Merge branch 'master' into nija-at/cognito-userpoolbase

aws · May 27, 2020 · 87b67b9 · 87b67b9
2 parents 307f96d + 04490b1
commit 87b67b9
Show file tree

Hide file tree

Showing 92 changed files with 3,631 additions and 333 deletions.
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -25,6 +25,7 @@ falling prey to the [X/Y problem][2]!
 
   - **CDK CLI Version:** <!-- Output of `cdk version` -->
   - **Module Version:** <!-- Version of the module in question -->
+  - **Node.js Version:** <!-- Version of Node.js (run the command `node -v`) -->
   - **OS:** <!-- [all | Windows 10 | OSX Mojave | Ubuntu | etc... ] -->
   - **Language:** <!-- [all | TypeScript | Java | Python ] etc... ] -->
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,24 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.41.0](https://github.com/aws/aws-cdk/compare/v1.40.0...v1.41.0) (2020-05-21)
+
+
+### Features
+
+* **cloudtrail:** create cloudwatch event without needing to create a Trail ([#8076](https://github.com/aws/aws-cdk/issues/8076)) ([0567a23](https://github.com/aws/aws-cdk/commit/0567a2360ac713e3171c9a82767611174dadb6c6)), closes [#6716](https://github.com/aws/aws-cdk/issues/6716)
+* **cognito:** user pool - case sensitivity for sign in ([460394f](https://github.com/aws/aws-cdk/commit/460394f3dc4737cee80504d6c8ef106ecc3b67d5)), closes [#7988](https://github.com/aws/aws-cdk/issues/7988) [#7235](https://github.com/aws/aws-cdk/issues/7235)
+* **core:** CfnJson enables intrinsics in hash keys ([#8099](https://github.com/aws/aws-cdk/issues/8099)) ([195cd40](https://github.com/aws/aws-cdk/commit/195cd405d9f0869875de2ec78661aee3af2c7c7d)), closes [#8084](https://github.com/aws/aws-cdk/issues/8084)
+* **secretsmanager:** adds grantWrite to Secret ([#7858](https://github.com/aws/aws-cdk/issues/7858)) ([3fed84b](https://github.com/aws/aws-cdk/commit/3fed84ba9eec3f53c662966e366aa629209b7bf5))
+* **sns:** add support for subscription DLQ in SNS ([383cdb8](https://github.com/aws/aws-cdk/commit/383cdb86effeafdf5d0767ed379b16b3d78a933b))
+* **stepfunctions:** new service integration classes for Lambda, SNS, and SQS ([#7946](https://github.com/aws/aws-cdk/issues/7946)) ([c038848](https://github.com/aws/aws-cdk/commit/c0388483524832ca7863de4ee9c472b8ab39de8e)), closes [#6715](https://github.com/aws/aws-cdk/issues/6715) [#6489](https://github.com/aws/aws-cdk/issues/6489)
+
+
+### Bug Fixes
+
+* **apigateway:** contextAccountId in AccessLogField incorrectly resolves to requestId ([7b89e80](https://github.com/aws/aws-cdk/commit/7b89e805c716fa73d41cc97fcb728634e7a59136)), closes [#7952](https://github.com/aws/aws-cdk/issues/7952) [#7951](https://github.com/aws/aws-cdk/issues/7951)
+* **autoscaling:** add noDevice as a volume type ([#7253](https://github.com/aws/aws-cdk/issues/7253)) ([751958b](https://github.com/aws/aws-cdk/commit/751958b69225fdfc52622781c618f5a77f881fb6)), closes [#7242](https://github.com/aws/aws-cdk/issues/7242)
+
 ## [1.40.0](https://github.com/aws/aws-cdk/compare/v1.39.0...v1.40.0) (2020-05-20)
 
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -77,7 +77,8 @@ you need to have the following SDKs and tools locally:
   - We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
   - ⚠️ versions `13.0.0` to `13.6.0` are not supported due to compatibility issues with our dependencies.
 - [Yarn >= 1.19.1](https://yarnpkg.com/lang/en/docs/install)
-- [Java OpenJDK 8](http://openjdk.java.net/install/)
+- [Java OpenJDK 8](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+- [Apache Maven](http://maven.apache.org/install.html)
 - [.NET Core SDK 3.1](https://www.microsoft.com/net/download)
 - [Python 3.6.5](https://www.python.org/downloads/release/python-365/)
 - [Ruby 2.5.1](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)
@@ -91,6 +92,13 @@ $ yarn install
 $ yarn build
 ```
 
+If you get compiler errors when building, a common cause is globally installed tools like tslint and typescript. Try uninstalling them.
+
+```
+npm uninstall -g tslint
+npm uninstall -g typescript
+```
+
 Alternatively, the [Full Docker build](#full-docker-build) workflow can be used so
 that you don't have to worry about installing all those tools on your local machine
 and instead only depend on having a working Docker install.
@@ -197,7 +205,7 @@ Examples:
 
 ### Step 4: Commit
 
-Create a commit with the proposed change changes:
+Create a commit with the proposed changes:
 
 * Commit title and message (and PR title and description) must adhere to [conventionalcommits](https://www.conventionalcommits.org).
   * The title must begin with `feat(module): title`, `fix(module): title`, `refactor(module): title` or

diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt
@@ -1,58 +1 @@
-incompatible-argument:@aws-cdk/aws-ecs.Ec2TaskDefinition.<initializer>
-incompatible-argument:@aws-cdk/aws-ecs.Ec2TaskDefinition.addVolume
-incompatible-argument:@aws-cdk/aws-ecs.FargateTaskDefinition.<initializer>
-incompatible-argument:@aws-cdk/aws-ecs.FargateTaskDefinition.addVolume
-incompatible-argument:@aws-cdk/aws-ecs.TaskDefinition.<initializer>
-incompatible-argument:@aws-cdk/aws-ecs.TaskDefinition.addVolume
-change-return-type:@aws-cdk/core.Fn.getAtt
-new-argument:@aws-cdk/aws-iam.ManagedPolicy.<initializer>
-new-argument:@aws-cdk/aws-iam.ManagedPolicy.<initializer>
-removed:@aws-cdk/aws-apigateway.AwsIntegration.props
-removed:@aws-cdk/aws-apigateway.HttpIntegration.props
-removed:@aws-cdk/aws-apigateway.Integration.props
-removed:@aws-cdk/aws-apigateway.LambdaIntegration.props
-removed:@aws-cdk/aws-apigateway.MockIntegration.props
-removed:@aws-cdk/aws-ecs-patterns.ScheduledEc2TaskDefinitionOptions.schedule
-removed:@aws-cdk/aws-ecs-patterns.ScheduledEc2TaskDefinitionOptions.cluster
-removed:@aws-cdk/aws-ecs-patterns.ScheduledEc2TaskDefinitionOptions.desiredTaskCount
-removed:@aws-cdk/aws-ecs-patterns.ScheduledEc2TaskDefinitionOptions.vpc
-removed:@aws-cdk/aws-ecs-patterns.ScheduledFargateTaskDefinitionOptions.schedule
-removed:@aws-cdk/aws-ecs-patterns.ScheduledFargateTaskDefinitionOptions.cluster
-removed:@aws-cdk/aws-ecs-patterns.ScheduledFargateTaskDefinitionOptions.desiredTaskCount
-removed:@aws-cdk/aws-ecs-patterns.ScheduledFargateTaskDefinitionOptions.vpc
-incompatible-argument:@aws-cdk/aws-lambda.Function.<initializer>
-incompatible-argument:@aws-cdk/aws-lambda.SingletonFunction.<initializer>
-incompatible-argument:@aws-cdk/aws-lambda.Function.addEnvironment
-changed-type:@aws-cdk/aws-dynamodb.Table.tableStreamArn
-incompatible-argument:@aws-cdk/aws-apigateway.LambdaRestApi.addModel
-incompatible-argument:@aws-cdk/aws-apigateway.Model.<initializer>
-incompatible-argument:@aws-cdk/aws-apigateway.RestApi.addModel
-incompatible-argument:@aws-cdk/aws-apigateway.ProxyResource.addProxy
-incompatible-argument:@aws-cdk/aws-apigateway.Resource.addProxy
-incompatible-argument:@aws-cdk/aws-apigateway.ResourceBase.addProxy
-incompatible-argument:@aws-cdk/aws-apigateway.IResource.addProxy
-incompatible-argument:@aws-cdk/aws-apigateway.RequestAuthorizer.<initializer>
-incompatible-argument:@aws-cdk/aws-servicediscovery.Service.fromServiceAttributes
-removed:@aws-cdk/core.ConstructNode.addReference
-removed:@aws-cdk/core.ConstructNode.references
-removed:@aws-cdk/core.OutgoingReference
-change-return-type:@aws-cdk/aws-lambda-destinations.EventBridgeDestination.bind
-change-return-type:@aws-cdk/aws-lambda-destinations.LambdaDestination.bind
-change-return-type:@aws-cdk/aws-lambda-destinations.SnsDestination.bind
-change-return-type:@aws-cdk/aws-lambda-destinations.SqsDestination.bind
-removed:@aws-cdk/cdk-assets-schema.DockerImageDestination.imageUri
-incompatible-argument:@aws-cdk/aws-iam.FederatedPrincipal.<initializer>
-incompatible-argument:@aws-cdk/aws-iam.PolicyStatement.addCondition
-incompatible-argument:@aws-cdk/aws-iam.PolicyStatement.addConditions
-incompatible-argument:@aws-cdk/aws-iam.PolicyStatement.addFederatedPrincipal
-incompatible-argument:@aws-cdk/aws-iam.PrincipalPolicyFragment.<initializer>
-changed-type:@aws-cdk/aws-iam.FederatedPrincipal.conditions
-changed-type:@aws-cdk/aws-iam.PrincipalPolicyFragment.conditions
-changed-type:@aws-cdk/aws-iam.PrincipalWithConditions.conditions
-removed:@aws-cdk/cdk-assets-schema.Placeholders
-# Following two are because we're turning: properties: {string=>any} into a union of typed interfaces
-# Needs to be removed after next release.
-incompatible-argument:@aws-cdk/cloud-assembly-schema.Manifest.save
-change-return-type:@aws-cdk/cloud-assembly-schema.Manifest.load
-removed:@aws-cdk/core.DefaultStackSynthesizer.DEFAULT_DEPLOY_ACTION_ROLE_ARN
-removed:@aws-cdk/core.DefaultStackSynthesizerProps.deployActionRoleArn
+
diff --git a/lerna.json b/lerna.json
@@ -10,5 +10,5 @@
     "tools/*"
   ],
   "rejectCycles": "true",
-  "version": "1.40.0"
+  "version": "1.41.0"
 }
diff --git a/packages/@aws-cdk/aws-backup/lib/resource.ts b/packages/@aws-cdk/aws-backup/lib/resource.ts
@@ -64,14 +64,14 @@ export class BackupResource {
   /**
    * A DynamoDB table
    */
-  public static fromDynamoDbTable(table: dynamodb.Table) {
+  public static fromDynamoDbTable(table: dynamodb.ITable) {
     return BackupResource.fromArn(table.tableArn);
   }
 
   /**
    * An EC2 instance
    */
-  public static fromEc2Instance(instance: ec2.Instance) {
+  public static fromEc2Instance(instance: ec2.IInstance) {
     return BackupResource.fromArn(Stack.of(instance).formatArn({
       service: 'ec2',
       resource: 'instance',
@@ -82,7 +82,7 @@ export class BackupResource {
   /**
    * An EFS file system
    */
-  public static fromEfsFileSystem(fileSystem: efs.FileSystem) {
+  public static fromEfsFileSystem(fileSystem: efs.IFileSystem) {
     return BackupResource.fromArn(Stack.of(fileSystem).formatArn({
       service: 'elasticfilesystem',
       resource: 'file-system',
@@ -93,7 +93,7 @@ export class BackupResource {
   /**
    * A RDS database instance
    */
-  public static fromRdsDatabaseInstance(instance: rds.DatabaseInstance) {
+  public static fromRdsDatabaseInstance(instance: rds.IDatabaseInstance) {
     return BackupResource.fromArn(instance.instanceArn);
   }
 

diff --git a/packages/@aws-cdk/aws-backup/test/selection.test.ts b/packages/@aws-cdk/aws-backup/test/selection.test.ts
@@ -290,3 +290,44 @@ test('fromEc2Instance', () => {
     },
   });
 });
+
+test('fromDynamoDbTable', () => {
+  // GIVEN
+  const newTable = new dynamodb.Table(stack, 'New', {
+    partitionKey: {
+      name: 'id',
+      type: dynamodb.AttributeType.STRING,
+    },
+  });
+  const existingTable = dynamodb.Table.fromTableArn(stack, 'Existing', 'arn:aws:dynamodb:eu-west-1:123456789012:table/existing');
+
+  // WHEN
+  plan.addSelection('Selection', {
+    resources: [
+      BackupResource.fromDynamoDbTable(newTable),
+      BackupResource.fromDynamoDbTable(existingTable),
+    ],
+  });
+
+  // THEN
+  expect(stack).toHaveResource('AWS::Backup::BackupSelection', {
+    BackupSelection: {
+      IamRoleArn: {
+        'Fn::GetAtt': [
+          'PlanSelectionRole6D10F4B7',
+          'Arn',
+        ],
+      },
+      Resources: [
+        {
+          'Fn::GetAtt': [
+            'New8A81B073',
+            'Arn',
+          ],
+        },
+        'arn:aws:dynamodb:eu-west-1:123456789012:table/existing',
+      ],
+      SelectionName: 'Selection',
+    },
+  });
+});
diff --git a/packages/@aws-cdk/aws-cloudtrail/README.md b/packages/@aws-cdk/aws-cloudtrail/README.md
@@ -51,7 +51,9 @@ const trail = new cloudtrail.Trail(this, 'CloudTrail', {
 ```
 
 This creates the same setup as above - but also logs events to a created CloudWatch Log stream.
-By default, the created log group has a retention period of 365 Days, but this is also configurable.
+By default, the created log group has a retention period of 365 Days, but this is also configurable
+via the `cloudWatchLogsRetention` property. If you would like to specify the log group explicitly,
+use the `cloudwatchLogGroup` property.
 
 For using CloudTrail event selector to log specific S3 events,
 you can use the `CloudTrailProps` configuration object.

diff --git a/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts b/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
@@ -63,12 +63,19 @@ export interface TrailProps {
   readonly sendToCloudWatchLogs?: boolean;
 
   /**
-   * How long to retain logs in CloudWatchLogs. Ignored if sendToCloudWatchLogs is false
+   * How long to retain logs in CloudWatchLogs.
+   * Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
    *
-   *  @default logs.RetentionDays.OneYear
+   *  @default logs.RetentionDays.ONE_YEAR
    */
   readonly cloudWatchLogsRetention?: logs.RetentionDays;
 
+  /**
+   * Log Group to which CloudTrail to push logs to. Ignored if sendToCloudWatchLogs is set to false.
+   * @default - a new log group is created and used.
+   */
+  readonly cloudWatchLogGroup?: logs.ILogGroup;
+
   /** The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
    *
    * @default - No encryption.
@@ -171,6 +178,12 @@ export class Trail extends Resource {
    */
   public readonly trailSnsTopicArn: string;
 
+  /**
+   * The CloudWatch log group to which CloudTrail events are sent.
+   * `undefined` if `sendToCloudWatchLogs` property is false.
+   */
+  public readonly logGroup?: logs.ILogGroup;
+
   private s3bucket: s3.IBucket;
   private eventSelectors: EventSelector[] = [];
 
@@ -200,19 +213,22 @@ export class Trail extends Resource {
       },
     }));
 
-    let logGroup: logs.CfnLogGroup | undefined;
     let logsRole: iam.IRole | undefined;
 
     if (props.sendToCloudWatchLogs) {
-      logGroup = new logs.CfnLogGroup(this, 'LogGroup', {
-        retentionInDays: props.cloudWatchLogsRetention || logs.RetentionDays.ONE_YEAR,
-      });
+      if (props.cloudWatchLogGroup) {
+        this.logGroup = props.cloudWatchLogGroup;
+      } else {
+        this.logGroup = new logs.LogGroup(this, 'LogGroup', {
+          retention: props.cloudWatchLogsRetention ?? logs.RetentionDays.ONE_YEAR,
+        });
+      }
 
       logsRole = new iam.Role(this, 'LogsRole', { assumedBy: cloudTrailPrincipal });
 
       logsRole.addToPolicy(new iam.PolicyStatement({
         actions: ['logs:PutLogEvents', 'logs:CreateLogStream'],
-        resources: [logGroup.attrArn],
+        resources: [this.logGroup.logGroupArn],
       }));
     }
 
@@ -234,8 +250,8 @@ export class Trail extends Resource {
       kmsKeyId: props.kmsKey && props.kmsKey.keyArn,
       s3BucketName: this.s3bucket.bucketName,
       s3KeyPrefix: props.s3KeyPrefix,
-      cloudWatchLogsLogGroupArn: logGroup && logGroup.attrArn,
-      cloudWatchLogsRoleArn: logsRole && logsRole.roleArn,
+      cloudWatchLogsLogGroupArn: this.logGroup?.logGroupArn,
+      cloudWatchLogsRoleArn: logsRole?.roleArn,
       snsTopicName: props.snsTopic,
       eventSelectors: this.eventSelectors,
     });

diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts
@@ -2,7 +2,7 @@ import { SynthUtils } from '@aws-cdk/assert';
 import '@aws-cdk/assert/jest';
 import * as iam from '@aws-cdk/aws-iam';
 import * as lambda from '@aws-cdk/aws-lambda';
-import { RetentionDays } from '@aws-cdk/aws-logs';
+import { LogGroup, RetentionDays } from '@aws-cdk/aws-logs';
 import * as s3 from '@aws-cdk/aws-s3';
 import { Stack } from '@aws-cdk/core';
 import { ReadWriteType, Trail } from '../lib';
@@ -176,7 +176,7 @@ describe('cloudtrail', () => {
               Effect: 'Allow',
               Action: ['logs:PutLogEvents', 'logs:CreateLogStream'],
               Resource: {
-                'Fn::GetAtt': ['MyAmazingCloudTrailLogGroupAAD65144', 'Arn'],
+                'Fn::GetAtt': ['MyAmazingCloudTrailLogGroup2BE67F87', 'Arn'],
               },
             }],
           },
@@ -205,6 +205,44 @@ describe('cloudtrail', () => {
         const trail: any = SynthUtils.synthesize(stack).template.Resources.MyAmazingCloudTrail54516E8D;
         expect(trail.DependsOn).toEqual([logsRolePolicyName, logsRoleName, 'MyAmazingCloudTrailS3Policy39C120B0']);
       });
+
+      test('enabled and with custom log group', () => {
+        const stack = getTestStack();
+        const cloudWatchLogGroup = new LogGroup(stack, 'MyLogGroup', {
+          retention: RetentionDays.FIVE_DAYS,
+        });
+        new Trail(stack, 'MyAmazingCloudTrail', {
+          sendToCloudWatchLogs: true,
+          cloudWatchLogsRetention: RetentionDays.ONE_WEEK,
+          cloudWatchLogGroup,
+        });
+
+        expect(stack).toHaveResource('AWS::Logs::LogGroup', {
+          RetentionInDays: 5,
+        });
+
+        expect(stack).toHaveResource('AWS::CloudTrail::Trail', {
+          CloudWatchLogsLogGroupArn: stack.resolve(cloudWatchLogGroup.logGroupArn),
+        });
+
+        expect(stack).toHaveResourceLike('AWS::IAM::Policy', {
+          PolicyDocument: {
+            Statement: [{
+              Resource: stack.resolve(cloudWatchLogGroup.logGroupArn),
+            }],
+          },
+        });
+      });
+
+      test('disabled', () => {
+        const stack = getTestStack();
+        const t = new Trail(stack, 'MyAmazingCloudTrail', {
+          sendToCloudWatchLogs: false,
+          cloudWatchLogsRetention: RetentionDays.ONE_WEEK,
+        });
+        expect(t.logGroup).toBeUndefined();
+        expect(stack).not.toHaveResource('AWS::Logs::LogGroup');
+      });
     });
 
     describe('with event selectors', () => {

diff --git a/packages/@aws-cdk/aws-cloudwatch-actions/lib/appscaling.ts b/packages/@aws-cdk/aws-cloudwatch-actions/lib/appscaling.ts
@@ -9,6 +9,10 @@ export class ApplicationScalingAction implements cloudwatch.IAlarmAction {
   constructor(private readonly stepScalingAction: appscaling.StepScalingAction) {
   }
 
+  /**
+   * Returns an alarm action configuration to use an ApplicationScaling StepScalingAction
+   * as an alarm action
+   */
   public bind(_scope: cdk.Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
     return { alarmActionArn: this.stepScalingAction.scalingPolicyArn };
   }

diff --git a/packages/@aws-cdk/aws-cloudwatch-actions/lib/autoscaling.ts b/packages/@aws-cdk/aws-cloudwatch-actions/lib/autoscaling.ts
@@ -9,6 +9,10 @@ export class AutoScalingAction implements cloudwatch.IAlarmAction {
   constructor(private readonly stepScalingAction: autoscaling.StepScalingAction) {
   }
 
+  /**
+   * Returns an alarm action configuration to use an AutoScaling StepScalingAction
+   * as an alarm action
+   */
   public bind(_scope: cdk.Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
     return { alarmActionArn: this.stepScalingAction.scalingPolicyArn };
   }

diff --git a/packages/@aws-cdk/aws-cloudwatch-actions/lib/sns.ts b/packages/@aws-cdk/aws-cloudwatch-actions/lib/sns.ts
@@ -9,6 +9,9 @@ export class SnsAction implements cloudwatch.IAlarmAction {
   constructor(private readonly topic: sns.ITopic) {
   }
 
+  /**
+   * Returns an alarm action configuration to use an SNS topic as an alarm action
+   */
   public bind(_scope: Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
     return { alarmActionArn: this.topic.topicArn };
   }