Merge branch 'master' into dzhuneyt/issue-16169

CHANGELOG.md

@@ -2,6 +2,34 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.143.0](https://github.com/aws/aws-cdk/compare/v1.142.0...v1.143.0) (2022-02-02)
+
+
+### Features
+
+* **amplify:** support performance mode in Branch ([#18598](https://github.com/aws/aws-cdk/issues/18598)) ([bdeb8eb](https://github.com/aws/aws-cdk/commit/bdeb8eb604f5012ce3180d2f6d887fed1834e4f4)), closes [#18557](https://github.com/aws/aws-cdk/issues/18557)
+* **cfnspec:** cloudformation spec v54.0.0 ([#18764](https://github.com/aws/aws-cdk/issues/18764)) ([71601c1](https://github.com/aws/aws-cdk/commit/71601c115a6460b4532a34c83100ae70a476fad2))
+* **cloudwatch-actions:** add ssm opsitem action for cloudwatch alarm  ([#16923](https://github.com/aws/aws-cdk/issues/16923)) ([9380885](https://github.com/aws/aws-cdk/commit/93808851415bff269418f28d9de3c61727e143d3)), closes [#16861](https://github.com/aws/aws-cdk/issues/16861)
+* **dynamodb:** allow setting TableClass for a Table ([#18719](https://github.com/aws/aws-cdk/issues/18719)) ([73a889e](https://github.com/aws/aws-cdk/commit/73a889eba85d0aa542ac96a1124f3ae4f1d351bc)), closes [#18718](https://github.com/aws/aws-cdk/issues/18718)
+* **ec2:** support KMS keys for block device mappings for both instances and launch templates ([#18326](https://github.com/aws/aws-cdk/issues/18326)) ([17dbe5f](https://github.com/aws/aws-cdk/commit/17dbe5f476ac1ccc0c0e6a0905b0de5ae6186704)), closes [#18309](https://github.com/aws/aws-cdk/issues/18309)
+* **ecr:** add server-side encryption configuration  ([#16966](https://github.com/aws/aws-cdk/issues/16966)) ([c46acd5](https://github.com/aws/aws-cdk/commit/c46acd5f13442c43d0c2ed339e3091dd46002741)), closes [#15400](https://github.com/aws/aws-cdk/issues/15400) [#15571](https://github.com/aws/aws-cdk/issues/15571)
+* **ecs:** expose image name in container definition ([#17793](https://github.com/aws/aws-cdk/issues/17793)) ([1947d7c](https://github.com/aws/aws-cdk/commit/1947d7cc809fda0765bee3dbb2286190ec2847f7))
+* **fsx:** add support for FSx Lustre Persistent_2 deployment type ([#18626](https://github.com/aws/aws-cdk/issues/18626)) ([6036d99](https://github.com/aws/aws-cdk/commit/6036d9927bb3607e31a57361bf304976ff1891f7))
+* **iot:** add Action to republish MQTT messages to another MQTT topic ([#18661](https://github.com/aws/aws-cdk/issues/18661)) ([7ac1215](https://github.com/aws/aws-cdk/commit/7ac121546776cae972bbfb89c2a11949762e7c47))
+
+
+### Bug Fixes
+
+* **core:** correctly reference versionless secure parameters ([#18730](https://github.com/aws/aws-cdk/issues/18730)) ([9f6e10e](https://github.com/aws/aws-cdk/commit/9f6e10ed0a751c06fe0cc1d79f38d5fb4b686087)), closes [#18729](https://github.com/aws/aws-cdk/issues/18729)
+* **ec2:** `UserData.addSignalOnExitCommand` does not work in combination with `userDataCausesReplacement` ([#18726](https://github.com/aws/aws-cdk/issues/18726)) ([afdc550](https://github.com/aws/aws-cdk/commit/afdc550ee372dd25d9d2eef81a545da1e923f796)), closes [#12749](https://github.com/aws/aws-cdk/issues/12749)
+* **vpc:** Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist ([#18714](https://github.com/aws/aws-cdk/issues/18714)) ([13e1c7f](https://github.com/aws/aws-cdk/commit/13e1c7f10b81fc350953fe69fcccb61ff5aa9c1e)), closes [#13962](https://github.com/aws/aws-cdk/issues/13962)
+
+
+### Reverts
+
+* "chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket ([#18264](https://github.com/aws/aws-cdk/issues/18264))" ([#18772](https://github.com/aws/aws-cdk/issues/18772)) ([121e4a1](https://github.com/aws/aws-cdk/commit/121e4a1dec13d31644f6176d0a1d703952dc1ba3)), closes [#18271](https://github.com/aws/aws-cdk/issues/18271) [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html/issues/AWS-logs-infrastructure-S3) [#18676](https://github.com/aws/aws-cdk/issues/18676)
+* "chore(ec2): enforceSSL on flowLog s3 bucket ([#18271](https://github.com/aws/aws-cdk/issues/18271))" ([#18770](https://github.com/aws/aws-cdk/issues/18770)) ([a2eb092](https://github.com/aws/aws-cdk/commit/a2eb092b2b468bffa2acde9b98ca34cefa3e48f1)), closes [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html/issues/AWS-logs-infrastructure-S3) [#18676](https://github.com/aws/aws-cdk/issues/18676)
+
 ## [1.142.0](https://github.com/aws/aws-cdk/compare/v1.141.0...v1.142.0) (2022-01-28)
 
 

packages/@aws-cdk/aws-amplify/README.md

@@ -97,7 +97,9 @@ Add branches:
 declare const amplifyApp: amplify.App;
 
 const master = amplifyApp.addBranch('master'); // `id` will be used as repo branch name
-const dev = amplifyApp.addBranch('dev');
+const dev = amplifyApp.addBranch('dev', {
+  performanceMode: true, // optional, enables performance mode
+});
 dev.addEnvironment('STAGE', 'dev');
 ```
 

packages/@aws-cdk/aws-amplify/lib/branch.ts

@@ -114,6 +114,17 @@ export interface BranchOptions {
    * @default - no asset
    */
   readonly asset?: Asset
+
+  /**
+   * Enables performance mode for the branch.
+   *
+   * Performance mode optimizes for faster hosting performance by keeping content cached at the edge
+   * for a longer interval. When performance mode is enabled, hosting configuration or code changes
+   * can take up to 10 minutes to roll out.
+   *
+   * @default false
+   */
+  readonly performanceMode?: boolean;
 }
 
 /**
@@ -168,6 +179,7 @@ export class Branch extends Resource implements IBranch {
       environmentVariables: Lazy.any({ produce: () => renderEnvironmentVariables(this.environmentVariables) }, { omitEmptyArray: true }),
       pullRequestEnvironmentName: props.pullRequestEnvironmentName,
       stage: props.stage,
+      enablePerformanceMode: props.performanceMode,
     });
 
     this.arn = branch.attrArn;

packages/@aws-cdk/aws-amplify/test/branch.test.ts

@@ -162,3 +162,15 @@ test('with asset deployment', () => {
     },
   });
 });
+
+test('with performance mode', () => {
+  // WHEN
+  app.addBranch('dev', {
+    performanceMode: true,
+  });
+
+  // THEN
+  Template.fromStack(stack).hasResourceProperties('AWS::Amplify::Branch', {
+    EnablePerformanceMode: true,
+  });
+});

packages/@aws-cdk/aws-cloudfront/lib/distribution.ts

@@ -430,10 +430,7 @@ export class Distribution extends Resource implements IDistribution {
       throw new Error('Explicitly disabled logging but provided a logging bucket.');
     }
 
-    const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket', {
-      encryption: s3.BucketEncryption.S3_MANAGED,
-      enforceSSL: true,
-    });
+    const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket');
     return {
       bucket: bucket.bucketRegionalDomainName,
       includeCookies: props.logIncludesCookies,

packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts

@@ -954,10 +954,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
     }
 
     if (props.loggingConfig) {
-      this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket', {
-        encryption: s3.BucketEncryption.S3_MANAGED,
-        enforceSSL: true,
-      });
+      this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket');
       distributionConfig = {
         ...distributionConfig,
         logging: {

packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json

@@ -75,67 +75,9 @@
     },
     "AnAmazingWebsiteProbably2LoggingBucket222F7CE9": {
       "Type": "AWS::S3::Bucket",
-      "Properties": {
-        "BucketEncryption": {
-          "ServerSideEncryptionConfiguration": [
-            {
-              "ServerSideEncryptionByDefault": {
-                "SSEAlgorithm": "AES256"
-              }
-            }
-          ]
-        }
-      },
       "UpdateReplacePolicy": "Retain",
       "DeletionPolicy": "Retain"
     },
-    "AnAmazingWebsiteProbably2LoggingBucketPolicyE298B456": {
-      "Type": "AWS::S3::BucketPolicy",
-      "Properties": {
-        "Bucket": {
-          "Ref": "AnAmazingWebsiteProbably2LoggingBucket222F7CE9"
-        },
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "s3:*",
-              "Condition": {
-                "Bool": {
-                  "aws:SecureTransport": "false"
-                }
-              },
-              "Effect": "Deny",
-              "Principal": {
-                "AWS": "*"
-              },
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
-                          "Arn"
-                        ]
-                      },
-                      "/*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        }
-      }
-    },
     "AnAmazingWebsiteProbably2CFDistribution7C1CCD12": {
       "Type": "AWS::CloudFront::Distribution",
       "Properties": {

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-extensive.expected.json

@@ -2,67 +2,9 @@
   "Resources": {
     "MyDistLoggingBucket9B8976BC": {
       "Type": "AWS::S3::Bucket",
-      "Properties": {
-        "BucketEncryption": {
-          "ServerSideEncryptionConfiguration": [
-            {
-              "ServerSideEncryptionByDefault": {
-                "SSEAlgorithm": "AES256"
-              }
-            }
-          ]
-        }
-      },
       "UpdateReplacePolicy": "Retain",
       "DeletionPolicy": "Retain"
     },
-    "MyDistLoggingBucketPolicy847D8D11": {
-      "Type": "AWS::S3::BucketPolicy",
-      "Properties": {
-        "Bucket": {
-          "Ref": "MyDistLoggingBucket9B8976BC"
-        },
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "s3:*",
-              "Condition": {
-                "Bool": {
-                  "aws:SecureTransport": "false"
-                }
-              },
-              "Effect": "Deny",
-              "Principal": {
-                "AWS": "*"
-              },
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "MyDistLoggingBucket9B8976BC",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "MyDistLoggingBucket9B8976BC",
-                          "Arn"
-                        ]
-                      },
-                      "/*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        }
-      }
-    },
     "MyDistDB88FD9A": {
       "Type": "AWS::CloudFront::Distribution",
       "Properties": {

packages/@aws-cdk/aws-cloudwatch-actions/README.md

@@ -11,7 +11,7 @@
 
 This library contains a set of classes which can be used as CloudWatch Alarm actions.
 
-The currently implemented actions are: EC2 Actions, SNS Actions, Autoscaling Actions and Aplication Autoscaling Actions
+The currently implemented actions are: EC2 Actions, SNS Actions, SSM OpsCenter Actions, Autoscaling Actions and Application Autoscaling Actions
 
 
 ## EC2 Action Example
@@ -25,4 +25,17 @@ alarm.addAlarmAction(
 );
 ```
 
+## SSM OpsCenter Action Example
+
+```ts
+declare const alarm: cloudwatch.Alarm;
+// Create an OpsItem with specific severity and category when alarm triggers
+alarm.addAlarmAction(
+  new actions.SsmAction(
+    actions.OpsItemSeverity.CRITICAL,
+    actions.OpsItemCategory.PERFORMANCE // category is optional
+  )
+);
+```
+
 See `@aws-cdk/aws-cloudwatch` for more information.

packages/@aws-cdk/aws-cloudwatch-actions/lib/index.ts

@@ -2,3 +2,4 @@ export * from './appscaling';
 export * from './autoscaling';
 export * from './sns';
 export * from './ec2';
+export * from './ssm';

packages/@aws-cdk/aws-cloudwatch-actions/lib/ssm.ts

@@ -0,0 +1,79 @@
+import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
+import { Stack } from '@aws-cdk/core';
+
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
+/**
+ * Types of OpsItem severity available
+ */
+export enum OpsItemSeverity {
+  /**
+   * Set the severity to critical
+   */
+  CRITICAL = '1',
+  /**
+   * Set the severity to high
+   */
+  HIGH = '2',
+  /**
+   * Set the severity to medium
+   */
+  MEDIUM = '3',
+  /**
+   * Set the severity to low
+   */
+  LOW = '4'
+}
+
+/**
+ * Types of OpsItem category available
+ */
+export enum OpsItemCategory {
+  /**
+   * Set the category to availability
+   */
+  AVAILABILITY = 'Availability',
+  /**
+   * Set the category to cost
+   */
+  COST = 'Cost',
+  /**
+   * Set the category to performance
+   */
+  PERFORMANCE = 'Performance',
+  /**
+   * Set the category to recovery
+   */
+  RECOVERY = 'Recovery',
+  /**
+   * Set the category to security
+   */
+  SECURITY = 'Security'
+}
+
+/**
+ * Use an SSM OpsItem action as an Alarm action
+ */
+export class SsmAction implements cloudwatch.IAlarmAction {
+  private severity: OpsItemSeverity;
+  private category?: OpsItemCategory;
+
+  constructor(severity: OpsItemSeverity, category?: OpsItemCategory) {
+    this.severity = severity;
+    this.category = category;
+  }
+
+  /**
+   * Returns an alarm action configuration to use an SSM OpsItem action as an alarm action
+   */
+  bind(_scope: Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
+    if (this.category === undefined) {
+      return { alarmActionArn: `arn:aws:ssm:${Stack.of(_scope).region}:${Stack.of(_scope).account}:opsitem:${this.severity}` };
+    } else {
+      return { alarmActionArn: `arn:aws:ssm:${Stack.of(_scope).region}:${Stack.of(_scope).account}:opsitem:${this.severity}#CATEGORY=${this.category}` };
+    }
+  }
+}
+