Merge branch 'c9-repo-support' of github.com:pahud/aws-cdk into c9-repo-support

Author: pahud

CHANGELOG.md

@@ -2,6 +2,50 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.42.0](https://github.com/aws/aws-cdk/compare/v1.41.0...v1.42.0) (2020-05-27)
+
+
+### ⚠ BREAKING CHANGES
+
+* **cloudtrail:** API signatures of `addS3EventSelectors` and
+`addLambdaEventSelectors` have changed. Their parameters are now
+strongly typed to accept `IBucket` and `IFunction` respectively.
+* **cloudtrail:** `addS3EventSelectors` and `addLambdaEventSelectors`
+can no longer be used to configure all S3 data events or all Lambda data
+events. Two new APIs `logAllS3DataEvents()` and
+`logAllLambdaDataEvents()` have been introduced to achieve this.
+* **cloudtrail:** The property `snsTopic` is now of the type `ITopic`.
+
+### Features
+
+* **cfnspec:** cloudformation spec v14.4.0 ([#8195](https://github.com/aws/aws-cdk/issues/8195)) ([99e7330](https://github.com/aws/aws-cdk/commit/99e7330fc5fc140964c47d8c6dbaee2b46b382e1))
+* **cloudtrail:** create cloudwatch event without needing to create a Trail ([#8076](https://github.com/aws/aws-cdk/issues/8076)) ([0567a23](https://github.com/aws/aws-cdk/commit/0567a2360ac713e3171c9a82767611174dadb6c6)), closes [#6716](https://github.com/aws/aws-cdk/issues/6716)
+* **cloudtrail:** user specified log group ([#8079](https://github.com/aws/aws-cdk/issues/8079)) ([0a3785b](https://github.com/aws/aws-cdk/commit/0a3785b7626633fcbdf26ab793c70f2bc017314b)), closes [#6162](https://github.com/aws/aws-cdk/issues/6162)
+* **codeguruprofiler:** ProfilingGroup ([#7895](https://github.com/aws/aws-cdk/issues/7895)) ([995088a](https://github.com/aws/aws-cdk/commit/995088abb00d9c75adbb65845998a8328bb5ba14))
+* **codepipeline:** use a special bootstrapless synthesizer for cross-region support Stacks ([#8091](https://github.com/aws/aws-cdk/issues/8091)) ([575f1db](https://github.com/aws/aws-cdk/commit/575f1db0474327c61c4ac626608c9f443ce231d2)), closes [#8082](https://github.com/aws/aws-cdk/issues/8082)
+* **cognito:** user pool - case sensitivity for sign in ([460394f](https://github.com/aws/aws-cdk/commit/460394f3dc4737cee80504d6c8ef106ecc3b67d5)), closes [#7988](https://github.com/aws/aws-cdk/issues/7988) [#7235](https://github.com/aws/aws-cdk/issues/7235)
+* **core:** CfnJson enables intrinsics in hash keys ([#8099](https://github.com/aws/aws-cdk/issues/8099)) ([195cd40](https://github.com/aws/aws-cdk/commit/195cd405d9f0869875de2ec78661aee3af2c7c7d)), closes [#8084](https://github.com/aws/aws-cdk/issues/8084)
+* **eks:** improve security using IRSA conditions ([#8084](https://github.com/aws/aws-cdk/issues/8084)) ([35a01a0](https://github.com/aws/aws-cdk/commit/35a01a079af40da291007da08af6690c9a81c101))
+* **elbv2:** Supports new types of listener rule conditions ([#7848](https://github.com/aws/aws-cdk/issues/7848)) ([3d30ffa](https://github.com/aws/aws-cdk/commit/3d30ffa38c51ae26686287e993af445ea3067766)), closes [#3888](https://github.com/aws/aws-cdk/issues/3888)
+* **secretsmanager:** adds grantWrite to Secret ([#7858](https://github.com/aws/aws-cdk/issues/7858)) ([3fed84b](https://github.com/aws/aws-cdk/commit/3fed84ba9eec3f53c662966e366aa629209b7bf5))
+* **sns:** add support for subscription DLQ in SNS ([383cdb8](https://github.com/aws/aws-cdk/commit/383cdb86effeafdf5d0767ed379b16b3d78a933b))
+* **stepfunctions:** new service integration classes for Lambda, SNS, and SQS ([#7946](https://github.com/aws/aws-cdk/issues/7946)) ([c038848](https://github.com/aws/aws-cdk/commit/c0388483524832ca7863de4ee9c472b8ab39de8e)), closes [#6715](https://github.com/aws/aws-cdk/issues/6715) [#6489](https://github.com/aws/aws-cdk/issues/6489)
+* **stepfunctions:** support paths in Pass state ([#8070](https://github.com/aws/aws-cdk/issues/8070)) ([86eac6a](https://github.com/aws/aws-cdk/commit/86eac6af074bf78a921c52d613eca0dd4a514a49)), closes [#7181](https://github.com/aws/aws-cdk/issues/7181)
+* **stepfunctions-tasks:** task for starting a job run in AWS Glue ([#8143](https://github.com/aws/aws-cdk/issues/8143)) ([a721e67](https://github.com/aws/aws-cdk/commit/a721e670cdc9888cd67ef1a24021004e18bfd23c))
+
+
+### Bug Fixes
+
+* **apigateway:** contextAccountId in AccessLogField incorrectly resolves to requestId ([7b89e80](https://github.com/aws/aws-cdk/commit/7b89e805c716fa73d41cc97fcb728634e7a59136)), closes [#7952](https://github.com/aws/aws-cdk/issues/7952) [#7951](https://github.com/aws/aws-cdk/issues/7951)
+* **autoscaling:** add noDevice as a volume type ([#7253](https://github.com/aws/aws-cdk/issues/7253)) ([751958b](https://github.com/aws/aws-cdk/commit/751958b69225fdfc52622781c618f5a77f881fb6)), closes [#7242](https://github.com/aws/aws-cdk/issues/7242)
+* **aws-eks:** kubectlEnabled: false conflicts with addNodegroup ([#8119](https://github.com/aws/aws-cdk/issues/8119)) ([8610889](https://github.com/aws/aws-cdk/commit/86108890a51443dc06ec6325038c7b19cbdaee76)), closes [#7993](https://github.com/aws/aws-cdk/issues/7993)
+* **cli:** paper cuts ([#8164](https://github.com/aws/aws-cdk/issues/8164)) ([af2ea60](https://github.com/aws/aws-cdk/commit/af2ea60e7ae4aaab17ddd10a9142e1809b4c8246))
+* **dynamodb:** the maximum number of nonKeyAttributes is 100, not 20 ([#8186](https://github.com/aws/aws-cdk/issues/8186)) ([0393528](https://github.com/aws/aws-cdk/commit/03935280f1addef392c9b4460737cce8bb2eb8c9)), closes [#8095](https://github.com/aws/aws-cdk/issues/8095)
+* **eks:** unable to add multiple service accounts ([#8122](https://github.com/aws/aws-cdk/issues/8122)) ([524440c](https://github.com/aws/aws-cdk/commit/524440c5454d15276c92581a08d4ee7cad1790eb))
+* **events:** cannot use the same target account for 2 cross-account event sources ([#8068](https://github.com/aws/aws-cdk/issues/8068)) ([395c07c](https://github.com/aws/aws-cdk/commit/395c07c0cac7739743fc71d71fddd8880b608ead)), closes [#8010](https://github.com/aws/aws-cdk/issues/8010)
+* **lambda-nodejs:** build fails on Windows ([#8140](https://github.com/aws/aws-cdk/issues/8140)) ([04490b1](https://github.com/aws/aws-cdk/commit/04490b134a05ec34523541a3ca282ba8957a7964)), closes [#8107](https://github.com/aws/aws-cdk/issues/8107)
+* **cloudtrail:** better typed event selector apis ([#8097](https://github.com/aws/aws-cdk/issues/8097)) ([0028778](https://github.com/aws/aws-cdk/commit/0028778c0f00f2faa8dad25345cd17f311fad5da))
+
 ## [1.41.0](https://github.com/aws/aws-cdk/compare/v1.40.0...v1.41.0) (2020-05-21)
 
 

CONTRIBUTING.md

@@ -77,7 +77,8 @@ you need to have the following SDKs and tools locally:
   - We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
   - ⚠️ versions `13.0.0` to `13.6.0` are not supported due to compatibility issues with our dependencies.
 - [Yarn >= 1.19.1](https://yarnpkg.com/lang/en/docs/install)
-- [Java OpenJDK 8](http://openjdk.java.net/install/)
+- [Java OpenJDK 8](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+- [Apache Maven](http://maven.apache.org/install.html)
 - [.NET Core SDK 3.1](https://www.microsoft.com/net/download)
 - [Python 3.6.5](https://www.python.org/downloads/release/python-365/)
 - [Ruby 2.5.1](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)
@@ -91,6 +92,13 @@ $ yarn install
 $ yarn build
 ```
 
+If you get compiler errors when building, a common cause is globally installed tools like tslint and typescript. Try uninstalling them.
+
+```
+npm uninstall -g tslint
+npm uninstall -g typescript
+```
+
 Alternatively, the [Full Docker build](#full-docker-build) workflow can be used so
 that you don't have to worry about installing all those tools on your local machine
 and instead only depend on having a working Docker install.
@@ -197,7 +205,7 @@ Examples:
 
 ### Step 4: Commit
 
-Create a commit with the proposed change changes:
+Create a commit with the proposed changes:
 
 * Commit title and message (and PR title and description) must adhere to [conventionalcommits](https://www.conventionalcommits.org).
   * The title must begin with `feat(module): title`, `fix(module): title`, `refactor(module): title` or

lerna.json

@@ -10,5 +10,5 @@
     "tools/*"
   ],
   "rejectCycles": "true",
-  "version": "1.41.0"
+  "version": "1.42.0"
 }

package.json

@@ -48,25 +48,34 @@
     "nohoist": [
       "**/jszip",
       "**/jszip/**",
-      "@aws-cdk/cdk-assets-schema/semver",
-      "@aws-cdk/cdk-assets-schema/semver/**",
-      "@aws-cdk/core/minimatch",
-      "@aws-cdk/core/minimatch/**",
-      "@aws-cdk/cloudformation-include/yaml",
-      "@aws-cdk/cloudformation-include/yaml/**",
       "@aws-cdk/aws-codepipeline-actions/case",
       "@aws-cdk/aws-codepipeline-actions/case/**",
       "@aws-cdk/aws-ecr-assets/minimatch",
       "@aws-cdk/aws-ecr-assets/minimatch/**",
       "@aws-cdk/aws-lambda-nodejs/parcel-bundler",
       "@aws-cdk/aws-lambda-nodejs/parcel-bundler/**",
+      "@aws-cdk/cdk-assets-schema/semver",
+      "@aws-cdk/cdk-assets-schema/semver/**",
       "@aws-cdk/cloud-assembly-schema/jsonschema",
       "@aws-cdk/cloud-assembly-schema/jsonschema/**",
       "@aws-cdk/cloud-assembly-schema/semver",
       "@aws-cdk/cloud-assembly-schema/semver/**",
+      "@aws-cdk/cloudformation-include/yaml",
+      "@aws-cdk/cloudformation-include/yaml/**",
+      "@aws-cdk/core/minimatch",
+      "@aws-cdk/core/minimatch/**",
       "@aws-cdk/cx-api/semver",
       "@aws-cdk/cx-api/semver/**",
-      "@aws-cdk/cx-api/semver/**"
+      "monocdk-experiment/case",
+      "monocdk-experiment/case/**",
+      "monocdk-experiment/jsonschema",
+      "monocdk-experiment/jsonschema/**",
+      "monocdk-experiment/minimatch",
+      "monocdk-experiment/minimatch/**",
+      "monocdk-experiment/semver",
+      "monocdk-experiment/semver/**",
+      "monocdk-experiment/yaml",
+      "monocdk-experiment/yaml/**"
     ]
   }
 }

packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts

@@ -32,13 +32,27 @@ export interface PipelineDeployStackActionProps {
    */
   readonly createChangeSetRunOrder?: number;
 
+  /**
+   * The name of the CodePipeline action creating the ChangeSet.
+   *
+   * @default 'ChangeSet'
+   */
+  readonly createChangeSetActionName?: string;
+
   /**
    * The runOrder for the CodePipeline action executing the ChangeSet.
    *
    * @default ``createChangeSetRunOrder + 1``
    */
   readonly executeChangeSetRunOrder?: number;
 
+  /**
+   * The name of the CodePipeline action creating the ChangeSet.
+   *
+   * @default 'Execute'
+   */
+  readonly executeChangeSetActionName?: string;
+
   /**
    * IAM role to assume when deploying changes.
    *
@@ -116,7 +130,7 @@ export class PipelineDeployStackAction implements codepipeline.IAction {
     const changeSetName = props.changeSetName || 'CDK-CodePipeline-ChangeSet';
     const capabilities = cfnCapabilities(props.adminPermissions, props.capabilities);
     this.prepareChangeSetAction = new cpactions.CloudFormationCreateReplaceChangeSetAction({
-      actionName: 'ChangeSet',
+      actionName: props.createChangeSetActionName ?? 'ChangeSet',
       changeSetName,
       runOrder: createChangeSetRunOrder,
       stackName: props.stack.stackName,
@@ -126,7 +140,7 @@ export class PipelineDeployStackAction implements codepipeline.IAction {
       capabilities,
     });
     this.executeChangeSetAction = new cpactions.CloudFormationExecuteChangeSetAction({
-      actionName: 'Execute',
+      actionName: props.executeChangeSetActionName ?? 'Execute',
       changeSetName,
       runOrder: executeChangeSetRunOrder,
       stackName: this.stack.stackName,

packages/@aws-cdk/app-delivery/test/test.pipeline-deploy-stack-action.ts

@@ -1,4 +1,4 @@
-import { expect, haveResource, isSuperObject } from '@aws-cdk/assert';
+import { expect, haveResource, haveResourceLike, isSuperObject } from '@aws-cdk/assert';
 import * as cfn from '@aws-cdk/aws-cloudformation';
 import * as codebuild from '@aws-cdk/aws-codebuild';
 import * as codepipeline from '@aws-cdk/aws-codepipeline';
@@ -406,6 +406,43 @@ export = nodeunit.testCase({
     );
     test.done();
   },
+
+  'allows overriding the ChangeSet and Execute action names'(test: nodeunit.Test) {
+    const stack = getTestStack();
+    const selfUpdatingPipeline = createSelfUpdatingStack(stack);
+    selfUpdatingPipeline.pipeline.addStage({
+      stageName: 'Deploy',
+      actions: [
+        new PipelineDeployStackAction({
+          input: selfUpdatingPipeline.synthesizedApp,
+          adminPermissions: true,
+          stack,
+          createChangeSetActionName: 'Prepare',
+          executeChangeSetActionName: 'Deploy',
+        }),
+      ],
+    });
+
+    expect(stack).to(haveResourceLike('AWS::CodePipeline::Pipeline', {
+      Stages: [
+        {},
+        {},
+        {
+          Name: 'Deploy',
+          Actions: [
+            {
+              Name: 'Prepare',
+            },
+            {
+              Name: 'Deploy',
+            },
+          ],
+        },
+      ],
+    }));
+
+    test.done();
+  },
 });
 
 class FakeAction implements codepipeline.IAction {

packages/@aws-cdk/aws-cloudtrail/README.md

@@ -66,13 +66,12 @@ const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');
 
 // Adds an event selector to the bucket magic-bucket.
 // By default, this includes management events and all operations (Read + Write)
-trail.addS3EventSelector(["arn:aws:s3:::magic-bucket/"]);
+trail.logAllS3DataEvents();
 
-// Adds an event selector to the bucket foo, with a specific configuration
-trail.addS3EventSelector(["arn:aws:s3:::foo/"], {
-  includeManagementEvents: false,
-  readWriteType: ReadWriteType.ALL,
-});
+// Adds an event selector to the bucket foo
+trail.addS3EventSelector([{
+  bucket: fooBucket // 'fooBucket' is of type s3.IBucket
+}]);
 ```
 
 For using CloudTrail event selector to log events about Lambda
@@ -90,7 +89,7 @@ const lambdaFunction = new lambda.Function(stack, 'AnAmazingFunction', {
 });
 
 // Add an event selector to log data events for all functions in the account.
-trail.addLambdaEventSelector(["arn:aws:lambda"]);
+trail.logAllLambdaDataEvents();
 
 // Add an event selector to log data events for the provided Lambda functions.
 trail.addLambdaEventSelector([lambdaFunction.functionArn]);

packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts

@@ -1,8 +1,10 @@
 import * as events from '@aws-cdk/aws-events';
 import * as iam from '@aws-cdk/aws-iam';
 import * as kms from '@aws-cdk/aws-kms';
+import * as lambda from '@aws-cdk/aws-lambda';
 import * as logs from '@aws-cdk/aws-logs';
 import * as s3 from '@aws-cdk/aws-s3';
+import * as sns from '@aws-cdk/aws-sns';
 import { Construct, Resource, Stack } from '@aws-cdk/core';
 import { CfnTrail } from './cloudtrail.generated';
 
@@ -82,11 +84,11 @@ export interface TrailProps {
    */
   readonly kmsKey?: kms.IKey;
 
-  /** The name of an Amazon SNS topic that is notified when new log files are published.
+  /** SNS topic that is notified when new log files are published.
    *
    * @default - No notifications.
    */
-  readonly snsTopic?: string; // TODO: fix to use L2 SNS
+  readonly snsTopic?: sns.ITopic;
 
   /**
    * The name of the trail. We recoomend customers do not set an explicit name.
@@ -105,7 +107,7 @@ export interface TrailProps {
    *
    * @default - if not supplied a bucket will be created with all the correct permisions
    */
-  readonly bucket?: s3.IBucket
+  readonly bucket?: s3.IBucket;
 }
 
 /**
@@ -252,7 +254,7 @@ export class Trail extends Resource {
       s3KeyPrefix: props.s3KeyPrefix,
       cloudWatchLogsLogGroupArn: this.logGroup?.logGroupArn,
       cloudWatchLogsRoleArn: logsRole?.roleArn,
-      snsTopicName: props.snsTopic,
+      snsTopicName: props.snsTopic?.topicName,
       eventSelectors: this.eventSelectors,
     });
 
@@ -316,13 +318,24 @@ export class Trail extends Resource {
    * Data events: These events provide insight into the resource operations performed on or within a resource.
    * These are also known as data plane operations.
    *
-   * @param dataResourceValues the list of data resource ARNs to include in logging (maximum 250 entries).
+   * @param handlers the list of lambda function handlers whose data events should be logged (maximum 250 entries).
    * @param options the options to configure logging of management and data events.
    */
-  public addLambdaEventSelector(dataResourceValues: string[], options: AddEventSelectorOptions = {}) {
+  public addLambdaEventSelector(handlers: lambda.IFunction[], options: AddEventSelectorOptions = {}) {
+    if (handlers.length === 0) { return; }
+    const dataResourceValues = handlers.map((h) => h.functionArn);
     return this.addEventSelector(DataResourceType.LAMBDA_FUNCTION, dataResourceValues, options);
   }
 
+  /**
+   * Log all Lamda data events for all lambda functions the account.
+   * @see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+   * @default false
+   */
+  public logAllLambdaDataEvents(options: AddEventSelectorOptions = {}) {
+    return this.addEventSelector(DataResourceType.LAMBDA_FUNCTION, [ 'arn:aws:lambda' ], options);
+  }
+
   /**
    * When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
    * Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
@@ -332,13 +345,24 @@ export class Trail extends Resource {
    * Data events: These events provide insight into the resource operations performed on or within a resource.
    * These are also known as data plane operations.
    *
-   * @param dataResourceValues the list of data resource ARNs to include in logging (maximum 250 entries).
+   * @param s3Selector the list of S3 bucket with optional prefix to include in logging (maximum 250 entries).
    * @param options the options to configure logging of management and data events.
    */
-  public addS3EventSelector(dataResourceValues: string[], options: AddEventSelectorOptions = {}) {
+  public addS3EventSelector(s3Selector: S3EventSelector[], options: AddEventSelectorOptions = {}) {
+    if (s3Selector.length === 0) { return; }
+    const dataResourceValues = s3Selector.map((sel) => `${sel.bucket.bucketArn}/${sel.objectPrefix ?? ''}`);
     return this.addEventSelector(DataResourceType.S3_OBJECT, dataResourceValues, options);
   }
 
+  /**
+   * Log all S3 data events for all objects for all buckets in the account.
+   * @see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+   * @default false
+   */
+  public logAllS3DataEvents(options: AddEventSelectorOptions = {}) {
+    return this.addEventSelector(DataResourceType.S3_OBJECT, [ 'arn:aws:s3:::' ], options);
+  }
+
   /**
    * Create an event rule for when an event is recorded by any Trail in the account.
    *
@@ -373,6 +397,20 @@ export interface AddEventSelectorOptions {
   readonly includeManagementEvents?: boolean;
 }
 
+/**
+ * Selecting an S3 bucket and an optional prefix to be logged for data events.
+ */
+export interface S3EventSelector {
+  /** S3 bucket */
+  readonly bucket: s3.IBucket;
+
+  /**
+   * Data events for objects whose key matches this prefix will be logged.
+   * @default - all objects
+   */
+  readonly objectPrefix?: string;
+}
+
 /**
  * Resource type for a data event
  */

packages/@aws-cdk/aws-cloudtrail/package.json

@@ -79,6 +79,7 @@
     "@aws-cdk/aws-lambda": "0.0.0",
     "@aws-cdk/aws-logs": "0.0.0",
     "@aws-cdk/aws-s3": "0.0.0",
+    "@aws-cdk/aws-sns": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "constructs": "^3.0.2"
   },
@@ -90,6 +91,7 @@
     "@aws-cdk/aws-lambda": "0.0.0",
     "@aws-cdk/aws-logs": "0.0.0",
     "@aws-cdk/aws-s3": "0.0.0",
+    "@aws-cdk/aws-sns": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "constructs": "^3.0.2"
   },