From 4937cd0d0057d7d389809f4c4ef56fc6020a954f Mon Sep 17 00:00:00 2001 From: biffgaut <78155736+biffgaut@users.noreply.github.com> Date: Mon, 13 Dec 2021 04:57:12 -0500 Subject: [PATCH 1/4] feat(aws-ecs): expose environment from containerDefinition (#17889) Closes #17867 * Assigned props.environment to a public readonly member * Added integration test that confirms the environment can be appended after the task is instantiated Made 2 cosmetic, but no obvious changes. Environment values are specified: name: value name2: value But in the test and the README.md files the sample values were: name: something value: something else This is using the string 'value" as a key - which, as someone reading the code for the first time, was confusing. So I changed the sample values to more clearly display what's a key and what's a value. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ecs/README.md | 3 +- .../aws-ecs/lib/container-definition.ts | 17 +- .../aws-ecs/test/container-definition.test.ts | 34 +- ...teg.add-environment-variable.expected.json | 479 ++++++++++++++++++ .../fargate/integ.add-environment-variable.ts | 37 ++ 5 files changed, 567 insertions(+), 3 deletions(-) create mode 100644 packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.expected.json create mode 100644 packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.ts diff --git a/packages/@aws-cdk/aws-ecs/README.md b/packages/@aws-cdk/aws-ecs/README.md index 2c4f04e64b257..602e046ba2d61 100644 --- a/packages/@aws-cdk/aws-ecs/README.md +++ b/packages/@aws-cdk/aws-ecs/README.md @@ -405,7 +405,7 @@ declare const parameter: ssm.StringParameter; declare const taskDefinition: ecs.TaskDefinition; declare const s3Bucket: s3.Bucket; -taskDefinition.addContainer('container', { +const newContainer = taskDefinition.addContainer('container', { image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"), memoryLimitMiB: 1024, environment: { // clear text, not for sensitive data @@ -421,6 +421,7 @@ taskDefinition.addContainer('container', { PARAMETER: ecs.Secret.fromSsmParameter(parameter), }, }); +newContainer.addEnvironment('QUEUE_NAME', 'MyQueue'); ``` The task execution role is automatically granted read permissions on the secrets/parameters. Support for environment diff --git a/packages/@aws-cdk/aws-ecs/lib/container-definition.ts b/packages/@aws-cdk/aws-ecs/lib/container-definition.ts index 625041468a0a4..6dd3fd0dbbe40 100644 --- a/packages/@aws-cdk/aws-ecs/lib/container-definition.ts +++ b/packages/@aws-cdk/aws-ecs/lib/container-definition.ts @@ -422,6 +422,8 @@ export class ContainerDefinition extends CoreConstruct { private readonly secrets?: CfnTaskDefinition.SecretProperty[]; + private readonly environment: { [key: string]: string }; + /** * Constructs a new instance of the ContainerDefinition class. */ @@ -457,6 +459,12 @@ export class ContainerDefinition extends CoreConstruct { } } + if (props.environment) { + this.environment = { ...props.environment }; + } else { + this.environment = {}; + } + if (props.environmentFiles) { this.environmentFiles = []; @@ -547,6 +555,13 @@ export class ContainerDefinition extends CoreConstruct { })); } + /** + * This method adds an environment variable to the container. + */ + public addEnvironment(name: string, value: string) { + this.environment[name] = value; + } + /** * This method adds one or more resources to the container. */ @@ -669,7 +684,7 @@ export class ContainerDefinition extends CoreConstruct { volumesFrom: cdk.Lazy.any({ produce: () => this.volumesFrom.map(renderVolumeFrom) }, { omitEmptyArray: true }), workingDirectory: this.props.workingDirectory, logConfiguration: this.logDriverConfig, - environment: this.props.environment && renderKV(this.props.environment, 'name', 'value'), + environment: this.environment && Object.keys(this.environment).length ? renderKV(this.environment, 'name', 'value') : undefined, environmentFiles: this.environmentFiles && renderEnvironmentFiles(this.environmentFiles), secrets: this.secrets, extraHosts: this.props.extraHosts && renderKV(this.props.extraHosts, 'hostname', 'ipAddress'), diff --git a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts index a384294900342..ac7a7a7824450 100644 --- a/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/container-definition.test.ts @@ -690,13 +690,14 @@ describe('container definition', () => { const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef'); // WHEN - taskDefinition.addContainer('cont', { + const container = taskDefinition.addContainer('cont', { image: ecs.ContainerImage.fromRegistry('test'), memoryLimitMiB: 1024, environment: { TEST_ENVIRONMENT_VARIABLE: 'test environment variable value', }, }); + container.addEnvironment('SECOND_ENVIRONEMENT_VARIABLE', 'second test value'); // THEN expect(stack).toHaveResourceLike('AWS::ECS::TaskDefinition', { @@ -705,6 +706,37 @@ describe('container definition', () => { Environment: [{ Name: 'TEST_ENVIRONMENT_VARIABLE', Value: 'test environment variable value', + }, + { + Name: 'SECOND_ENVIRONEMENT_VARIABLE', + Value: 'second test value', + }], + }, + ], + }); + + + }); + + test('can add environment variables to container definition with no environment', () => { + // GIVEN + const stack = new cdk.Stack(); + const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef'); + + // WHEN + const container = taskDefinition.addContainer('cont', { + image: ecs.ContainerImage.fromRegistry('test'), + memoryLimitMiB: 1024, + }); + container.addEnvironment('SECOND_ENVIRONEMENT_VARIABLE', 'second test value'); + + // THEN + expect(stack).toHaveResourceLike('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + { + Environment: [{ + Name: 'SECOND_ENVIRONEMENT_VARIABLE', + Value: 'second test value', }], }, ], diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.expected.json b/packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.expected.json new file mode 100644 index 0000000000000..8a18b3554d752 --- /dev/null +++ b/packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.expected.json @@ -0,0 +1,479 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.0.0/18", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.64.0/18", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2EIP3C605A87": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2NATGateway9182C01D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.128.0/18", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.192.0/18", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "FargateCluster7CCD5F93": { + "Type": "AWS::ECS::Cluster" + }, + "TaskDefTaskRole1EDB4A67": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDef54694570": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Environment": [ + { + "Name": "nameOne", + "Value": "valueOne" + } + ], + "Essential": true, + "Image": "nginx", + "Name": "nginx", + "PortMappings": [ + { + "ContainerPort": 80, + "Protocol": "tcp" + } + ] + } + ], + "Cpu": "512", + "Family": "awsecsintegTaskDef6FDFB69A", + "Memory": "1024", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "websvcsgA808F313": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-integ/websvc-sg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:80", + "FromPort": 80, + "IpProtocol": "tcp", + "ToPort": 80 + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ServiceD69D759B": { + "Type": "AWS::ECS::Service", + "Properties": { + "Cluster": { + "Ref": "FargateCluster7CCD5F93" + }, + "DeploymentConfiguration": { + "MaximumPercent": 200, + "MinimumHealthyPercent": 50 + }, + "EnableECSManagedTags": false, + "LaunchType": "FARGATE", + "NetworkConfiguration": { + "AwsvpcConfiguration": { + "AssignPublicIp": "ENABLED", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "websvcsgA808F313", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + ] + } + }, + "TaskDefinition": { + "Ref": "TaskDef54694570" + } + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.ts b/packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.ts new file mode 100644 index 0000000000000..d42dc6bc98a58 --- /dev/null +++ b/packages/@aws-cdk/aws-ecs/test/fargate/integ.add-environment-variable.ts @@ -0,0 +1,37 @@ +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as cdk from '@aws-cdk/core'; +import * as ecs from '../../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-ecs-integ'); +const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2 }); +const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); + +const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { + memoryLimitMiB: 1024, + cpu: 512, +}); + +// new container with firelens log driver, firelens log router will be created automatically. +const container = taskDefinition.addContainer('nginx', { + image: ecs.ContainerImage.fromRegistry('nginx'), +}); + +container.addPortMappings({ + containerPort: 80, + protocol: ecs.Protocol.TCP, +}); + +// Create a security group that allows tcp @ port 80 +const securityGroup = new ec2.SecurityGroup(stack, 'websvc-sg', { vpc }); +securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(80)); +new ecs.FargateService(stack, 'Service', { + cluster, + taskDefinition, + securityGroup, + assignPublicIp: true, +}); + +container.addEnvironment('nameOne', 'valueOne'); + +app.synth(); From 02749b43d5169b973e543100c5a7b0c2df04ce2b Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 13 Dec 2021 11:05:19 -0500 Subject: [PATCH 2/4] feat(lambda): add cloudwatch lambda insights arm support (#17665) Adding builtin support for the new ARM64 CloudWatch insights Lambda layers which were [announced](https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-cloudwatch-lambda-insights-functions-graviton2/) yesterday. also fixes #17133 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/experimental/edge-function.ts | 2 + packages/@aws-cdk/aws-lambda/README.md | 13 + packages/@aws-cdk/aws-lambda/lib/alias.ts | 5 + .../@aws-cdk/aws-lambda/lib/function-base.ts | 21 ++ packages/@aws-cdk/aws-lambda/lib/function.ts | 13 +- .../aws-lambda/lib/lambda-insights.ts | 77 ++++- .../@aws-cdk/aws-lambda/lib/lambda-version.ts | 11 +- .../aws-lambda/lib/singleton-lambda.ts | 3 + ...nteg.lambda-insights-mapping.expected.json | 257 ++++++++++++++- .../test/integ.lambda-insights-mapping.ts | 23 +- .../aws-lambda/test/lambda-insights.test.ts | 310 +++++++++++++++++- .../region-info/build-tools/fact-tables.ts | 218 ++++++++---- .../build-tools/generate-static-data.ts | 16 +- packages/@aws-cdk/region-info/lib/fact.ts | 7 +- .../@aws-cdk/region-info/lib/region-info.ts | 5 +- .../__snapshots__/region-info.test.js.snap | 108 ++++++ .../region-info/test/region-info.test.ts | 7 + 17 files changed, 987 insertions(+), 109 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts b/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts index 1fe9e745e8079..e095984ed2081 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts @@ -46,6 +46,7 @@ export class EdgeFunction extends Resource implements lambda.IVersion { public readonly permissionsNode: ConstructNode; public readonly role?: iam.IRole; public readonly version: string; + public readonly architecture: lambda.Architecture; private readonly _edgeFunction: lambda.Function; @@ -66,6 +67,7 @@ export class EdgeFunction extends Resource implements lambda.IVersion { this.grantPrincipal = this._edgeFunction.role!; this.permissionsNode = this._edgeFunction.permissionsNode; this.version = lambda.extractQualifierFromArn(this.functionArn); + this.architecture = this._edgeFunction.architecture; this.node.defaultChild = this._edgeFunction; } diff --git a/packages/@aws-cdk/aws-lambda/README.md b/packages/@aws-cdk/aws-lambda/README.md index 13a5b81dd35e0..f6c95dfe0d68f 100644 --- a/packages/@aws-cdk/aws-lambda/README.md +++ b/packages/@aws-cdk/aws-lambda/README.md @@ -411,6 +411,19 @@ new lambda.Function(this, 'MyFunction', { }); ``` +If you are deploying an ARM_64 Lambda Function, you must specify a +Lambda Insights Version >= `1_0_119_0`. + +```ts +new lambda.Function(this, 'MyFunction', { + runtime: lambda.Runtime.NODEJS_12_X, + handler: 'index.handler', + architecture: lambda.Architecture.ARM_64, + code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')), + insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_119_0, +}); +``` + ## Event Rule Target You can use an AWS Lambda function as a target for an Amazon CloudWatch event diff --git a/packages/@aws-cdk/aws-lambda/lib/alias.ts b/packages/@aws-cdk/aws-lambda/lib/alias.ts index e497ad2e29071..36fdbdfcc2eaf 100644 --- a/packages/@aws-cdk/aws-lambda/lib/alias.ts +++ b/packages/@aws-cdk/aws-lambda/lib/alias.ts @@ -3,6 +3,7 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import * as iam from '@aws-cdk/aws-iam'; import { ArnFormat } from '@aws-cdk/core'; import { Construct } from 'constructs'; +import { Architecture } from './architecture'; import { EventInvokeConfigOptions } from './event-invoke-config'; import { IFunction, QualifiedFunctionBase } from './function-base'; import { extractQualifierFromArn, IVersion } from './lambda-version'; @@ -97,6 +98,7 @@ export class Alias extends QualifiedFunctionBase implements IAlias { public readonly functionName = `${attrs.aliasVersion.lambda.functionName}:${attrs.aliasName}`; public readonly grantPrincipal = attrs.aliasVersion.grantPrincipal; public readonly role = attrs.aliasVersion.role; + public readonly architecture = attrs.aliasVersion.lambda.architecture; protected readonly canCreatePermissions = this._isStackAccount(); protected readonly qualifier = attrs.aliasName; @@ -120,6 +122,8 @@ export class Alias extends QualifiedFunctionBase implements IAlias { public readonly lambda: IFunction; + public readonly architecture: Architecture; + public readonly version: IVersion; /** @@ -145,6 +149,7 @@ export class Alias extends QualifiedFunctionBase implements IAlias { this.lambda = props.version.lambda; this.aliasName = this.physicalName; this.version = props.version; + this.architecture = this.lambda.architecture; const alias = new CfnAlias(this, 'Resource', { name: this.aliasName, diff --git a/packages/@aws-cdk/aws-lambda/lib/function-base.ts b/packages/@aws-cdk/aws-lambda/lib/function-base.ts index 9b231b4c802c5..a0953b93d1a85 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function-base.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function-base.ts @@ -3,6 +3,7 @@ import * as ec2 from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; import { ArnFormat, ConstructNode, IResource, Resource, Token } from '@aws-cdk/core'; import { AliasOptions } from './alias'; +import { Architecture } from './architecture'; import { EventInvokeConfig, EventInvokeConfigOptions } from './event-invoke-config'; import { IEventSource } from './event-source'; import { EventSourceMapping, EventSourceMappingOptions } from './event-source-mapping'; @@ -56,6 +57,11 @@ export interface IFunction extends IResource, ec2.IConnectable, iam.IGrantable { */ readonly permissionsNode: ConstructNode; + /** + * The system architectures compatible with this lambda function. + */ + readonly architecture: Architecture; + /** * Adds an event source that maps to this AWS Lambda function. * @param id construct ID @@ -173,6 +179,12 @@ export interface FunctionAttributes { * For environment-agnostic stacks this will default to `false`. */ readonly sameEnvironment?: boolean; + + /** + * The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). + * @default - Architecture.X86_64 + */ + readonly architecture?: Architecture; } export abstract class FunctionBase extends Resource implements IFunction, ec2.IClientVpnConnectionHandler { @@ -203,6 +215,11 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC */ public abstract readonly permissionsNode: ConstructNode; + /** + * The architecture of this Lambda Function. + */ + public abstract readonly architecture: Architecture; + /** * Whether the addPermission() call adds any permissions * @@ -521,6 +538,10 @@ class LatestVersion extends FunctionBase implements IVersion { return `${this.lambda.functionName}:${this.version}`; } + public get architecture() { + return this.lambda.architecture; + } + public get grantPrincipal() { return this.lambda.grantPrincipal; } diff --git a/packages/@aws-cdk/aws-lambda/lib/function.ts b/packages/@aws-cdk/aws-lambda/lib/function.ts index 564e45d5a9460..3b5df3c5c5c41 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function.ts @@ -450,6 +450,7 @@ export class Function extends FunctionBase { public readonly grantPrincipal: iam.IPrincipal; public readonly role = role; public readonly permissionsNode = this.node; + public readonly architecture = attrs.architecture ?? Architecture.X86_64; protected readonly canCreatePermissions = attrs.sameEnvironment ?? this._isStackAccount(); @@ -576,7 +577,7 @@ export class Function extends FunctionBase { /** * The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). */ - public readonly architecture?: Architecture; + public readonly architecture: Architecture; /** * The timeout configured for this lambda. @@ -600,6 +601,8 @@ export class Function extends FunctionBase { private readonly currentVersionOptions?: VersionOptions; private _currentVersion?: Version; + private _architecture?: Architecture; + constructor(scope: Construct, id: string, props: FunctionProps) { super(scope, id, { physicalName: props.functionName, @@ -683,7 +686,7 @@ export class Function extends FunctionBase { if (props.architectures && props.architectures.length > 1) { throw new Error('Only one architecture must be specified.'); } - const architecture = props.architecture ?? (props.architectures && props.architectures[0]); + this._architecture = props.architecture ?? (props.architectures && props.architectures[0]); const resource: CfnFunction = new CfnFunction(this, 'Resource', { functionName: this.physicalName, @@ -717,7 +720,7 @@ export class Function extends FunctionBase { kmsKeyArn: props.environmentEncryption?.keyArn, fileSystemConfigs, codeSigningConfigArn: props.codeSigningConfig?.codeSigningConfigArn, - architectures: architecture ? [architecture.name] : undefined, + architectures: this._architecture ? [this._architecture.name] : undefined, }); resource.node.addDependency(this.role); @@ -733,7 +736,7 @@ export class Function extends FunctionBase { this.runtime = props.runtime; this.timeout = props.timeout; - this.architecture = props.architecture; + this.architecture = props.architecture ?? Architecture.X86_64; if (props.layers) { if (props.runtime === Runtime.FROM_IMAGE) { @@ -935,7 +938,7 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett if (props.runtime !== Runtime.FROM_IMAGE) { // Layers cannot be added to Lambda container images. The image should have the insights agent installed. // See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html - this.addLayers(LayerVersion.fromLayerVersionArn(this, 'LambdaInsightsLayer', props.insightsVersion.layerVersionArn)); + this.addLayers(LayerVersion.fromLayerVersionArn(this, 'LambdaInsightsLayer', props.insightsVersion._bind(this, this).arn)); } this.role?.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('CloudWatchLambdaInsightsExecutionRolePolicy')); } diff --git a/packages/@aws-cdk/aws-lambda/lib/lambda-insights.ts b/packages/@aws-cdk/aws-lambda/lib/lambda-insights.ts index 2d2b88511786e..c4dacfbde0149 100644 --- a/packages/@aws-cdk/aws-lambda/lib/lambda-insights.ts +++ b/packages/@aws-cdk/aws-lambda/lib/lambda-insights.ts @@ -1,9 +1,23 @@ import { Aws, CfnMapping, Fn, IResolveContext, Lazy, Stack, Token } from '@aws-cdk/core'; import { FactName, RegionInfo } from '@aws-cdk/region-info'; +import { Construct } from 'constructs'; +import { Architecture } from './architecture'; +import { IFunction } from './function-base'; + // This is the name of the mapping that will be added to the CloudFormation template, if a stack is region agnostic const DEFAULT_MAPPING_PREFIX = 'LambdaInsightsVersions'; +/** + * Config returned from {@link LambdaInsightsVersion._bind} + */ +interface InsightsBindConfig { + /** + * ARN of the Lambda Insights Layer Version + */ + readonly arn: string; +} + // To add new versions, update fact-tables.ts `CLOUDWATCH_LAMBDA_INSIGHTS_ARNS` and create a new `public static readonly VERSION_A_B_C_D` /** @@ -31,6 +45,11 @@ export abstract class LambdaInsightsVersion { */ public static readonly VERSION_1_0_98_0 = LambdaInsightsVersion.fromInsightsVersion('1.0.98.0'); + /** + * Version 1.0.119.0 + */ + public static readonly VERSION_1_0_119_0 = LambdaInsightsVersion.fromInsightsVersion('1.0.119.0'); + /** * Use the insights extension associated with the provided ARN. Make sure the ARN is associated * with same region as your function @@ -40,6 +59,9 @@ export abstract class LambdaInsightsVersion { public static fromInsightVersionArn(arn: string): LambdaInsightsVersion { class InsightsArn extends LambdaInsightsVersion { public readonly layerVersionArn = arn; + public _bind(_scope: Construct, _function: IFunction): InsightsBindConfig { + return { arn }; + } } return new InsightsArn(); } @@ -47,16 +69,25 @@ export abstract class LambdaInsightsVersion { // Use the verison to build the object. Not meant to be called by the user -- user should use e.g. VERSION_1_0_54_0 private static fromInsightsVersion(insightsVersion: string): LambdaInsightsVersion { - // Check if insights version is valid. This should only happen if one of the public static readonly versions are set incorrectly - const versionExists = RegionInfo.regions.some(regionInfo => regionInfo.cloudwatchLambdaInsightsArn(insightsVersion)); - if (!versionExists) { - throw new Error(`Insights version ${insightsVersion} does not exist.`); - } - class InsightsVersion extends LambdaInsightsVersion { public readonly layerVersionArn = Lazy.uncachedString({ produce: (context) => getVersionArn(context, insightsVersion), }); + + public _bind(_scope: Construct, _function: IFunction): InsightsBindConfig { + const arch = _function.architecture?.name ?? Architecture.X86_64.name; + // Check if insights version is valid. This should only happen if one of the public static readonly versions are set incorrectly + // or if the version is not available for the Lambda Architecture + const versionExists = RegionInfo.regions.some(regionInfo => regionInfo.cloudwatchLambdaInsightsArn(insightsVersion, arch)); + if (!versionExists) { + throw new Error(`Insights version ${insightsVersion} does not exist.`); + } + return { + arn: Lazy.uncachedString({ + produce: (context) => getVersionArn(context, insightsVersion, arch), + }), + }; + } } return new InsightsVersion(); } @@ -65,6 +96,13 @@ export abstract class LambdaInsightsVersion { * The arn of the Lambda Insights extension */ public readonly layerVersionArn: string = ''; + + /** + * Returns the arn of the Lambda Insights extension based on the + * Lambda architecture + * @internal + */ + public abstract _bind(_scope: Construct, _function: IFunction): InsightsBindConfig; } /** @@ -73,14 +111,15 @@ export abstract class LambdaInsightsVersion { * * This function is run on CDK synthesis. */ -function getVersionArn(context: IResolveContext, insightsVersion: string): string { +function getVersionArn(context: IResolveContext, insightsVersion: string, architecture?: string): string { const scopeStack = Stack.of(context.scope); const region = scopeStack.region; + const arch = architecture ?? Architecture.X86_64.name; // Region is defined, look up the arn, or throw an error if the version isn't supported by a region if (region !== undefined && !Token.isUnresolved(region)) { - const arn = RegionInfo.get(region).cloudwatchLambdaInsightsArn(insightsVersion); + const arn = RegionInfo.get(region).cloudwatchLambdaInsightsArn(insightsVersion, arch); if (arn === undefined) { throw new Error(`Insights version ${insightsVersion} is not supported in region ${region}`); } @@ -116,19 +155,33 @@ function getVersionArn(context: IResolveContext, insightsVersion: string): strin * -- {'arn': 'arn3'}, * - us-east-2 * -- {'arn': 'arn4'} + * LambdaInsightsVersions101190arm64 // a separate mapping version 1.0.119.0 arm64 + * - us-east-1 + * -- {'arn': 'arn3'}, + * - us-east-2 + * -- {'arn': 'arn4'} */ - const mapName = DEFAULT_MAPPING_PREFIX + insightsVersion.split('.').join(''); + let mapName = DEFAULT_MAPPING_PREFIX + insightsVersion.split('.').join(''); + // if the architecture is arm64 then append that to the end of the name + // this is so that we can have a separate mapping for x86 vs arm in scenarios + // where we have Lambda functions with both architectures in the same stack + if (arch === Architecture.ARM_64.name) { + mapName += arch; + } const mapping: { [k1: string]: { [k2: string]: any } } = {}; - const region2arns = RegionInfo.regionMap(FactName.cloudwatchLambdaInsightsVersion(insightsVersion)); + const region2arns = RegionInfo.regionMap(FactName.cloudwatchLambdaInsightsVersion(insightsVersion, arch)); for (const [reg, arn] of Object.entries(region2arns)) { mapping[reg] = { arn }; } // Only create a given mapping once. If another version of insights is used elsewhere, that mapping will also exist if (!scopeStack.node.tryFindChild(mapName)) { - new CfnMapping(scopeStack, mapName, { mapping }); + // need to call findInMap here if we are going to set lazy=true, otherwise + // we get the informLazyUse info message + const map = new CfnMapping(scopeStack, mapName, { mapping, lazy: true }); + return map.findInMap(Aws.REGION, 'arn'); } // The ARN will be looked up at deployment time from the mapping we created return Fn.findInMap(mapName, Aws.REGION, 'arn'); -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-lambda/lib/lambda-version.ts b/packages/@aws-cdk/aws-lambda/lib/lambda-version.ts index 94f3e0b326b16..dbbd1496d8d8c 100644 --- a/packages/@aws-cdk/aws-lambda/lib/lambda-version.ts +++ b/packages/@aws-cdk/aws-lambda/lib/lambda-version.ts @@ -2,6 +2,7 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; import { Fn, Lazy, RemovalPolicy } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { Alias, AliasOptions } from './alias'; +import { Architecture } from './architecture'; import { EventInvokeConfigOptions } from './event-invoke-config'; import { Function } from './function'; import { IFunction, QualifiedFunctionBase } from './function-base'; @@ -127,11 +128,12 @@ export class Version extends QualifiedFunctionBase implements IVersion { public readonly functionArn = versionArn; public readonly grantPrincipal = lambda.grantPrincipal; public readonly role = lambda.role; + public readonly architecture = lambda.architecture; protected readonly qualifier = version; protected readonly canCreatePermissions = this._isStackAccount(); - public addAlias(name: string, opts: AliasOptions = { }): Alias { + public addAlias(name: string, opts: AliasOptions = {}): Alias { return addAlias(this, this, name, opts); } @@ -153,11 +155,12 @@ export class Version extends QualifiedFunctionBase implements IVersion { public readonly functionArn = `${attrs.lambda.functionArn}:${attrs.version}`; public readonly grantPrincipal = attrs.lambda.grantPrincipal; public readonly role = attrs.lambda.role; + public readonly architecture = attrs.lambda.architecture; protected readonly qualifier = attrs.version; protected readonly canCreatePermissions = this._isStackAccount(); - public addAlias(name: string, opts: AliasOptions = { }): Alias { + public addAlias(name: string, opts: AliasOptions = {}): Alias { return addAlias(this, this, name, opts); } @@ -175,6 +178,7 @@ export class Version extends QualifiedFunctionBase implements IVersion { public readonly lambda: IFunction; public readonly functionArn: string; public readonly functionName: string; + public readonly architecture: Architecture; protected readonly qualifier: string; protected readonly canCreatePermissions = true; @@ -183,6 +187,7 @@ export class Version extends QualifiedFunctionBase implements IVersion { super(scope, id); this.lambda = props.lambda; + this.architecture = props.lambda.architecture; const version = new CfnVersion(this, 'Resource', { codeSha256: props.codeSha256, @@ -239,7 +244,7 @@ export class Version extends QualifiedFunctionBase implements IVersion { * @param aliasName The name of the alias (e.g. "live") * @param options Alias options */ - public addAlias(aliasName: string, options: AliasOptions = { }): Alias { + public addAlias(aliasName: string, options: AliasOptions = {}): Alias { return addAlias(this, this, aliasName, options); } diff --git a/packages/@aws-cdk/aws-lambda/lib/singleton-lambda.ts b/packages/@aws-cdk/aws-lambda/lib/singleton-lambda.ts index c096730b1e8eb..7ee0cf016e52d 100644 --- a/packages/@aws-cdk/aws-lambda/lib/singleton-lambda.ts +++ b/packages/@aws-cdk/aws-lambda/lib/singleton-lambda.ts @@ -3,6 +3,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as logs from '@aws-cdk/aws-logs'; import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; +import { Architecture } from './architecture'; import { Function as LambdaFunction, FunctionProps, EnvironmentOptions } from './function'; import { FunctionBase } from './function-base'; import { Version } from './lambda-version'; @@ -50,6 +51,7 @@ export class SingletonFunction extends FunctionBase { public readonly functionArn: string; public readonly role?: iam.IRole; public readonly permissionsNode: cdk.ConstructNode; + public readonly architecture: Architecture; /** * The runtime environment for the Lambda function. @@ -64,6 +66,7 @@ export class SingletonFunction extends FunctionBase { this.lambdaFunction = this.ensureLambda(props); this.permissionsNode = this.lambdaFunction.node; + this.architecture = this.lambdaFunction.architecture; this.functionArn = this.lambdaFunction.functionArn; this.functionName = this.lambdaFunction.functionName; diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.expected.json index 7c6fabf1b1fa2..e0975af7723cd 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.expected.json @@ -67,7 +67,7 @@ ] } ], - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFunc1ServiceRoleF96C5B5C" @@ -140,7 +140,7 @@ ] } ], - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFunc2ServiceRole68E50443" @@ -213,7 +213,7 @@ ] } ], - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFunc3ServiceRoleA69795ED" @@ -286,11 +286,160 @@ ] } ], - "Runtime": "nodejs10.x" + "Runtime": "nodejs14.x" }, "DependsOn": [ "MyFunc4ServiceRole93C4DEFF" ] + }, + "MyFunc5ServiceRoleFE4CE92B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" + ] + ] + } + ] + } + }, + "MyFunc586573B53": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = function handler(event, _context, callback) {\n console.log(JSON.stringify(event, undefined, 2));\n return callback();\n}" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunc5ServiceRoleFE4CE92B", + "Arn" + ] + }, + "Handler": "index.handler", + "Layers": [ + { + "Fn::FindInMap": [ + "LambdaInsightsVersions101190", + { + "Ref": "AWS::Region" + }, + "arn" + ] + } + ], + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunc5ServiceRoleFE4CE92B" + ] + }, + "MyFunc6ServiceRoleCDDBC2C6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" + ] + ] + } + ] + } + }, + "MyFunc60D944984": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = function handler(event, _context, callback) {\n console.log(JSON.stringify(event, undefined, 2));\n return callback();\n}" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunc6ServiceRoleCDDBC2C6", + "Arn" + ] + }, + "Architectures": [ + "arm64" + ], + "Handler": "index.handler", + "Layers": [ + { + "Fn::FindInMap": [ + "LambdaInsightsVersions101190arm64", + { + "Ref": "AWS::Region" + }, + "arn" + ] + } + ], + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MyFunc6ServiceRoleCDDBC2C6" + ] } }, "Mappings": { @@ -511,6 +660,106 @@ "us-west-2": { "arn": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:14" } + }, + "LambdaInsightsVersions101190": { + "af-south-1": { + "arn": "arn:aws:lambda:af-south-1:012438385374:layer:LambdaInsightsExtension:9" + }, + "ap-east-1": { + "arn": "arn:aws:lambda:ap-east-1:519774774795:layer:LambdaInsightsExtension:9" + }, + "ap-northeast-1": { + "arn": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:23" + }, + "ap-northeast-2": { + "arn": "arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:16" + }, + "ap-south-1": { + "arn": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "ap-southeast-1": { + "arn": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "ap-southeast-2": { + "arn": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:16" + }, + "ca-central-1": { + "arn": "arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "cn-north-1": { + "arn": "arn:aws-cn:lambda:cn-north-1:488211338238:layer:LambdaInsightsExtension:9" + }, + "cn-northwest-1": { + "arn": "arn:aws-cn:lambda:cn-northwest-1:488211338238:layer:LambdaInsightsExtension:9" + }, + "eu-central-1": { + "arn": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "eu-north-1": { + "arn": "arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "eu-south-1": { + "arn": "arn:aws:lambda:eu-south-1:339249233099:layer:LambdaInsightsExtension:9" + }, + "eu-west-1": { + "arn": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "eu-west-2": { + "arn": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:16" + }, + "eu-west-3": { + "arn": "arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:16" + }, + "me-south-1": { + "arn": "arn:aws:lambda:me-south-1:285320876703:layer:LambdaInsightsExtension:9" + }, + "sa-east-1": { + "arn": "arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "us-east-1": { + "arn": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "us-east-2": { + "arn": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:16" + }, + "us-west-1": { + "arn": "arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:16" + }, + "us-west-2": { + "arn": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:16" + } + }, + "LambdaInsightsVersions101190arm64": { + "ap-northeast-1": { + "arn": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "ap-south-1": { + "arn": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "ap-southeast-1": { + "arn": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "ap-southeast-2": { + "arn": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "eu-central-1": { + "arn": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "eu-west-1": { + "arn": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "eu-west-2": { + "arn": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "us-east-1": { + "arn": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "us-east-2": { + "arn": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension-Arm64:1" + }, + "us-west-2": { + "arn": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.ts b/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.ts index 78cf8d74106ed..8fce7e06fdd97 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.ts +++ b/packages/@aws-cdk/aws-lambda/test/integ.lambda-insights-mapping.ts @@ -6,33 +6,48 @@ const app = new cdk.App(); const stack = new cdk.Stack(app, 'stack'); new lambda.Function(stack, 'MyFunc1', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_54_0, }); new lambda.Function(stack, 'MyFunc2', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_86_0, }); new lambda.Function(stack, 'MyFunc3', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_89_0, }); new lambda.Function(stack, 'MyFunc4', { - runtime: lambda.Runtime.NODEJS_10_X, + runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_98_0, }); +new lambda.Function(stack, 'MyFunc5', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), + insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_119_0, +}); + +new lambda.Function(stack, 'MyFunc6', { + runtime: lambda.Runtime.NODEJS_14_X, + architecture: lambda.Architecture.ARM_64, + handler: 'index.handler', + code: lambda.Code.fromInline(`exports.handler = ${handler.toString()}`), + insightsVersion: lambda.LambdaInsightsVersion.VERSION_1_0_119_0, +}); + app.synth(); /* eslint-disable no-console */ diff --git a/packages/@aws-cdk/aws-lambda/test/lambda-insights.test.ts b/packages/@aws-cdk/aws-lambda/test/lambda-insights.test.ts index 762df158da6f4..29bfee2f02615 100644 --- a/packages/@aws-cdk/aws-lambda/test/lambda-insights.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/lambda-insights.test.ts @@ -7,11 +7,17 @@ import * as lambda from '../lib'; /** * Boilerplate code to create a Function with a given insights version */ -function functionWithInsightsVersion(stack: cdk.Stack, id: string, insightsVersion: lambda.LambdaInsightsVersion): lambda.IFunction { +function functionWithInsightsVersion( + stack: cdk.Stack, + id: string, + insightsVersion: lambda.LambdaInsightsVersion, + architecture?: lambda.Architecture, +): lambda.IFunction { return new lambda.Function(stack, id, { code: new lambda.InlineCode('foo'), handler: 'index.handler', runtime: lambda.Runtime.NODEJS_10_X, + architecture, insightsVersion, }); } @@ -337,7 +343,7 @@ describe('lambda-insights', () => { ], }, 'ManagedPolicyArns': [ - { }, + {}, { 'Fn::Join': [ '', @@ -353,4 +359,304 @@ describe('lambda-insights', () => { ], }); }); + + test('can use with arm architecture', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'Stack', { + env: { account: '123456789012', region: 'us-east-1' }, + }); + functionWithInsightsVersion(stack, 'MyLambda', lambda.LambdaInsightsVersion.VERSION_1_0_119_0, lambda.Architecture.ARM_64); + + expect(stack).toHaveResource('AWS::Lambda::Function', { + Layers: ['arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:1'], + }); + + // On synthesis it should not throw an error + expect(() => app.synth()).not.toThrow(); + }); + + test('throws if arm is not available in this version', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'Stack', { + env: { account: '123456789012', region: 'us-east-1' }, + }); + expect(() => functionWithInsightsVersion(stack, 'MyLambda', lambda.LambdaInsightsVersion.VERSION_1_0_98_0, lambda.Architecture.ARM_64)).toThrow('Insights version 1.0.98.0 does not exist.'); + }); + test('throws if arm is available in this version, but not in this region', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'Stack', { + env: { account: '123456789012', region: 'us-west-1' }, + }); + functionWithInsightsVersion(stack, 'MyLambda', lambda.LambdaInsightsVersion.VERSION_1_0_119_0, lambda.Architecture.ARM_64); + + // On synthesis it should not throw an error + expect(() => app.synth()).toThrow('Insights version 1.0.119.0 is not supported in region us-west-1'); + }); + + test('can create two functions, with different architectures in a region agnostic stack with the same version', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'Stack', {}); + + functionWithInsightsVersion(stack, 'MyLambda1', lambda.LambdaInsightsVersion.VERSION_1_0_119_0); + functionWithInsightsVersion(stack, 'MyLambda2', lambda.LambdaInsightsVersion.VERSION_1_0_119_0, lambda.Architecture.ARM_64); + + /* eslint-disable quote-props */ + expect(stack).toMatchTemplate({ + Resources: { + MyLambda1ServiceRole69A7E1EA: { + 'Type': 'AWS::IAM::Role', + 'Properties': { + 'AssumeRolePolicyDocument': { + 'Statement': [ + { + 'Action': 'sts:AssumeRole', + 'Effect': 'Allow', + 'Principal': { + 'Service': 'lambda.amazonaws.com', + }, + }, + ], + 'Version': '2012-10-17', + }, + 'ManagedPolicyArns': [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { + 'Ref': 'AWS::Partition', + }, + ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole', + ], + ], + }, + { + 'Fn::Join': [ + '', + [ + 'arn:', + { + 'Ref': 'AWS::Partition', + }, + ':iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy', + ], + ], + }, + ], + }, + }, + MyLambda1AAFB4554: { + 'Type': 'AWS::Lambda::Function', + 'Properties': { + 'Code': { + 'ZipFile': 'foo', + }, + 'Role': { + 'Fn::GetAtt': [ + 'MyLambda1ServiceRole69A7E1EA', + 'Arn', + ], + }, + 'Handler': 'index.handler', + 'Layers': [ + { + 'Fn::FindInMap': [ + 'LambdaInsightsVersions101190', + { + 'Ref': 'AWS::Region', + }, + 'arn', + ], + }, + ], + 'Runtime': 'nodejs10.x', + }, + 'DependsOn': [ + 'MyLambda1ServiceRole69A7E1EA', + ], + }, + MyLambda2ServiceRoleD09B370C: { + 'Type': 'AWS::IAM::Role', + 'Properties': { + 'AssumeRolePolicyDocument': { + 'Statement': [ + { + 'Action': 'sts:AssumeRole', + 'Effect': 'Allow', + 'Principal': { + 'Service': 'lambda.amazonaws.com', + }, + }, + ], + 'Version': '2012-10-17', + }, + 'ManagedPolicyArns': [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { + 'Ref': 'AWS::Partition', + }, + ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole', + ], + ], + }, + { + 'Fn::Join': [ + '', + [ + 'arn:', + { + 'Ref': 'AWS::Partition', + }, + ':iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy', + ], + ], + }, + ], + }, + }, + MyLambda2254B54D5: { + 'Type': 'AWS::Lambda::Function', + 'Properties': { + 'Code': { + 'ZipFile': 'foo', + }, + 'Role': { + 'Fn::GetAtt': [ + 'MyLambda2ServiceRoleD09B370C', + 'Arn', + ], + }, + 'Architectures': [ + 'arm64', + ], + 'Handler': 'index.handler', + 'Layers': [ + { + 'Fn::FindInMap': [ + 'LambdaInsightsVersions101190arm64', + { + 'Ref': 'AWS::Region', + }, + 'arn', + ], + }, + ], + 'Runtime': 'nodejs10.x', + }, + 'DependsOn': [ + 'MyLambda2ServiceRoleD09B370C', + ], + }, + }, + Mappings: { + LambdaInsightsVersions101190: { + 'af-south-1': { + 'arn': 'arn:aws:lambda:af-south-1:012438385374:layer:LambdaInsightsExtension:9', + }, + 'ap-east-1': { + 'arn': 'arn:aws:lambda:ap-east-1:519774774795:layer:LambdaInsightsExtension:9', + }, + 'ap-northeast-1': { + 'arn': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:23', + }, + 'ap-northeast-2': { + 'arn': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:16', + }, + 'ap-south-1': { + 'arn': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'ap-southeast-1': { + 'arn': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'ap-southeast-2': { + 'arn': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:16', + }, + 'ca-central-1': { + 'arn': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'cn-north-1': { + 'arn': 'arn:aws-cn:lambda:cn-north-1:488211338238:layer:LambdaInsightsExtension:9', + }, + 'cn-northwest-1': { + 'arn': 'arn:aws-cn:lambda:cn-northwest-1:488211338238:layer:LambdaInsightsExtension:9', + }, + 'eu-central-1': { + 'arn': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'eu-north-1': { + 'arn': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'eu-south-1': { + 'arn': 'arn:aws:lambda:eu-south-1:339249233099:layer:LambdaInsightsExtension:9', + }, + 'eu-west-1': { + 'arn': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'eu-west-2': { + 'arn': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:16', + }, + 'eu-west-3': { + 'arn': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:16', + }, + 'me-south-1': { + 'arn': 'arn:aws:lambda:me-south-1:285320876703:layer:LambdaInsightsExtension:9', + }, + 'sa-east-1': { + 'arn': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'us-east-1': { + 'arn': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'us-east-2': { + 'arn': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:16', + }, + 'us-west-1': { + 'arn': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:16', + }, + 'us-west-2': { + 'arn': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:16', + }, + }, + 'LambdaInsightsVersions101190arm64': { + 'ap-northeast-1': { + 'arn': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'ap-south-1': { + 'arn': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'ap-southeast-1': { + 'arn': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'ap-southeast-2': { + 'arn': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'eu-central-1': { + 'arn': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'eu-west-1': { + 'arn': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'eu-west-2': { + 'arn': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'us-east-1': { + 'arn': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'us-east-2': { + 'arn': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + 'us-west-2': { + 'arn': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + }, + }, + }, MatchStyle.EXACT); + // On synthesis it should not throw an error + expect(() => app.synth()).not.toThrow(); + }); }); diff --git a/packages/@aws-cdk/region-info/build-tools/fact-tables.ts b/packages/@aws-cdk/region-info/build-tools/fact-tables.ts index 6d95f24e5a7e8..6f3b0abd737f1 100644 --- a/packages/@aws-cdk/region-info/build-tools/fact-tables.ts +++ b/packages/@aws-cdk/region-info/build-tools/fact-tables.ts @@ -196,83 +196,161 @@ export const APPMESH_ECR_ACCOUNTS: { [region: string]: string } = { // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versions.html export const CLOUDWATCH_LAMBDA_INSIGHTS_ARNS: { [key: string]: any } = { + '1.0.119.0': { + arm64: { + // US East (N. Virginia) + 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // US East (Ohio) + 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // US West (Oregon) + 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Asia Pacific (Mumbai) + 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Asia Pacific (Singapore) + 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Asia Pacific (Sydney) + 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Asia Pacific (Tokyo) + 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Europe (Frankfurt) + 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Europe (Ireland) + 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension-Arm64:1', + // Europe (London) + 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1', + }, + x86_64: { + // US East (N. Virginia) + 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:16', + // US East (Ohio) + 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:16', + // US West (N. California) + 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:16', + // US West (Oregon) + 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:16', + // Africa (Cape Town) + 'af-south-1': 'arn:aws:lambda:af-south-1:012438385374:layer:LambdaInsightsExtension:9', + // Asia Pacific (Hong Kong) + 'ap-east-1': 'arn:aws:lambda:ap-east-1:519774774795:layer:LambdaInsightsExtension:9', + // Asia Pacific (Mumbai) + 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:16', + // Asia Pacific (Seoul) + 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:16', + // Asia Pacific (Singapore) + 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:16', + // Asia Pacific (Sydney) + 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:16', + // Asia Pacific (Tokyo) + 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:23', + // Canada (Central) + 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:16', + // China (Beijing) + 'cn-north-1': 'arn:aws-cn:lambda:cn-north-1:488211338238:layer:LambdaInsightsExtension:9', + // China (Ningxia) + 'cn-northwest-1': 'arn:aws-cn:lambda:cn-northwest-1:488211338238:layer:LambdaInsightsExtension:9', + // Europe (Frankfurt) + 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:16', + // Europe (Ireland) + 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:16', + // Europe (London) + 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:16', + // Europe (Milan) + 'eu-south-1': 'arn:aws:lambda:eu-south-1:339249233099:layer:LambdaInsightsExtension:9', + // Europe (Paris) + 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:16', + // Europe (Stockholm) + 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:16', + // Middle East (Bahrain) + 'me-south-1': 'arn:aws:lambda:me-south-1:285320876703:layer:LambdaInsightsExtension:9', + // South America (Sao Paulo) + 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:16', + }, + }, '1.0.98.0': { - 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:14', - 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:14', - 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:14', - 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:14', - 'af-south-1': 'arn:aws:lambda:af-south-1:012438385374:layer:LambdaInsightsExtension:8', - 'ap-east-1': 'arn:aws:lambda:ap-east-1:519774774795:layer:LambdaInsightsExtension:8', - 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:14', - 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:14', - 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:14', - 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:14', - 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14', - 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:14', - 'cn-north-1': 'arn:aws-cn:lambda:cn-north-1:488211338238:layer:LambdaInsightsExtension:8', - 'cn-northwest-1': 'arn:aws-cn:lambda:cn-northwest-1:488211338238:layer:LambdaInsightsExtension:8', - 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:14', - 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:14', - 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:14', - 'eu-south-1': 'arn:aws:lambda:eu-south-1:339249233099:layer:LambdaInsightsExtension:8', - 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:14', - 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:14', - 'me-south-1': 'arn:aws:lambda:me-south-1:285320876703:layer:LambdaInsightsExtension:8', - 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:14', + x86_64: { + 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:14', + 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:14', + 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:14', + 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:14', + 'af-south-1': 'arn:aws:lambda:af-south-1:012438385374:layer:LambdaInsightsExtension:8', + 'ap-east-1': 'arn:aws:lambda:ap-east-1:519774774795:layer:LambdaInsightsExtension:8', + 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:14', + 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:14', + 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:14', + 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:14', + 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14', + 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:14', + 'cn-north-1': 'arn:aws-cn:lambda:cn-north-1:488211338238:layer:LambdaInsightsExtension:8', + 'cn-northwest-1': 'arn:aws-cn:lambda:cn-northwest-1:488211338238:layer:LambdaInsightsExtension:8', + 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:14', + 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:14', + 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:14', + 'eu-south-1': 'arn:aws:lambda:eu-south-1:339249233099:layer:LambdaInsightsExtension:8', + 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:14', + 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:14', + 'me-south-1': 'arn:aws:lambda:me-south-1:285320876703:layer:LambdaInsightsExtension:8', + 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:14', + }, }, '1.0.89.0': { - 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:12', - 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:12', - 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:12', - 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:12', - 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:12', - 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:12', - 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:12', - 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:12', - 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:12', - 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:12', - 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:12', - 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:12', - 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:12', - 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:12', - 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:12', - 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:12', + x86_64: { + 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:12', + 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:12', + 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:12', + 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:12', + 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:12', + 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:12', + 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:12', + 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:12', + 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:12', + 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:12', + 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:12', + 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:12', + 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:12', + 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:12', + 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:12', + 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:12', + }, }, '1.0.86.0': { - 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:11', - 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:11', - 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:11', - 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:11', - 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:11', - 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:11', - 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:11', - 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:11', - 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:11', - 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:11', - 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:11', - 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:11', - 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:11', - 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:11', - 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:11', - 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:11', + x86_64: { + 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:11', + 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:11', + 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:11', + 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:11', + 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:11', + 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:11', + 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:11', + 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:11', + 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:11', + 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:11', + 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:11', + 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:11', + 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:11', + 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:11', + 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:11', + 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:11', + }, }, '1.0.54.0': { - 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:2', - 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:2', - 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:2', - 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:2', - 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:2', - 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:2', - 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:2', - 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:2', - 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:2', - 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:2', - 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:2', - 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:2', - 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:2', - 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:2', - 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:2', - 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:2', + x86_64: { + 'us-east-1': 'arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:2', + 'us-east-2': 'arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:2', + 'us-west-1': 'arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:2', + 'us-west-2': 'arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:2', + 'ap-south-1': 'arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:2', + 'ap-northeast-2': 'arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:2', + 'ap-southeast-1': 'arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:2', + 'ap-southeast-2': 'arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:2', + 'ap-northeast-1': 'arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:2', + 'ca-central-1': 'arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:2', + 'eu-central-1': 'arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:2', + 'eu-west-1': 'arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:2', + 'eu-west-2': 'arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:2', + 'eu-west-3': 'arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:2', + 'eu-north-1': 'arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:2', + 'sa-east-1': 'arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:2', + }, }, }; diff --git a/packages/@aws-cdk/region-info/build-tools/generate-static-data.ts b/packages/@aws-cdk/region-info/build-tools/generate-static-data.ts index 006de89d3994d..23cdbc85071bb 100644 --- a/packages/@aws-cdk/region-info/build-tools/generate-static-data.ts +++ b/packages/@aws-cdk/region-info/build-tools/generate-static-data.ts @@ -79,7 +79,10 @@ async function main(): Promise { } for (const version in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS) { - registerFact(region, ['cloudwatchLambdaInsightsVersion', version], CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version][region]); + for (const arch in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version]) { + registerFact(region, ['cloudwatchLambdaInsightsVersion', version, arch], CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version][arch][region]); + + } } } lines.push(' }'); @@ -112,13 +115,16 @@ function checkRegions(map: Record) { * Verifies that the provided map of to region to fact does not contain an entry * for a region that was not registered in `AWS_REGIONS`. */ -function checkRegionsSubMap(map: Record>) { +function checkRegionsSubMap(map: Record>>) { const allRegions = new Set(AWS_REGIONS); for (const key of Object.keys(map)) { - for (const region of Object.keys(map[key])) { - if (!allRegions.has(region)) { - throw new Error(`Un-registered region fact found: ${region}. Add to AWS_REGIONS list!`); + for (const subKey of Object.keys(map[key])) { + for (const region of Object.keys(map[key][subKey])) { + if (!allRegions.has(region)) { + throw new Error(`Un-registered region fact found: ${region}. Add to AWS_REGIONS list!`); + } } + } } } diff --git a/packages/@aws-cdk/region-info/lib/fact.ts b/packages/@aws-cdk/region-info/lib/fact.ts index 8d4e33802be43..498e33d693abf 100644 --- a/packages/@aws-cdk/region-info/lib/fact.ts +++ b/packages/@aws-cdk/region-info/lib/fact.ts @@ -165,8 +165,11 @@ export class FactName { /** * The ARN of CloudWatch Lambda Insights for a version (e.g. 1.0.98.0) */ - public static cloudwatchLambdaInsightsVersion(version: string) { - return `cloudwatch-lambda-insights-version:${version.split('.').join('_')}`; + public static cloudwatchLambdaInsightsVersion(version: string, arch?: string) { + // if we are provided an architecture use that, otherwise + // default to x86_64 for backwards compatibility + const suffix = version.split('.').join('_') + `_${arch ?? 'x86_64'}`; + return `cloudwatch-lambda-insights-version:${suffix}`; } /** diff --git a/packages/@aws-cdk/region-info/lib/region-info.ts b/packages/@aws-cdk/region-info/lib/region-info.ts index 3482acf66b9a1..35dce3d6ca980 100644 --- a/packages/@aws-cdk/region-info/lib/region-info.ts +++ b/packages/@aws-cdk/region-info/lib/region-info.ts @@ -120,9 +120,10 @@ export class RegionInfo { /** * The ARN of the CloudWatch Lambda Insights extension, for the given version. * @param insightsVersion the version (e.g. 1.0.98.0) + * @param architecture the Lambda Function architecture (e.g. 'x86_64' or 'arm64') */ - public cloudwatchLambdaInsightsArn(insightsVersion: string): string | undefined { - return Fact.find(this.name, FactName.cloudwatchLambdaInsightsVersion(insightsVersion)); + public cloudwatchLambdaInsightsArn(insightsVersion: string, architecture?: string): string | undefined { + return Fact.find(this.name, FactName.cloudwatchLambdaInsightsVersion(insightsVersion, architecture)); } /** diff --git a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap index f1797f8083af5..39b8766351e37 100644 --- a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap +++ b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap @@ -5,7 +5,11 @@ Object { "af-south-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:af-south-1:012438385374:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -31,7 +35,11 @@ Object { "ap-east-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-east-1:519774774795:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -57,7 +65,11 @@ Object { "ap-northeast-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:23", "1.0.54.0": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:12", @@ -83,7 +95,11 @@ Object { "ap-northeast-2": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:ap-northeast-2:580247275435:layer:LambdaInsightsExtension:12", @@ -109,7 +125,11 @@ Object { "ap-northeast-3": Object { "cdkMetadataResourceAvailable": false, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": undefined, "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -135,7 +155,11 @@ Object { "ap-south-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:ap-south-1:580247275435:layer:LambdaInsightsExtension:12", @@ -161,7 +185,11 @@ Object { "ap-southeast-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:ap-southeast-1:580247275435:layer:LambdaInsightsExtension:12", @@ -187,7 +215,11 @@ Object { "ap-southeast-2": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:ap-southeast-2:580247275435:layer:LambdaInsightsExtension:12", @@ -213,7 +245,11 @@ Object { "ca-central-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:ca-central-1:580247275435:layer:LambdaInsightsExtension:12", @@ -239,7 +275,11 @@ Object { "cn-north-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com.cn", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws-cn:lambda:cn-north-1:488211338238:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -265,7 +305,11 @@ Object { "cn-northwest-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com.cn", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws-cn:lambda:cn-northwest-1:488211338238:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -291,7 +335,11 @@ Object { "eu-central-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:eu-central-1:580247275435:layer:LambdaInsightsExtension:12", @@ -317,7 +365,11 @@ Object { "eu-north-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension:12", @@ -343,7 +395,11 @@ Object { "eu-south-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-south-1:339249233099:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -369,7 +425,11 @@ Object { "eu-west-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:eu-west-1:580247275435:layer:LambdaInsightsExtension:12", @@ -395,7 +455,11 @@ Object { "eu-west-2": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:12", @@ -421,7 +485,11 @@ Object { "eu-west-3": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:eu-west-3:580247275435:layer:LambdaInsightsExtension:12", @@ -447,7 +515,11 @@ Object { "me-south-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:me-south-1:285320876703:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -473,7 +545,11 @@ Object { "sa-east-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:sa-east-1:580247275435:layer:LambdaInsightsExtension:12", @@ -499,7 +575,11 @@ Object { "us-east-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:12", @@ -525,7 +605,11 @@ Object { "us-east-2": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:us-east-2:580247275435:layer:LambdaInsightsExtension:12", @@ -551,7 +635,11 @@ Object { "us-gov-east-1": Object { "cdkMetadataResourceAvailable": false, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": undefined, "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -577,7 +665,11 @@ Object { "us-gov-west-1": Object { "cdkMetadataResourceAvailable": false, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": undefined, "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -603,7 +695,11 @@ Object { "us-iso-east-1": Object { "cdkMetadataResourceAvailable": false, "domainSuffix": "c2s.ic.gov", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": undefined, "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -629,7 +725,11 @@ Object { "us-isob-east-1": Object { "cdkMetadataResourceAvailable": false, "domainSuffix": "sc2s.sgov.gov", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": undefined, "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, @@ -655,7 +755,11 @@ Object { "us-west-1": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": undefined, + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:us-west-1:580247275435:layer:LambdaInsightsExtension:12", @@ -681,7 +785,11 @@ Object { "us-west-2": Object { "cdkMetadataResourceAvailable": true, "domainSuffix": "amazonaws.com", + "lambdaInsightsArmVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension-Arm64:1", + }, "lambdaInsightsVersions": Object { + "1.0.119.0": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:16", "1.0.54.0": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:2", "1.0.86.0": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:11", "1.0.89.0": "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:12", diff --git a/packages/@aws-cdk/region-info/test/region-info.test.ts b/packages/@aws-cdk/region-info/test/region-info.test.ts index 8c06907052b23..984d5e31cf45d 100644 --- a/packages/@aws-cdk/region-info/test/region-info.test.ts +++ b/packages/@aws-cdk/region-info/test/region-info.test.ts @@ -9,13 +9,19 @@ test('built-in data is correct', () => { const servicePrincipals: { [service: string]: string | undefined } = {}; const lambdaInsightsVersions: { [service: string]: string | undefined } = {}; + const lambdaInsightsArmVersions: { [service: string]: string | undefined } = {}; AWS_SERVICES.forEach(service => servicePrincipals[service] = region.servicePrincipal(service)); for (const version in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS) { lambdaInsightsVersions[version] = region.cloudwatchLambdaInsightsArn(version); + + if ('arm64' in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version]) { + lambdaInsightsArmVersions[version] = region.cloudwatchLambdaInsightsArn(version, 'arm64'); + } }; + snapshot[name] = { cdkMetadataResourceAvailable: region.cdkMetadataResourceAvailable, domainSuffix: region.domainSuffix, @@ -24,6 +30,7 @@ test('built-in data is correct', () => { vpcEndPointServiceNamePrefix: region.vpcEndpointServiceNamePrefix, servicePrincipals, lambdaInsightsVersions, + lambdaInsightsArmVersions, }; } expect(snapshot).toMatchSnapshot(); From da07cb128a07989232520d15919c527d124d8916 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Mon, 13 Dec 2021 17:55:25 +0100 Subject: [PATCH 3/4] chore: stop using mergify commit_message (#17983) `commit_message` is deprecated and replaced by `commit_message_template`. --- .mergify.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.mergify.yml b/.mergify.yml index 49320bf2385ee..3348c3b934909 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -19,7 +19,9 @@ pull_request_rules: queue: name: default method: squash - commit_message: title+body + commit_message_template: |- + {{ title }} (#{{ number }}) + {{ body }} conditions: - base!=release - -title~=(WIP|wip) @@ -40,7 +42,9 @@ pull_request_rules: queue: name: default method: squash - commit_message: title+body + commit_message_template: |- + {{ title }} (#{{ number }}) + {{ body }} conditions: - base!=release - -title~=(WIP|wip) @@ -62,7 +66,9 @@ pull_request_rules: queue: name: default method: merge - commit_message: title+body + commit_message_template: |- + {{ title }} (#{{ number }}) + {{ body }} conditions: - -title~=(WIP|wip) - -label~=(blocked|do-not-merge) @@ -106,7 +112,9 @@ pull_request_rules: queue: name: default method: squash - commit_message: title+body + commit_message_template: |- + {{ title }} (#{{ number }}) + {{ body }} conditions: - -title~=(WIP|wip) - -label~=(blocked|do-not-merge) From 93fafc5c93f0a8a0a05f4c261df3918256f71e5e Mon Sep 17 00:00:00 2001 From: JonBlauvelt <8998273+JonBlauvelt@users.noreply.github.com> Date: Mon, 13 Dec 2021 10:56:28 -0700 Subject: [PATCH 4/4] feat(aws-s3): add support for BucketOwnerEnforced to S3 ObjectOwnershipType (#17961) closes #17926 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-s3/README.md | 14 +++++++++-- packages/@aws-cdk/aws-s3/lib/bucket.ts | 7 ++++++ packages/@aws-cdk/aws-s3/test/bucket.test.ts | 26 ++++++++++++++++++++ 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-s3/README.md b/packages/@aws-cdk/aws-s3/README.md index 57d9369a274a7..6a45b1dec50ea 100644 --- a/packages/@aws-cdk/aws-s3/README.md +++ b/packages/@aws-cdk/aws-s3/README.md @@ -417,7 +417,7 @@ bucket.virtualHostedUrlForObject('objectname', { regional: false }); // Virtual ## Object Ownership -You can use the two following properties to specify the bucket [object Ownership]. +You can use one of following properties to specify the bucket [object Ownership]. [object Ownership]: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html @@ -441,6 +441,16 @@ new s3.Bucket(this, 'MyBucket', { }); ``` +### Bucket owner enforced (recommended) + +ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control. + +```ts +new s3.Bucket(this, 'MyBucket', { + objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED, +}); +``` + ## Bucket deletion When a bucket is removed from a stack (or the stack is deleted), the S3 @@ -466,7 +476,7 @@ by deploying with CDK version `1.126.0` or later **before** switching this value ## Transfer Acceleration -[Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html) can be configured to enable fast, easy, and secure transfers of files over long distances: +[Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html) can be configured to enable fast, easy, and secure transfers of files over long distances: ```ts const bucket = new s3.Bucket(this, 'MyBucket', { diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index 673a1b4f5b561..404bcfbc6dfbe 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -1206,6 +1206,13 @@ export interface Inventory { * */ export enum ObjectOwnership { + /** + * ACLs are disabled, and the bucket owner automatically owns + * and has full control over every object in the bucket. + * ACLs no longer affect permissions to data in the S3 bucket. + * The bucket uses policies to define access control. + */ + BUCKET_OWNER_ENFORCED = 'BucketOwnerEnforced', /** * Objects uploaded to the bucket change ownership to the bucket owner . */ diff --git a/packages/@aws-cdk/aws-s3/test/bucket.test.ts b/packages/@aws-cdk/aws-s3/test/bucket.test.ts index 04f15cf302bda..ba61c03bf9eae 100644 --- a/packages/@aws-cdk/aws-s3/test/bucket.test.ts +++ b/packages/@aws-cdk/aws-s3/test/bucket.test.ts @@ -2303,6 +2303,32 @@ describe('bucket', () => { }); + test('Bucket with objectOwnership set to BUCKET_OWNER_ENFORCED', () => { + const stack = new cdk.Stack(); + new s3.Bucket(stack, 'MyBucket', { + objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED, + }); + expect(stack).toMatchTemplate({ + 'Resources': { + 'MyBucketF68F3FF0': { + 'Type': 'AWS::S3::Bucket', + 'Properties': { + 'OwnershipControls': { + 'Rules': [ + { + 'ObjectOwnership': 'BucketOwnerEnforced', + }, + ], + }, + }, + 'UpdateReplacePolicy': 'Retain', + 'DeletionPolicy': 'Retain', + }, + }, + }); + + }); + test('Bucket with objectOwnership set to BUCKET_OWNER_PREFERRED', () => { const stack = new cdk.Stack(); new s3.Bucket(stack, 'MyBucket', {