Merge branch 'main' into sfn-task-credentials

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

@@ -408,6 +408,13 @@ export enum SpotAllocationStrategy {
    * honors the instance type priorities on a best-effort basis but optimizes for capacity first.
    */
   CAPACITY_OPTIMIZED_PRIORITIZED = 'capacity-optimized-prioritized',
+
+  /**
+   * The price and capacity optimized allocation strategy looks at both price and
+   * capacity to select the Spot Instance pools that are the least likely to be
+   * interrupted and have the lowest possible price.
+   */
+  PRICE_CAPACITY_OPTIMIZED = 'price-capacity-optimized',
 }
 
 /**

packages/@aws-cdk/aws-autoscaling/test/auto-scaling-group.test.ts

@@ -1915,6 +1915,47 @@ test('can use Vpc imported from unparseable list tokens', () => {
   });
 });
 
+test('add price-capacity-optimized', () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+
+  // WHEN
+  const lt = LaunchTemplate.fromLaunchTemplateAttributes(stack, 'imported-lt', {
+    launchTemplateId: 'test-lt-id',
+    versionNumber: '0',
+  });
+
+  new autoscaling.AutoScalingGroup(stack, 'mip-asg', {
+    mixedInstancesPolicy: {
+      launchTemplate: lt,
+      launchTemplateOverrides: [{
+        instanceType: new InstanceType('t4g.micro'),
+        launchTemplate: lt,
+        weightedCapacity: 9,
+      }],
+      instancesDistribution: {
+        onDemandAllocationStrategy: OnDemandAllocationStrategy.PRIORITIZED,
+        onDemandBaseCapacity: 1,
+        onDemandPercentageAboveBaseCapacity: 2,
+        spotAllocationStrategy: SpotAllocationStrategy.PRICE_CAPACITY_OPTIMIZED,
+        spotInstancePools: 3,
+        spotMaxPrice: '4',
+      },
+    },
+    vpc: mockVpc(stack),
+  });
+
+  // THEN
+  Template.fromStack(stack).hasResourceProperties('AWS::AutoScaling::AutoScalingGroup', {
+    MixedInstancesPolicy: {
+      InstancesDistribution: {
+        SpotAllocationStrategy: 'price-capacity-optimized',
+      },
+    },
+  });
+});
+
+
 function mockSecurityGroup(stack: cdk.Stack) {
   return ec2.SecurityGroup.fromSecurityGroupId(stack, 'MySG', 'most-secure');
 }

packages/@aws-cdk/aws-efs/README.md

@@ -40,6 +40,8 @@ const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
 });
 ```
 
+⚠️ An Amazon EFS file system's performance mode can't be MAX_IO when its throughputMode is ELASTIC.
+
 ⚠️ An Amazon EFS file system's performance mode can't be changed after the file system has been created.
 Updating this property will replace the file system.
 

packages/@aws-cdk/aws-efs/lib/efs-file-system.ts

@@ -13,6 +13,12 @@ import { CfnFileSystem, CfnMountTarget } from './efs.generated';
  * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-elasticfilesystem-filesystem-lifecyclepolicies
  */
 export enum LifecyclePolicy {
+
+  /**
+   * After 1 day of not being accessed.
+   */
+  AFTER_1_DAY = 'AFTER_1_DAY',
+
   /**
    * After 7 days of not being accessed.
    */
@@ -82,14 +88,19 @@ export enum PerformanceMode {
  */
 export enum ThroughputMode {
   /**
-   * This mode on Amazon EFS scales as the size of the file system in the standard storage class grows.
+   * This mode scales as the size of the file system in the standard storage class grows.
    */
   BURSTING = 'bursting',
 
   /**
    * This mode can instantly provision the throughput of the file system (in MiB/s) independent of the amount of data stored.
    */
-  PROVISIONED = 'provisioned'
+  PROVISIONED = 'provisioned',
+
+  /**
+  * This mode scales the throughput automatically regardless of file system size.
+  */
+  ELASTIC = 'elastic'
 }
 
 /**
@@ -333,6 +344,9 @@ export class FileSystem extends FileSystemBase {
       throw new Error('Property provisionedThroughputPerSecond is required when throughputMode is PROVISIONED');
     }
 
+    if (props.throughputMode === ThroughputMode.ELASTIC && props.performanceMode === PerformanceMode.MAX_IO) {
+      throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO');
+    }
     // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since
     // its considered an actual change in CloudFormations eyes, even though they have the same meaning.
     const encrypted = props.encrypted ?? (FeatureFlags.of(this).isEnabled(

packages/@aws-cdk/aws-efs/test/efs-file-system.test.ts

@@ -162,6 +162,29 @@ test('file system is created correctly with bursting throughput mode', () => {
   });
 });
 
+test('file system is created correctly with elastic throughput mode', () => {
+  // WHEN
+  new FileSystem(stack, 'EfsFileSystem', {
+    vpc,
+    throughputMode: ThroughputMode.ELASTIC,
+    performanceMode: PerformanceMode.GENERAL_PURPOSE,
+  });
+  // THEN
+  Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', {
+    ThroughputMode: 'elastic',
+  });
+});
+
+test('Exception when throughput mode is set to ELASTIC, performance mode cannot be MaxIO', () => {
+  expect(() => {
+    new FileSystem(stack, 'EfsFileSystem', {
+      vpc,
+      throughputMode: ThroughputMode.ELASTIC,
+      performanceMode: PerformanceMode.MAX_IO,
+    });
+  }).toThrowError(/ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO/);
+});
+
 test('Exception when throughput mode is set to PROVISIONED, but provisioned throughput is not set', () => {
   expect(() => {
     new FileSystem(stack, 'EfsFileSystem', {

packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts

@@ -251,18 +251,8 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute('access_logs.s3.bucket', bucket.bucketName.toString());
     this.setAttribute('access_logs.s3.prefix', prefix);
 
-    const region = Stack.of(this).region;
-    if (Token.isUnresolved(region)) {
-      throw new Error('Region is required to enable ELBv2 access logging');
-    }
-
-    const account = RegionInfo.get(region).elbv2Account;
-    if (!account) {
-      throw new Error(`Cannot enable access logging; don't know ELBv2 account for region ${region}`);
-    }
-
     const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com');
-    bucket.grantPut(new iam.AccountPrincipal(account), `${(prefix ? prefix + '/' : '')}AWSLogs/${Stack.of(this).account}/*`);
+    bucket.grantPut(this.resourcePolicyPrincipal(), `${(prefix ? prefix + '/' : '')}AWSLogs/${Stack.of(this).account}/*`);
     bucket.addToResourcePolicy(
       new PolicyStatement({
         actions: ['s3:PutObject'],
@@ -303,6 +293,22 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute(key, undefined);
   }
 
+  protected resourcePolicyPrincipal(): iam.IPrincipal {
+    const region = Stack.of(this).region;
+    if (Token.isUnresolved(region)) {
+      throw new Error('Region is required to enable ELBv2 access logging');
+    }
+
+    const account = RegionInfo.get(region).elbv2Account;
+    if (!account) {
+      // New Regions use a service principal
+      // https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy
+      return new iam.ServicePrincipal('logdelivery.elasticloadbalancing.amazonaws.com');
+    }
+
+    return new iam.AccountPrincipal(account);
+  }
+
   protected validateLoadBalancer(): string[] {
     const ret = new Array<string>();
 

packages/@aws-cdk/aws-gamelift/README.md

@@ -50,6 +50,73 @@ deliver inexpensive, resilient game hosting for your players
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. It allows you to define components for your matchmaking
 configuration or game server fleet management system.
 
+## GameLift FlexMatch
+
+### Matchmaking RuleSet
+
+Every FlexMatch matchmaker must have a rule set. The rule set determines the
+two key elements of a match: your game's team structure and size, and how to
+group players together for the best possible match.
+
+For example, a rule set might describe a match like this: Create a match with
+two teams of four to eight players each, one team is the cowboy and the other
+team the aliens. A team can have novice and experienced players, but the
+average skill of the two teams must be within 10 points of each other. If no
+match is made after 30 seconds, gradually relax the skill requirements.
+
+```ts
+new gamelift.MatchmakingRuleSet(this, 'RuleSet', {
+  matchmakingRuleSetName: 'my-test-ruleset',
+  content: gamelift.RuleSetContent.fromJsonFile(path.join(__dirname, 'my-ruleset/ruleset.json')),
+});
+```
+
+### FlexMatch Monitoring
+
+You can monitor GameLift FlexMatch activity for matchmaking configurations and
+matchmaking rules using Amazon CloudWatch. These statistics are used to provide
+a historical perspective on how your Gamelift FlexMatch solution is performing.
+
+#### FlexMatch Metrics
+
+GameLift FlexMatch sends metrics to CloudWatch so that you can collect and
+analyze the activity of your matchmaking solution, including match acceptance
+workflow, ticket consumtion.
+
+You can then use CloudWatch alarms to alert you, for example, when matches has
+been rejected (potential matches that were rejected by at least one player
+since the last report) exceed a certain thresold which could means that you may
+have an issue in your matchmaking rules.
+
+CDK provides methods for accessing GameLift FlexMatch metrics with default configuration,
+such as `metricRuleEvaluationsPassed`, or `metricRuleEvaluationsFailed` (see
+[`IMatchmakingRuleSet`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-gamelift.IMatchmakingRuleSet.html)
+for a full list). CDK also provides a generic `metric` method that can be used
+to produce metric configurations for any metric provided by GameLift FlexMatch;
+the configurations are pre-populated with the correct dimensions for the
+matchmaking configuration.
+
+```ts
+declare const matchmakingRuleSet: gamelift.MatchmakingRuleSet;
+// Alarm that triggers when the per-second average of not placed matches exceed 10%
+const ruleEvaluationRatio = new cloudwatch.MathExpression({
+  expression: '1 - (ruleEvaluationsPassed / ruleEvaluationsFailed)',
+  usingMetrics: {
+    ruleEvaluationsPassed: matchmakingRuleSet.metricRuleEvaluationsPassed({ statistic: cloudwatch.Statistic.SUM }),
+    ruleEvaluationsFailed: matchmakingRuleSet.metric('ruleEvaluationsFailed'),
+  },
+});
+new cloudwatch.Alarm(this, 'Alarm', {
+  metric: ruleEvaluationRatio,
+  threshold: 0.1,
+  evaluationPeriods: 3,
+});
+```
+
+See: [Monitoring Using CloudWatch Metrics](https://docs.aws.amazon.com/gamelift/latest/developerguide/monitoring-cloudwatch.html)
+in the *Amazon GameLift Developer Guide*.
+
+
 ## GameLift Hosting
 
 ### Uploading builds and scripts to GameLift
@@ -344,7 +411,7 @@ in the *Amazon GameLift Developer Guide*.
 GameLift is integrated with CloudWatch, so you can monitor the performance of
 your game servers via logs and metrics.
 
-#### Metrics
+#### Fleet Metrics
 
 GameLift Fleet sends metrics to CloudWatch so that you can collect and analyze
 the activity of your Fleet, including game  and player sessions and server
@@ -517,7 +584,7 @@ new gamelift.GameServerGroup(this, 'GameServerGroup', {
 });
 ```
 
-### Monitoring
+### FleetIQ Monitoring
 
 GameLift FleetIQ sends metrics to CloudWatch so that you can collect and
 analyze the activity of your Game server fleet, including the number of

packages/@aws-cdk/aws-gamelift/lib/index.ts

@@ -6,6 +6,8 @@ export * from './game-server-group';
 export * from './ingress-rule';
 export * from './fleet-base';
 export * from './build-fleet';
+export * from './matchmaking-ruleset';
+export * from './matchmaking-ruleset-body';
 
 // AWS::GameLift CloudFormation Resources:
 export * from './gamelift.generated';