Merge branch 'master' into huijbers/pipelines-on-windows

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

@@ -10,6 +10,7 @@ import {
   Aws,
   CfnAutoScalingRollingUpdate, CfnCreationPolicy, CfnUpdatePolicy,
   Duration, Fn, IResource, Lazy, PhysicalName, Resource, Stack, Tags,
+  Token,
   Tokenization, withResolved,
 } from '@aws-cdk/core';
 import { Construct } from 'constructs';
@@ -765,10 +766,24 @@ abstract class AutoScalingGroupBase extends Resource implements IAutoScalingGrou
 
     const resourceLabel = `${this.albTargetGroup.firstLoadBalancerFullName}/${this.albTargetGroup.targetGroupFullName}`;
 
+    if ((props.targetRequestsPerMinute === undefined) === (props.targetRequestsPerSecond === undefined)) {
+      throw new Error('Specify exactly one of \'targetRequestsPerMinute\' or \'targetRequestsPerSecond\'');
+    }
+
+    let rpm: number;
+    if (props.targetRequestsPerSecond !== undefined) {
+      if (Token.isUnresolved(props.targetRequestsPerSecond)) {
+        throw new Error('\'targetRequestsPerSecond\' cannot be an unresolved value; use \'targetRequestsPerMinute\' instead.');
+      }
+      rpm = props.targetRequestsPerSecond * 60;
+    } else {
+      rpm = props.targetRequestsPerMinute!;
+    }
+
     const policy = new TargetTrackingScalingPolicy(this, `ScalingPolicy${id}`, {
       autoScalingGroup: this,
       predefinedMetric: PredefinedMetric.ALB_REQUEST_COUNT_PER_TARGET,
-      targetValue: props.targetRequestsPerSecond,
+      targetValue: rpm,
       resourceLabel,
       ...props,
     });
@@ -1603,8 +1618,17 @@ export interface NetworkUtilizationScalingProps extends BaseTargetTrackingProps
 export interface RequestCountScalingProps extends BaseTargetTrackingProps {
   /**
    * Target average requests/seconds on each instance
+   *
+   * @deprecated Use 'targetRequestsPerMinute' instead
+   * @default - Specify exactly one of 'targetRequestsPerSecond' and 'targetRequestsPerSecond'
+   */
+  readonly targetRequestsPerSecond?: number;
+
+  /**
+   * Target average requests/minute on each instance
+   * @default - Specify exactly one of 'targetRequestsPerSecond' and 'targetRequestsPerSecond'
    */
-  readonly targetRequestsPerSecond: number;
+  readonly targetRequestsPerMinute?: number;
 }
 
 /**

packages/@aws-cdk/aws-autoscaling/test/integ.asg-w-elbv2.expected.json

@@ -568,7 +568,7 @@
               ]
             }
           },
-          "TargetValue": 1
+          "TargetValue": 60
         }
       },
       "DependsOn": [

packages/@aws-cdk/aws-autoscaling/test/scaling.test.ts

@@ -75,7 +75,7 @@ nodeunitShim({
       test.done();
     },
 
-    'request count'(test: Test) {
+    'request count per second'(test: Test) {
       // GIVEN
       const stack = new cdk.Stack();
       const fixture = new ASGFixture(stack, 'Fixture');
@@ -99,6 +99,54 @@ nodeunitShim({
         ],
       };
 
+      expect(stack).to(haveResource('AWS::AutoScaling::ScalingPolicy', {
+        PolicyType: 'TargetTrackingScaling',
+        TargetTrackingConfiguration: {
+          TargetValue: 600,
+          PredefinedMetricSpecification: {
+            PredefinedMetricType: 'ALBRequestCountPerTarget',
+            ResourceLabel: {
+              'Fn::Join': ['', [
+                { 'Fn::Select': [1, arnParts] },
+                '/',
+                { 'Fn::Select': [2, arnParts] },
+                '/',
+                { 'Fn::Select': [3, arnParts] },
+                '/',
+                { 'Fn::GetAtt': ['ALBListenerTargetsGroup01D7716A', 'TargetGroupFullName'] },
+              ]],
+            },
+          },
+        },
+      }));
+
+      test.done();
+    },
+
+    'request count per minute'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const fixture = new ASGFixture(stack, 'Fixture');
+      const alb = new elbv2.ApplicationLoadBalancer(stack, 'ALB', { vpc: fixture.vpc });
+      const listener = alb.addListener('Listener', { port: 80 });
+      listener.addTargets('Targets', {
+        port: 80,
+        targets: [fixture.asg],
+      });
+
+      // WHEN
+      fixture.asg.scaleOnRequestCount('ScaleRequest', {
+        targetRequestsPerMinute: 10,
+      });
+
+      // THEN
+      const arnParts = {
+        'Fn::Split': [
+          '/',
+          { Ref: 'ALBListener3B99FF85' },
+        ],
+      };
+
       expect(stack).to(haveResource('AWS::AutoScaling::ScalingPolicy', {
         PolicyType: 'TargetTrackingScaling',
         TargetTrackingConfiguration: {

packages/@aws-cdk/aws-cloudfront-origins/package.json

@@ -72,7 +72,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@aws-cdk/aws-ec2": "0.0.0",
-    "aws-sdk": "^2.791.0",
+    "aws-sdk": "^2.792.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "pkglint": "0.0.0"

packages/@aws-cdk/aws-cloudfront/package.json

@@ -73,7 +73,7 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
-    "aws-sdk": "^2.791.0",
+    "aws-sdk": "^2.792.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-cloudtrail/package.json

@@ -73,7 +73,7 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
-    "aws-sdk": "^2.791.0",
+    "aws-sdk": "^2.792.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-codebuild/package.json

@@ -79,7 +79,7 @@
     "@aws-cdk/aws-sns": "0.0.0",
     "@aws-cdk/aws-sqs": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "aws-sdk": "^2.791.0",
+    "aws-sdk": "^2.792.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-codecommit/package.json

@@ -79,7 +79,7 @@
     "@aws-cdk/assert": "0.0.0",
     "@aws-cdk/aws-sns": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "aws-sdk": "^2.791.0",
+    "aws-sdk": "^2.792.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-dynamodb/package.json

@@ -74,7 +74,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/jest": "^26.0.15",
-    "aws-sdk": "^2.791.0",
+    "aws-sdk": "^2.792.0",
     "aws-sdk-mock": "^5.1.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",

packages/@aws-cdk/aws-ecs/README.md

@@ -298,7 +298,7 @@ taskDefinition.addContainer('container', {
   },
   secrets: { // Retrieved from AWS Secrets Manager or AWS Systems Manager Parameter Store at container start-up.
     SECRET: ecs.Secret.fromSecretsManager(secret),
-    DB_PASSWORD: ecs.Secret.fromSecretsManager(dbSecret, 'password'), // Reference a specific JSON field
+    DB_PASSWORD: ecs.Secret.fromSecretsManager(dbSecret, 'password'), // Reference a specific JSON field, (requires platform version 1.4.0 or later for Fargate tasks)
     PARAMETER: ecs.Secret.fromSsmParameter(parameter),
   }
 });

packages/@aws-cdk/aws-ecs/lib/base/task-definition.ts

@@ -261,6 +261,8 @@ export class TaskDefinition extends TaskDefinitionBase {
 
   private _executionRole?: iam.IRole;
 
+  private _referencesSecretJsonField?: boolean;
+
   /**
    * Constructs a new instance of the TaskDefinition class.
    */
@@ -435,6 +437,9 @@ export class TaskDefinition extends TaskDefinitionBase {
     if (this.defaultContainer === undefined && container.essential) {
       this.defaultContainer = container;
     }
+    if (container.referencesSecretJsonField) {
+      this._referencesSecretJsonField = true;
+    }
   }
 
   /**
@@ -476,6 +481,14 @@ export class TaskDefinition extends TaskDefinitionBase {
     return this._executionRole;
   }
 
+  /**
+   * Whether this task definition has at least a container that references a
+   * specific JSON field of a secret stored in Secrets Manager.
+   */
+  public get referencesSecretJsonField(): boolean | undefined {
+    return this._referencesSecretJsonField;
+  }
+
   /**
    * Validates the task definition.
    */

packages/@aws-cdk/aws-ecs/lib/container-definition.ts

@@ -355,6 +355,12 @@ export class ContainerDefinition extends cdk.Construct {
    */
   public readonly logDriverConfig?: LogDriverConfig;
 
+  /**
+   * Whether this container definition references a specific JSON field of a secret
+   * stored in Secrets Manager.
+   */
+  public readonly referencesSecretJsonField?: boolean;
+
   /**
    * The configured container links
    */
@@ -384,13 +390,12 @@ export class ContainerDefinition extends cdk.Construct {
     if (props.logging) {
       this.logDriverConfig = props.logging.bind(this, this);
     }
-    props.taskDefinition._linkContainer(this);
 
     if (props.secrets) {
       this.secrets = [];
       for (const [name, secret] of Object.entries(props.secrets)) {
-        if (this.taskDefinition.isFargateCompatible && secret.hasField) {
-          throw new Error(`Cannot specify secret JSON field for a task using the FARGATE launch type: '${name}' in container '${this.node.id}'`);
+        if (secret.hasField) {
+          this.referencesSecretJsonField = true;
         }
         secret.grantRead(this.taskDefinition.obtainExecutionRole());
         this.secrets.push({
@@ -399,6 +404,8 @@ export class ContainerDefinition extends cdk.Construct {
         });
       }
     }
+
+    props.taskDefinition._linkContainer(this);
   }
 
   /**

packages/@aws-cdk/aws-ecs/lib/fargate/fargate-service.ts

@@ -141,6 +141,12 @@ export class FargateService extends BaseService implements IFargateService {
       throw new Error('Only one of SecurityGroup or SecurityGroups can be populated.');
     }
 
+    if (props.taskDefinition.referencesSecretJsonField
+        && props.platformVersion
+        && SECRET_JSON_FIELD_UNSUPPORTED_PLATFORM_VERSIONS.includes(props.platformVersion)) {
+      throw new Error(`The task definition of this service uses at least one container that references a secret JSON field. This feature requires platform version ${FargatePlatformVersion.VERSION1_4} or later.`);
+    }
+
     const propagateTagsFromSource = props.propagateTaskTagsFrom !== undefined ? props.propagateTaskTagsFrom
       : (props.propagateTags !== undefined ? props.propagateTags : PropagatedTagSource.NONE);
 
@@ -219,3 +225,10 @@ export enum FargatePlatformVersion {
    */
   VERSION1_0 = '1.0.0',
 }
+
+const SECRET_JSON_FIELD_UNSUPPORTED_PLATFORM_VERSIONS = [
+  FargatePlatformVersion.VERSION1_0,
+  FargatePlatformVersion.VERSION1_1,
+  FargatePlatformVersion.VERSION1_2,
+  FargatePlatformVersion.VERSION1_3,
+];

packages/@aws-cdk/aws-ecs/test/fargate/integ.secret.expected.json

@@ -40,6 +40,20 @@
                 "ValueFrom": {
                   "Ref": "SecretA720EF05"
                 }
+              },
+              {
+                "Name": "PASSWORD",
+                "ValueFrom": {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Ref": "SecretA720EF05"
+                      },
+                      ":password::"
+                    ]
+                  ]
+                }
               }
             ]
           }
@@ -109,4 +123,4 @@
       }
     }
   }
-}
+}

packages/@aws-cdk/aws-ecs/test/fargate/integ.secret.ts

@@ -18,6 +18,7 @@ taskDefinition.addContainer('web', {
   image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
   secrets: {
     SECRET: ecs.Secret.fromSecretsManager(secret),
+    PASSWORD: ecs.Secret.fromSecretsManager(secret, 'password'),
   },
 });
 

packages/@aws-cdk/aws-ecs/test/fargate/test.fargate-service.ts

@@ -3,6 +3,7 @@ import * as appscaling from '@aws-cdk/aws-applicationautoscaling';
 import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';
+import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
 import * as cloudmap from '@aws-cdk/aws-servicediscovery';
 import * as cdk from '@aws-cdk/core';
 import { Test } from 'nodeunit';
@@ -301,6 +302,31 @@ export = {
       test.done();
     },
 
+    'throws whith secret json field on unsupported platform version'(test: Test) {
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'MyVpc', {});
+      const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+      const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaksDef');
+      const secret = new secretsmanager.Secret(stack, 'Secret');
+      taskDefinition.addContainer('BaseContainer', {
+        image: ecs.ContainerImage.fromRegistry('test'),
+        secrets: {
+          SECRET_KEY: ecs.Secret.fromSecretsManager(secret, 'specificKey'),
+        },
+      });
+
+      // THEN
+      test.throws(() => {
+        new ecs.FargateService(stack, 'FargateService', {
+          cluster,
+          taskDefinition,
+          platformVersion: ecs.FargatePlatformVersion.VERSION1_3,
+        });
+      }, new RegExp(`uses at least one container that references a secret JSON field.+platform version ${ecs.FargatePlatformVersion.VERSION1_4} or later`));
+
+      test.done();
+    },
+
     'ignore task definition and launch type if deployment controller is set to be EXTERNAL'(test: Test) {
       // GIVEN
       const stack = new cdk.Stack();