chore(release): 1.57.0 #9522
Merged
chore(release): 1.57.0 #9522
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…Me (#9383) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #9394 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #9349. The python 3.8 `bundlingDockerImage` (`amazon/aws-sam-cli-build-image-python3.8`) is based on `amazonlinux:2` and doesn't include `rsync`; use `cp` instead. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This property is no longer used, and OriginBase is a publicly available class of the module. BREAKING CHANGE: the property OriginBase.originId has been removed ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… wrong (#9352) The documentation at https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-deployment-readme.html#prune currently mentions that you can create two deployments with different cache policies by using the `exclude` option in the `asset` function. The last deployment aims to only set the cache policy on `index.html` but ends up setting the policy on everything. According to #9146 (comment), an exclude pattern should be preceded by a `'*'` glob pattern, for it to take the desired effect that is mentioned in the documentation (to only include the `index.html` file). This PR adds the missing `'*'` glob pattern to the documentations example. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Resolves #8154 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…Schema type (#8848) As per: https://json-schema.org/understanding-json-schema/reference/object.html, the additionalProperties can be boolean or JsonSchema. JsonSchema was previously supported by APIGateway but It was removed for some reason here: 73a1de1. fixes #8069 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When a stack is created as the root of the construct tree, we now implicitly create an `App` that serves as its parent scope. The root stack is created with the ID `Default`, which ensures that `node.uniqueId` of constructs within that stack is preserved. BREAKING CHANGE: in unit tests, the `node.path` of constructs within stacks created the root of the tree via `new Stack()` will now have a prefix `Default/` which represents an implicit `App` root. Related: aws/aws-cdk-rfcs#192 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Since Athena does not have AWS constructs the tests are empty. What does the team think about me adding one test to verify this patch is correctly applied for the cfn generated constructs? Can I also get feedback on the file name choice I made or a pointer to conventions on the patch file names? Fixes #6936 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
chore: restore regular owners in the auto label action workflow ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #9109 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…er protocol, and smooth streaming (#9411) Adds support for many of the missing properties for controlling behaviors on the new Distribution construct. Also removed (currently unavailable) properties from the README. The remaining properties will come in a follow-up PR. They were not included in this PR due to either being blocked by the latest CloudFormation spec merge, or are still being prioritized (e.g., fieldLevelEncryption). related #7086 related #9107 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Updated PR Since we introduced [`stages`](#8423) which had the unintended side effect of the CDK not supporting adding an Aspect via another Aspect, we have not seen any issues reported beside #8536, that was resolved without requiring this capability. Given that, and the fact this features has many sharp edges we decided to leave it unsupported, and add a warning in the meantime. ----------- Following up on #8536 If an aspect is added via another aspect, the inner aspect will not be invoked. Take for example this code: ```typescript const app = new cdk.App(); app.node.applyAspect({ visit(construct: cdk.IConstruct) { construct.node.applyAspect({ visit(construct: cdk.IConstruct) { console.info("Invoking aspect on construct: " + construct.node.id); // This will not be called } }) } }); ``` Since aspects are added only on the top level node, if an aspect is added while `InvokeAspects` is called on that node, it will be ignored since it will not be added to list of aspects to invoke (`allAspectsHere` in the bellow code): ```typescript function invokeAspects(root: IConstruct) { recurse(root, []); function recurse(construct: IConstruct, inheritedAspects: constructs.IAspect[]) { // hackery to be able to access some private members with strong types (yack!) const node: NodeWithAspectPrivatesHangingOut = construct.node._actualNode as any; const allAspectsHere = [...inheritedAspects ?? [], ...node._aspects]; for (const aspect of allAspectsHere) { if (node.invokedAspects.includes(aspect)) { continue; } aspect.visit(construct); <-- an aspect that was added here will not be added to `allAspectsHere` and will be ignored node.invokedAspects.push(aspect); } for (const child of construct.node.children) { if (!Stage.isStage(child)) { recurse(child, allAspectsHere); } } } } ``` Assuming this is not something we want to support**, we can detect it by comparing the size of `node._aspects` before and after the call to `aspect.visit`, and emit a warning if there has been a change. Note that while the aspect will not be invoked it will be added to every child construct during the recursive visit. Emitting a warning for each child construct will result in a noisy console, to prevent this I have added a flag that will only allow adding **one warning per application**, given this limitation I'm not sure there is a lot of value in adding the warning, thoughts? If we decide to add it I will add tests. (** theoretically we could support it by adding the aspects to `allAspectsHere` during the loop, but this will require a non trivial implementation in order to avoid infinite recursion) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
chore(ec2) add ARM64 AMI lookup support This PR allows users to lookup Amazon Linux 2 AMI for ARM64 platform. Closes: #9204 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bug reports typically result from a distinction between a user's mental model and actual behavior. To bring this to the front and center, I like the phrasing: * Tell me what you expected to happen * Tell me what actually happened More than the current: * Paste code * See error The new phrasing subsumes the old one (what actually happened? I got an error) while also allowing to catch more bug-like scenarios. Hopefully it will prevent incomplete reports like this: #9270 where the user pasted in the code, didn't get an error so didn't fill out the "error" section, and didn't really state what they expected or saw happen. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In 2.x we plan to deprecate support for the `synthesize()` and `prepare()` hooks in `Construct`. See [RFC] for motivation. This change does not remove support for these hooks, but it does remove any usage of these hooks from the AWS Construct Library. - aws-apigateway: the calculated logical ID of Deployment resources is now done through a Lazy instead of in `prepare()`. - aws-lambda: the calculated logical ID of Version resources is now done through a Lazy instead of in `prepare()`. - core: `Stack.synthesize()` is now called `_synthesizeTemplate()` and is explicitly called from `app.synth()`. - core: `TreeEtadata.synthesize()` is now called `_synthesizeTree()` and is explicitly called from `app.synth()`. The logical IDs of Lambda Version and API Gateway Deployment resources will be different after this change due to a latent bug in the previous implementation. The `prepare()` methods are called _before_ resource dependencies are resolved, which means that the hash in the logical ID did not include dependencies. Now it includes dependencies and therefore these IDs have changed. Since both of these resources are stateless, this does not introduce risk to production systems. See more details [here]. Furthermore: all calls to `ConstructNode.prepare()` were converted to `app.synth()`. Related: aws/aws-cdk-rfcs#192 [RFC]: https://github.com/aws/aws-cdk-rfcs/blob/master/text/0192-remove-constructs-compat.md [here]: #9410 (comment) BREAKING CHANGE: `lambda.Version` and `apigateway.Deployment` resources with auto-generated IDs will be replaced as we fixed a bug which ignored resource dependencies when generating these logical IDs. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
add fromApiKeyId import method to the ApiKey construct closes #8367 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
feat(apigateway): adding the ability to set the endpoint configuration for the OpenAPI 3.0
With this change, it will be possible to modify this by providing the endpointTypes as shown here:
```
const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
apiDefinition: apigateway.ApiDefinition.fromInline(replacedSwagger),
endpointTypes: [apigateway.EndpointType.PRIVATE],
});
```
Note: For private endpoints you will still need to provide the `x-amazon-apigateway-endpoint-configuration` and `x-amazon-apigateway-policy` in your openApi file.
The following is an example with both settings:
```json
{
"openapi": "3.0.2",
"servers" : [
{
"x-amazon-apigateway-endpoint-configuration": {
"vpcEndpointIds": [
"vpce-00111a1111a1aa011"
]
}
}
],
"paths": { ... },
"x-amazon-apigateway-policy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"execute-api:Invoke",
"execute-api:GET"
],
"Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": "vpce-00111a1111a1aa011"
}
}
}
]
}
}
```
Checklist for this PR:
🧪 Testing: adding integration testing for private API gateway.
📄 Docs: Add example in the README documentation about how to create a private API gateway with swagger
Fixes #9060
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Follow up on #9410 and remove a few additional usages of `prepare`: - In the API Gateway library we leveraged `prepare()` to record dependencies between all Deployment resources and all Method resources in the APIGW. The solution is to perform two-sided bookkeeping while methods/deployments are defined and record their dependencies in-band. We also refactored the way the code in `LatestDeployment` to be slightly more readable. - In the Pipelines library prepare was replaced with an aspect (which is technically the drop-in alternative to `prepare()` in v2.0, for lack of a better solution at the moment). - In the IAM library, the `Policy` resource needs to be conditionally created only if the document contains statements. To address that, we added a new protected API to `CfnResource` which is called `shouldSynthesize()`. By default it returns `true` but if it returns `false` (in a subclass), the resource will not be rendered into the cloudformation template. Related: aws/aws-cdk-rfcs#192 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add an option to configure endpoint access to the cluster control plane. Resolves #5220 In addition, there is now a way to pass environment variables into the kubectl handler. This is necessary for allowing private VPCs (with no internet access) to use an organizational proxy when installing Helm chart and in general needing to access the internet. See #9095 (comment). BREAKING CHANGE: endpoint access is configured to private and public by default instead of just public ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add the synthesized template output as an example to make sure it's clear that `CfnMapping` represents a single mapping entry and not the entire `Mappings` section in the template. Fixes #9432 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#9434) This adds the option: ``` /** * Determines whether or not the Security Group for the Load Balancer's Listener will be open to all traffic by default. * * @default true -- The security group allows ingress from all IP addresses. */ readonly openListener?: boolean; ``` to `ApplicationLoadBalancedServiceBase` so that it is possible to restrict ingress to the listener created by the pattern. Fixes: #9433 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…e compute resources (#9460) Made it more clear in docs on how to update AWS Batch's underlying AMIs. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
If `mastersRole` is not specified, we now define a default IAM role that can be assumed by anyone (with permissions) in the account.
This will allow users to interact with the cluster through `kubectl` by issuing the `aws eks update-kubeconfig` command with the appropriate `--role-arn` option, as specified in the CFN output.
Fixes #9463
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When specifying `kubectlEnabled: false`, it _implicitly_ meant that the underlying resource behind the construct would be the stock `AWS::EKS::Cluster` resource instead of the custom resource used by default. This means that many new capabilities of EKS would not be supported (e.g. Fargate profiles).
Clusters backed by the custom-resource have all the capabilities (and more) of clusters backed by `AWS::EKS::Cluster`. Therefore, we decided that going forward we are going to support only the custom-resource backed solution.
To that end, after this change, defining an `eks.Cluster` with `kubectlEnabled: false` will throw an error with the following message:
The "eks.Cluster" class no longer allows disabling kubectl support.
As a temporary workaround, you can use the drop-in replacement class `eks.LegacyCluster`
but bear in mind that this class will soon be removed and will no longer receive additional
features or bugfixes. See #9332 for more details
Resolves #9332
BREAKING CHANGE: The experimental `eks.Cluster` construct no longer supports setting `kubectlEnabled: false`. A temporary drop-in alternative is `eks.LegacyCluster`, but we have plans to completely remove support for it in an upcoming release since `eks.Cluster` has matured and should provide all the needed capabilities. Please comment on #9332 if there are use cases that are not supported by `eks.Cluster`.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The official docker images for lambda are not available yet for Go and dotnet core runtimes. Switch back to using lambdaci in these cases. fixes #9435 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…unction (#9100) As part of Lambda proxy integration, a `AWS::Lambda::Permission` resource is created to provide the HTTP service permission to invoke the lambda function, creating the dependency, Permission → API. The API, on the other hand, needs to refer to the Function's ARN and hence creates the dependency, API → Function. However, when the lambda function and the HTTP API are placed in different stacks, this creates a cyclic dependency between these two stacks. A picture is worth a thousand words: ``` +--------------------------------------------------------------+ | Lambda stack | | | | +-------------------+ +-----------------+ | | | | via ARN | | | | | Lambda Permission +----------->| Lambda Function | | | | | | | | | +-------+-----------+ +-----------------+ | | | ^ | +------------|--------------------------------|----------------+ |via ARN |via ARN | | +------------|--------------------------------|-----------------+ | v | | | +-----------+ +----------+---------+ | | | | via ID | | | | | Http API |<--------------+ API Integration | | | | | | | | | +-----------+ +--------------------+ | | | | API Gateway stack | +---------------------------------------------------------------+ ``` The fix here is to move the Lambda Permission resource into the same stack as where the API integration is defined, thereby breaking the dependency cycle. Now the 'API Gateway stack' will depend one way on the 'Lambda stack'. fixes #9075 BREAKING CHANGE: The parameter for the method `bind()` on `IHttpRouteIntegration` has changed to accept one of type `HttpRouteIntegrationBindOptions`. The previous parameter `IHttpRoute` is now a property inside the new parameter under the key `route`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…tokens (#9476) Fn.join() has some logic inside of it to simplify the expressions to concatenate the array elements that do not contain any Tokens inside of them. We don't want to do it in cfn-include though, as that causes a diff from the original template. So, wrap the array given as the second argument to Fn::Join into a Token, to prevent the concatenation logic from triggering. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Close: #7640 - [x] Adding a boolean prop for xrayEnabled - [x] Linking it to the xrayEnabled prop in class CfnGraphQLApi from appsync.generated.ts file that is generated on yarn build - [x] Writing a unit test to check whether that the boolean property is set in the CloudFormation Template ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We incorrectly handled union-types in the fromCloudFormation() generated code. Also we merged the 'Transform' sections of the CloudFormation template incorrectly, which has also been fixed in this change. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This fixes #9492 by down-scoping some IAM permissions granted to the ASG that is created for an ECS cluster, and removing some unneccessary permissions. ### Testing This was tested by deploying a simple app that was basically the sample from the ECS module readme, and verifying that: (a) the cluster is operational (i.e. tasks are running), and (b) those tasks are able to write to logs. The essentials of the app are: ```ts const app = new cdk.App(); const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION } const stack = new cdk.Stack(app, 'Testing', { env }); const vpc = new ec2.Vpc(stack, 'Vpc'); // Create an ECS cluster const cluster = new ecs.Cluster(stack, 'Cluster', { vpc, }); // Add capacity to it cluster.addCapacity('DefaultAutoScalingGroupCapacity', { instanceType: new ec2.InstanceType("t2.xlarge"), desiredCapacity: 2, }); const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef'); taskDefinition.addContainer('DefaultContainer', { image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"), memoryLimitMiB: 512, logging: ecs.LogDriver.awsLogs({ logGroup: new logs.LogGroup(stack, 'LogGroup', { logGroupName: '/test-group/', removalPolicy: cdk.RemovalPolicy.DESTROY, retention: logs.RetentionDays.ONE_DAY, }), streamPrefix: 'testing-', }), }); // Instantiate an Amazon ECS Service const ecsService = new ecs.Ec2Service(stack, 'Service', { cluster, taskDefinition, desiredCount: 2, }); ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When we changed the merging behavior in #8251, we forgot to account for the 'Rules' section. To prevent that error from happening again, let's default to merging objects without duplicates. Fixes #9485 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #9501 ### Testing This was tested by deploying a simple app that was basically the sample from the ECS module readme, and then manually killing off instances from the ECS cluster's ASG. When I killed off an instance I then verified, from the lambda logs, that the task-draining lambda was able to complete its work with no errors. The essentials of the app are: ```ts const app = new cdk.App(); const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION } const stack = new cdk.Stack(app, 'Testing', { env }); const vpc = new ec2.Vpc(stack, 'Vpc'); // Create an ECS cluster const cluster = new ecs.Cluster(stack, 'Cluster', { vpc, }); // Add capacity to it cluster.addCapacity('DefaultAutoScalingGroupCapacity', { instanceType: new ec2.InstanceType("t2.xlarge"), desiredCapacity: 2, }); const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef'); taskDefinition.addContainer('DefaultContainer', { image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"), memoryLimitMiB: 512, logging: ecs.LogDriver.awsLogs({ logGroup: new logs.LogGroup(stack, 'LogGroup', { logGroupName: '/test-group/', removalPolicy: cdk.RemovalPolicy.DESTROY, retention: logs.RetentionDays.ONE_DAY, }), streamPrefix: 'testing-', }), }); // Instantiate an Amazon ECS Service const ecsService = new ecs.Ec2Service(stack, 'Service', { cluster, taskDefinition, desiredCount: 2, }); ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
the
pr/no-squash
shivlaks
approved these changes
Aug 7, 2020
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG