Merge branch 'master' into lambda-provided-execution-role-policy

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,3 @@
-### Commit Message
-COMMIT/PR TITLE HERE (must follow conventionalcommits.org)
-
-COMMIT MESSAGE HERE
-### End Commit Message
 
 ----
 

.gitpod.yml

@@ -0,0 +1,7 @@
+image: jsii/superchain
+tasks:
+  - init: yarn build --skip-test --no-bail
+
+vscode:
+  extensions:
+    - dbaeumer.vscode-eslint@2.1.5:9Wg0Glx/TwD8ElFBg+FKcQ==

.mergify.yml

@@ -16,6 +16,7 @@ pull_request_rules:
         strict: smart
         method: squash
         strict_method: merge
+        commit_message: title+body
       delete_head_branch: {}
     conditions:
       - base!=release
@@ -29,7 +30,7 @@ pull_request_rules:
       - -approved-reviews-by~=author
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      - status-success=Semantic Pull Request
+      #- status-success=Semantic Pull Request
       - status-success=mandatory-changes
   - name: automatic merge
     actions:
@@ -40,6 +41,7 @@ pull_request_rules:
         # Merge instead of squash
         method: merge
         strict_method: merge
+        commit_message: title+body
       delete_head_branch: {}
     conditions:
       - -title~=(WIP|wip)
@@ -54,7 +56,7 @@ pull_request_rules:
       - -approved-reviews-by~=author
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      - status-success=Semantic Pull Request
+      #- status-success=Semantic Pull Request
       - status-success=mandatory-changes
   - name: remove stale reviews
     actions:
@@ -111,5 +113,5 @@ pull_request_rules:
       - "#approved-reviews-by>=1"
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      - status-success=Semantic Pull Request
+      #- status-success=Semantic Pull Request
       - status-success=mandatory-changes

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.40.0](https://github.com/aws/aws-cdk/compare/v1.39.0...v1.40.0) (2020-05-20)
+
+
+### Features
+
+* add support for Gitpod workspaces ([20d5511](https://github.com/aws/aws-cdk/commit/20d551142ea13c57981ad8b24ac61d03091da6b9))
+* **autoscaling:** support max instance lifetime  ([d126c46](https://github.com/aws/aws-cdk/commit/d126c46f8429b30e1937e2e970011bc6fac8b5a2)), closes [#7758](https://github.com/aws/aws-cdk/issues/7758)
+* **cfn-include:** add support for the DependsOn attribute ([613df1b](https://github.com/aws/aws-cdk/commit/613df1b8e4b794a772d6124a22463072617aef62))
+* **docdb:** high level constrcuts for db clusters and instances ([#6511](https://github.com/aws/aws-cdk/issues/6511)) ([a376dd3](https://github.com/aws/aws-cdk/commit/a376dd326e180462044b610c6925998482bd04d2))
+* **eks:** IAM roles for service accounts ([3f0d2c8](https://github.com/aws/aws-cdk/commit/3f0d2c82ef6102fb6b8cea23e397f559fa6a4d61)), closes [#6062](https://github.com/aws/aws-cdk/issues/6062) [#5388](https://github.com/aws/aws-cdk/issues/5388) [#3949](https://github.com/aws/aws-cdk/issues/3949)
+* **elbv2:** full Action support ([2939105](https://github.com/aws/aws-cdk/commit/29391059a571fc41d94275f36cf54e08c6f5441f)), closes [#2563](https://github.com/aws/aws-cdk/issues/2563) [#6310](https://github.com/aws/aws-cdk/issues/6310) [#6308](https://github.com/aws/aws-cdk/issues/6308)
+* **region-info:** add information for us-gov, us-iso, and us-isob regions ([afe0b00](https://github.com/aws/aws-cdk/commit/afe0b00b12afe383da49dcfa07f85b578728a0d1)), closes [#7876](https://github.com/aws/aws-cdk/issues/7876) [#4669](https://github.com/aws/aws-cdk/issues/4669)
+* **s3-asset:** add httpUrl and s3ObjectUrl ([eeff393](https://github.com/aws/aws-cdk/commit/eeff39324e4735096f85b32d37c95011881467b6)), closes [#7509](https://github.com/aws/aws-cdk/issues/7509) [#7221](https://github.com/aws/aws-cdk/issues/7221)
+
 ## [1.39.0](https://github.com/aws/aws-cdk/compare/v1.38.0...v1.39.0) (2020-05-15)
 
 

CONTRIBUTING.md

@@ -47,7 +47,31 @@ and let us know if it's not up-to-date (even better, submit a PR with your  corr
 
 ## Getting Started
 
-For day-to-day development and normal contributions, the following SDKs and tools are required:
+### Gitpod
+
+For setting up a local development environment,
+we recommend using [Gitpod](http://gitpod.io) -
+a service that allows you to spin up an in-browser
+Visual Studio Code-compatible editor,
+with everything set up and ready to go for CDK development.
+Just click the button below to create your private workspace:
+
+[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/aws/aws-cdk)
+
+This will start a new Gitpod workspace,
+and immediately kick off a build of the CDK code.
+Once it's done (it takes around an hour, unfortunately),
+you can work on any package that you want to modify,
+as described in ['Quick Iteration'](#quick-iteration) below.
+
+Gitpod is free for 50 hours per month -
+make sure to stop your workspace when you're done
+(you can always resume it later, and it won't need to run the build again).
+
+### Local dependencies
+
+If you don't want to use Gitpod,
+you need to have the following SDKs and tools locally:
 
 - [Node.js >= 10.13.0](https://nodejs.org/download/release/latest-v10.x/)
   - We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
@@ -484,27 +508,35 @@ The `dist/` folder within each module contains the packaged up language artifact
 
 ### Quick Iteration
 
-After you've built the modules you want to work on once, use `lr watch` for each module that you are modifying.
+After you've built the modules you want to work on once, use `yarn watch` for each module that you are modifying.
 
 Watch the EC2 and IAM modules in a second terminal session:
 
 ```console
 $ cd packages/@aws-cdk/aws-ec2
-$ lr watch & # runs in the background
+$ yarn watch & # runs in the background
 $ cd packages/@aws-cdk/aws-iam
-$ lr watch & # runs in the background
+$ yarn watch & # runs in the background
 ```
 
 Code...
 
-Now to test, you can either use `lr test` or invoke nodeunit directory (faster, since "test" will also build):
+Now to test, you can either use `yarn test` or invoke nodeunit/jest directly:
 
+Running nodeunit tests directly on a module
 ```console
 $ cd packages/@aws-cdk/aws-iam
 $ nodeunit test/test.*.js
 <BOOM>
 ```
 
+Running jest tests directly on a module
+```console
+$ cd packages/@aws-cdk/aws-iam
+$ jest test/*test.js
+<BOOM>
+```
+
 ### Linking against this repository
 
 The script `./link-all.sh` can be used to generate symlinks to all modules in this repository under some `node_module`

README.md

@@ -2,10 +2,12 @@
 
 ![Build Status](https://codebuild.us-east-1.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiSy9rWmVENzRDbXBoVlhYaHBsNks4OGJDRXFtV1IySmhCVjJoaytDU2dtVWhhVys3NS9Odk5DbC9lR2JUTkRvSWlHSXZrNVhYQ3ZsaUJFY3o4OERQY1pnPSIsIml2UGFyYW1ldGVyU3BlYyI6IlB3ODEyRW9KdU0yaEp6NDkiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=master)
 [![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.svg)](https://gitter.im/awslabs/aws-cdk)
+[![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/aws/aws-cdk)
 [![NPM version](https://badge.fury.io/js/aws-cdk.svg)](https://badge.fury.io/js/aws-cdk)
 [![PyPI version](https://badge.fury.io/py/aws-cdk.core.svg)](https://badge.fury.io/py/aws-cdk.core)
 [![NuGet version](https://badge.fury.io/nu/Amazon.CDK.svg)](https://badge.fury.io/nu/Amazon.CDK)
 [![Maven Central](https://maven-badges.herokuapp.com/maven-central/software.amazon.awscdk/core/badge.svg)](https://maven-badges.herokuapp.com/maven-central/software.amazon.awscdk/core)
+[![Mergify](https://img.shields.io/endpoint.svg?url=https://gh.mergify.io/badges/aws/aws-cdk&style=flat)](https://mergify.io)
 
 The **AWS Cloud Development Kit (AWS CDK)** is an open-source software development
 framework to define cloud infrastructure in code and provision it through AWS CloudFormation.

allowed-breaking-changes.txt

@@ -54,3 +54,5 @@ removed:@aws-cdk/cdk-assets-schema.Placeholders
 # Needs to be removed after next release.
 incompatible-argument:@aws-cdk/cloud-assembly-schema.Manifest.save
 change-return-type:@aws-cdk/cloud-assembly-schema.Manifest.load
+removed:@aws-cdk/core.DefaultStackSynthesizer.DEFAULT_DEPLOY_ACTION_ROLE_ARN
+removed:@aws-cdk/core.DefaultStackSynthesizerProps.deployActionRoleArn

lerna.json

@@ -10,5 +10,5 @@
     "tools/*"
   ],
   "rejectCycles": "true",
-  "version": "1.39.0"
+  "version": "1.40.0"
 }

packages/@aws-cdk/assert/package.json

@@ -21,7 +21,7 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/jest": "^25.2.2",
+    "@types/jest": "^25.2.3",
     "cdk-build-tools": "0.0.0",
     "jest": "^25.5.4",
     "pkglint": "0.0.0",

packages/@aws-cdk/assets/package.json

@@ -65,7 +65,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "@types/sinon": "^9.0.1",
+    "@types/sinon": "^9.0.3",
     "aws-cdk": "0.0.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",

packages/@aws-cdk/aws-apigateway/lib/access-log.ts

@@ -46,7 +46,7 @@ export class AccessLogField {
    * The API owner's AWS account ID.
    */
   public static contextAccountId() {
-    return '$context.requestId';
+    return '$context.identity.accountId';
   }
 
   /**

packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts

@@ -39,8 +39,8 @@ export interface BasePathMappingProps extends BasePathMappingOptions {
  * This resource creates a base path that clients who call your API must use in
  * the invocation URL.
  *
- * In most cases, you will probably want to use
- * `DomainName.addBasePathMapping()` to define mappings.
+ * Unless you're importing a domain with `DomainName.fromDomainNameAttributes()`,
+ * you can use `DomainName.addBasePathMapping()` to define mappings.
  */
 export class BasePathMapping extends Resource {
   constructor(scope: Construct, id: string, props: BasePathMappingProps) {

packages/@aws-cdk/aws-apigateway/test/test.access-log.ts

@@ -38,12 +38,13 @@ export = {
       requestId: apigateway.AccessLogField.contextRequestId(),
       sourceIp: apigateway.AccessLogField.contextIdentitySourceIp(),
       method: apigateway.AccessLogField.contextHttpMethod(),
+      accountId: apigateway.AccessLogField.contextAccountId(),
       userContext: {
         sub: apigateway.AccessLogField.contextAuthorizerClaims('sub'),
         email: apigateway.AccessLogField.contextAuthorizerClaims('email'),
       },
     }));
-    test.deepEqual(testFormat.toString(), '{"requestId":"$context.requestId","sourceIp":"$context.identity.sourceIp","method":"$context.httpMethod","userContext":{"sub":"$context.authorizer.claims.sub","email":"$context.authorizer.claims.email"}}');
+    test.deepEqual(testFormat.toString(), '{"requestId":"$context.requestId","sourceIp":"$context.identity.sourceIp","method":"$context.httpMethod","accountId":"$context.identity.accountId","userContext":{"sub":"$context.authorizer.claims.sub","email":"$context.authorizer.claims.email"}}');
 
     test.done();
   },

packages/@aws-cdk/aws-autoscaling/README.md

@@ -218,6 +218,14 @@ autoScalingGroup.scaleOnSchedule('AllowDownscalingAtNight', {
 See the documentation of the `@aws-cdk/aws-ec2` package for more information
 about allowing connections between resources backed by instances.
 
+### Max Instance Lifetime
+
+To enable the max instance lifetime support, specify `maxInstanceLifetime` property
+for the `AutoscalingGroup` resource. The value must be between 7 and 365 days(inclusive).
+To clear a previously set value, just leave this property undefinied.
+
+
+
 ### Future work
 
 - [ ] CloudWatch Events (impossible to add currently as the AutoScalingGroup ARN is

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

@@ -185,6 +185,20 @@ export interface CommonAutoScalingGroupProps {
    * @default - Uses the block device mapping of the AMI
    */
   readonly blockDevices?: BlockDevice[];
+
+  /**
+   * The maximum amount of time that an instance can be in service. The maximum duration applies
+   * to all current and future instances in the group. As an instance approaches its maximum duration,
+   * it is terminated and replaced, and cannot be used again.
+   *
+   * You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value,
+   * simply leave this property undefinied.
+   *
+   * @see https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html
+   *
+   * @default none
+   */
+  readonly maxInstanceLifetime?: Duration;
 }
 
 /**
@@ -411,6 +425,11 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements
    */
   public readonly spotPrice?: string;
 
+  /**
+   * The maximum amount of time that an instance can be in service.
+   */
+  public readonly maxInstanceLifetime?: Duration;
+
   private readonly autoScalingGroup: CfnAutoScalingGroup;
   private readonly securityGroup: ec2.ISecurityGroup;
   private readonly securityGroups: ec2.ISecurityGroup[] = [];
@@ -492,6 +511,12 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements
       this.node.addWarning('desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215');
     }
 
+    this.maxInstanceLifetime = props.maxInstanceLifetime;
+    if (this.maxInstanceLifetime  &&
+      (this.maxInstanceLifetime.toSeconds() < 604800 || this.maxInstanceLifetime.toSeconds() > 31536000)) {
+      throw new Error('maxInstanceLifetime must be between 7 and 365 days (inclusive)');
+    }
+
     const { subnetIds, hasPublic } = props.vpc.selectSubnets(props.vpcSubnets);
     const asgProps: CfnAutoScalingGroupProps = {
       cooldown: props.cooldown !== undefined ? props.cooldown.toSeconds().toString() : undefined,
@@ -515,6 +540,7 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements
       vpcZoneIdentifier: subnetIds,
       healthCheckType: props.healthCheck && props.healthCheck.type,
       healthCheckGracePeriod: props.healthCheck && props.healthCheck.gracePeriod && props.healthCheck.gracePeriod.toSeconds(),
+      maxInstanceLifetime: this.maxInstanceLifetime ? this.maxInstanceLifetime.toSeconds() : undefined,
     };
 
     if (!hasPublic && props.associatePublicIpAddress) {

packages/@aws-cdk/aws-autoscaling/test/integ.amazonlinux2.expected.json

@@ -454,6 +454,7 @@
         "LaunchConfigurationName": {
           "Ref": "FleetLaunchConfig59F79D36"
         },
+        "MaxInstanceLifetime": 604800,
         "Tags": [
           {
             "Key": "Name",

packages/@aws-cdk/aws-autoscaling/test/integ.amazonlinux2.ts

@@ -14,6 +14,7 @@ new autoscaling.AutoScalingGroup(stack, 'Fleet', {
   vpc,
   instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
   machineImage: new ec2.AmazonLinuxImage({ generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2 }),
+  maxInstanceLifetime: cdk.Duration.days(7),
 });
 
 app.synth();

packages/@aws-cdk/aws-autoscaling/test/test.auto-scaling-group.ts

@@ -761,6 +761,61 @@ export = {
     test.done();
   },
 
+  'can configure maxInstanceLifetime'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = mockVpc(stack);
+    new autoscaling.AutoScalingGroup(stack, 'MyStack', {
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.M4, ec2.InstanceSize.MICRO),
+      machineImage: new ec2.AmazonLinuxImage(),
+      vpc,
+      maxInstanceLifetime: cdk.Duration.days(7),
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::AutoScaling::AutoScalingGroup', {
+      'MaxInstanceLifetime': 604800,
+    }));
+
+    test.done();
+  },
+
+  'throws if maxInstanceLifetime < 7 days'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = mockVpc(stack);
+
+    // THEN
+    test.throws(() => {
+      new autoscaling.AutoScalingGroup(stack, 'MyStack', {
+        instanceType: ec2.InstanceType.of(ec2.InstanceClass.M4, ec2.InstanceSize.MICRO),
+        machineImage: new ec2.AmazonLinuxImage(),
+        vpc,
+        maxInstanceLifetime: cdk.Duration.days(6),
+      });
+    }, /maxInstanceLifetime must be between 7 and 365 days \(inclusive\)/);
+
+    test.done();
+  },
+
+  'throws if maxInstanceLifetime > 365 days'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = mockVpc(stack);
+
+    // THEN
+    test.throws(() => {
+      new autoscaling.AutoScalingGroup(stack, 'MyStack', {
+        instanceType: ec2.InstanceType.of(ec2.InstanceClass.M4, ec2.InstanceSize.MICRO),
+        machineImage: new ec2.AmazonLinuxImage(),
+        vpc,
+        maxInstanceLifetime: cdk.Duration.days(366),
+      });
+    }, /maxInstanceLifetime must be between 7 and 365 days \(inclusive\)/);
+
+    test.done();
+  },
+
   'throws if ephemeral volumeIndex < 0'(test: Test) {
     // GIVEN
     const stack = new cdk.Stack();

packages/@aws-cdk/aws-certificatemanager/lib/certificate.ts

@@ -2,6 +2,9 @@ import { Construct, IResource, Resource, Token } from '@aws-cdk/core';
 import { CfnCertificate } from './certificatemanager.generated';
 import { apexDomain } from './util';
 
+/**
+ * Represents a certificate in AWS Certificate Manager
+ */
 export interface ICertificate extends IResource {
   /**
    * The certificate's ARN

packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts

@@ -6,6 +6,8 @@ import * as path from 'path';
 import { CertificateProps, ICertificate } from './certificate';
 
 /**
+ * Properties to create a DNS validated certificate managed by AWS Certificate Manager
+ *
  * @experimental
  */
 export interface DnsValidatedCertificateProps extends CertificateProps {