Merge pull request #49 from aws-solutions/feature/v1.4.5

Update to version v1.4.5

CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.4.5] - 2024-10-21
+
+### Changed
+
+- Upgraded requests to 2.32.0
+- Upgraded urllib3 to 1.26.19
+- Upgraded black to 24.3.0
+- Onboarded anonymized operational metrics.
+
 ## [1.4.4] - 2023-10-13
 
 ### Changed

CODE_OF_CONDUCT.md

@@ -1,4 +1,4 @@
 ## Code of Conduct
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
-opensource-codeofconduct@amazon.com with any additional questions or comments.
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.

CONTRIBUTING.md

@@ -6,57 +6,54 @@ documentation, we greatly value feedback and contributions from our community.
 Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 information to effectively respond to your bug report or contribution.
 
-
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
 When filing an issue, please check [existing open](https://github.com/aws-solutions/maintaining-personalized-experiences-with-machine-learning/issues), or [recently closed](https://github.com/aws-solutions/maintaining-personalized-experiences-with-machine-learning/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-* A reproducible test case or series of steps
-* The version of our code being used
-* Any modifications you've made relevant to the bug
-* Anything unusual about your environment or deployment
-
+- A reproducible test case or series of steps
+- The version of our code being used
+- Any modifications you've made relevant to the bug
+- Anything unusual about your environment or deployment
 
 ## Contributing via Pull Requests
+
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the *master* branch.
+1. You are working against the latest source on the _master_ branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
 To send us a pull request, please:
 
 1. Fork the repository.
 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
-3. Ensure all build processes execute successfully (see README.md for additional guidance).
-4. Ensure all unit, integration, and/or snapshot tests pass, as applicable.
-5. Commit to your fork using clear commit messages.
-6. Send us a pull request, answering any default questions in the pull request interface.
-7. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
 
 GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
 [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
-
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/maintaining-personalized-experiences-with-machine-learning/labels/help%20wanted) issues is a great place to start.
 
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/maintaining-personalized-experiences-with-machine-learning/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
+
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 opensource-codeofconduct@amazon.com with any additional questions or comments.
 
-
 ## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue.
 
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
 ## Licensing
 
 See the [LICENSE](https://github.com/aws-solutions/maintaining-personalized-experiences-with-machine-learning/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
+We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

NOTICE.txt

@@ -1,7 +1,7 @@
 Maintaining Personalized Experiences with Machine Learning
 
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
+Licensed under the Apache-2.0 license (the "License"). You may not use this file except
 in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/
 or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the
@@ -12,38 +12,57 @@ THIRD PARTY COMPONENTS
 **********************
 This software includes third party software subject to the following copyrights:
 
-Apache Avro under the Apache License 2.0
-AWS Lambda Java Support Libraries under the Apache License Version 2.0
-AWS Lambda Powertools for Python under the MIT No Attribution license
-AWS SDK under the Apache License Version 2.0
-boto3 under the Apache License Version 2.0
-black under the Massachusetts Institute of Technology (MIT) license
-click under the BSD 3-Clause license
-coverage under the Apache License Version 2.0
-crhelper under the Apache License Version 2.0
-cronex under the Massachusetts Institute of Technology (MIT) license
-docker-py under the Apache License Version 2.0
-Gradle under the Apache License Version 2.0
-jmespath under the Apache License Version 2.0
+avro under the Apache-2.0 license
+AWS Lambda Java Support Libraries under the Apache-2.0 license
+aws-lambda-powertools under the MIT No Attribution license
+aws_cdk_lib under the Apache-2.0 license under the Apache-2.0 license 
+aws_solutions_constructs.aws_lambda_sns under the Apache-2.0 license
+aws-cdk.aws-servicecatalogappregistry-alpha under the Apache-2.0 license
+cdk-nag under the Apache-2.0 license
+AWS SDK under the Apache-2.0 license
+boto3 under the Apache-2.0 license
+black under the MIT license
+Click under the BSD 3-Clause license
+coverage under the Apache-2.0 license
+crhelper under the Apache-2.0 license
+cronex under the MIT license
+docker-py under the Apache-2.0 license
+docker under the Apache-2.0 license
+responses under the Apache-2.0 license
+Gradle under the Apache-2.0 license
+jmespath under the Apache-2.0 license
 junit under the Eclipse Public License Version 2.0
-moto under the Apache License Version 2.0
-pytest under the Massachusetts Institute of Technology (MIT) license
-pytest-cov under the Massachusetts Institute of Technology (MIT) license
-pytest-mock under the Massachusetts Institute of Technology (MIT) license
-pytest-env under the Massachusetts Institute of Technology (MIT) license
-PyYAML under the Massachusetts Institute of Technology (MIT) license
-requests under the Apache License Version 2.0
-requests-mock under the Apache License Version 2.0
-rich under the Massachusetts Institute of Technology (MIT) license
-tenacity under the Apache License Version 2.0
-quartz-scheduler under the Apache License Version 2.0
-parsedatetime under the Apache License Version 2.0
-urllib3 under the Massachusetts Institute of Technology (MIT) license
-setuptools under the Massachusetts Institute of Technology (MIT) license
-pipenv under the Massachusetts Institute of Technology (MIT) license
-virtualenv under the Massachusetts Institute of Technology (MIT) license
-tox under the Massachusetts Institute of Technology (MIT) license
-tox-pyenv under the Apache License Version 2.0
-poetry under the Massachusetts Institute of Technology (MIT) license
+org.jacoco/org.jacoco.core under the Eclipse Public License 2.0 license(s)
+./package under the 0BSD license
+moto under the Apache-2.0 license
+pytest under the MIT license
+pytest-cov under the MIT license
+pytest-mock under the MIT license
+pytest-env under the MIT license
+pyyaml under the MIT license
+requests under the Apache-2.0 license
+requests-mock under the Apache-2.0 license
+rich under the MIT license
+tenacity under the Apache-2.0 license
+quartz-scheduler under the Apache-2.0 license
+parsedatetime under the Apache-2.0 license
+urllib3 under the MIT license
+setuptools under the MIT license
+pipenv under the MIT license
+virtualenv under the MIT license
+tox under the MIT license
+tox-pyenv under the Apache-2.0 license
+poetry under the MIT license
+aws-xray-sdk under the Apache-2.0 license
 
-The Apache License Version Version 2.0 is included in LICENSE.txt.
+
+The Apache License Version Version 2.0 is included in LICENSE.txt.
+
+********************
+OPEN SOURCE LICENSES
+********************
+
+0BSD - https://opensource.org/licenses/0BSD
+Apache-2.0 - https://opensource.org/licenses/Apache-2.0
+MIT - https://opensource.org/licenses/MIT
+MIT-0 - https://opensource.org/licenses/MIT-0

README.md

@@ -607,7 +607,7 @@ To customize the solution, follow the steps below:
 The following procedures assumes that all the OS-level configuration has been completed. They are:
 
 - [AWS Command Line Interface](https://aws.amazon.com/cli/)
-- [Python](https://www.python.org/) 3.9 or newer
+- [Python](https://www.python.org/) 3.11 or newer
 - [Node.js](https://nodejs.org/en/) 16.x or newer
 - [AWS CDK](https://aws.amazon.com/cdk/) 2.88.0 or newer
 - [Amazon Corretto OpenJDK](https://docs.aws.amazon.com/corretto/) 17.0.4.1
@@ -706,8 +706,7 @@ After running the command, you can deploy the template:
 
 ## Collection of operational metrics
 
-This solution collects anonymous operational metrics to help AWS improve the quality of features of the solution.
-For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/maintaining-personalized-experiences-with-ml/reference.html).
+ This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/maintaining-personalized-experiences-with-ml/reference.html).
 
 ---
 

SECURITY.md

@@ -0,0 +1,9 @@
+## Reporting Security Issues
+
+We take all security reports seriously. When we receive such reports,
+we will investigate and subsequently address any potential vulnerabilities as 
+quickly as possible. If you discover a potential security issue in this project,
+please notify AWS/Amazon Security via our [vulnerability reporting page]
+(http://aws.amazon.com/security/vulnerability-reporting/) or directly via email 
+to [AWS Security](mailto:aws-security@amazon.com).
+Please do *not* create a public GitHub issue in this project.

deployment/run-unit-tests.sh

@@ -41,7 +41,9 @@ echo "--------------------------------------------------------------------------
 echo "[Env] Create virtual environment and install dependencies"
 echo "------------------------------------------------------------------------------"
 
-virtualenv .venv
+#Set the python version to 3.11
+pip install virtualenv
+python3.11 -m virtualenv .venv
 source .venv/bin/activate
 
 cd $source_dir

source/cdk_solution_helper_py/README.md

@@ -11,7 +11,7 @@ This README summarizes using the tool.
 
 Install this package. It requires at least
 
-- Python 3.9
+- Python 3.11
 - AWS CDK version 2.75.0 or higher
 
 To install the packages:

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/resource_hash/hash.py

@@ -20,6 +20,7 @@
 
 from aws_solutions.cdk.aws_lambda.python.function import SolutionsPythonFunction
 from aws_solutions.cdk.cfn_nag import add_cfn_nag_suppressions, CfnNagSuppression
+from aws_solutions.cdk.cfn_guard import add_cfn_guard_suppressions
 
 from cdk_nag import NagSuppressions
 from cdk_nag import NagPackSuppression
@@ -58,6 +59,10 @@ def __init__(
                     ),
                 ],
             )
+            add_cfn_guard_suppressions(
+                self._resource_name_function.role.node.try_find_child("Resource"),
+                ["IAM_NO_INLINE_POLICY_CHECK"]
+            )
 
             NagSuppressions.add_resource_suppressions(self._resource_name_function.role, [
                 NagPackSuppression(

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/resource_name/name.py

@@ -22,6 +22,7 @@
 
 from aws_solutions.cdk.aws_lambda.python.function import SolutionsPythonFunction
 from aws_solutions.cdk.cfn_nag import add_cfn_nag_suppressions, CfnNagSuppression
+from aws_solutions.cdk.cfn_guard import add_cfn_guard_suppressions
 
 from cdk_nag import NagSuppressions
 from cdk_nag import NagPackSuppression
@@ -71,6 +72,11 @@ def __init__(
                            'which do not have a resource arn')],
                 apply_to_children=True)
 
+            add_cfn_guard_suppressions(
+                    self._resource_name_function.role.node.try_find_child("Resource"),
+                    ["IAM_NO_INLINE_POLICY_CHECK"]
+            )
+
         properties = {
             "ServiceToken": self._resource_name_function.function_arn,
             "Purpose": purpose,
@@ -88,6 +94,11 @@ def __init__(
             properties=properties,
         )
 
+        add_cfn_guard_suppressions(
+                self._resource_name_function.role.node.try_find_child("Resource"),
+                ["IAM_NO_INLINE_POLICY_CHECK"]
+        )
+
     @property
     def resource_name(self):
         return self.resource_name_resource.get_att("Name")

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/metrics.py

@@ -23,7 +23,7 @@
 
 from aws_solutions.cdk.aws_lambda.python.function import SolutionsPythonFunction
 from aws_solutions.cdk.cfn_nag import add_cfn_nag_suppressions, CfnNagSuppression
-
+from aws_solutions.cdk.cfn_guard import add_cfn_guard_suppressions
 
 class Metrics(Construct):
     """Used to track anonymous solution deployment metrics."""
@@ -65,8 +65,8 @@ def __init__(
 
         properties = {
             "ServiceToken": self._metrics_function.function_arn,
-            "Solution": self.node.try_get_context("SOLUTION_NAME"),
-            "Version": self.node.try_get_context("VERSION"),
+            "Solution": self.node.try_get_context("SOLUTION_ID"),
+            "Version": self.node.try_get_context("SOLUTION_VERSION"),
             "Region": Aws.REGION,
             **metrics,
         }
@@ -78,3 +78,8 @@ def __init__(
         )
         self.solution_metrics.override_logical_id("SolutionMetricsAnonymousData")
         self.solution_metrics.cfn_options.condition = self._send_anonymous_usage_data
+
+        add_cfn_guard_suppressions(
+            self._metrics_function.role.node.try_find_child("Resource"),
+            ["IAM_NO_INLINE_POLICY_CHECK"]
+        )

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/metrics.py

@@ -14,7 +14,7 @@
 
 import logging
 import uuid
-from datetime import datetime
+from datetime import datetime, timezone
 from os import getenv
 
 import requests
@@ -54,11 +54,11 @@ def send_metrics(event, _):
         headers = {"Content-Type": "application/json"}
         payload = {
             "Solution": resource_properties["Solution"],
+            "Version": resource_properties["Version"],
             "UUID": random_id,
-            "TimeStamp": datetime.utcnow().isoformat(),
+            "TimeStamp": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%S.%f"),
             "Data": _sanitize_data(event),
         }
-
         logger.info(f"Sending payload: {payload}")
         response = requests.post(METRICS_ENDPOINT, json=payload, headers=headers, timeout=REQUESTS_TIMEOUT)
         logger.info(f"Response from metrics endpoint: {response.status_code} {response.reason}")

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/requirements.txt

@@ -1,3 +1,3 @@
-requests==2.31.0
-urllib3==1.26.17
+requests==2.32.0
+urllib3==1.26.19
 crhelper==2.0.11

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/python/bundling.py

@@ -25,7 +25,7 @@
 
 from aws_solutions.cdk.helpers import copytree
 
-DEFAULT_RUNTIME = Runtime.PYTHON_3_9
+DEFAULT_RUNTIME = Runtime.PYTHON_3_11
 BUNDLER_DEPENDENCIES_CACHE = "/var/dependencies"
 REQUIREMENTS_TXT_FILE = "requirements.txt"
 REQUIREMENTS_PIPENV_FILE = "Pipfile"

source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/python/function.py

@@ -27,7 +27,7 @@
 from aws_solutions.cdk.aws_lambda.python.bundling import SolutionsPythonBundling
 from aws_solutions.cdk.aws_lambda.python.hash_utils import DirectoryHash
 
-DEFAULT_RUNTIME = Runtime.PYTHON_3_9
+DEFAULT_RUNTIME = Runtime.PYTHON_3_11
 DEPENDENCY_EXCLUDES = ["*.pyc"]
 
 
@@ -62,7 +62,7 @@ def __init__(
         if not kwargs.get("role"):
             kwargs["role"] = self._create_role()
 
-        # python 3.9 is selected to support custom resources and inline code
+        # python 3.11 is selected to support custom resources and inline code
         if not kwargs.get("runtime"):
             kwargs["runtime"] = DEFAULT_RUNTIME