable) None. ### Reason for this change Amazon Redshift Serverless supports AWS PrivateLink at 8/30. https://aws.amazon.com/jp/about-aws/whats-new/2024/08/amazon-redshift-serverless-aws-privatelink/ ### Description of changes I've added `redshift-serverless` and `redshift-serverless-fips`. ### Description of how you validated changes I checked latest endpoint information. ```sh $ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames | grep redshift "com.amazonaws.us-east-1.redshift", "com.amazonaws.us-east-1.redshift-data", "com.amazonaws.us-east-1.redshift-data-fips", "com.amazonaws.us-east-1.redshift-fips", "com.amazonaws.us-east-1.redshift-serverless", // newly added "com.amazonaws.us-east-1.redshift-serverless-fips", // newly added ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index ad76046aba257..29ac27d97d8f2 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -515,6 +515,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips'); public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data'); public static readonly REDSHIFT_DATA_FIPS = new InterfaceVpcEndpointAwsService('redshift-data-fips'); + public static readonly REDSHIFT_SERVERLESS = new InterfaceVpcEndpointAwsService('redshift-serverless'); + public static readonly REDSHIFT_SERVERLESS_FIPS = new InterfaceVpcEndpointAwsService('redshift-serverless-fips'); public static readonly REKOGNITION = new InterfaceVpcEndpointAwsService('rekognition'); public static readonly REKOGNITION_FIPS = new InterfaceVpcEndpointAwsService('rekognition-fips'); public static readonly REKOGNITION_STREAMING = new InterfaceVpcEndpointAwsService('streaming-rekognition'); From 4b9643f28edc2c530809931ccd7a17a811891af2 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Fri, 6 Sep 2024 20:57:04 +0900 Subject: [PATCH 02/16] feat(appsync): support DEBUG and INFO logging levels for AppSync GraphQL APIs (#31326) ### Issue # (if applicable) N/A ### Reason for this change AppSync now support `DEBUG` and `INFO` logging levels. Announcement: [AWS AppSync enhances API monitoring with new DEBUG and INFO logging levels](https://aws.amazon.com/about-aws/whats-new/2024/09/aws-appsync-api-monitoring-debug-info-logging-levels/) ### Description of changes * Added `INFO` and `DEBUG` to the FieldLogLevel enum. * Added README, unit tests, and integration tests for FieldLogLevel as they were missing. ### Description of how you validated changes Add unit tests and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert06C4E034.assets.json | 19 + ...aultTestDeployAssert06C4E034.template.json | 36 ++ .../index.js | 1 + ...ppsync-graphql-field-level-log.assets.json | 32 ++ ...sync-graphql-field-level-log.template.json | 347 +++++++++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 161 +++++++ .../tree.json | 408 ++++++++++++++++++ .../test/integ.graphql-field-level-log.ts | 19 + packages/aws-cdk-lib/aws-appsync/README.md | 13 +- .../aws-cdk-lib/aws-appsync/lib/graphqlapi.ts | 14 +- .../aws-appsync/test/appsync.test.ts | 26 +- 13 files changed, 1080 insertions(+), 9 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json new file mode 100644 index 0000000000000..5488e46f889eb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js new file mode 100644 index 0000000000000..ae6165a46ea1e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js @@ -0,0 +1 @@ +"use strict";var h=Object.create;var d=Object.defineProperty;var w=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var C=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var b=(e,o)=>{for(var n in o)d(e,n,{get:o[n],enumerable:!0})},p=(e,o,n,t)=>{if(o&&typeof o=="object"||typeof o=="function")for(let r of f(o))!P.call(e,r)&&r!==n&&d(e,r,{get:()=>o[r],enumerable:!(t=w(o,r))||t.enumerable});return e};var S=(e,o,n)=>(n=e!=null?h(C(e)):{},p(o||!e||!e.__esModule?d(n,"default",{value:e,enumerable:!0}):n,e)),G=e=>p(d({},"__esModule",{value:!0}),e);var q={};b(q,{handler:()=>E});module.exports=G(q);var i=S(require("@aws-sdk/client-cloudwatch-logs"));async function R(e,o,n){await n(async()=>{try{let t={logGroupName:e},r=new i.CreateLogGroupCommand(t);await o.send(r)}catch(t){if(t.name==="ResourceAlreadyExistsException")return;throw t}})}async function x(e,o,n){await n(async()=>{try{let t={logGroupName:e},r=new i.DeleteLogGroupCommand(t);await o.send(r)}catch(t){if(t.name==="ResourceNotFoundException")return;throw t}})}async function y(e,o,n,t){await n(async()=>{if(t){let r={logGroupName:e,retentionInDays:t},s=new i.PutRetentionPolicyCommand(r);await o.send(s)}else{let r={logGroupName:e},s=new i.DeleteRetentionPolicyCommand(r);await o.send(s)}})}async function E(e,o){try{console.log(JSON.stringify({...e,ResponseURL:"..."}));let t=e.ResourceProperties.LogGroupName,r=e.ResourceProperties.LogGroupRegion,s=L(e.ResourceProperties.SdkRetry?.maxRetries)??5,a=I(s),m={logger:console,region:r,maxAttempts:Math.max(5,s)},c=new i.CloudWatchLogsClient(m);if((e.RequestType==="Create"||e.RequestType==="Update")&&(await R(t,c,a),await y(t,c,a,L(e.ResourceProperties.RetentionInDays)),e.RequestType==="Create")){let g=new i.CloudWatchLogsClient({logger:console,region:process.env.AWS_REGION});await R(`/aws/lambda/${o.functionName}`,g,a),await y(`/aws/lambda/${o.functionName}`,g,a,1)}e.RequestType==="Delete"&&e.ResourceProperties.RemovalPolicy==="destroy"&&await x(t,c,a),await n("SUCCESS","OK",t)}catch(t){console.log(t),await n("FAILED",t.message,e.ResourceProperties.LogGroupName)}function n(t,r,s){let a=JSON.stringify({Status:t,Reason:r,PhysicalResourceId:s,StackId:e.StackId,RequestId:e.RequestId,LogicalResourceId:e.LogicalResourceId,Data:{LogGroupName:e.ResourceProperties.LogGroupName}});console.log("Responding",a);let m=require("url").parse(e.ResponseURL),c={hostname:m.hostname,path:m.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(a,"utf8")}};return new Promise((g,l)=>{try{let u=require("https").request(c,g);u.on("error",l),u.write(a),u.end()}catch(u){l(u)}})}}function L(e,o=10){if(e!==void 0)return parseInt(e,o)}function I(e,o=100,n=10*1e3){return async t=>{let r=0;do try{return await t()}catch(s){if(s.name==="OperationAbortedException"||s.name==="ThrottlingException")if(rsetTimeout(a,k(r,o,n)));continue}else throw new Error("Out of attempts to change log group");throw s}while(!0)}}function k(e,o,n){return Math.round(Math.random()*Math.min(n,o*2**e))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json new file mode 100644 index 0000000000000..a046dbac9c594 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.5", + "files": { + "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035": { + "source": { + "path": "asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "57fb978b024ca21f315c2ab7a4d2c94dc91e01b0976bbdaaef87d312c7fabd6b": { + "source": { + "path": "aws-cdk-appsync-graphql-field-level-log.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "57fb978b024ca21f315c2ab7a4d2c94dc91e01b0976bbdaaef87d312c7fabd6b.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json new file mode 100644 index 0000000000000..20ad84d2c90b0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json @@ -0,0 +1,347 @@ +{ + "Resources": { + "LambdaAPIApiLogsRole4F7D908F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "appsync.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs" + ] + ] + } + ] + } + }, + "LambdaAPID6A5A92B": { + "Type": "AWS::AppSync::GraphQLApi", + "Properties": { + "AuthenticationType": "API_KEY", + "LogConfig": { + "CloudWatchLogsRoleArn": { + "Fn::GetAtt": [ + "LambdaAPIApiLogsRole4F7D908F", + "Arn" + ] + }, + "FieldLogLevel": "INFO" + }, + "Name": "LambdaAPI" + } + }, + "LambdaAPISchemaCC5CA3D2": { + "Type": "AWS::AppSync::GraphQLSchema", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + }, + "Definition": "schema {\n query: Query\n mutation: Mutation\n}\n\ntype Query {\n getPost(id:ID!): Post\n allPosts: [Post]\n}\n\ntype Mutation {\n addPost(id: ID!, author: String!, title: String, content: String, url: String): Post!\n}\n\ntype Post {\n id: ID!\n author: String!\n title: String\n content: String\n url: String\n ups: Int\n downs: Int\n relatedPosts: [Post]\n relatedPostsMaxBatchSize: [Post]\n}" + } + }, + "LambdaAPIDefaultApiKey15F6897D": { + "Type": "AWS::AppSync::ApiKey", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + } + }, + "DependsOn": [ + "LambdaAPISchemaCC5CA3D2" + ] + }, + "LambdaAPILogRetention217BE0A6": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/appsync/apis/", + { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + } + ] + ] + } + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "Roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Timeout": 900, + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035.zip" + }, + "Role": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "Arn" + ] + } + }, + "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + ] + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json new file mode 100644 index 0000000000000..4442ce0691a5c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "GraphQLFieldLevelLog/DefaultTest": { + "stacks": [ + "aws-cdk-appsync-graphql-field-level-log" + ], + "assertionStack": "GraphQLFieldLevelLog/DefaultTest/DeployAssert", + "assertionStackName": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f213619663d70 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json @@ -0,0 +1,161 @@ +{ + "version": "36.0.5", + "artifacts": { + "aws-cdk-appsync-graphql-field-level-log.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-appsync-graphql-field-level-log.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-appsync-graphql-field-level-log": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-appsync-graphql-field-level-log.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/57fb978b024ca21f315c2ab7a4d2c94dc91e01b0976bbdaaef87d312c7fabd6b.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-appsync-graphql-field-level-log.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-appsync-graphql-field-level-log.assets" + ], + "metadata": { + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPIApiLogsRole4F7D908F" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPID6A5A92B" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Schema": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPISchemaCC5CA3D2" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/DefaultApiKey": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPIDefaultApiKey15F6897D" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPILogRetention217BE0A6" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-appsync-graphql-field-level-log" + }, + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets" + ], + "metadata": { + "/GraphQLFieldLevelLog/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/GraphQLFieldLevelLog/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "GraphQLFieldLevelLog/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json new file mode 100644 index 0000000000000..87579bbdf63c1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json @@ -0,0 +1,408 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-appsync-graphql-field-level-log": { + "id": "aws-cdk-appsync-graphql-field-level-log", + "path": "aws-cdk-appsync-graphql-field-level-log", + "children": { + "LambdaAPI": { + "id": "LambdaAPI", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI", + "children": { + "ApiLogsRole": { + "id": "ApiLogsRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole", + "children": { + "ImportApiLogsRole": { + "id": "ImportApiLogsRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole/ImportApiLogsRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "appsync.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLApi", + "aws:cdk:cloudformation:props": { + "authenticationType": "API_KEY", + "logConfig": { + "cloudWatchLogsRoleArn": { + "Fn::GetAtt": [ + "LambdaAPIApiLogsRole4F7D908F", + "Arn" + ] + }, + "fieldLogLevel": "INFO" + }, + "name": "LambdaAPI" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLApi", + "version": "0.0.0" + } + }, + "Schema": { + "id": "Schema", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Schema", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLSchema", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + }, + "definition": "schema {\n query: Query\n mutation: Mutation\n}\n\ntype Query {\n getPost(id:ID!): Post\n allPosts: [Post]\n}\n\ntype Mutation {\n addPost(id: ID!, author: String!, title: String, content: String, url: String): Post!\n}\n\ntype Post {\n id: ID!\n author: String!\n title: String\n content: String\n url: String\n ups: Int\n downs: Int\n relatedPosts: [Post]\n relatedPostsMaxBatchSize: [Post]\n}" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLSchema", + "version": "0.0.0" + } + }, + "DefaultApiKey": { + "id": "DefaultApiKey", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/DefaultApiKey", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::ApiKey", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnApiKey", + "version": "0.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.GraphqlApi", + "version": "0.0.0" + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a": { + "id": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "children": { + "Code": { + "id": "Code", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "aws-cdk-appsync-graphql-field-level-log/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-appsync-graphql-field-level-log/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-appsync-graphql-field-level-log/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "GraphQLFieldLevelLog": { + "id": "GraphQLFieldLevelLog", + "path": "GraphQLFieldLevelLog", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "GraphQLFieldLevelLog/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "GraphQLFieldLevelLog/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "GraphQLFieldLevelLog/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "GraphQLFieldLevelLog/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "GraphQLFieldLevelLog/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts new file mode 100644 index 0000000000000..722a6df3d054f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts @@ -0,0 +1,19 @@ +import * as path from 'path'; +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as appsync from 'aws-cdk-lib/aws-appsync'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-appsync-graphql-field-level-log'); + +new appsync.GraphqlApi(stack, 'LambdaAPI', { + name: 'LambdaAPI', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.lambda.graphql')), + logConfig: { + fieldLogLevel: appsync.FieldLogLevel.INFO, + }, +}); + +new IntegTest(app, 'GraphQLFieldLevelLog', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-appsync/README.md b/packages/aws-cdk-lib/aws-appsync/README.md index 675d10dadbfc2..40ba93f974350 100644 --- a/packages/aws-cdk-lib/aws-appsync/README.md +++ b/packages/aws-cdk-lib/aws-appsync/README.md @@ -544,21 +544,24 @@ new route53.CnameRecord(this, `CnameApiRecord`, { AppSync automatically create a log group with the name `/aws/appsync/apis/` upon deployment with log data set to never expire. If you want to set a different expiration period, use the `logConfig.retention` property. +Also you can choose the log level by setting the `logConfig.fieldLogLevel` property. + +For more information, see [CloudWatch logs](https://docs.aws.amazon.com/en_us/appsync/latest/devguide/monitoring.html#cwl). + To obtain the GraphQL API's log group as a `logs.ILogGroup` use the `logGroup` property of the `GraphqlApi` construct. ```ts import * as logs from 'aws-cdk-lib/aws-logs'; -const logConfig: appsync.LogConfig = { - retention: logs.RetentionDays.ONE_WEEK, -}; - new appsync.GraphqlApi(this, 'api', { authorizationConfig: {}, name: 'myApi', definition: appsync.Definition.fromFile(path.join(__dirname, 'myApi.graphql')), - logConfig, + logConfig: { + fieldLogLevel: appsync.FieldLogLevel.INFO, + retention: logs.RetentionDays.ONE_WEEK, + }, }); ``` diff --git a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts index 4332257d5484c..9bf1bd3b1a8e9 100644 --- a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts +++ b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts @@ -186,15 +186,23 @@ export interface AuthorizationConfig { */ export enum FieldLogLevel { /** - * No logging + * Resolver logging is disabled */ NONE = 'NONE', /** - * Error logging + * Only Error messages appear in logs */ ERROR = 'ERROR', /** - * All logging + * Info and Error messages appear in logs + */ + INFO = 'INFO', + /** + * Debug, Info, and Error messages, appear in logs + */ + DEBUG = 'DEBUG', + /** + * All messages (Debug, Error, Info, and Trace) appear in logs */ ALL = 'ALL', } diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts index 015491c97e891..87950c2d6c827 100644 --- a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts +++ b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts @@ -370,4 +370,28 @@ test('when resolver limit is out of range, it throws an error', () => { expect(() => buildWithLimit('resolver-limit-max', 10000)).not.toThrow(errorString); expect(() => buildWithLimit('resolver-limit-high', 10001)).toThrow(errorString); -}); \ No newline at end of file +}); + +test.each([ + [appsync.FieldLogLevel.ALL], + [appsync.FieldLogLevel.ERROR], + [appsync.FieldLogLevel.NONE], + [appsync.FieldLogLevel.INFO], + [appsync.FieldLogLevel.DEBUG], +])('GraphQLApi with LogLevel %s', (fieldLogLevel) => { + // WHEN + new appsync.GraphqlApi(stack, 'GraphQLApi', { + name: 'api', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + logConfig: { + fieldLogLevel, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppSync::GraphQLApi', { + LogConfig: { + FieldLogLevel: fieldLogLevel, + }, + }); +}); From 0eacc5128d3cca60b01ebb334de4918227c09697 Mon Sep 17 00:00:00 2001 From: awslukeguan <150387335+awslukeguan@users.noreply.github.com> Date: Fri, 6 Sep 2024 15:19:07 -0400 Subject: [PATCH 03/16] docs(contributing): quick start (#31333) ### Reason for this change Update the contributing guide with quick start. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- CONTRIBUTING.md | 61 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dc40e8d24d86b..6bd1959a5e67b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,6 +18,7 @@ let us know if it's not up-to-date (even better, submit a PR with your correctio - [Publishing Your Own Package](#publishing-your-own-package) - [Trust and Third Party Packages](#trust-and-third-party-packages) - [Third Party Package Administration](#third-party-package-administration) +- [Quick Start](#quick-start) - [Getting Started](#getting-started) - [Local setup](#setup) - [Dev Container](#dev-container) @@ -124,7 +125,7 @@ This is by far the strongest signal you can give to the CDK team that a feature #### Trust and Third Party Packages -An argument we commonly hear why contributors don't want to publish their contributions in their own packages, is that organizations have restrictions on what packages they allow to be used and these restrictions commonly include limiting usage of packages to those owned and distributed only from trusted sources. We recognize trust is an important part of the software dependency chain, and we take that into consideration when evaluating contributions in aws-cdk. However, not everything can be owned by the aws-cdk team. Strictly from a technical limitation perspective, `aws-cdk-lib` is big. Continuing a system that makes it, potentially, many multiple times bigger, has a cost on usability. Additionally, as the surface area widens, the aws-cdk team becomes stretched ever thinner and isn't able to property maintain what we own. +An argument we commonly hear why contributors don't want to publish their contributions in their own packages, is that organizations have restrictions on what packages they allow to be used and these restrictions commonly include limiting usage of packages to those owned and distributed only from trusted sources. We recognize trust is an important part of the software dependency chain, and we take that into consideration when evaluating contributions in aws-cdk. However, not everything can be owned by the aws-cdk team. Strictly from a technical limitation perspective, `aws-cdk-lib` is big. Continuing a system that makes it, potentially, many multiple times bigger, has a cost on usability. Additionally, as the surface area widens, the aws-cdk team becomes stretched ever thinner and isn't able to properly maintain what we own. That being said, "trust", isn't as black and white as "it's owned by aws, so it's okay". The best way to trust that the packages you depend on to help generate your aws resources is to use [policy validation](https://docs.aws.amazon.com/cdk/v2/guide/policy-validation-synthesis.html) on the output of your application in order to ensure it is following the rules that are important to you or your organization. @@ -136,6 +137,62 @@ Another reason we hear from authors that they don't want to publish their own pa 1. [Publib](https://github.com/cdklabs/publib) - A toolchain for publishing packages to multiple repositories. A lot of this is included in projen and we recommend using that instead of publib directly, but it may be useful for specific cases. 1. [Construct Hub](https://constructs.dev) - An index of all construct libraries published to NPM. When you publish a construct library, it will automatically have documentation generated and published to Construct Hub. +## Quick Start + +### Setup +Fork the aws-cdk repository into your account: https://github.com/aws/aws-cdk/fork + +Clone the forked repository: +```console +$ git clone https://github.com/{your-account}/aws-cdk.git +$ cd aws-cdk +$ yarn install +``` + +Before you create a pull request: +* Write code changes +* Write unit tests +* Write integ tests (aws-cdk/packages/@aws-cdk-testing/) +* Commit changes and push to remote branch + +Build the entire aws-cdk repo (this may take some time): +```console +$ npx lerna run build --skip-nx-cache +``` + +### Testing +Run the unit tests for the modules(e.g. aws-lambda) you've changed: +```console +$ cd aws-cdk/packages/aws-cdk-lib +$ yarn test aws-lambda +``` + +Run the integration tests for the modules(e.g. aws-lambda) you've changed: +```console +$ cd aws-cdk/packages/@aws-cdk-testing/framework-integ +$ yarn integ test/aws-lambda/test/integ.lambda.js --update-on-failed +``` + +If you've made changes to sample code in any README, ensure those examples compile with: +```console +$ /bin/bash ./scripts/run-rosetta.sh +``` + +### Linking +If you would like to test your code changes against a CDK App, create the App and link your local CDK with it: +```console +$ mkdir cdkApp # in parent dir of aws-cdk +$ cd cdkApp +$ npx cdk init app --language typescript +$ npx cdk --version # shows the latest CDK version e.g. 2.155.0 (build 34dcc5a) +$ ../aws-cdk/link-all.sh # link the aws-cdk repo with your cdkApp +$ npx cdk --version # verify linked cdk version 0.0.0 +# Define the resource that uses your aws-cdk changes in cdkApp lib folder +$ npx cdk deploy # deploy successfully +``` + +Congratulations! Create pull request for review. + ## Getting Started The following steps describe how to set up the AWS CDK repository on your local machine. @@ -154,7 +211,7 @@ The following tools need to be installed on your system prior to installing the - [Docker >= 19.03](https://docs.docker.com/get-docker/) - the Docker daemon must also be running -First fork the repository, and then run the following commands to clone the repository locally. +First fork the repository https://github.com/aws/aws-cdk/fork, and then run the following commands to clone the repository locally. ```console $ git clone https://github.com/{your-account}/aws-cdk.git From 6d8dac0e0307129bd387a4f4042a662c687968bd Mon Sep 17 00:00:00 2001 From: GZ Date: Fri, 6 Sep 2024 12:49:21 -0700 Subject: [PATCH 04/16] chore: update changelog to include python 3.11 update (#31346) ### Issue # (if applicable) N/A ### Reason for this change Add missing changelog since the original PR was titled as `chore` but should have been `feat`. ### Description of changes Update changelog.md ### Description of how you validated changes Viewed the changelog.md file and looks fine. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- CHANGELOG.v2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index cdc02868e4599..9fb346efbade0 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -15,7 +15,7 @@ All notable changes to this project will be documented in this file. See [standa * **eks:** support alb controller versions 2.7.0-2.8.2 ([#31264](https://github.com/aws/aws-cdk/issues/31264)) ([a3863a6](https://github.com/aws/aws-cdk/commit/a3863a6b5607dd462b3774f01f21d9dea4fd15d5)) * **events-targets:** support for `RedshiftDataParameters` ([#29462](https://github.com/aws/aws-cdk/issues/29462)) ([84c6442](https://github.com/aws/aws-cdk/commit/84c6442d6a4253472df1fee5589f154590bae182)), closes [#15712](https://github.com/aws/aws-cdk/issues/15712) [#31017](https://github.com/aws/aws-cdk/issues/31017) * **synthetics:** syn-nodejs-puppeteer-9.0 as supported runtime ([#31272](https://github.com/aws/aws-cdk/issues/31272)) ([c1d7782](https://github.com/aws/aws-cdk/commit/c1d778254346aea444ae844a17d0cab296cce4bb)), closes [#31271](https://github.com/aws/aws-cdk/issues/31271) - +* **custom-resources:** update python runtime for custom resources ([#31166](https://github.com/aws/aws-cdk/pull/31166)) ([03ebca8](https://github.com/aws/aws-cdk/commit/03ebca8a9768b6415e6942893e0310ac412d4b80)), closes [#31245](https://github.com/aws/aws-cdk/issues/31245) ### Bug Fixes From fa55194698960b9161590e05cf1138a813315615 Mon Sep 17 00:00:00 2001 From: Ashish Dhingra <67916761+ashishdhingra@users.noreply.github.com> Date: Fri, 6 Sep 2024 13:23:12 -0700 Subject: [PATCH 05/16] feat(lambda): added new property allowAllIpv6Outbound to FunctionOptions (#31013) ### Issue # (if applicable) Closes #30994. ### Reason for this change [SecurityGroupProps](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L272) supports `allowAllIpv6Outbound` property. The existing Lambda [FunctionOptions](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L146C18-L146C33) only supports [allowAllOutbound](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L296C12-L296C28), which is used in [configureVpc()](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1464C11-L1464C23) while creating a new `SecurityGroup` [here](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1503). ### Description of changes Added new property `allowAllIpv6Outbound` to `FunctionOptions`. ### Description of how you validated changes Added unit and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../LambdaAllowAllIpv6Outbound.assets.json | 32 + .../LambdaAllowAllIpv6Outbound.template.json | 794 +++++++++++++++ .../__entrypoint__.js | 155 +++ .../index.js | 1 + .../cdk.out | 1 + .../integ.json | 12 + ...efaultTestDeployAssert52B7EB97.assets.json | 19 + ...aultTestDeployAssert52B7EB97.template.json | 36 + .../manifest.json | 287 ++++++ .../tree.json | 964 ++++++++++++++++++ .../integ.lambda-allow-all-ipv6-outbound.ts | 25 + packages/aws-cdk-lib/aws-lambda/README.md | 20 + .../aws-cdk-lib/aws-lambda/lib/function.ts | 29 +- .../aws-lambda/test/function.test.ts | 71 ++ 14 files changed, 2445 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json new file mode 100644 index 0000000000000..9896b3e2fbdf1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "92b844e801c730b2c23c901b00744a890a687685af0a280b290fa0fc0a7e3d7c": { + "source": { + "path": "LambdaAllowAllIpv6Outbound.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "92b844e801c730b2c23c901b00744a890a687685af0a280b290fa0fc0a7e3d7c.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json new file mode 100644 index 0000000000000..0dd23820e9dd0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json @@ -0,0 +1,794 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2RouteTableAssociation5A808732" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCRestrictDefaultSecurityGroupCustomResource59474679": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "VPCB9E5F0B4", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "VPCB9E5F0B4", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "LambdawithIPv6VPCServiceRoleC3866C85": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ] + }, + "LambdawithIPv6VPCSecurityGroup1BC5651B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function LambdaAllowAllIpv6OutboundLambdawithIPv6VPCFB0F6DBC", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + }, + { + "CidrIpv6": "::/0", + "Description": "Allow all outbound ipv6 traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + }, + "DependsOn": [ + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ] + }, + "LambdawithIPv6VPCF50054B3": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "def main(event, context): pass" + }, + "Handler": "index.main", + "Role": { + "Fn::GetAtt": [ + "LambdawithIPv6VPCServiceRoleC3866C85", + "Arn" + ] + }, + "Runtime": "python3.9", + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "LambdawithIPv6VPCSecurityGroup1BC5651B", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + }, + "DependsOn": [ + "LambdawithIPv6VPCServiceRoleC3866C85", + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ] + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js new file mode 100644 index 0000000000000..02033f55cf612 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json new file mode 100644 index 0000000000000..9eb8989644cfc --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "lambda-allow-all-ipv6-outbound/DefaultTest": { + "stacks": [ + "LambdaAllowAllIpv6Outbound" + ], + "assertionStack": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert", + "assertionStackName": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json new file mode 100644 index 0000000000000..1c948b74b852d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json new file mode 100644 index 0000000000000..cb6891136e768 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json @@ -0,0 +1,287 @@ +{ + "version": "36.0.0", + "artifacts": { + "LambdaAllowAllIpv6Outbound.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "LambdaAllowAllIpv6Outbound.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "LambdaAllowAllIpv6Outbound": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "LambdaAllowAllIpv6Outbound.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/92b844e801c730b2c23c901b00744a890a687685af0a280b290fa0fc0a7e3d7c.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "LambdaAllowAllIpv6Outbound.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "LambdaAllowAllIpv6Outbound.assets" + ], + "metadata": { + "/LambdaAllowAllIpv6Outbound/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCRestrictDefaultSecurityGroupCustomResource59474679" + } + ], + "/LambdaAllowAllIpv6Outbound/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdawithIPv6VPCServiceRoleC3866C85" + } + ], + "/LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdawithIPv6VPCSecurityGroup1BC5651B" + } + ], + "/LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdawithIPv6VPCF50054B3" + } + ], + "/LambdaAllowAllIpv6Outbound/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/LambdaAllowAllIpv6Outbound/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "LambdaAllowAllIpv6Outbound" + }, + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets" + ], + "metadata": { + "/lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json new file mode 100644 index 0000000000000..12f595edb2892 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json @@ -0,0 +1,964 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "LambdaAllowAllIpv6Outbound": { + "id": "LambdaAllowAllIpv6Outbound", + "path": "LambdaAllowAllIpv6Outbound", + "children": { + "VPC": { + "id": "VPC", + "path": "LambdaAllowAllIpv6Outbound/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "LambdaAllowAllIpv6Outbound/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "LambdaAllowAllIpv6Outbound/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "LambdaAllowAllIpv6Outbound/VPC/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "LambdaAllowAllIpv6Outbound/VPC/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "LambdaAllowAllIpv6Outbound/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Lambda_with_IPv6_VPC": { + "id": "Lambda_with_IPv6_VPC", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatic security group for Lambda Function LambdaAllowAllIpv6OutboundLambdawithIPv6VPCFB0F6DBC", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + }, + { + "ipProtocol": "-1", + "cidrIpv6": "::/0", + "description": "Allow all outbound ipv6 traffic by default" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "def main(event, context): pass" + }, + "handler": "index.main", + "role": { + "Fn::GetAtt": [ + "LambdawithIPv6VPCServiceRoleC3866C85", + "Arn" + ] + }, + "runtime": "python3.9", + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "LambdawithIPv6VPCSecurityGroup1BC5651B", + "GroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "LambdaAllowAllIpv6Outbound/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "LambdaAllowAllIpv6Outbound/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "lambda-allow-all-ipv6-outbound": { + "id": "lambda-allow-all-ipv6-outbound", + "path": "lambda-allow-all-ipv6-outbound", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts new file mode 100644 index 0000000000000..f03e18223a58a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts @@ -0,0 +1,25 @@ +import { App, Stack } from 'aws-cdk-lib/core'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new App(); +const stack = new Stack(app, 'LambdaAllowAllIpv6Outbound'); + +const vpc = new ec2.Vpc(stack, 'VPC', { + maxAzs: 2, +}); + +new lambda.Function(stack, 'Lambda_with_IPv6_VPC', { + code: new lambda.InlineCode('def main(event, context): pass'), + handler: 'index.main', + runtime: lambda.Runtime.PYTHON_3_9, + vpc, + allowAllIpv6Outbound: true, +}); + +new IntegTest(app, 'lambda-allow-all-ipv6-outbound', { + testCases: [stack], +}); + +app.synth(); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-lambda/README.md b/packages/aws-cdk-lib/aws-lambda/README.md index 8e707f04a255b..403460f8ed1b0 100644 --- a/packages/aws-cdk-lib/aws-lambda/README.md +++ b/packages/aws-cdk-lib/aws-lambda/README.md @@ -1213,6 +1213,26 @@ const fn = new lambda.Function(this, 'Lambda_with_IPv6_VPC', { }); ``` +## Outbound traffic +By default, when creating a Lambda function, it would add a security group outbound rule to allow sending all network traffic (except IPv6). This is controlled by `allowAllOutbound` in function properties, which has a default value of `true`. + +To allow outbound IPv6 traffic by default, explicitly set `allowAllIpv6Outbound` to `true` in function properties as shown below (the default value for `allowAllIpv6Outbound` is `false`): +```ts +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const vpc = new ec2.Vpc(this, 'Vpc'); + +const fn = new lambda.Function(this, 'LambdaWithIpv6Outbound', { + code: new lambda.InlineCode('def main(event, context): pass'), + handler: 'index.main', + runtime: lambda.Runtime.PYTHON_3_9, + vpc: vpc, + allowAllIpv6Outbound: true, +}); +``` + +Do not specify `allowAllOutbound` or `allowAllIpv6Outbound` property if the `securityGroups` or `securityGroup` property is set. Instead, configure these properties directly on the security group. + ## Ephemeral Storage You can configure ephemeral storage on a function to control the amount of storage it gets for reading diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index 6fab7f359084e..6615ffe179ac0 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -294,7 +294,7 @@ export interface FunctionOptions extends EventInvokeConfigOptions { readonly securityGroups?: ec2.ISecurityGroup[]; /** - * Whether to allow the Lambda to send all network traffic + * Whether to allow the Lambda to send all network traffic (except ipv6) * * If set to false, you must individually add traffic rules to allow the * Lambda to connect to network targets. @@ -306,6 +306,20 @@ export interface FunctionOptions extends EventInvokeConfigOptions { */ readonly allowAllOutbound?: boolean; + /** + * Whether to allow the Lambda to send all ipv6 network traffic + * + * If set to true, there will only be a single egress rule which allows all + * outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the + * Lambda to connect to network targets using ipv6. + * + * Do not specify this property if the `securityGroups` or `securityGroup` property is set. + * Instead, configure `allowAllIpv6Outbound` directly on the security group. + * + * @default false + */ + readonly allowAllIpv6Outbound?: boolean; + /** * Enabled DLQ. If `deadLetterQueue` is undefined, * an SQS queue with default options will be defined for your Function. @@ -1515,6 +1529,9 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett if (props.ipv6AllowedForDualStack) { throw new Error('Cannot configure \'ipv6AllowedForDualStack\' without configuring a VPC'); } + if (props.allowAllIpv6Outbound !== undefined) { + throw new Error('Cannot configure \'allowAllIpv6Outbound\' without configuring a VPC'); + } return undefined; } @@ -1527,6 +1544,15 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett } } + if (props.allowAllIpv6Outbound !== undefined) { + if (props.securityGroup) { + throw new Error('Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroup.'); + } + if (hasSecurityGroups) { + throw new Error('Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroups.'); + } + } + let securityGroups: ec2.ISecurityGroup[]; if (hasSecurityGroups) { @@ -1536,6 +1562,7 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett vpc: props.vpc, description: 'Automatic security group for Lambda Function ' + Names.uniqueId(this), allowAllOutbound: props.allowAllOutbound, + allowAllIpv6Outbound: props.allowAllIpv6Outbound, }); securityGroups = [securityGroup]; } diff --git a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts index 0ce4ea8b47517..15e8465086bef 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts @@ -3803,6 +3803,77 @@ describe('function', () => { }), ).toThrow(/ADOT Lambda layer can't be configured with container image package type/); }); + + describe('allowAllIpv6Outbound', () => { + test('allowAllIpv6Outbound set to true', () => { + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + + new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + vpc, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::SecurityGroup', { + SecurityGroupEgress: [ + { + CidrIp: '0.0.0.0/0', + Description: 'Allow all outbound traffic by default', + IpProtocol: '-1', + }, + { + CidrIpv6: '::/0', + Description: 'Allow all outbound ipv6 traffic by default', + IpProtocol: '-1', + }, + ], + }); + }); + + test('throws when allowAllIpv6Outbound is defined without vpc', () => { + const stack = new cdk.Stack(); + + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + })).toThrow(/Cannot configure \'allowAllIpv6Outbound\' without configuring a VPC/); + }); + + test('throws when both allowAllIpv6Outbound and securityGroup are defined', () => { + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc: vpc }); + + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + vpc, + securityGroup: securityGroup, + })).toThrow(/Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroup./); + }); + + test('throws when both allowAllIpv6Outbound and securityGroups are defined', () => { + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc: vpc }); + + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + vpc, + securityGroups: [securityGroup], + })).toThrow(/Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroups./); + }); + }); }); test('throws if ephemeral storage size is out of bound', () => { From 4fa7716e0bc50c06327bc30320c5871207a11c52 Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sat, 7 Sep 2024 09:24:14 -0700 Subject: [PATCH 06/16] chore: fix spelling error of if (#31353) I saw this while reading the [EC2 instance docs](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Instance.html#userdatacausesreplacement). --- packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts | 2 +- packages/aws-cdk-lib/aws-ec2/lib/instance.ts | 2 +- packages/aws-cdk/lib/notices.ts | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts index 5bcce8cd0e4d0..aeb5bd31401d5 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts @@ -151,7 +151,7 @@ function calculateTemplateDiff(currentTemplate: { [key: string]: any }, newTempl /** * Replace all references to the given logicalID on the given template, in-place * - * Returns true iff any references were replaced. + * Returns true if any references were replaced. */ function propagateReplacedReferences(template: object, logicalId: string): boolean { let ret = false; diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts index 2eb98ad26e6fa..8dbcbd58bd921 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts @@ -177,7 +177,7 @@ export interface InstanceProps { * UserData, which will cause CloudFormation to replace it if the UserData * changes. * - * @default - true iff `initOptions` is specified, false otherwise. + * @default - true if `initOptions` is specified, false otherwise. */ readonly userDataCausesReplacement?: boolean; diff --git a/packages/aws-cdk/lib/notices.ts b/packages/aws-cdk/lib/notices.ts index 1747369705fe1..747078e0a11da 100644 --- a/packages/aws-cdk/lib/notices.ts +++ b/packages/aws-cdk/lib/notices.ts @@ -255,7 +255,7 @@ export class NoticeFilter { } /** - * Returns true iff we should show this notice. + * Returns true if we should show this notice. */ apply(notice: Notice): boolean { if (this.acknowledgedIssueNumbers.has(notice.issueNumber)) { @@ -267,7 +267,7 @@ export class NoticeFilter { } /** - * Returns true iff we should show the notice. + * Returns true if we should show the notice. */ private applyVersion(notice: Notice, name: string, compareToVersion: string | undefined) { if (compareToVersion === undefined) { return false; } From 633904d9bf82901237fba7ab552c02261b627d21 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Sun, 8 Sep 2024 15:55:42 +0900 Subject: [PATCH 07/16] chore(cognito): fix test case name for User Pool Domain (#31365) While working on #31351, I discovered. The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts index 109c357576c34..0f3439a3f68d2 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts @@ -3,7 +3,7 @@ import { Certificate } from '../../aws-certificatemanager'; import { CfnParameter, Stack } from '../../core'; import { UserPool, UserPoolDomain } from '../lib'; -describe('User Pool Client', () => { +describe('User Pool Domain', () => { test('custom domain name', () => { // GIVEN const stack = new Stack(); From ab73e538b7b77df8f8e981de2152dde814f66a1d Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sun, 8 Sep 2024 00:29:37 -0700 Subject: [PATCH 08/16] chore(stepfunctions-tasks): doc has incorrect api endpoint (#31364) Closes #30940. --- packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 2067a10332668..2bd0f0ea27132 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -1363,7 +1363,7 @@ const connection = new events.Connection(this, 'Connection', { new tasks.HttpInvoke(this, 'Invoke HTTP API', { apiRoot: 'https://api.example.com', - apiEndpoint: sfn.TaskInput.fromText('https://api.example.com/path/to/resource'), + apiEndpoint: sfn.TaskInput.fromText('path/to/resource'), body: sfn.TaskInput.fromObject({ foo: 'bar' }), connection, headers: sfn.TaskInput.fromObject({ 'Content-Type': 'application/json' }), From 7abe8fcc83c1734c48a105b6f249c3ea42c71493 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Mon, 9 Sep 2024 18:30:22 +0900 Subject: [PATCH 09/16] chore(rds): support 10.11.9, 10.6.19, 10.5.26 for MariaDB (#31366) Add new minor versions. Ref: [Amazon RDS for MariaDB supports minors 10.11.9, 10.6.19, 10.5.26](https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-rds-mariadb-minors-10/) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-rds/lib/instance-engine.ts | 6 +++ .../aws-rds/test/instance-engine.test.ts | 54 +++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index e0bfec6452b62..dbe3d17992280 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -494,6 +494,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_5_24 = MariaDbEngineVersion.of('10.5.24', '10.5'); /** Version "10.5.25". */ public static readonly VER_10_5_25 = MariaDbEngineVersion.of('10.5.25', '10.5'); + /** Version "10.5.26". */ + public static readonly VER_10_5_26 = MariaDbEngineVersion.of('10.5.26', '10.5'); /** Version "10.6" (only a major version, without a specific minor version). */ public static readonly VER_10_6 = MariaDbEngineVersion.of('10.6', '10.6'); @@ -539,6 +541,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_6_17 = MariaDbEngineVersion.of('10.6.17', '10.6'); /** Version "10.6.18". */ public static readonly VER_10_6_18 = MariaDbEngineVersion.of('10.6.18', '10.6'); + /** Version "10.6.19". */ + public static readonly VER_10_6_19 = MariaDbEngineVersion.of('10.6.19', '10.6'); /** Version "10.11" (only a major version, without a specific minor version). */ public static readonly VER_10_11 = MariaDbEngineVersion.of('10.11', '10.11'); @@ -552,6 +556,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_11_7 = MariaDbEngineVersion.of('10.11.7', '10.11'); /** Version "10.11.8". */ public static readonly VER_10_11_8 = MariaDbEngineVersion.of('10.11.8', '10.11'); + /** Version "10.11.9". */ + public static readonly VER_10_11_9 = MariaDbEngineVersion.of('10.11.9', '10.11'); /** * Create a new MariaDbEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts index 86d2b8b2dc574..107ff52094086 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts @@ -1,4 +1,5 @@ import { Template } from '../../assertions'; +import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as cdk from '../../core'; import * as rds from '../lib'; @@ -262,4 +263,57 @@ describe('instance engine', () => { expect(engineConfig.features?.s3Export).toEqual('s3Export'); }); }); + + describe('MariaDB engine version', () => { + test.each([ + ['10.4', rds.MariaDbEngineVersion.VER_10_4], + ['10.4.29', rds.MariaDbEngineVersion.VER_10_4_29], + ['10.4.30', rds.MariaDbEngineVersion.VER_10_4_30], + ['10.4.31', rds.MariaDbEngineVersion.VER_10_4_31], + ['10.4.32', rds.MariaDbEngineVersion.VER_10_4_32], + ['10.4.33', rds.MariaDbEngineVersion.VER_10_4_33], + ['10.4.34', rds.MariaDbEngineVersion.VER_10_4_34], + ['10.5', rds.MariaDbEngineVersion.VER_10_5], + ['10.5.20', rds.MariaDbEngineVersion.VER_10_5_20], + ['10.5.21', rds.MariaDbEngineVersion.VER_10_5_21], + ['10.5.22', rds.MariaDbEngineVersion.VER_10_5_22], + ['10.5.23', rds.MariaDbEngineVersion.VER_10_5_23], + ['10.5.24', rds.MariaDbEngineVersion.VER_10_5_24], + ['10.5.25', rds.MariaDbEngineVersion.VER_10_5_25], + ['10.5.26', rds.MariaDbEngineVersion.VER_10_5_26], + ['10.6', rds.MariaDbEngineVersion.VER_10_6], + ['10.6.13', rds.MariaDbEngineVersion.VER_10_6_13], + ['10.6.14', rds.MariaDbEngineVersion.VER_10_6_14], + ['10.6.15', rds.MariaDbEngineVersion.VER_10_6_15], + ['10.6.16', rds.MariaDbEngineVersion.VER_10_6_16], + ['10.6.17', rds.MariaDbEngineVersion.VER_10_6_17], + ['10.6.18', rds.MariaDbEngineVersion.VER_10_6_18], + ['10.6.19', rds.MariaDbEngineVersion.VER_10_6_19], + ['10.11', rds.MariaDbEngineVersion.VER_10_11], + ['10.11.4', rds.MariaDbEngineVersion.VER_10_11_4], + ['10.11.5', rds.MariaDbEngineVersion.VER_10_11_5], + ['10.11.6', rds.MariaDbEngineVersion.VER_10_11_6], + ['10.11.7', rds.MariaDbEngineVersion.VER_10_11_7], + ['10.11.8', rds.MariaDbEngineVersion.VER_10_11_8], + ['10.11.9', rds.MariaDbEngineVersion.VER_10_11_9], + ])('is passed correctly for %s', (engineVersion, version) => { + + // WHEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + new rds.DatabaseInstance(stack, 'Instance', { + engine: rds.DatabaseInstanceEngine.mariaDb({ version }), + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBInstance', { + Properties: { + Engine: 'mariadb', + EngineVersion: engineVersion, + }, + }); + }); + }); }); From 65422077123fa5870106e29594b8f0392484da3f Mon Sep 17 00:00:00 2001 From: "Kenta Goto (k.goto)" <24818752+go-to-k@users.noreply.github.com> Date: Mon, 9 Sep 2024 19:27:30 +0900 Subject: [PATCH 10/16] fix(rds): proxy target group does not depend on database instances when using writer property for database cluster (#31354) ### Issue # (if applicable) Closes #31304 . ### Reason for this change Proxy Target Group should depend on and wait for Aurora instances to be ready before creating CloudFormation resource. (see the issue). Now, the dependency is added when using a legacy `instanceProps`, but not added when using a `writer` property. https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539 (The cluster has `CfnDBInstance` directly when using the `instanceProps`, but it has `AuroraClusterInstance` with `CfnDBInstance` as `defaultChild` when using the `writer`. So the cluster doesn't have the `CfnDBInstance` directly in the latter case.) ### Description of changes Added the dependency when using a `writer` property instead of `instanceProps`. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-rds-proxy.assets.json | 6 +- .../aws-cdk-rds-proxy.template.json | 2910 ++++++++++------- .../test/integ.proxy.js.snapshot/cdk.out | 2 +- ...efaultTestDeployAssert1DC3D9D5.assets.json | 2 +- .../test/integ.proxy.js.snapshot/integ.json | 2 +- .../integ.proxy.js.snapshot/manifest.json | 154 +- .../test/integ.proxy.js.snapshot/tree.json | 1497 +++++++-- .../test/aws-rds/test/integ.proxy.ts | 24 + packages/aws-cdk-lib/aws-rds/lib/proxy.ts | 8 + .../aws-cdk-lib/aws-rds/test/proxy.test.ts | 80 + 10 files changed, 3320 insertions(+), 1365 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json index 45550d77e835b..455acf0505f1e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { - "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553": { + "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af": { "source": { "path": "aws-cdk-rds-proxy.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "objectKey": "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index 8d7cb0c299935..5f3722c21fa1f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -1,1191 +1,1869 @@ { - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - } - }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1RouteTableAssociation5D3F4579" + ] + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet1EIPDA49DCBE", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "vpcPublicSubnet1DefaultRoute10708846", - "vpcPublicSubnet1RouteTableAssociation5D3F4579" - ] + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2RouteTableAssociation21F81B59" + ] + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + }, + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "SecretEncryptionKey40C82244": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } + }, + "Resource": "*" }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet2EIP9B3743B1", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] + { + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" }, - "DependsOn": [ - "vpcPublicSubnet2DefaultRouteA1EC0F60", - "vpcPublicSubnet2RouteTableAssociation21F81B59" - ] - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, + { + "Action": "kms:Decrypt", + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", { - "Fn::GetAZs": "" - } + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + } } - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } + }, + "Resource": "*" } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "dbInstanceSubnetGroupD062EC9E": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for dbInstance database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbInstanceSecurityGroupA58A00A3": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for dbInstance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Instance from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } + "GroupId": { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] + } + } + }, + "dbInstanceSecret032D3661": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "GenerateSecretString": { + "ExcludeCharacters": "\"@/\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"master\"}" }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } + "KmsKeyId": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbInstanceSecretAttachment88CFBDAE": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbInstanceSecret032D3661" }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - } - } + "TargetId": { + "Ref": "dbInstance4076B1EC" }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] - } + "TargetType": "AWS::RDS::DBInstance" + } + }, + "dbInstance4076B1EC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbInstanceSubnetGroupD062EC9E" }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "Engine": "postgres", + "EngineVersion": "16.3", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:password::}}" + ] + ] }, - "SecretEncryptionKey40C82244": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": "kms:Decrypt", - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:username::}}" + ] + ] + }, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbProxyIAMRole662F3AB8": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbProxyIAMRoleDefaultPolicy99AB98F3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" + } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "dbInstanceSubnetGroupD062EC9E": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnet group for dbInstance database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } + { + "Action": "kms:Decrypt", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "dbInstanceSecurityGroupA58A00A3": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Security group for dbInstance database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", + "Roles": [ + { + "Ref": "dbProxyIAMRole662F3AB8" + } + ] + } + }, + "dbProxyProxySecurityGroup16E727A7": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbProxy3B89EAF2": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" } + } + ], + "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, - "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Instance from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - } - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbProxyProxyTargetGroup8DA26A77": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": { + "ConnectionBorrowTimeout": 30, + "MaxConnectionsPercent": 50 }, - "dbInstanceSecret032D3661": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": "\"@/\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"master\"}" - }, - "KmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbInstanceSecretAttachment88CFBDAE": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbInstanceSecret032D3661" - }, - "TargetId": { - "Ref": "dbInstance4076B1EC" - }, - "TargetType": "AWS::RDS::DBInstance" - } + "DBInstanceIdentifiers": [ + { + "Ref": "dbInstance4076B1EC" + } + ], + "DBProxyName": { + "Ref": "dbProxy3B89EAF2" }, - "dbInstance4076B1EC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "AllocatedStorage": "100", - "CopyTagsToSnapshot": true, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbInstanceSubnetGroupD062EC9E" - }, - "Engine": "postgres", - "EngineVersion": "16.3", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:username::}}" - ] - ] - }, - "StorageType": "gp2", - "VPCSecurityGroups": [ - { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbProxyIAMRole662F3AB8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } + "TargetGroupName": "default" + } + }, + "dbClusterSubnets03B9B0E1": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbCluster database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterSecurityGroupCAA1A91F": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyIAMRoleDefaultPolicy99AB98F3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - }, - { - "Action": "kms:Decrypt", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", - "Roles": [ - { - "Ref": "dbProxyIAMRole662F3AB8" - } - ] - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbProxyProxySecurityGroup16E727A7": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] }, - "dbProxy3B89EAF2": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - } - ], - "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyProxyTargetGroup8DA26A77": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": { - "ConnectionBorrowTimeout": 30, - "MaxConnectionsPercent": 50 - }, - "DBInstanceIdentifiers": [ - { - "Ref": "dbInstance4076B1EC" - } - ], - "DBProxyName": { - "Ref": "dbProxy3B89EAF2" - }, - "TargetGroupName": "default" - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbClusterSubnets03B9B0E1": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnets for dbCluster database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" + ] }, - "dbClusterSecurityGroupCAA1A91F": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "RDS security group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecretCEA6D7B6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxyProxySecurityGroup170F327D", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterSecretAttachmentAB67A752": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterSecretCEA6D7B6" }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxy2ProxySecurityGroupB44507AE", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "TargetId": { + "Ref": "dbClusterE86E47AE" }, - "dbClusterSecretCEA6D7B6": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"postgres\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterSecretAttachmentAB67A752": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbClusterSecretCEA6D7B6" - }, - "TargetId": { - "Ref": "dbClusterE86E47AE" - }, - "TargetType": "AWS::RDS::DBCluster" - } + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterE86E47AE": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" }, - "dbClusterE86E47AE": { - "Type": "AWS::RDS::DBCluster", - "Properties": { - "CopyTagsToSnapshot": true, - "DBClusterParameterGroupName": "default.aurora-postgresql14", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql", - "EngineVersion": "14.5", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:username::}}" - ] - ] - }, - "Port": 5432, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Snapshot", - "DeletionPolicy": "Snapshot" - }, - "dbClusterInstance1BCE092AC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterInstance20BA1ECD9": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterProxyIAMRole693E39F5": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterInstance1BCE092AC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterInstance20BA1ECD9": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterProxyIAMRole693E39F5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } } + ], + "Version": "2012-10-17" }, - "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", - "Roles": [ - { - "Ref": "dbClusterProxyIAMRole693E39F5" - } - ] + "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", + "Roles": [ + { + "Ref": "dbClusterProxyIAMRole693E39F5" + } + ] + } + }, + "dbClusterProxyProxySecurityGroup170F327D": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxyAB5F8181": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, - "dbClusterProxyProxySecurityGroup170F327D": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxyProxyTargetGroupB7010C0D": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxyAB5F8181" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterProxy2IAMRole190D217C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxyAB5F8181": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxyProxySecurityGroup170F327D", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", + "Roles": [ + { + "Ref": "dbClusterProxy2IAMRole190D217C" + } + ] + } + }, + "dbClusterProxy2ProxySecurityGroupB44507AE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxy28BBD43D5": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxy2IAMRole190D217C", + "Arn" + ] }, - "dbClusterProxyProxyTargetGroupB7010C0D": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxyAB5F8181" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxy2ProxyTargetGroup8BD48F57": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxy28BBD43D5" }, - "dbClusterProxy2IAMRole190D217C": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterWithWriterAndReadersSubnetsD9FBAD2A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecret3ED37A64": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersSecretAttachment9F7B2148": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "TargetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterWithWriterAndReaders6627D259": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterWithWriterAndReaderswriter6BAC1240": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 0 + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersreader042B2B99": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 2 + }, + "DependsOn": [ + "dbClusterWithWriterAndReaderswriter6BAC1240", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", - "Roles": [ - { - "Ref": "dbClusterProxy2IAMRole190D217C" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy4C6584761": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] }, - "dbClusterProxy2ProxySecurityGroupB44507AE": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy28BBD43D5": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxy2IAMRole190D217C", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxy2ProxySecurityGroupB44507AE", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy5FA5F5557": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] }, - "dbClusterProxy2ProxyTargetGroup8BD48F57": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxy28BBD43D5" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "Proxy3IAMRole26B82D9F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } + } + }, + "Proxy3IAMRoleDefaultPolicyEBD54677": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "Roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + "Proxy3ProxySecurityGroupF29F0434": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" } + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - ["1", "2", "3", "4", "5"], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "Proxy39463A146": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "DBProxyName": "awscdkrdsproxyProxy396989E4B", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "Proxy3ProxyTargetGroup5A623A38": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "Proxy39463A146" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } -} + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json index a2b39265333af..2f779cc54513c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json index 5edeed336de2c..86fe159acd460 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { "database-proxy-integ-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json index d5cd0fa6a2610..bf694779d2b9d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "aws-cdk-rds-proxy.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -358,6 +358,156 @@ "data": "dbClusterProxy2ProxyTargetGroup8BD48F57" } ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroup1D462CCA" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecret3ED37A64" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaders6627D259" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaderswriter6BAC1240" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersreader042B2B99" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4C6584761" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5FA5F5557" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRole26B82D9F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRoleDefaultPolicyEBD54677" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxySecurityGroupF29F0434" + } + ], + "/aws-cdk-rds-proxy/Proxy3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy39463A146" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxyTargetGroup5A623A38" + } + ], "/aws-cdk-rds-proxy/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json index 87d132f060e44..28db74f6c2be6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -311,8 +311,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -331,8 +331,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -359,14 +359,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet1": { @@ -409,16 +409,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -439,8 +439,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -458,8 +458,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -478,14 +478,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet2": { @@ -528,16 +528,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -577,8 +577,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -597,14 +597,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "IGW": { @@ -622,8 +622,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "VPCGW": { @@ -641,14 +641,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecretEncryptionKey": { @@ -753,7 +753,10 @@ "Effect": "Allow", "Principal": { "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } }, "Resource": "*" @@ -764,14 +767,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbInstance": { @@ -800,14 +803,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -834,8 +837,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbProxyProxySecurityGroupA345AFE5:{IndirectPort}": { @@ -846,7 +849,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Instance from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -862,19 +868,22 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -905,13 +914,16 @@ "excludeCharacters": "\"@/\\" }, "kmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -934,20 +946,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -963,7 +975,7 @@ "Ref": "dbInstanceSubnetGroupD062EC9E" }, "engine": "postgres", - "EngineVersion": "16.3", + "engineVersion": "16.3", "masterUsername": { "Fn::Join": [ "", @@ -1000,14 +1012,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbProxy": { @@ -1022,8 +1034,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbProxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1047,8 +1059,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1095,20 +1107,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1135,14 +1147,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1165,7 +1177,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1186,8 +1201,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1212,14 +1227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbCluster": { @@ -1248,14 +1263,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -1282,8 +1297,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09:{IndirectPort}": { @@ -1294,7 +1309,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1310,13 +1328,16 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853F:{IndirectPort}": { @@ -1327,7 +1348,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1343,27 +1367,30 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "path": "aws-cdk-rds-proxy/dbCluster/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -1396,8 +1423,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -1420,20 +1447,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1485,8 +1512,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance1": { @@ -1506,8 +1533,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance2": { @@ -1527,8 +1554,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy": { @@ -1543,8 +1570,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1568,8 +1595,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1606,20 +1633,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1646,14 +1673,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1675,7 +1702,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1696,8 +1726,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1719,14 +1749,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy2": { @@ -1741,8 +1771,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy2/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1766,8 +1796,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1804,20 +1834,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1844,14 +1874,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1897,8 +1927,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1920,84 +1950,1069 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-rds-proxy/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "database-proxy-integ-test": { - "id": "database-proxy-integ-test", - "path": "database-proxy-integ-test", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "database-proxy-integ-test/DefaultTest", + "dbClusterWithWriterAndReaders": { + "id": "dbClusterWithWriterAndReaders", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders", "children": { - "Default": { - "id": "Default", - "path": "database-proxy-integ-test/DefaultTest/Default", + "Subnets": { + "id": "Subnets", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "subnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, "constructInfo": { "fqn": "constructs.Construct", "version": "10.3.0" } }, - "DeployAssert": { - "id": "DeployAssert", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup", "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": { + "id": "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Secret": { + "id": "Secret", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "targetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-postgresql14", + "dbSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "engine": "aurora-postgresql", + "engineVersion": "14.5", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "port": 5432, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "writer": { + "id": "writer", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 0 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "reader": { + "id": "reader", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 2 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy4": { + "id": "Proxy4", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy5": { + "id": "Proxy5", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy3": { + "id": "Proxy3", + "path": "aws-cdk-rds-proxy/Proxy3", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxyProxy396989E4B", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "Proxy39463A146" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-rds-proxy/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "database-proxy-integ-test": { + "id": "database-proxy-integ-test", + "path": "database-proxy-integ-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "database-proxy-integ-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "database-proxy-integ-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -2022,8 +3037,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts index 53c0f38ed3d04..dfda38ebde6ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts @@ -52,6 +52,30 @@ cluster.addProxy('Proxy2', { vpc, }); +// With `writer` and `readers` properties instead of the legacy `instanceProps` +const clusterWithWriterAndReaders = new rds.DatabaseCluster(stack, 'dbClusterWithWriterAndReaders', { + engine: rds.DatabaseClusterEngine.auroraPostgres({ + version: rds.AuroraPostgresEngineVersion.VER_14_5, + }), + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], +}); + +new rds.DatabaseProxy(stack, 'Proxy3', { + proxyTarget: rds.ProxyTarget.fromCluster(clusterWithWriterAndReaders), + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy4', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy5', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); + new integ.IntegTest(app, 'database-proxy-integ-test', { testCases: [stack], diffAssets: true, diff --git a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts index cf076a9668802..6c8ffe2fb1695 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts @@ -533,9 +533,17 @@ export class DatabaseProxy extends DatabaseProxyBase // To avoid this, use `CfnResource.addDependency` to add dependencies on `DatabaseCluster` and `DBInstance`. bindResult.dbClusters?.forEach((cluster) => { cluster.node.children.forEach((child) => { + // Legacy case using the `instanceProps` property of `DatabaseCluster`. if (child instanceof CfnDBInstance) { proxyTargetGroup.addDependency(child); } + // The case of `AuroraClusterInstance` constructs passed via the `writer` and `readers` properties of `DatabaseCluster`. + // We can't use the `AuroraClusterInstance` class to check the type with `instanceof` because the class is not exported. + // The `defaultChild` that the construct has should be a `CfnDBInstance`, so check it. + const resource = child.node.defaultChild; + if (resource instanceof CfnDBInstance) { + proxyTargetGroup.addDependency(resource); + } }); const clusterResource = cluster.node.defaultChild as cdk.CfnResource; if (clusterResource && cdk.CfnResource.isCfnResource(clusterResource)) { diff --git a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts index 7c1d76a68a416..b8c31cdcb4595 100644 --- a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts @@ -558,6 +558,86 @@ describe('proxy', () => { }); }); + test('DBProxyTargetGroup should have dependency on the proxy targets when using cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + new rds.DatabaseProxy(stack, 'proxy', { + proxyTarget: rds.ProxyTarget.fromCluster(cluster), + secrets: [cluster.secret!], + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'proxy3A1DA9C7', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + + test('Correct dependencies are created when multiple DatabaseProxy are created with addProxy for cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + cluster.addProxy('Proxy', { + vpc, + secrets: [cluster.secret!], + }); + cluster.addProxy('Proxy2', { + vpc, + secrets: [cluster.secret!], + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxy22303E35D', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxyC4BEF551', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + describe('clientPasswordAuthType', () => { test('create a DB proxy with specified client password authentication type', () => { // GIVEN From c2889d8339d510f2ffd0eb304b8130db665abfe4 Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Mon, 9 Sep 2024 11:31:32 -0700 Subject: [PATCH 11/16] chore(neptune-alpha): add engine versions, instance types (#31363) Closes #31244. --- .../@aws-cdk/aws-neptune-alpha/lib/cluster.ts | 20 +++ .../aws-neptune-alpha/lib/instance.ts | 163 +++++++++++++++++- 2 files changed, 181 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts index cc68d8a49cefd..089333b436237 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts @@ -76,6 +76,14 @@ export class EngineVersion { * Neptune engine version 1.2.1.0 */ public static readonly V1_2_1_0 = new EngineVersion('1.2.1.0'); + /** + * Neptune engine version 1.2.1.1 + */ + public static readonly V1_2_1_1 = new EngineVersion('1.2.1.1'); + /** + * Neptune engine version 1.2.1.2 + */ + public static readonly V1_2_1_2 = new EngineVersion('1.2.1.2'); /** * Neptune engine version 1.3.0.0 */ @@ -84,6 +92,18 @@ export class EngineVersion { * Neptune engine version 1.3.1.0 */ public static readonly V1_3_1_0 = new EngineVersion('1.3.1.0'); + /** + * Neptune engine version 1.3.2.0 + */ + public static readonly V1_3_2_0 = new EngineVersion('1.3.2.0'); + /** + * Neptune engine version 1.3.2.1 + */ + public static readonly V1_3_2_1 = new EngineVersion('1.3.2.1'); + /** + * Neptune engine version 1.3.3.0 + */ + public static readonly V1_3_3_0 = new EngineVersion('1.3.3.0'); /** * Constructor for specifying a custom engine version diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts index eac8c65df3aa5..a3c8bae9cf389 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts @@ -12,6 +12,75 @@ import { IParameterGroup } from './parameter-group'; * used for defining `DatabaseInstanceProps.instanceType`. */ export class InstanceType { + /** + * db.x2g.large + */ + public static readonly X2G_LARGE = InstanceType.of('db.x2g.large'); + + /** + * db.x2g.xlarge + */ + public static readonly X2G_XLARGE = InstanceType.of('db.x2g.xlarge'); + + /** + * db.x2g.2xlarge + */ + public static readonly X2G_2XLARGE = InstanceType.of('db.x2g.2xlarge'); + + /** + * db.x2g.4xlarge + */ + public static readonly X2G_4XLARGE = InstanceType.of('db.x2g.4xlarge'); + + /** + * db.x2g.8xlarge + */ + public static readonly X2G_8XLARGE = InstanceType.of('db.x2g.8xlarge'); + + /** + * db.x2g.12xlarge + */ + public static readonly X2G_12XLARGE = InstanceType.of('db.x2g.12xlarge'); + + /** + * db.x2g.16xlarge + */ + public static readonly X2G_16XLARGE = InstanceType.of('db.x2g.16xlarge'); + + /** + * db.x2iedn.xlarge + */ + public static readonly X2IEDN_XLARGE = InstanceType.of('db.x2iedn.xlarge'); + + /** + * db.x2iedn.2xlarge + */ + public static readonly X2IEDN_2XLARGE = InstanceType.of('db.x2iedn.2xlarge'); + + /** + * db.x2iedn.4xlarge + */ + public static readonly X2IEDN_4XLARGE = InstanceType.of('db.x2iedn.4xlarge'); + + /** + * db.x2iedn.8xlarge + */ + public static readonly X2IEDN_8XLARGE = InstanceType.of('db.x2iedn.8xlarge'); + + /** + * db.x2iedn.16xlarge + */ + public static readonly X2IEDN_16XLARGE = InstanceType.of('db.x2iedn.16xlarge'); + + /** + * db.x2iedn.24xlarge + */ + public static readonly X2IEDN_24XLARGE = InstanceType.of('db.x2iedn.24xlarge'); + + /** + * db.x2iedn.32xlarge + */ + public static readonly X2IEDN_32XLARGE = InstanceType.of('db.x2iedn.32xlarge'); /** * db.r6g.large @@ -49,9 +118,49 @@ export class InstanceType { public static readonly R6G_16XLARGE = InstanceType.of('db.r6g.16xlarge'); /** - * db.t4g.medium + * db.r6i.large */ - public static readonly T4G_MEDIUM = InstanceType.of('db.t4g.medium'); + public static readonly R6I_LARGE = InstanceType.of('db.r6i.large'); + + /** + * db.r6i.xlarge + */ + public static readonly R6I_XLARGE = InstanceType.of('db.r6i.xlarge'); + + /** + * db.r6i.2xlarge + */ + public static readonly R6I_2XLARGE = InstanceType.of('db.r6i.2xlarge'); + + /** + * db.r6i.4xlarge + */ + public static readonly R6I_4XLARGE = InstanceType.of('db.r6i.4xlarge'); + + /** + * db.r6i.8xlarge + */ + public static readonly R6I_8XLARGE = InstanceType.of('db.r6i.8xlarge'); + + /** + * db.r6i.12xlarge + */ + public static readonly R6I_12XLARGE = InstanceType.of('db.r6i.12xlarge'); + + /** + * db.r6i.16xlarge + */ + public static readonly R6I_16XLARGE = InstanceType.of('db.r6i.16xlarge'); + + /** + * db.r6i.24xlarge + */ + public static readonly R6I_24XLARGE = InstanceType.of('db.r6i.24xlarge'); + + /** + * db.r6i.32xlarge + */ + public static readonly R6I_32XLARGE = InstanceType.of('db.r6i.32xlarge'); /** * db.r5.large @@ -83,11 +192,56 @@ export class InstanceType { */ public static readonly R5_12XLARGE = InstanceType.of('db.r5.12xlarge'); + /** + * db.r5.16xlarge + */ + public static readonly R5_16XLARGE = InstanceType.of('db.r5.16xlarge'); + /** * db.r5.24xlarge */ public static readonly R5_24XLARGE = InstanceType.of('db.r5.24xlarge'); + /** + * db.r5d.large + */ + public static readonly R5D_LARGE = InstanceType.of('db.r5d.large'); + + /** + * db.r5d.xlarge + */ + public static readonly R5D_XLARGE = InstanceType.of('db.r5d.xlarge'); + + /** + * db.r5d.2xlarge + */ + public static readonly R5D_2XLARGE = InstanceType.of('db.r5d.2xlarge'); + + /** + * db.r5d.4xlarge + */ + public static readonly R5D_4XLARGE = InstanceType.of('db.r5d.4xlarge'); + + /** + * db.r5d.8xlarge + */ + public static readonly R5D_8XLARGE = InstanceType.of('db.r5d.8xlarge'); + + /** + * db.r5d.12xlarge + */ + public static readonly R5D_12XLARGE = InstanceType.of('db.r5d.12xlarge'); + + /** + * db.r5d.16xlarge + */ + public static readonly R5D_16XLARGE = InstanceType.of('db.r5d.16xlarge'); + + /** + * db.r5d.24xlarge + */ + public static readonly R5D_24XLARGE = InstanceType.of('db.r5d.24xlarge'); + /** * db.r4.large */ @@ -113,6 +267,11 @@ export class InstanceType { */ public static readonly R4_8XLARGE = InstanceType.of('db.r4.8xlarge'); + /** + * db.t4g.medium + */ + public static readonly T4G_MEDIUM = InstanceType.of('db.t4g.medium'); + /** * db.t3.medium */ From 00043b7bcdc8c961aee4fe60b5f53c2e8a1766e1 Mon Sep 17 00:00:00 2001 From: Kazuho Cryer-Shinozuka Date: Tue, 10 Sep 2024 04:12:14 +0900 Subject: [PATCH 12/16] chore(ec2): add interface VPC endpoints (#31359) ### Issue # (if applicable) None ### Reason for this change There some interface vpc endpoints which is not supported by AWS CDK. ### Description of changes I've added the following VPC endpoints. - airflow.api-fips - airflow.env-fips - applicationinsights - emr-serverless-services.livy - pcs - pcs-fips - pi - pi-fips - q - rbin - service.user-subscriptions - ssm-fips - ssm-quicksetup - timestream-influxdb-fips - wellarchitected Since a PR has already been created for the following endpoints, this PR does not address them. - kinesis-streams-fips (#31350) - dynamodb (#30162) ### Description of how you validated changes These endpoints are obtained from AWS CLI. ```sh $ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index 29ac27d97d8f2..2225a2ea48ef9 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -275,7 +275,9 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly ACCESS_ANALYZER = new InterfaceVpcEndpointAwsService('access-analyzer'); public static readonly ACCOUNT_MANAGEMENT = new InterfaceVpcEndpointAwsService('account'); public static readonly AIRFLOW_API = new InterfaceVpcEndpointAwsService('airflow.api'); + public static readonly AIRFLOW_API_FIPS = new InterfaceVpcEndpointAwsService('airflow.api-fips'); public static readonly AIRFLOW_ENV = new InterfaceVpcEndpointAwsService('airflow.env'); + public static readonly AIRFLOW_ENV_FIPS = new InterfaceVpcEndpointAwsService('airflow.env-fips'); public static readonly AIRFLOW_OPS = new InterfaceVpcEndpointAwsService('airflow.ops'); public static readonly APIGATEWAY = new InterfaceVpcEndpointAwsService('execute-api'); /** @deprecated - Use InterfaceVpcEndpointAwsService.APP_MESH_ENVOY_MANAGEMENT instead. */ @@ -323,6 +325,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CODEWHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); /** @deprecated - Use InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING instead. */ public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring'); + public static readonly CLOUDWATCH_APPLICATION_INSIGHTS = new InterfaceVpcEndpointAwsService('applicationinsights'); public static readonly CLOUDWATCH_APPLICATION_SIGNALS = new InterfaceVpcEndpointAwsService('application-signals'); /** @deprecated - Use InterfaceVpcEndpointAwsService.EVENTBRIDGE instead. */ public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events'); @@ -395,6 +398,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly EMR = new InterfaceVpcEndpointAwsService('elasticmapreduce'); public static readonly EMR_EKS = new InterfaceVpcEndpointAwsService('emr-containers'); public static readonly EMR_SERVERLESS = new InterfaceVpcEndpointAwsService('emr-serverless'); + public static readonly EMR_SERVERLESS_LIVY = new InterfaceVpcEndpointAwsService('emr-serverless-services.livy'); public static readonly EMR_WAL = new InterfaceVpcEndpointAwsService('emrwal.prod'); public static readonly ENTITY_RESOLUTION = new InterfaceVpcEndpointAwsService('entityresolution'); public static readonly EVENTBRIDGE = new InterfaceVpcEndpointAwsService('events'); @@ -485,6 +489,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly OMICS_TAGS = new InterfaceVpcEndpointAwsService('tags-omics'); public static readonly OMICS_WORKFLOWS = new InterfaceVpcEndpointAwsService('workflows-omics'); public static readonly PANORAMA = new InterfaceVpcEndpointAwsService('panorama'); + public static readonly PARALLEL_COMPUTING_SERVICE = new InterfaceVpcEndpointAwsService('pcs'); + public static readonly PARALLEL_COMPUTING_SERVICE_FIPS = new InterfaceVpcEndpointAwsService('pcs-fips'); public static readonly PAYMENT_CRYPTOGRAPHY_CONTROLPLANE = new InterfaceVpcEndpointAwsService('payment-cryptography.controlplane'); public static readonly PAYMENT_CRYTOGRAPHY_DATAPLANE = new InterfaceVpcEndpointAwsService('payment-cryptography.dataplane'); public static readonly PERSONALIZE = new InterfaceVpcEndpointAwsService('personalize'); @@ -505,12 +511,16 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly PROMETHEUS_WORKSPACES = new InterfaceVpcEndpointAwsService('aps-workspaces'); public static readonly PROTON = new InterfaceVpcEndpointAwsService('proton'); public static readonly Q_BUSSINESS = new InterfaceVpcEndpointAwsService('qbusiness', 'aws.api'); + public static readonly Q_DEVELOPER = new InterfaceVpcEndpointAwsService('q'); public static readonly Q_DEVELOPER_CODE_WHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); public static readonly Q_DEVELOPER_QAPPS = new InterfaceVpcEndpointAwsService('qapps'); + public static readonly Q_USER_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('service.user-subscriptions'); public static readonly QLDB = new InterfaceVpcEndpointAwsService('qldb.session'); public static readonly QUICKSIGHT_WEBSITE = new InterfaceVpcEndpointAwsService('quicksight-website'); public static readonly RDS = new InterfaceVpcEndpointAwsService('rds'); public static readonly RDS_DATA = new InterfaceVpcEndpointAwsService('rds-data'); + public static readonly RDS_PERFORMANCE_INSIGHTS = new InterfaceVpcEndpointAwsService('pi'); + public static readonly RDS_PERFORMANCE_INSIGHTS_FIPS = new InterfaceVpcEndpointAwsService('pi-fips'); public static readonly REDSHIFT = new InterfaceVpcEndpointAwsService('redshift'); public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips'); public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data'); @@ -523,6 +533,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly REKOGNITION_STREAMING_FIPS = new InterfaceVpcEndpointAwsService('streaming-rekognition-fips'); public static readonly REPOST_SPACE = new InterfaceVpcEndpointAwsService('repostspace'); public static readonly ROBOMAKER = new InterfaceVpcEndpointAwsService('robomaker'); + public static readonly RECYCLE_BIN = new InterfaceVpcEndpointAwsService('rbin'); public static readonly S3 = new InterfaceVpcEndpointAwsService('s3'); public static readonly S3_OUTPOSTS = new InterfaceVpcEndpointAwsService('s3-outposts'); public static readonly S3_MULTI_REGION_ACCESS_POINTS = new InterfaceVpcEndpointAwsService('s3-global.accesspoint', 'com.amazonaws', undefined, { global: true }); @@ -548,9 +559,11 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly SNS = new InterfaceVpcEndpointAwsService('sns'); public static readonly SQS = new InterfaceVpcEndpointAwsService('sqs'); public static readonly SSM = new InterfaceVpcEndpointAwsService('ssm'); + public static readonly SSM_FIPS = new InterfaceVpcEndpointAwsService('ssm-fips'); public static readonly SSM_MESSAGES = new InterfaceVpcEndpointAwsService('ssmmessages'); public static readonly SSM_CONTACTS = new InterfaceVpcEndpointAwsService('ssm-contacts'); public static readonly SSM_INCIDENTS = new InterfaceVpcEndpointAwsService('ssm-incidents'); + public static readonly SSM_QUICK_SETUP = new InterfaceVpcEndpointAwsService('ssm-quicksetup'); public static readonly STEP_FUNCTIONS = new InterfaceVpcEndpointAwsService('states'); public static readonly STEP_FUNCTIONS_SYNC = new InterfaceVpcEndpointAwsService('sync-states'); public static readonly STORAGE_GATEWAY = new InterfaceVpcEndpointAwsService('storagegateway'); @@ -562,12 +575,14 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly TEXTRACT = new InterfaceVpcEndpointAwsService('textract'); public static readonly TEXTRACT_FIPS = new InterfaceVpcEndpointAwsService('textract-fips'); public static readonly TIMESTREAM_INFLUXDB = new InterfaceVpcEndpointAwsService('timestream-influxdb'); + public static readonly TIMESTREAM_INFLUXDB_FIPS = new InterfaceVpcEndpointAwsService('timestream-influxdb-fips'); public static readonly TRANSCRIBE = new InterfaceVpcEndpointAwsService('transcribe'); public static readonly TRANSCRIBE_STREAMING = new InterfaceVpcEndpointAwsService('transcribestreaming'); public static readonly TRANSFER = new InterfaceVpcEndpointAwsService('transfer'); public static readonly TRANSFER_SERVER = new InterfaceVpcEndpointAwsService('transfer.server'); public static readonly TRANSLATE = new InterfaceVpcEndpointAwsService('translate'); public static readonly TRUSTED_ADVISOR = new InterfaceVpcEndpointAwsService('trustedadvisor'); + public static readonly WELL_ARCHITECTED_TOOL = new InterfaceVpcEndpointAwsService('wellarchitected'); public static readonly WORKSPACES = new InterfaceVpcEndpointAwsService('workspaces'); public static readonly WORKSPACES_THIN_CLIENT = new InterfaceVpcEndpointAwsService('thinclient.api'); public static readonly XRAY = new InterfaceVpcEndpointAwsService('xray'); From 1132887c99c0f156a0438bee7df5a7b3397bec76 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Tue, 10 Sep 2024 05:58:47 +0900 Subject: [PATCH 13/16] chore(ec2): support FIPS interface VPC endpoint for Kinesis Data Streams (#31350) Add FIPS 140-3 enabled interface VPC endpoint for KDS. Ref * https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-kinesis-data-streams-fips-140-3-interface-vpc-endpoint/ * https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index 2225a2ea48ef9..f69caf275bd24 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -450,6 +450,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly KEYSPACES = new InterfaceVpcEndpointAwsService('cassandra', '', 9142); public static readonly KEYSPACES_FIPS = new InterfaceVpcEndpointAwsService('cassandra-fips', '', 9142); public static readonly KINESIS_STREAMS = new InterfaceVpcEndpointAwsService('kinesis-streams'); + public static readonly KINESIS_STREAMS_FIPS = new InterfaceVpcEndpointAwsService('kinesis-streams-fips'); public static readonly KINESIS_FIREHOSE = new InterfaceVpcEndpointAwsService('kinesis-firehose'); public static readonly KMS = new InterfaceVpcEndpointAwsService('kms'); public static readonly KMS_FIPS = new InterfaceVpcEndpointAwsService('kms-fips'); From 01393c4adf11993a6ad7cc89537b8517ee7f26e5 Mon Sep 17 00:00:00 2001 From: Tietew Date: Tue, 10 Sep 2024 07:43:00 +0900 Subject: [PATCH 14/16] chore(cloudfront): warning on empty `domainNames` to alert a manual action (#31367) ### Reason for this change Follow-up to #31001. The user need to run `associate-alias` cli command manually when moving an alternate domain name. Adding a warning will help users not to forget. ### Description of changes Add a warning annotation when `domainNames` is empty. ### Description of how you validated changes Added an expectation to validate the warning. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts | 6 +++++- .../aws-cdk-lib/aws-cloudfront/test/distribution.test.ts | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts index 495513bb9a737..1dc2fe099ac50 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts @@ -15,7 +15,7 @@ import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as lambda from '../../aws-lambda'; import * as s3 from '../../aws-s3'; -import { ArnFormat, IResource, Lazy, Resource, Stack, Token, Duration, Names, FeatureFlags } from '../../core'; +import { ArnFormat, IResource, Lazy, Resource, Stack, Token, Duration, Names, FeatureFlags, Annotations } from '../../core'; import { CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021 } from '../../cx-api'; /** @@ -321,6 +321,10 @@ export class Distribution extends Resource implements IDistribution { if (!Token.isUnresolved(certificateRegion) && certificateRegion !== 'us-east-1') { throw new Error(`Distribution certificates must be in the us-east-1 region and the certificate you provided is in ${certificateRegion}.`); } + + if ((props.domainNames ?? []).length === 0) { + Annotations.of(this).addWarningV2('@aws-cdk/aws-cloudfront:emptyDomainNames', 'No domain names are specified. You will need to specify it after running associate-alias CLI command manually. See the "Moving an alternate domain name to a different distribution" section of module\'s README for more info.'); + } } const originId = this.addOrigin(props.defaultBehavior.origin); diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts index 7ad33d02a336e..fb06b7b1b9ef5 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts @@ -1,5 +1,5 @@ import { defaultOrigin, defaultOriginGroup } from './test-origin'; -import { Match, Template } from '../../assertions'; +import { Annotations, Match, Template } from '../../assertions'; import * as acm from '../../aws-certificatemanager'; import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; @@ -473,6 +473,7 @@ describe('certificates', () => { }, }, }); + Annotations.fromStack(stack).hasWarning('/Stack/Dist1', 'No domain names are specified. You will need to specify it after running associate-alias CLI command manually. See the "Moving an alternate domain name to a different distribution" section of module\'s README for more info. [ack: @aws-cdk/aws-cloudfront:emptyDomainNames]'); }); test('use the TLSv1.2_2021 security policy by default', () => { From bc4dbfdb05a1fe02d30c4724958d09f239a3656f Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Tue, 10 Sep 2024 02:34:53 +0300 Subject: [PATCH 15/16] feat: update L1 CloudFormation resource definitions (#31361) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-acmpca │ └ resources │ └[~] resource AWS::ACMPCA::CertificateAuthority │ ├ properties │ │ └ RevocationConfiguration: (documentation changed) │ └ types │ ├[~] type CrlConfiguration │ │ └ properties │ │ ├[-] CustomPath: string │ │ ├[-] PartitioningEnabled: boolean │ │ └[-] RetainExpiredCertificates: boolean │ └[~] type RevocationConfiguration │ └ - documentation: Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* . │ > The following requirements apply to revocation configurations. │ > │ > - A configuration disabling CRLs or OCSP must contain only the `Enabled=False` parameter, and will fail if other parameters such as `CustomCname` or `ExpirationInDays` are included. │ > - In a CRL configuration, the `S3BucketName` parameter must conform to the [Amazon S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) . │ > - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in a CNAME. │ > - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://". │ + documentation: Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* . │ The following requirements and constraints apply to revocation configurations. │ - A configuration disabling CRLs or OCSP must contain only the `Enabled=False` parameter, and will fail if other parameters such as `CustomCname` or `ExpirationInDays` are included. │ - In a CRL configuration, the `S3BucketName` parameter must conform to the [Amazon S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) . │ - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in a CNAME. │ - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://". │ - To revoke a certificate, delete the resource from your template, and call the AWS Private CA [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) API and specify the resource's certificate authority ARN. ├[~] service aws-amplify │ └ resources │ └[~] resource AWS::Amplify::App │ ├ properties │ │ └[+] CacheConfig: CacheConfig │ └ types │ └[+] type CacheConfig │ ├ name: CacheConfig │ └ properties │ └Type: string ├[~] service aws-apigatewayv2 │ └ resources │ └[~] resource AWS::ApiGatewayV2::Integration │ ├ properties │ │ └ ResponseParameters: - Map> ⇐ json │ │ + Map ⇐ json │ ├ attributes │ │ └[+] Id: string │ └ types │ ├[~] type ResponseParameter │ │ ├ - documentation: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match the pattern `:
.` or `overwrite.statuscode` . The action can be `append` , `overwrite` or `remove` . The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see [Transforming API requests and responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) . │ │ │ + documentation: response parameter │ │ └ properties │ │ ├ Destination: (documentation changed) │ │ └ Source: (documentation changed) │ └[+] type ResponseParameterMap │ ├ documentation: map of response parameter lists │ │ name: ResponseParameterMap │ └ properties │ └ResponseParameters: Array ├[~] service aws-appintegrations │ └ resources │ └[~] resource AWS::AppIntegrations::Application │ └ properties │ └ Namespace: - string │ + string (required) ├[~] service aws-applicationsignals │ └ resources │ └[~] resource AWS::ApplicationSignals::ServiceLevelObjective │ ├ properties │ │ └[+] RequestBasedSli: RequestBasedSli │ ├ attributes │ │ └[+] EvaluationType: string │ └ types │ ├[+] type MonitoredRequestCountMetric │ │ ├ documentation: This structure defines the metric that is used as the "good request" or "bad request" value for a request-based SLO. This value observed for the metric defined in `TotalRequestCountMetric` is divided by the number found for `MonitoredRequestCountMetric` to determine the percentage of successful requests that this SLO tracks. │ │ │ name: MonitoredRequestCountMetric │ │ └ properties │ │ ├GoodCountMetric: Array │ │ └BadCountMetric: Array │ ├[+] type RequestBasedSli │ │ ├ documentation: This structure contains information about the performance metric that a request-based SLO monitors. │ │ │ name: RequestBasedSli │ │ └ properties │ │ ├RequestBasedSliMetric: RequestBasedSliMetric (required) │ │ ├MetricThreshold: number │ │ └ComparisonOperator: string │ └[+] type RequestBasedSliMetric │ ├ documentation: This structure contains the information about the metric that is used for a request-based SLO. │ │ name: RequestBasedSliMetric │ └ properties │ ├KeyAttributes: Map │ ├OperationName: string │ ├MetricType: string │ ├TotalRequestCountMetric: Array │ └MonitoredRequestCountMetric: MonitoredRequestCountMetric ├[~] service aws-appsync │ └ resources │ └[~] resource AWS::AppSync::GraphQLApi │ └ types │ └[~] type LogConfig │ └ properties │ └ FieldLogLevel: (documentation changed) ├[~] service aws-autoscaling │ └ resources │ ├[~] resource AWS::AutoScaling::AutoScalingGroup │ │ └ properties │ │ └ HealthCheckType: (documentation changed) │ └[~] resource AWS::AutoScaling::ScalingPolicy │ └ types │ ├[~] type TargetTrackingMetricDataQuery │ │ └ - documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. │ │ `TargetTrackingMetricDataQuery` is used with the [AWS::AutoScaling::ScalingPolicy CustomizedMetricSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-scalingpolicy-customizedmetricspecification.html) property type. │ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. │ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . │ │ + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. │ │ You can use `TargetTrackingMetricDataQuery` structures with a `PutScalingPolicy` operation when you specify a `TargetTrackingConfiguration` in the request. │ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. │ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . │ └[~] type TargetTrackingMetricStat │ └ - documentation: `TargetTrackingMetricStat` is a property of the [AWS::AutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type. │ This structure defines the CloudWatch metric to return, along with the statistic and unit. │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . │ + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. │ `TargetTrackingMetricStat` is a property of the `TargetTrackingMetricDataQuery` object. │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . ├[~] service aws-backup │ └ resources │ └[~] resource AWS::Backup::RestoreTestingPlan │ └ properties │ └[+] ScheduleStatus: string ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::ComputeEnvironment │ └ properties │ └[+] Context: string ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::Flow │ │ ├ attributes │ │ │ └[+] Validations: Array │ │ └ types │ │ ├[+] type AgentFlowNodeConfiguration │ │ │ ├ documentation: Defines an agent node in your flow. You specify the agent to invoke at this point in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ │ │ name: AgentFlowNodeConfiguration │ │ │ └ properties │ │ │ └AgentAliasArn: string (required) │ │ ├[~] type FlowNodeConfiguration │ │ │ └ properties │ │ │ ├[+] Agent: AgentFlowNodeConfiguration │ │ │ ├[+] Collector: json │ │ │ ├[+] Iterator: json │ │ │ ├[+] Retrieval: RetrievalFlowNodeConfiguration │ │ │ └[+] Storage: StorageFlowNodeConfiguration │ │ ├[+] type FlowValidation │ │ │ ├ documentation: Contains information about validation of the flow. │ │ │ │ This data type is used in the following API operations: │ │ │ │ - [GetFlow response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetFlow.html#API_agent_GetFlow_ResponseSyntax) │ │ │ │ - [GetFlowVersion response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetFlowVersion.html#API_agent_GetFlowVersion_ResponseSyntax) │ │ │ │ name: FlowValidation │ │ │ └ properties │ │ │ └Message: string (required) │ │ ├[+] type RetrievalFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Retrieval node in a flow. This node retrieves data from the Amazon S3 location that you specify and returns it as the output. │ │ │ │ name: RetrievalFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: RetrievalFlowNodeServiceConfiguration (required) │ │ ├[+] type RetrievalFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location from which to retrieve data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ ├[+] type RetrievalFlowNodeServiceConfiguration │ │ │ ├ documentation: Contains configurations for the service to use for retrieving data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeServiceConfiguration │ │ │ └ properties │ │ │ └S3: RetrievalFlowNodeS3Configuration │ │ ├[+] type StorageFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Storage node in a flow. This node stores the input in an Amazon S3 location that you specify. │ │ │ │ name: StorageFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: StorageFlowNodeServiceConfiguration (required) │ │ ├[+] type StorageFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location in which to store the input into the node. │ │ │ │ name: StorageFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ └[+] type StorageFlowNodeServiceConfiguration │ │ ├ documentation: Contains configurations for the service to use for storing the input into the node. │ │ │ name: StorageFlowNodeServiceConfiguration │ │ └ properties │ │ └S3: StorageFlowNodeS3Configuration │ ├[~] resource AWS::Bedrock::FlowVersion │ │ ├ attributes │ │ │ └[+] CustomerEncryptionKeyArn: string │ │ └ types │ │ ├[+] type AgentFlowNodeConfiguration │ │ │ ├ documentation: Defines an agent node in your flow. You specify the agent to invoke at this point in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ │ │ name: AgentFlowNodeConfiguration │ │ │ └ properties │ │ │ └AgentAliasArn: string (required) │ │ ├[~] type FlowNodeConfiguration │ │ │ └ properties │ │ │ ├[+] Agent: AgentFlowNodeConfiguration │ │ │ ├[+] Collector: json │ │ │ ├[+] Iterator: json │ │ │ ├[+] Retrieval: RetrievalFlowNodeConfiguration │ │ │ └[+] Storage: StorageFlowNodeConfiguration │ │ ├[+] type RetrievalFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Retrieval node in a flow. This node retrieves data from the Amazon S3 location that you specify and returns it as the output. │ │ │ │ name: RetrievalFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: RetrievalFlowNodeServiceConfiguration (required) │ │ ├[+] type RetrievalFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location from which to retrieve data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ ├[+] type RetrievalFlowNodeServiceConfiguration │ │ │ ├ documentation: Contains configurations for the service to use for retrieving data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeServiceConfiguration │ │ │ └ properties │ │ │ └S3: RetrievalFlowNodeS3Configuration │ │ ├[+] type StorageFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Storage node in a flow. This node stores the input in an Amazon S3 location that you specify. │ │ │ │ name: StorageFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: StorageFlowNodeServiceConfiguration (required) │ │ ├[+] type StorageFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location in which to store the input into the node. │ │ │ │ name: StorageFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ └[+] type StorageFlowNodeServiceConfiguration │ │ ├ documentation: Contains configurations for the service to use for storing the input into the node. │ │ │ name: StorageFlowNodeServiceConfiguration │ │ └ properties │ │ └S3: StorageFlowNodeS3Configuration │ └[~] resource AWS::Bedrock::PromptVersion │ ├ - tagInformation: undefined │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ ├ properties │ │ └[+] Tags: Map │ └ attributes │ └[+] CustomerEncryptionKeyArn: string ├[~] service aws-chatbot │ └ resources │ ├[~] resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration │ │ └ properties │ │ └ TeamId: (documentation changed) │ └[~] resource AWS::Chatbot::SlackChannelConfiguration │ └ properties │ └ SlackWorkspaceId: (documentation changed) ├[~] service aws-cloudformation │ └ resources │ ├[~] resource AWS::CloudFormation::ModuleVersion │ │ └ attributes │ │ ├ Schema: (documentation changed) │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::PublicTypeVersion │ │ └ properties │ │ └ PublicVersionNumber: (documentation changed) │ ├[~] resource AWS::CloudFormation::Publisher │ │ └ properties │ │ └ ConnectionArn: (documentation changed) │ ├[~] resource AWS::CloudFormation::ResourceVersion │ │ └ attributes │ │ ├ ProvisioningType: (documentation changed) │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::Stack │ │ └ properties │ │ ├ NotificationARNs: (documentation changed) │ │ └ Tags: (documentation changed) │ ├[~] resource AWS::CloudFormation::StackSet │ │ └ properties │ │ └ Tags: (documentation changed) │ └[~] resource AWS::CloudFormation::TypeActivation │ └ - documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *CloudFormation User Guide* . │ + documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *AWS CloudFormation User Guide* . ├[~] service aws-datasync │ └ resources │ ├[~] resource AWS::DataSync::LocationEFS │ │ ├ properties │ │ │ ├ AccessPointArn: (documentation changed) │ │ │ ├ Ec2Config: (documentation changed) │ │ │ ├ EfsFilesystemArn: (documentation changed) │ │ │ ├ FileSystemAccessRoleArn: (documentation changed) │ │ │ ├ InTransitEncryption: (documentation changed) │ │ │ └ Subdirectory: (documentation changed) │ │ └ types │ │ └[~] type Ec2Config │ │ └ - documentation: The subnet and security groups that AWS DataSync uses to access your Amazon EFS file system. │ │ + documentation: The subnet and security groups that AWS DataSync uses to connect to one of your Amazon EFS file system's [mount targets](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html) . │ └[~] resource AWS::DataSync::Task │ └ types │ └[~] type TaskSchedule │ └ properties │ └ ScheduleExpression: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::NetworkInsightsAnalysis │ │ └ types │ │ └[~] type AnalysisRouteTableRoute │ │ └ properties │ │ └ destinationPrefixListId: (documentation changed) │ ├[~] resource AWS::EC2::Subnet │ │ ├ properties │ │ │ └[-] Ipv6CidrBlocks: Array │ │ └ attributes │ │ └ Ipv6CidrBlocks: (documentation changed) │ └[~] resource AWS::EC2::VPNConnection │ └ properties │ ├[+] LocalIpv4NetworkCidr: string (immutable) │ ├[+] LocalIpv6NetworkCidr: string (immutable) │ ├[+] OutsideIpAddressType: string (immutable) │ ├[+] RemoteIpv4NetworkCidr: string (immutable) │ ├[+] RemoteIpv6NetworkCidr: string (immutable) │ ├[+] TransportTransitGatewayAttachmentId: string (immutable) │ └[+] TunnelInsideIpVersion: string (immutable) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::CapacityProvider │ │ └ types │ │ └[~] type ManagedScaling │ │ └ properties │ │ └ MaximumScalingStepSize: (documentation changed) │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ ├[~] type AwsVpcConfiguration │ │ │ └ properties │ │ │ ├ SecurityGroups: (documentation changed) │ │ │ └ Subnets: (documentation changed) │ │ ├[~] type DeploymentConfiguration │ │ │ └ properties │ │ │ ├ MaximumPercent: (documentation changed) │ │ │ └ MinimumHealthyPercent: (documentation changed) │ │ ├[~] type LogConfiguration │ │ │ └ - documentation: The log configuration for the container. This parameter maps to `LogConfig` in the docker conainer create command and the `--log-driver` option to docker run. │ │ │ By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. │ │ │ Understand the following when specifying a log configuration for your containers. │ │ │ - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. │ │ │ For tasks on AWS Fargate , the supported log drivers are `awslogs` , `splunk` , and `awsfirelens` . │ │ │ For tasks hosted on Amazon EC2 instances, the supported log drivers are `awslogs` , `fluentd` , `gelf` , `json-file` , `journald` , `syslog` , `splunk` , and `awsfirelens` . │ │ │ - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. │ │ │ - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the `ECS_AVAILABLE_LOGGING_DRIVERS` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. │ │ │ + documentation: The log configuration for the container. This parameter maps to `LogConfig` in the docker container create command and the `--log-driver` option to docker run. │ │ │ By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. │ │ │ Understand the following when specifying a log configuration for your containers. │ │ │ - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. │ │ │ For tasks on AWS Fargate , the supported log drivers are `awslogs` , `splunk` , and `awsfirelens` . │ │ │ For tasks hosted on Amazon EC2 instances, the supported log drivers are `awslogs` , `fluentd` , `gelf` , `json-file` , `journald` , `syslog` , `splunk` , and `awsfirelens` . │ │ │ - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. │ │ │ - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the `ECS_AVAILABLE_LOGGING_DRIVERS` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. │ │ └[~] type ServiceConnectConfiguration │ │ └ properties │ │ └ LogConfiguration: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ properties │ │ │ ├ Command: (documentation changed) │ │ │ ├ Cpu: (documentation changed) │ │ │ ├ DisableNetworking: (documentation changed) │ │ │ ├ DnsSearchDomains: (documentation changed) │ │ │ ├ DnsServers: (documentation changed) │ │ │ ├ DockerLabels: (documentation changed) │ │ │ ├ DockerSecurityOptions: (documentation changed) │ │ │ ├ EntryPoint: (documentation changed) │ │ │ ├ Environment: (documentation changed) │ │ │ ├ ExtraHosts: (documentation changed) │ │ │ ├ HealthCheck: (documentation changed) │ │ │ ├ Hostname: (documentation changed) │ │ │ ├ Image: (documentation changed) │ │ │ ├ Interactive: (documentation changed) │ │ │ ├ Links: (documentation changed) │ │ │ ├ MemoryReservation: (documentation changed) │ │ │ ├ MountPoints: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ Privileged: (documentation changed) │ │ │ ├ PseudoTerminal: (documentation changed) │ │ │ ├ ReadonlyRootFilesystem: (documentation changed) │ │ │ ├[+] RestartPolicy: RestartPolicy │ │ │ ├ SystemControls: (documentation changed) │ │ │ ├ User: (documentation changed) │ │ │ ├ VolumesFrom: (documentation changed) │ │ │ └ WorkingDirectory: (documentation changed) │ │ ├[~] type DockerVolumeConfiguration │ │ │ └ properties │ │ │ ├ Driver: (documentation changed) │ │ │ └ Labels: (documentation changed) │ │ ├[~] type FSxAuthorizationConfig │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The authorization configuration details for Amazon FSx for Windows File Server file system. See [FSxWindowsFileServerVolumeConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FSxWindowsFileServerVolumeConfiguration.html) in the *Amazon ECS API Reference* . │ │ │ │ For more information and the input format, see [Amazon FSx for Windows File Server Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ └ properties │ │ │ ├ CredentialsParameter: (documentation changed) │ │ │ └ Domain: (documentation changed) │ │ ├[~] type HealthCheck │ │ │ └ properties │ │ │ └ Command: (documentation changed) │ │ ├[~] type KernelCapabilities │ │ │ └ properties │ │ │ ├ Add: (documentation changed) │ │ │ └ Drop: (documentation changed) │ │ ├[~] type LinuxParameters │ │ │ └ properties │ │ │ └ Devices: (documentation changed) │ │ ├[+] type RestartPolicy │ │ │ ├ documentation: You can enable a restart policy for each container defined in your task definition, to overcome transient failures faster and maintain task availability. When you enable a restart policy for a container, Amazon ECS can restart the container if it exits, without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ │ name: RestartPolicy │ │ │ └ properties │ │ │ ├IgnoredExitCodes: Array │ │ │ ├RestartAttemptPeriod: integer │ │ │ └Enabled: boolean │ │ ├[~] type SystemControl │ │ │ └ - documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in tthe docker conainer create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ │ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ │ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ │ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ │ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ │ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ │ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ │ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ │ │ + documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in tthe docker container create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ │ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ │ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ │ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ │ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ │ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ │ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ │ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ │ └[~] type Ulimit │ │ └ properties │ │ ├ HardLimit: (documentation changed) │ │ └ SoftLimit: (documentation changed) │ └[~] resource AWS::ECS::TaskSet │ └ types │ └[~] type AwsVpcConfiguration │ └ properties │ ├ SecurityGroups: (documentation changed) │ └ Subnets: (documentation changed) ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup │ └ properties │ └ TargetGroupAttributes: (documentation changed) ├[~] service aws-entityresolution │ └ resources │ ├[~] resource AWS::EntityResolution::IdNamespace │ │ └ types │ │ └[~] type NamespaceRuleBasedProperties │ │ └ properties │ │ └ RecordMatchingModels: (documentation changed) │ └[~] resource AWS::EntityResolution::MatchingWorkflow │ ├ properties │ │ └[+] IncrementalRunConfig: IncrementalRunConfig │ └ types │ └[+] type IncrementalRunConfig │ ├ documentation: An object which defines an incremental run type and has only `incrementalRunType` as a field. │ │ name: IncrementalRunConfig │ └ properties │ └IncrementalRunType: string (required) ├[~] service aws-glue │ └ resources │ └[~] resource AWS::Glue::Database │ └ attributes │ └[-] Id: string ├[~] service aws-groundstation │ └ resources │ ├[~] resource AWS::GroundStation::DataflowEndpointGroup │ │ └ types │ │ └[~] type AwsGroundStationAgentEndpoint │ │ ├ - documentation: undefined │ │ │ + documentation: Information about AwsGroundStationAgentEndpoint. │ │ └ properties │ │ ├ AgentStatus: (documentation changed) │ │ ├ AuditResults: (documentation changed) │ │ ├ EgressAddress: (documentation changed) │ │ ├ IngressAddress: (documentation changed) │ │ └ Name: (documentation changed) │ └[~] resource AWS::GroundStation::MissionProfile │ └ types │ └[~] type StreamsKmsKey │ ├ - documentation: undefined │ │ + documentation: KMS key info. │ └ properties │ ├ KmsAliasArn: (documentation changed) │ └ KmsKeyArn: (documentation changed) ├[~] service aws-guardduty │ └ resources │ ├[~] resource AWS::GuardDuty::Filter │ │ └ properties │ │ └ DetectorId: (documentation changed) │ ├[~] resource AWS::GuardDuty::IPSet │ │ └ properties │ │ └ DetectorId: (documentation changed) │ ├[~] resource AWS::GuardDuty::Master │ │ └ properties │ │ └ DetectorId: (documentation changed) │ └[~] resource AWS::GuardDuty::ThreatIntelSet │ └ properties │ └ DetectorId: (documentation changed) ├[~] service aws-iotfleetwise │ └ resources │ └[~] resource AWS::IoTFleetWise::Campaign │ └ types │ ├[~] type DataDestinationConfig │ │ └ properties │ │ └[+] MqttTopicConfig: MqttTopicConfig │ └[+] type MqttTopicConfig │ ├ name: MqttTopicConfig │ └ properties │ ├MqttTopicArn: string (required) │ └ExecutionRoleArn: string (required) ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::Function │ │ ├ - documentation: The `AWS::Lambda::Function` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html) . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. │ │ │ You set the package type to `Image` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) . For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. │ │ │ You set the package type to `Zip` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip) . For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html) . │ │ │ You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with `UpdateFunctionCode` , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. │ │ │ Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a `AWS::Lambda::Version` or a `AWS::Lambda::Alias` . │ │ │ For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* │ │ │ + documentation: The `AWS::Lambda::Function` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html) . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. │ │ │ You set the package type to `Image` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) . For these functions, include the URI of the container image in the Amazon ECR registry in the [`ImageUri` property of the `Code` property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri) . You do not need to specify the handler and runtime properties. │ │ │ You set the package type to `Zip` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip) . For these functions, specify the Amazon S3 location of your .zip file in the `Code` property. Alternatively, for Node.js and Python functions, you can define your function inline in the [`ZipFile` property of the `Code` property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile) . In both cases, you must also specify the handler and runtime properties. │ │ │ You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with `UpdateFunctionCode` , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. │ │ │ When you update a `AWS::Lambda::Function` resource, CloudFormation calls the [UpdateFunctionConfiguration](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionConfiguration.html) and [UpdateFunctionCode](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionCode.html) Lambda APIs under the hood. Because these calls happen sequentially, and invocations can happen between these calls, your function may encounter errors in the time between the calls. For example, if you remove an environment variable, and the code that references that environment variable in the same CloudFormation update, you may see invocation errors related to a missing environment variable. To work around this, you can invoke your function against a version or alias by default, rather than the `$LATEST` version. │ │ │ Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a `AWS::Lambda::Version` or a `AWS::Lambda::Alias` . │ │ │ For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* │ │ └ properties │ │ ├ Code: (documentation changed) │ │ └ KmsKeyArn: (documentation changed) │ └[~] resource AWS::Lambda::Url │ └ properties │ └ TargetFunctionArn: (documentation changed) ├[~] service aws-macie │ └ resources │ ├[~] resource AWS::Macie::AllowList │ │ └ types │ │ └[~] type Criteria │ │ └ - documentation: Specifies the criteria for an allow list, which is a list that defines specific text or a text pattern to ignore when inspecting data sources for sensitive data. The criteria can be: │ │ - The location and name of an Amazon Simple Storage Service ( Amazon S3 ) object that lists specific, predefined text to ignore ( `S3WordsList` ), or │ │ - A regular expression ( `Regex` ) that defines a text pattern to ignore. │ │ The criteria must specify either an S3 object or a regular expression. It can't specify both. │ │ + documentation: Specifies the criteria for an allow list, which is a list that defines specific text or a text pattern to ignore when inspecting data sources for sensitive data. The criteria can be: │ │ - The location and name of an Amazon Simple Storage Service ( Amazon S3 ) object that lists specific predefined text to ignore ( `S3WordsList` ), or │ │ - A regular expression ( `Regex` ) that defines a text pattern to ignore. │ │ The criteria must specify either an S3 object or a regular expression. It can't specify both. │ └[~] resource AWS::Macie::FindingsFilter │ ├ - documentation: The `AWS::Macie::FindingsFilter` resource specifies a findings filter. In Amazon Macie , a *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. The criteria can help you identify and focus on findings that have specific characteristics, such as severity, type, or the name of an affected AWS resource. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ │ An `AWS::Macie::Session` resource must exist for an AWS account before you can create an `AWS::Macie::FindingsFilter` resource for the account. Use a [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to ensure that an `AWS::Macie::Session` resource is created before other Macie resources are created for an account. For example, `"DependsOn": "Session"` . │ │ + documentation: The `AWS::Macie::FindingsFilter` resource specifies a findings filter. In Amazon Macie , a *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. The criteria can help you identify and focus on findings that have specific characteristics, such as severity, type, or the name of an affected AWS resource. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering Macie findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ │ An `AWS::Macie::Session` resource must exist for an AWS account before you can create an `AWS::Macie::FindingsFilter` resource for the account. Use a [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to ensure that an `AWS::Macie::Session` resource is created before other Macie resources are created for an account. For example, `"DependsOn": "Session"` . │ └ types │ ├[~] type CriterionAdditionalProperties │ │ └ - documentation: Specifies a condition that defines the property, operator, and one or more values to use in a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ │ + documentation: Specifies a condition that defines the property, operator, and one or more values to use in a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering Macie findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ └[~] type FindingCriteria │ └ - documentation: Specifies, as a map, one or more property-based conditions for a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ + documentation: Specifies, as a map, one or more property-based conditions for a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering Macie findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . ├[~] service aws-medialive │ └ resources │ └[~] resource AWS::MediaLive::Input │ ├ properties │ │ └[+] SrtSettings: SrtSettingsRequest │ └ types │ ├[+] type SrtCallerDecryptionRequest │ │ ├ name: SrtCallerDecryptionRequest │ │ └ properties │ │ ├Algorithm: string │ │ └PassphraseSecretArn: string │ ├[+] type SrtCallerSourceRequest │ │ ├ name: SrtCallerSourceRequest │ │ └ properties │ │ ├SrtListenerPort: string │ │ ├StreamId: string │ │ ├MinimumLatency: integer │ │ ├Decryption: SrtCallerDecryptionRequest │ │ └SrtListenerAddress: string │ └[+] type SrtSettingsRequest │ ├ name: SrtSettingsRequest │ └ properties │ └SrtCallerSources: Array ├[~] service aws-mediapackagev2 │ └ resources │ └[~] resource AWS::MediaPackageV2::OriginEndpoint │ └ properties │ └ ContainerType: - string │ + string (required) ├[~] service aws-neptune │ └ resources │ └[~] resource AWS::Neptune::DBCluster │ └ properties │ ├ KmsKeyId: (documentation changed) │ └ StorageEncrypted: (documentation changed) ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ ├ properties │ │ └[+] SkipShardMigrationWait: boolean │ └ types │ ├[~] type AdvancedSecurityOptionsInput │ │ └ properties │ │ └[+] JWTOptions: JWTOptions │ └[+] type JWTOptions │ ├ name: JWTOptions │ └ properties │ ├Enabled: boolean │ ├PublicKey: string │ ├SubjectKey: string │ └RolesKey: string ├[+] service aws-pcaconnectorscep │ ├ capitalized: PCAConnectorSCEP │ │ cloudFormationNamespace: AWS::PCAConnectorSCEP │ │ name: aws-pcaconnectorscep │ │ shortName: pcaconnectorscep │ └ resources │ ├resource AWS::PCAConnectorSCEP::Challenge │ │├ name: Challenge │ ││ cloudFormationType: AWS::PCAConnectorSCEP::Challenge │ ││ documentation: Represents a SCEP Challenge that is used for certificate enrollment │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │├ properties │ ││ ├ConnectorArn: string (required, immutable) │ ││ └Tags: Map │ │└ attributes │ │ └ChallengeArn: string │ └resource AWS::PCAConnectorSCEP::Connector │ ├ name: Connector │ │ cloudFormationType: AWS::PCAConnectorSCEP::Connector │ │ documentation: Represents a Connector that allows certificate issuance through Simple Certificate Enrollment Protocol (SCEP) │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ ├ properties │ │ ├CertificateAuthorityArn: string (required, immutable) │ │ ├MobileDeviceManagement: MobileDeviceManagement (immutable) │ │ └Tags: Map │ ├ attributes │ │ ├ConnectorArn: string │ │ ├Endpoint: string │ │ ├OpenIdConfiguration: OpenIdConfiguration │ │ └Type: string │ └ types │ ├type MobileDeviceManagement │ │├ name: MobileDeviceManagement │ │└ properties │ │ └Intune: IntuneConfiguration (required) │ ├type IntuneConfiguration │ │├ name: IntuneConfiguration │ │└ properties │ │ ├AzureApplicationId: string (required) │ │ └Domain: string (required) │ └type OpenIdConfiguration │ ├ name: OpenIdConfiguration │ └ properties │ ├Issuer: string │ ├Subject: string │ └Audience: string ├[~] service aws-personalize │ └ resources │ └[~] resource AWS::Personalize::Solution │ └ - documentation: > After you create a solution, you can’t change its configuration. By default, all new solutions use automatic training. With automatic training, you incur training costs while your solution is active. You can't stop automatic training for a solution. To avoid unnecessary costs, make sure to delete the solution when you are finished. For information about training costs, see [Amazon Personalize pricing](https://docs.aws.amazon.com/https://aws.amazon.com/personalize/pricing/) . │ An object that provides information about a solution. A solution includes the custom recipe, customized parameters, and trained models (Solution Versions) that Amazon Personalize uses to generate recommendations. │ After you create a solution, you can’t change its configuration. If you need to make changes, you can [clone the solution](https://docs.aws.amazon.com/personalize/latest/dg/cloning-solution.html) with the Amazon Personalize console or create a new one. │ + documentation: > By default, all new solutions use automatic training. With automatic training, you incur training costs while your solution is active. To avoid unnecessary costs, when you are finished you can [update the solution](https://docs.aws.amazon.com/personalize/latest/dg/API_UpdateSolution.html) to turn off automatic training. For information about training costs, see [Amazon Personalize pricing](https://docs.aws.amazon.com/https://aws.amazon.com/personalize/pricing/) . │ An object that provides information about a solution. A solution includes the custom recipe, customized parameters, and trained models (Solution Versions) that Amazon Personalize uses to generate recommendations. │ After you create a solution, you can’t change its configuration. If you need to make changes, you can [clone the solution](https://docs.aws.amazon.com/personalize/latest/dg/cloning-solution.html) with the Amazon Personalize console or create a new one. ├[~] service aws-pipes │ └ resources │ └[~] resource AWS::Pipes::Pipe │ └ types │ ├[~] type PipeSourceDynamoDBStreamParameters │ │ └ properties │ │ ├ MaximumRecordAgeInSeconds: (documentation changed) │ │ ├ MaximumRetryAttempts: (documentation changed) │ │ ├ OnPartialBatchItemFailure: (documentation changed) │ │ └ ParallelizationFactor: (documentation changed) │ ├[~] type PipeSourceKinesisStreamParameters │ │ └ properties │ │ ├ MaximumRecordAgeInSeconds: (documentation changed) │ │ ├ MaximumRetryAttempts: (documentation changed) │ │ ├ OnPartialBatchItemFailure: (documentation changed) │ │ ├ ParallelizationFactor: (documentation changed) │ │ └ StartingPosition: (documentation changed) │ ├[~] type PipeSourceManagedStreamingKafkaParameters │ │ └ properties │ │ └ StartingPosition: (documentation changed) │ └[~] type PipeSourceSelfManagedKafkaParameters │ └ properties │ ├ AdditionalBootstrapServers: - Array │ │ + Array (immutable) │ ├ ConsumerGroupID: - string │ │ + string (immutable) │ ├ StartingPosition: - string │ │ + string (immutable) │ │ (documentation changed) │ └ TopicName: - string (required) │ + string (required, immutable) ├[~] service aws-qbusiness │ └ resources │ ├[~] resource AWS::QBusiness::Application │ │ ├ properties │ │ │ ├[+] AutoSubscriptionConfiguration: AutoSubscriptionConfiguration │ │ │ ├[+] ClientIdsForOIDC: Array (immutable) │ │ │ ├[+] IamIdentityProviderArn: string (immutable) │ │ │ ├[+] IdentityType: string (immutable) │ │ │ ├[+] PersonalizationConfiguration: PersonalizationConfiguration │ │ │ └ QAppsConfiguration: (documentation changed) │ │ └ types │ │ ├[+] type AutoSubscriptionConfiguration │ │ │ ├ documentation: Subscription configuration information for an Amazon Q Business application using IAM identity federation for user management. │ │ │ │ name: AutoSubscriptionConfiguration │ │ │ └ properties │ │ │ ├AutoSubscribe: string (required) │ │ │ └DefaultSubscriptionType: string │ │ ├[+] type PersonalizationConfiguration │ │ │ ├ documentation: Configuration information about chat response personalization. For more information, see [Personalizing chat responses](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/personalizing-chat-responses.html) . │ │ │ │ name: PersonalizationConfiguration │ │ │ └ properties │ │ │ └PersonalizationControlMode: string (required) │ │ └[~] type QAppsConfiguration │ │ └ - documentation: Configuration information about Amazon Q Apps. (preview feature) │ │ + documentation: Configuration information about Amazon Q Apps. │ └[~] resource AWS::QBusiness::WebExperience │ ├ properties │ │ └[+] IdentityProviderConfiguration: IdentityProviderConfiguration │ └ types │ ├[+] type IdentityProviderConfiguration │ │ ├ documentation: Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. │ │ │ name: IdentityProviderConfiguration │ │ └ properties │ │ ├SamlConfiguration: SamlProviderConfiguration │ │ └OpenIDConnectConfiguration: OpenIDConnectProviderConfiguration │ ├[+] type OpenIDConnectProviderConfiguration │ │ ├ documentation: Information about the OIDC-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. │ │ │ name: OpenIDConnectProviderConfiguration │ │ └ properties │ │ ├SecretsArn: string (required) │ │ └SecretsRole: string (required) │ └[+] type SamlProviderConfiguration │ ├ documentation: Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. │ │ name: SamlProviderConfiguration │ └ properties │ └AuthenticationUrl: string (required) ├[~] service aws-quicksight │ └ resources │ ├[~] resource AWS::QuickSight::Analysis │ │ └ types │ │ ├[+] type CategoryInnerFilter │ │ │ ├ documentation: A `CategoryInnerFilter` filters text values for the `NestedFilter` . │ │ │ │ name: CategoryInnerFilter │ │ │ └ properties │ │ │ ├Configuration: CategoryFilterConfiguration (required) │ │ │ ├Column: ColumnIdentifier (required) │ │ │ └DefaultFilterControlConfiguration: DefaultFilterControlConfiguration │ │ ├[~] type ColumnTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type FieldTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type Filter │ │ │ └ properties │ │ │ └[+] NestedFilter: NestedFilter │ │ ├[+] type InnerFilter │ │ │ ├ documentation: The `InnerFilter` defines the subset of data to be used with the `NestedFilter` . │ │ │ │ name: InnerFilter │ │ │ └ properties │ │ │ └CategoryInnerFilter: CategoryInnerFilter │ │ ├[~] type LineChartConfiguration │ │ │ └ properties │ │ │ └[+] SingleAxisOptions: SingleAxisOptions │ │ ├[+] type NestedFilter │ │ │ ├ documentation: A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter. │ │ │ │ name: NestedFilter │ │ │ └ properties │ │ │ ├Column: ColumnIdentifier (required) │ │ │ ├InnerFilter: InnerFilter (required) │ │ │ ├IncludeInnerSet: boolean (required, default=false) │ │ │ └FilterId: string (required) │ │ └[+] type SingleAxisOptions │ │ └ name: SingleAxisOptions │ ├[~] resource AWS::QuickSight::Dashboard │ │ └ types │ │ ├[+] type CategoryInnerFilter │ │ │ ├ documentation: A `CategoryInnerFilter` filters text values for the `NestedFilter` . │ │ │ │ name: CategoryInnerFilter │ │ │ └ properties │ │ │ ├Configuration: CategoryFilterConfiguration (required) │ │ │ ├Column: ColumnIdentifier (required) │ │ │ └DefaultFilterControlConfiguration: DefaultFilterControlConfiguration │ │ ├[~] type ColumnTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type FieldTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type Filter │ │ │ └ properties │ │ │ └[+] NestedFilter: NestedFilter │ │ ├[+] type InnerFilter │ │ │ ├ documentation: The `InnerFilter` defines the subset of data to be used with the `NestedFilter` . │ │ │ │ name: InnerFilter │ │ │ └ properties │ │ │ └CategoryInnerFilter: CategoryInnerFilter │ │ ├[~] type LineChartConfiguration │ │ │ └ properties │ │ │ └[+] SingleAxisOptions: SingleAxisOptions │ │ ├[+] type NestedFilter │ │ │ ├ documentation: A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter. │ │ │ │ name: NestedFilter │ │ │ └ properties │ │ │ ├Column: ColumnIdentifier (required) │ │ │ ├InnerFilter: InnerFilter (required) │ │ │ ├IncludeInnerSet: boolean (required, default=false) │ │ │ └FilterId: string (required) │ │ └[+] type SingleAxisOptions │ │ └ name: SingleAxisOptions │ └[~] resource AWS::QuickSight::Template │ └ types │ ├[+] type CategoryInnerFilter │ │ ├ documentation: A `CategoryInnerFilter` filters text values for the `NestedFilter` . │ │ │ name: CategoryInnerFilter │ │ └ properties │ │ ├Configuration: CategoryFilterConfiguration (required) │ │ ├Column: ColumnIdentifier (required) │ │ └DefaultFilterControlConfiguration: DefaultFilterControlConfiguration │ ├[~] type ColumnTooltipItem │ │ └ properties │ │ └[+] TooltipTarget: string │ ├[~] type FieldTo --- .../@aws-cdk/cloudformation-diff/package.json | 4 +- packages/@aws-cdk/integ-runner/package.json | 2 +- .../aws-pcaconnectorscep/.jsiirc.json | 13 +++++++ .../aws-pcaconnectorscep/README.md | 39 +++++++++++++++++++ .../aws-cdk-lib/aws-pcaconnectorscep/index.ts | 1 + .../aws-pcaconnectorscep/lib/index.ts | 2 + .../aws-ssmquicksetup/.jsiirc.json | 13 +++++++ .../aws-cdk-lib/aws-ssmquicksetup/README.md | 39 +++++++++++++++++++ .../aws-cdk-lib/aws-ssmquicksetup/index.ts | 1 + .../aws-ssmquicksetup/lib/index.ts | 2 + packages/aws-cdk-lib/index.ts | 2 + packages/aws-cdk-lib/package.json | 4 +- packages/aws-cdk-lib/scripts/scope-map.json | 6 +++ tools/@aws-cdk/spec2cdk/package.json | 6 +-- yarn.lock | 36 ++++++++--------- 15 files changed, 145 insertions(+), 25 deletions(-) create mode 100644 packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json create mode 100644 packages/aws-cdk-lib/aws-pcaconnectorscep/README.md create mode 100644 packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts create mode 100644 packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts create mode 100644 packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json create mode 100644 packages/aws-cdk-lib/aws-ssmquicksetup/README.md create mode 100644 packages/aws-cdk-lib/aws-ssmquicksetup/index.ts create mode 100644 packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index 2f25c5217a762..562f2b47626ea 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.21", - "@aws-cdk/service-spec-types": "^0.0.88", + "@aws-cdk/aws-service-spec": "^0.1.23", + "@aws-cdk/service-spec-types": "^0.0.90", "chalk": "^4", "diff": "^5.2.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index fb93b466d8261..b840369327ebc 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.1.21", + "@aws-cdk/aws-service-spec": "^0.1.23", "cdk-assets": "^2.151.2", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json b/packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json new file mode 100644 index 0000000000000..b2f517e943e43 --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.pcaconnectorscep" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.PCAConnectorSCEP" + }, + "python": { + "module": "aws_cdk.aws_pcaconnectorscep" + } + } +} diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/README.md b/packages/aws-cdk-lib/aws-pcaconnectorscep/README.md new file mode 100644 index 0000000000000..4fdd2c14b1b97 --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/README.md @@ -0,0 +1,39 @@ +# AWS::PCAConnectorSCEP Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as pcaconnectorscep from 'aws-cdk-lib/aws-pcaconnectorscep'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for PCAConnectorSCEP construct libraries](https://constructs.dev/search?q=pcaconnectorscep) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::PCAConnectorSCEP resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_PCAConnectorSCEP.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::PCAConnectorSCEP](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_PCAConnectorSCEP.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts b/packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts b/packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts new file mode 100644 index 0000000000000..e674e1d9d28a2 --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::PCAConnectorSCEP Cloudformation Resources +export * from './pcaconnectorscep.generated'; diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json b/packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json new file mode 100644 index 0000000000000..663992255ab35 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.ssmquicksetup" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.SSMQuickSetup" + }, + "python": { + "module": "aws_cdk.aws_ssmquicksetup" + } + } +} diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/README.md b/packages/aws-cdk-lib/aws-ssmquicksetup/README.md new file mode 100644 index 0000000000000..3480bc441d2e3 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/README.md @@ -0,0 +1,39 @@ +# AWS::SSMQuickSetup Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as ssmquicksetup from 'aws-cdk-lib/aws-ssmquicksetup'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for SSMQuickSetup construct libraries](https://constructs.dev/search?q=ssmquicksetup) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::SSMQuickSetup resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSMQuickSetup.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::SSMQuickSetup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSMQuickSetup.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/index.ts b/packages/aws-cdk-lib/aws-ssmquicksetup/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts b/packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts new file mode 100644 index 0000000000000..a2cb6ae413289 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::SSMQuickSetup Cloudformation Resources +export * from './ssmquicksetup.generated'; diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts index 3c6c45b5de2f2..6b6e4c01e5641 100644 --- a/packages/aws-cdk-lib/index.ts +++ b/packages/aws-cdk-lib/index.ts @@ -196,6 +196,7 @@ export * as aws_osis from './aws-osis'; export * as aws_panorama from './aws-panorama'; export * as aws_paymentcryptography from './aws-paymentcryptography'; export * as aws_pcaconnectorad from './aws-pcaconnectorad'; +export * as aws_pcaconnectorscep from './aws-pcaconnectorscep'; export * as aws_personalize from './aws-personalize'; export * as aws_pinpoint from './aws-pinpoint'; export * as aws_pinpointemail from './aws-pinpointemail'; @@ -251,6 +252,7 @@ export * as aws_sqs from './aws-sqs'; export * as aws_ssm from './aws-ssm'; export * as aws_ssmcontacts from './aws-ssmcontacts'; export * as aws_ssmincidents from './aws-ssmincidents'; +export * as aws_ssmquicksetup from './aws-ssmquicksetup'; export * as aws_sso from './aws-sso'; export * as aws_stepfunctions from './aws-stepfunctions'; export * as aws_stepfunctions_tasks from './aws-stepfunctions-tasks'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 20a9feafdf7a1..d0878cf2f3554 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -136,7 +136,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.1.21", + "@aws-cdk/aws-service-spec": "^0.1.23", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", @@ -411,6 +411,7 @@ "./aws-panorama": "./aws-panorama/index.js", "./aws-paymentcryptography": "./aws-paymentcryptography/index.js", "./aws-pcaconnectorad": "./aws-pcaconnectorad/index.js", + "./aws-pcaconnectorscep": "./aws-pcaconnectorscep/index.js", "./aws-personalize": "./aws-personalize/index.js", "./aws-pinpoint": "./aws-pinpoint/index.js", "./aws-pinpointemail": "./aws-pinpointemail/index.js", @@ -466,6 +467,7 @@ "./aws-ssm": "./aws-ssm/index.js", "./aws-ssmcontacts": "./aws-ssmcontacts/index.js", "./aws-ssmincidents": "./aws-ssmincidents/index.js", + "./aws-ssmquicksetup": "./aws-ssmquicksetup/index.js", "./aws-sso": "./aws-sso/index.js", "./aws-stepfunctions": "./aws-stepfunctions/index.js", "./aws-stepfunctions-tasks": "./aws-stepfunctions-tasks/index.js", diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json index d3a316063c252..d91b3c05813e9 100644 --- a/packages/aws-cdk-lib/scripts/scope-map.json +++ b/packages/aws-cdk-lib/scripts/scope-map.json @@ -537,6 +537,9 @@ "aws-pcaconnectorad": [ "AWS::PCAConnectorAD" ], + "aws-pcaconnectorscep": [ + "AWS::PCAConnectorSCEP" + ], "aws-personalize": [ "AWS::Personalize" ], @@ -681,6 +684,9 @@ "aws-ssmincidents": [ "AWS::SSMIncidents" ], + "aws-ssmquicksetup": [ + "AWS::SSMQuickSetup" + ], "aws-sso": [ "AWS::SSO" ], diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index accb584539cc9..4b982f488d3dd 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.21", - "@aws-cdk/service-spec-importers": "^0.0.46", - "@aws-cdk/service-spec-types": "^0.0.88", + "@aws-cdk/aws-service-spec": "^0.1.23", + "@aws-cdk/service-spec-importers": "^0.0.47", + "@aws-cdk/service-spec-types": "^0.0.90", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index 37d6bef067a89..db4a71cd4d968 100644 --- a/yarn.lock +++ b/yarn.lock @@ -51,12 +51,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523" integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg== -"@aws-cdk/aws-service-spec@^0.1.21": - version "0.1.21" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.21.tgz#8635f673787f498568251a3f61c0b355ab8be193" - integrity sha512-6wi6nzrR6n0n1pLIDQ2cpo1zRA/NkOEH22VkH6zIJviZnFRkx8vXt6C24Qismd9CKxaNgvPPv/H5gSOfYmgciA== +"@aws-cdk/aws-service-spec@^0.1.23": + version "0.1.23" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.23.tgz#88ac3ef86a3412eefa7f3e2dbc6642959bf2530a" + integrity sha512-AR31T//3HTyU1jshiYV+fI6cb7JxwDbcBP0Lb2ruQTYEviLK0j+BVrG5F1R4kQ4e1d/TMPujCzXoOSs2TcHCvw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.88" + "@aws-cdk/service-spec-types" "^0.0.90" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/cloud-assembly-schema@^36.0.0": @@ -97,12 +97,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v30/-/lambda-layer-kubectl-v30-2.0.0.tgz#97c40d31e5350ce7170be5d188361118b1e39231" integrity sha512-yES6NfrJ3QV1372lAZ2FLXp/no4bqDWBXeSREJdrpWjQzD0wvL/hCpHEyjZrzHhOi27YbMxFTQ3g9isKAul8+A== -"@aws-cdk/service-spec-importers@^0.0.46": - version "0.0.46" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.46.tgz#5bd54c562491255eb0c03ba755e2202372267ab3" - integrity sha512-iiQW4o8gS5ni4Zg/9chS+UxUuTgaDMSHZR5L/bxrhHhUj6Nmw6jVw0dJuYH+cWBjCigbAghBlmQgIIaiUoc1BA== +"@aws-cdk/service-spec-importers@^0.0.47": + version "0.0.47" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.47.tgz#fffad95201bbca58cb4faefc20259e422649a906" + integrity sha512-paZjDcpeMcwlT03xWLKCETlnbObsG8LImY81BRqabzarwGVEUEx2WYrVKzXBZUzkK3yn9xB4Sp20Q7Wu9wyZCQ== dependencies: - "@aws-cdk/service-spec-types" "^0.0.87" + "@aws-cdk/service-spec-types" "^0.0.89" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -113,17 +113,17 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.87": - version "0.0.87" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.87.tgz#67c105096d66c2fe42bf49585e9cd382ba4a3a9d" - integrity sha512-HPFgxslPkL4idg4UCbaVWXaeVGzq9XEiUji6uUQdrYpe5K54O5k9rvNDA77FDMomxwnfQRTDTFlVlXC9291B4A== +"@aws-cdk/service-spec-types@^0.0.89": + version "0.0.89" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.89.tgz#c6d87b21d6aa5165ef728997b3f90fa7729b3ac6" + integrity sha512-T6xoePPlZMz1c/0PRj9Ce2B+OyHN4BLJXcsuVYN5Y/7Y3EeVYWSr9OHGFt03Mbvg8bfKIoazaDtuc/m9jo3+Qw== dependencies: "@cdklabs/tskb" "^0.0.3" -"@aws-cdk/service-spec-types@^0.0.88": - version "0.0.88" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.88.tgz#aa3ae69221ffc27e19f1a72f889034e4000c4310" - integrity sha512-Wk1UdXBT3QbVHouMl3eIYWx/0Mku4LM9DfEq5flwmqbSCCmXVFO8CAA2bClKznYy5WhiV7Zz7rviXBO5gdfW5w== +"@aws-cdk/service-spec-types@^0.0.90": + version "0.0.90" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.90.tgz#3410fe525a82eceabf188ec161fadce2569846f2" + integrity sha512-gHRyWiOGyu9kbc+3BUjoOxf6pgPprP3SjGbjhK25X6cRBGOPmR8a5gS9EHGxyPiZq8Qcr0yHvt3q02cjBGi4cA== dependencies: "@cdklabs/tskb" "^0.0.3" From a4b19f0c3d02d6291d3434d9aff6e604be29232d Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Mon, 9 Sep 2024 23:41:18 +0000 Subject: [PATCH 16/16] chore(release): 2.157.0 --- CHANGELOG.v2.alpha.md | 2 ++ CHANGELOG.v2.md | 14 ++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 42c6427330b45..dab556bf17858 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.157.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.156.0-alpha.0...v2.157.0-alpha.0) (2024-09-09) + ## [2.156.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.155.0-alpha.0...v2.156.0-alpha.0) (2024-09-05) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 9fb346efbade0..36531fa7924f1 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,20 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.157.0](https://github.com/aws/aws-cdk/compare/v2.156.0...v2.157.0) (2024-09-09) + + +### Features + +* update L1 CloudFormation resource definitions ([#31361](https://github.com/aws/aws-cdk/issues/31361)) ([bc4dbfd](https://github.com/aws/aws-cdk/commit/bc4dbfdb05a1fe02d30c4724958d09f239a3656f)) +* **appsync:** support DEBUG and INFO logging levels for AppSync GraphQL APIs ([#31326](https://github.com/aws/aws-cdk/issues/31326)) ([4b9643f](https://github.com/aws/aws-cdk/commit/4b9643f28edc2c530809931ccd7a17a811891af2)) +* **lambda:** added new property allowAllIpv6Outbound to FunctionOptions ([#31013](https://github.com/aws/aws-cdk/issues/31013)) ([fa55194](https://github.com/aws/aws-cdk/commit/fa55194698960b9161590e05cf1138a813315615)), closes [#30994](https://github.com/aws/aws-cdk/issues/30994) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L272](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts/issues/L272) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L146C18-L146C33](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L146C18-L146C33) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L296C12-L296C28](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L296C12-L296C28) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1464C11-L1464C23](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L1464C11-L1464C23) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1503](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L1503) + + +### Bug Fixes + +* **rds:** proxy target group does not depend on database instances when using writer property for database cluster ([#31354](https://github.com/aws/aws-cdk/issues/31354)) ([6542207](https://github.com/aws/aws-cdk/commit/65422077123fa5870106e29594b8f0392484da3f)), closes [#31304](https://github.com/aws/aws-cdk/issues/31304) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts/issues/L535-L539) + ## [2.156.0](https://github.com/aws/aws-cdk/compare/v2.155.0...v2.156.0) (2024-09-05) diff --git a/version.v2.json b/version.v2.json index 543b3795800ea..3e74324e1d8b2 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.156.0", - "alphaVersion": "2.156.0-alpha.0" + "version": "2.157.0", + "alphaVersion": "2.157.0-alpha.0" } \ No newline at end of file