Update libraries for newer cloud assembly support

README.md

@@ -35,8 +35,8 @@ Requirements:
 |---------------------------|------------|
 | Java                      | >= 8       |
 | Maven                     | >= 3.5     |
-| AWS CDK                   | <= 2.134.0 |
-| AWS Cloud Assembly Schema | <= 36.0.0  |
+| AWS CDK                   | <= 2.173.4 |
+| AWS Cloud Assembly Schema | <= 39.1.35 |
 
 _To bump up, open an issue or [see here](#aws-cdk-dependency-bump)_
 

aws-cdk-integration-tests/pom.xml

@@ -69,7 +69,7 @@
                     <dependency>
                         <groupId>org.codehaus.groovy</groupId>
                         <artifactId>groovy-all</artifactId>
-                        <version>3.0.19</version>
+                        <version>3.0.23</version>
                         <type>pom</type>
                     </dependency>
                     <dependency>

aws-cdk-maven-plugin/src/main/java/io/dataspray/aws/cdk/SynthMojo.java

@@ -25,10 +25,10 @@
 import org.apache.maven.toolchain.ToolchainManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import software.amazon.awscdk.cloudassembly.schema.AssemblyManifest;
-import software.amazon.awscdk.cloudassembly.schema.ContextProvider;
-import software.amazon.awscdk.cloudassembly.schema.Manifest;
-import software.amazon.awscdk.cloudassembly.schema.MissingContext;
+import software.amazon.awscdk.cloud_assembly_schema.AssemblyManifest;
+import software.amazon.awscdk.cloud_assembly_schema.ContextProvider;
+import software.amazon.awscdk.cloud_assembly_schema.Manifest;
+import software.amazon.awscdk.cloud_assembly_schema.MissingContext;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.awscore.client.builder.AwsClientBuilder;
 import software.amazon.awssdk.regions.Region;

aws-cdk/src/main/java/io/dataspray/aws/cdk/AssetDeployer.java

@@ -4,7 +4,7 @@
 import com.google.common.collect.Maps;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import software.amazon.awscdk.cloudassembly.schema.*;
+import software.amazon.awscdk.cloud_assembly_schema.*;
 import software.amazon.awssdk.services.cloudformation.CloudFormationClient;
 import software.amazon.awssdk.services.cloudformation.model.Output;
 import software.amazon.awssdk.services.cloudformation.model.Stack;

aws-cdk/src/main/java/io/dataspray/aws/cdk/BootstrapImpl.java

@@ -37,7 +37,7 @@ public class BootstrapImpl implements Bootstrap {
      * - Pull latest bootstrap-template.yaml from https://raw.githubusercontent.com/aws/aws-cdk/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
      * - Update this version to match the newly updated template
      */
-    private static final int TOOLKIT_STACK_VERSION = 20;
+    private static final int TOOLKIT_STACK_VERSION = 25;
     private static final int DEFAULT_BOOTSTRAP_STACK_VERSION = getDefaultBootstrapStackVersion();
     private static final String BOOTSTRAP_VERSION_OUTPUT = "BootstrapVersion";
 

aws-cdk/src/main/java/io/dataspray/aws/cdk/CloudDefinition.java

@@ -7,7 +7,7 @@
 import org.apache.commons.lang3.ObjectUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import software.amazon.awscdk.cloudassembly.schema.*;
+import software.amazon.awscdk.cloud_assembly_schema.*;
 import software.amazon.awscdk.cxapi.CloudAssembly;
 import software.amazon.jsii.JsiiObject;
 import software.amazon.jsii.Kernel;

aws-cdk/src/main/java/io/dataspray/aws/cdk/StackDefinition.java

@@ -4,8 +4,8 @@
 import lombok.Builder;
 import lombok.NonNull;
 import lombok.Value;
-import software.amazon.awscdk.cloudassembly.schema.ContainerImageAssetMetadataEntry;
-import software.amazon.awscdk.cloudassembly.schema.FileAssetMetadataEntry;
+import software.amazon.awscdk.cloud_assembly_schema.ContainerImageAssetMetadataEntry;
+import software.amazon.awscdk.cloud_assembly_schema.FileAssetMetadataEntry;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;

aws-cdk/src/main/java/io/dataspray/aws/cdk/context/AmiContextProviderMapper.java

@@ -1,7 +1,7 @@
 package io.dataspray.aws.cdk.context;
 
 import io.dataspray.aws.cdk.CdkException;
-import software.amazon.awscdk.cloudassembly.schema.AmiContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.AmiContextQuery;
 import software.amazon.awssdk.services.ec2.Ec2Client;
 import software.amazon.awssdk.services.ec2.model.DescribeImagesRequest;
 import software.amazon.awssdk.services.ec2.model.DescribeImagesResponse;

aws-cdk/src/main/java/io/dataspray/aws/cdk/context/AvailabilityZonesContextProviderMapper.java

@@ -1,6 +1,6 @@
 package io.dataspray.aws.cdk.context;
 
-import software.amazon.awscdk.cloudassembly.schema.AvailabilityZonesContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.AvailabilityZonesContextQuery;
 import software.amazon.awssdk.services.ec2.Ec2Client;
 import software.amazon.awssdk.services.ec2.model.AvailabilityZone;
 import software.amazon.awssdk.services.ec2.model.AvailabilityZoneState;

aws-cdk/src/main/java/io/dataspray/aws/cdk/context/HostedZoneContextProviderMapper.java

@@ -2,13 +2,9 @@
 
 import com.google.common.collect.ImmutableMap;
 import io.dataspray.aws.cdk.CdkException;
-import software.amazon.awscdk.cloudassembly.schema.HostedZoneContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.HostedZoneContextQuery;
 import software.amazon.awssdk.services.route53.Route53Client;
-import software.amazon.awssdk.services.route53.model.GetHostedZoneRequest;
-import software.amazon.awssdk.services.route53.model.GetHostedZoneResponse;
-import software.amazon.awssdk.services.route53.model.HostedZone;
-import software.amazon.awssdk.services.route53.model.ListHostedZonesByNameRequest;
-import software.amazon.awssdk.services.route53.model.ListHostedZonesByNameResponse;
+import software.amazon.awssdk.services.route53.model.*;
 
 import java.util.List;
 import java.util.stream.Collectors;

aws-cdk/src/main/java/io/dataspray/aws/cdk/context/SsmContextProviderMapper.java

@@ -1,7 +1,7 @@
 package io.dataspray.aws.cdk.context;
 
 import io.dataspray.aws.cdk.CdkException;
-import software.amazon.awscdk.cloudassembly.schema.SSMParameterContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.SSMParameterContextQuery;
 import software.amazon.awssdk.services.ssm.SsmClient;
 import software.amazon.awssdk.services.ssm.model.GetParameterRequest;
 import software.amazon.awssdk.services.ssm.model.GetParameterResponse;

aws-cdk/src/main/java/io/dataspray/aws/cdk/context/VpcNetworkContextProviderMapper.java

@@ -11,35 +11,15 @@
 import io.dataspray.aws.cdk.MoreCollectors;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
-import software.amazon.awscdk.cloudassembly.schema.VpcContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.VpcContextQuery;
 import software.amazon.awscdk.cxapi.VpcSubnet;
 import software.amazon.awscdk.cxapi.VpcSubnetGroup;
 import software.amazon.awscdk.cxapi.VpcSubnetGroupType;
 import software.amazon.awssdk.services.ec2.Ec2Client;
-import software.amazon.awssdk.services.ec2.model.DescribeRouteTablesRequest;
-import software.amazon.awssdk.services.ec2.model.DescribeRouteTablesResponse;
-import software.amazon.awssdk.services.ec2.model.DescribeSubnetsRequest;
-import software.amazon.awssdk.services.ec2.model.DescribeSubnetsResponse;
-import software.amazon.awssdk.services.ec2.model.DescribeVpcsRequest;
-import software.amazon.awssdk.services.ec2.model.DescribeVpcsResponse;
-import software.amazon.awssdk.services.ec2.model.DescribeVpnGatewaysRequest;
-import software.amazon.awssdk.services.ec2.model.Filter;
-import software.amazon.awssdk.services.ec2.model.RouteTable;
-import software.amazon.awssdk.services.ec2.model.RouteTableAssociation;
-import software.amazon.awssdk.services.ec2.model.Tag;
-import software.amazon.awssdk.services.ec2.model.Vpc;
-import software.amazon.awssdk.services.ec2.model.VpnGateway;
+import software.amazon.awssdk.services.ec2.model.*;
 
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 

aws-cdk/src/main/resources/bootstrap-template.yaml

@@ -207,11 +207,15 @@ Resources:
         Status: Enabled
       LifecycleConfiguration:
         Rules:
-          # Exising objects will never be overwritten but Security Hub wants this rule to exist
+          # Objects will only be noncurrent if they are deleted via garbage collection.
           - Id: CleanupOldVersions
             Status: Enabled
             NoncurrentVersionExpiration:
-              NoncurrentDays: 365
+              NoncurrentDays: 30
+          - Id: AbortIncompleteMultipartUploads
+            Status: Enabled
+            AbortIncompleteMultipartUpload:
+              DaysAfterInitiation: 1
     UpdateReplacePolicy: Retain
     DeletionPolicy: Retain
   StagingBucketPolicy:
@@ -277,6 +281,13 @@ Resources:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
+          # allows this role to be assumed with session tags.
+          # see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_permissions-required
+          - Action: sts:TagSession
+            Effect: Allow
+            Principal:
+              AWS:
+                Ref: AWS::AccountId
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
@@ -300,6 +311,13 @@ Resources:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
+          # allows this role to be assumed with session tags.
+          # see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_permissions-required
+          - Action: sts:TagSession
+            Effect: Allow
+            Principal:
+              AWS:
+                Ref: AWS::AccountId
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
@@ -323,6 +341,13 @@ Resources:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
+          # allows this role to be assumed with session tags.
+          # see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_permissions-required
+          - Action: sts:TagSession
+            Effect: Allow
+            Principal:
+              AWS:
+                Ref: AWS::AccountId
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
@@ -377,6 +402,10 @@ Resources:
             Resource:
               - Fn::Sub: "${StagingBucket.Arn}"
               - Fn::Sub: "${StagingBucket.Arn}/*"
+            Condition:
+              StringEquals:
+                aws:ResourceAccount:
+                  - Fn::Sub: ${AWS::AccountId}
             Effect: Allow
           - Action:
               - kms:Decrypt
@@ -427,6 +456,13 @@ Resources:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
+          # allows this role to be assumed with session tags.
+          # see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_permissions-required
+          - Action: sts:TagSession
+            Effect: Allow
+            Principal:
+              AWS:
+                Ref: AWS::AccountId
           - Action: sts:AssumeRole
             Effect: Allow
             Principal:
@@ -453,6 +489,8 @@ Resources:
                   - cloudformation:ExecuteChangeSet
                   - cloudformation:CreateStack
                   - cloudformation:UpdateStack
+                  - cloudformation:RollbackStack
+                  - cloudformation:ContinueUpdateRollback
                 Resource: "*"
               - Sid: PipelineCrossAccountArtifactsBucket
                 # Read/write buckets in different accounts. Permissions to buckets in
@@ -619,7 +657,7 @@ Resources:
       Type: String
       Name:
         Fn::Sub: '/cdk-bootstrap/${Qualifier}/version'
-      Value: '20'
+      Value: '25'
 Outputs:
   BucketName:
     Description: The name of the S3 bucket owned by the CDK toolkit stack

aws-cdk/src/test/java/io/dataspray/aws/cdk/context/AmiContextProviderMapperTest.java

@@ -8,7 +8,7 @@
 import org.testng.Assert;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
-import software.amazon.awscdk.cloudassembly.schema.AmiContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.AmiContextQuery;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.ec2.Ec2Client;
 import software.amazon.awssdk.services.ec2.model.DescribeImagesRequest;

aws-cdk/src/test/java/io/dataspray/aws/cdk/context/AvailabilityZonesContextProviderMapperTest.java

@@ -4,7 +4,7 @@
 import org.testng.Assert;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
-import software.amazon.awscdk.cloudassembly.schema.AvailabilityZonesContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.AvailabilityZonesContextQuery;
 import software.amazon.awssdk.services.ec2.Ec2Client;
 import software.amazon.awssdk.services.ec2.model.AvailabilityZone;
 import software.amazon.awssdk.services.ec2.model.AvailabilityZoneState;

aws-cdk/src/test/java/io/dataspray/aws/cdk/context/HostedZoneContextProviderMapperTest.java

@@ -7,7 +7,7 @@
 import org.testng.Assert;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
-import software.amazon.awscdk.cloudassembly.schema.HostedZoneContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.HostedZoneContextQuery;
 import software.amazon.awssdk.services.route53.Route53Client;
 import software.amazon.awssdk.services.route53.model.*;
 

aws-cdk/src/test/java/io/dataspray/aws/cdk/context/SsmContextProviderMapperTest.java

@@ -4,7 +4,7 @@
 import org.mockito.Mockito;
 import org.testng.Assert;
 import org.testng.annotations.Test;
-import software.amazon.awscdk.cloudassembly.schema.SSMParameterContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.SSMParameterContextQuery;
 import software.amazon.awssdk.services.ssm.SsmClient;
 import software.amazon.awssdk.services.ssm.model.GetParameterRequest;
 import software.amazon.awssdk.services.ssm.model.GetParameterResponse;

aws-cdk/src/test/java/io/dataspray/aws/cdk/context/VpcNetworkContextProviderMapperTest.java

@@ -10,7 +10,7 @@
 import org.testng.Assert;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
-import software.amazon.awscdk.cloudassembly.schema.VpcContextQuery;
+import software.amazon.awscdk.cloud_assembly_schema.VpcContextQuery;
 import software.amazon.awscdk.cxapi.VpcSubnetGroupType;
 import software.amazon.awssdk.services.ec2.Ec2Client;
 import software.amazon.awssdk.services.ec2.model.*;