diff --git a/.github/workflows/github-merit-badger.yml b/.github/workflows/github-merit-badger.yml index 29e2df649f483..07d6dbe71a32e 100644 --- a/.github/workflows/github-merit-badger.yml +++ b/.github/workflows/github-merit-badger.yml @@ -17,4 +17,4 @@ jobs: badges: '[beginning-contributor,repeat-contributor,valued-contributor,admired-contributor,star-contributor,distinguished-contributor]' thresholds: '[0,3,6,13,25,50]' badge-type: 'achievement' - ignore-usernames: '[RomainMuller,rix0rrr,Jerry-AWS,MrArnoldPalmer,iliapolo,otaviomacedo,madeline-k,kaizencc,comcalvi,corymhall,peterwoodworth,ryparker,TheRealAmazonKendra,vinayak-kukreja,Naumel,mrgrain,pahud,cgarvis,aws-cdk-automation,dependabot[bot],mergify[bot]]' + ignore-usernames: '[RomainMuller,rix0rrr,Jerry-AWS,MrArnoldPalmer,iliapolo,otaviomacedo,madeline-k,kaizencc,comcalvi,corymhall,peterwoodworth,ryparker,TheRealAmazonKendra,vinayak-kukreja,Naumel,mrgrain,pahud,cgarvis,kellertk,aws-cdk-automation,dependabot[bot],mergify[bot]]' diff --git a/.mergify.yml b/.mergify.yml index 1e5748e68ce04..f626f6fcf428d 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -10,7 +10,7 @@ pull_request_rules: label: add: [ contribution/core ] conditions: - - author~=^(RomainMuller|rix0rrr|Jerry-AWS|MrArnoldPalmer|iliapolo|uttarasridhar|otaviomacedo|madeline-k|kaizencc|comcalvi|corymhall|peterwoodworth|ryparker|TheRealAmazonKendra|yuth|vinayak-kukreja|Naumel|mrgrain|pahud|cgarvis)$ + - author~=^(RomainMuller|rix0rrr|Jerry-AWS|MrArnoldPalmer|iliapolo|uttarasridhar|otaviomacedo|madeline-k|kaizencc|comcalvi|corymhall|peterwoodworth|ryparker|TheRealAmazonKendra|yuth|vinayak-kukreja|Naumel|mrgrain|pahud|cgarvis|kellertk)$ - -label~="contribution/core" - name: automatic merge actions: diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index 0bbc809cee964..7ba211fb371ef 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -950,8 +950,8 @@ domain.addBasePathMapping(api1, { basePath: 'go-to-api1' }); domain.addBasePathMapping(api2, { basePath: 'boom' }); ``` -You can specify the API `Stage` to which this base path URL will map to. By default, this will be the -`deploymentStage` of the `RestApi`. +By default, the base path URL will map to the `deploymentStage` of the `RestApi`. +You can specify a different API `Stage` to which the base path URL will map to. ```ts declare const domain: apigateway.DomainName; @@ -966,6 +966,19 @@ const betaStage = new apigateway.Stage(this, 'beta-stage', { domain.addBasePathMapping(restapi, { basePath: 'api/beta', stage: betaStage }); ``` +It is possible to create a base path mapping without associating it with a +stage by using the `attachToStage` property. When set to `false`, the stage must be +included in the URL when invoking the API. For example, + will invoke the stage named `prod` from the +`myapi` base path mapping. + +```ts +declare const domain: apigateway.DomainName; +declare const api: apigateway.RestApi; + +domain.addBasePathMapping(api, { basePath: 'myapi', attachToStage: false }); +``` + If you don't specify `basePath`, all URLs under this domain will be mapped to the API, and you won't be able to map another API to the same domain: @@ -978,6 +991,23 @@ domain.addBasePathMapping(api); This can also be achieved through the `mapping` configuration when defining the domain as demonstrated above. +Base path mappings can also be created with the `BasePathMapping` resource. + +```ts +declare const api: apigateway.RestApi; + +const domainName = apigateway.DomainName.fromDomainNameAttributes(this, 'DomainName', { + domainName: 'domainName', + domainNameAliasHostedZoneId: 'domainNameAliasHostedZoneId', + domainNameAliasTarget: 'domainNameAliasTarget', +}); + +new apigateway.BasePathMapping(this, 'BasePathMapping', { + domainName: domainName, + restApi: api, +}); +``` + If you wish to setup this domain with an Amazon Route53 alias, use the `targets.ApiGatewayDomain`: ```ts diff --git a/packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts b/packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts index d87fe8536f099..066ec229b832f 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts @@ -22,6 +22,14 @@ export interface BasePathMappingOptions { * @default - map to deploymentStage of restApi otherwise stage needs to pass in URL */ readonly stage?: Stage; + + /** + * Whether to attach the base path mapping to a stage. + * Use this property to create a base path mapping without attaching it to the Rest API default stage. + * This property is ignored if `stage` is provided. + * @default - true + */ + readonly attachToStage?: boolean; } export interface BasePathMappingProps extends BasePathMappingOptions { @@ -53,9 +61,12 @@ export class BasePathMapping extends Resource { } } + const attachToStage = props.attachToStage ?? true; + // if restApi is an owned API and it has a deployment stage, map all requests // to that stage. otherwise, the stage will have to be specified in the URL. - const stage = props.stage ?? (props.restApi instanceof RestApiBase + // if props.attachToStage is false, then do not attach to the stage. + const stage = props.stage ?? (props.restApi instanceof RestApiBase && attachToStage ? props.restApi.deploymentStage : undefined); @@ -63,7 +74,7 @@ export class BasePathMapping extends Resource { basePath: props.basePath, domainName: props.domainName.domainName, restApiId: props.restApi.restApiId, - stage: stage && stage.stageName, + stage: stage?.stageName, }); } } diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/basepathmappingDefaultTestDeployAssertDA82B6F0.assets.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/basepathmappingDefaultTestDeployAssertDA82B6F0.assets.json new file mode 100644 index 0000000000000..bd656b5bfc38c --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/basepathmappingDefaultTestDeployAssertDA82B6F0.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "basepathmappingDefaultTestDeployAssertDA82B6F0.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/basepathmappingDefaultTestDeployAssertDA82B6F0.template.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/basepathmappingDefaultTestDeployAssertDA82B6F0.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/basepathmappingDefaultTestDeployAssertDA82B6F0.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..8ecc185e9dbee --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/integ.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/integ.json new file mode 100644 index 0000000000000..c270139cd5cfe --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "21.0.0", + "testCases": { + "base-path-mapping/DefaultTest": { + "stacks": [ + "test-stack" + ], + "assertionStack": "base-path-mapping/DefaultTest/DeployAssert", + "assertionStackName": "basepathmappingDefaultTestDeployAssertDA82B6F0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..a57c7ce4a9fcd --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/manifest.json @@ -0,0 +1,147 @@ +{ + "version": "21.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "test-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "test-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-stack.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4328166cfc76604ab46a2a088da69e6631472872129e804d27c8b5336c842774.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "test-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "test-stack.assets" + ], + "metadata": { + "/test-stack/Api/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiF70053CD" + } + ], + "/test-stack/Api/Deployment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiDeploymentB17BE62Df672ad8455f9678e4a3db5854bdb8d73" + } + ], + "/test-stack/Api/DeploymentStage.prod/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiDeploymentStageprod3EB9684E" + } + ], + "/test-stack/Api/Endpoint": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiEndpoint4F160690" + } + ], + "/test-stack/Api/Default/GET/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiGET9257B917" + } + ], + "/test-stack/MappingOne/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MappingOneAB5D4FD4" + } + ], + "/test-stack/MappingTwo/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MappingTwo551C79ED" + } + ], + "/test-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/test-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "test-stack" + }, + "basepathmappingDefaultTestDeployAssertDA82B6F0.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "basepathmappingDefaultTestDeployAssertDA82B6F0.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "basepathmappingDefaultTestDeployAssertDA82B6F0": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "basepathmappingDefaultTestDeployAssertDA82B6F0.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "basepathmappingDefaultTestDeployAssertDA82B6F0.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "basepathmappingDefaultTestDeployAssertDA82B6F0.assets" + ], + "metadata": { + "/base-path-mapping/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/base-path-mapping/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "base-path-mapping/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/test-stack.assets.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/test-stack.assets.json new file mode 100644 index 0000000000000..a2ac187057b56 --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/test-stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "4328166cfc76604ab46a2a088da69e6631472872129e804d27c8b5336c842774": { + "source": { + "path": "test-stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "4328166cfc76604ab46a2a088da69e6631472872129e804d27c8b5336c842774.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/test-stack.template.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/test-stack.template.json new file mode 100644 index 0000000000000..52d687e8b3f2d --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/test-stack.template.json @@ -0,0 +1,137 @@ +{ + "Resources": { + "ApiF70053CD": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Name": "Api" + } + }, + "ApiDeploymentB17BE62Df672ad8455f9678e4a3db5854bdb8d73": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ApiF70053CD" + }, + "Description": "Automatically created by the RestApi construct" + }, + "DependsOn": [ + "ApiGET9257B917" + ] + }, + "ApiDeploymentStageprod3EB9684E": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "RestApiId": { + "Ref": "ApiF70053CD" + }, + "DeploymentId": { + "Ref": "ApiDeploymentB17BE62Df672ad8455f9678e4a3db5854bdb8d73" + }, + "StageName": "prod" + } + }, + "ApiGET9257B917": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "HttpMethod": "GET", + "ResourceId": { + "Fn::GetAtt": [ + "ApiF70053CD", + "RootResourceId" + ] + }, + "RestApiId": { + "Ref": "ApiF70053CD" + }, + "AuthorizationType": "NONE", + "Integration": { + "Type": "MOCK" + } + } + }, + "MappingOneAB5D4FD4": { + "Type": "AWS::ApiGateway::BasePathMapping", + "Properties": { + "DomainName": "domainName", + "RestApiId": { + "Ref": "ApiF70053CD" + }, + "Stage": { + "Ref": "ApiDeploymentStageprod3EB9684E" + } + } + }, + "MappingTwo551C79ED": { + "Type": "AWS::ApiGateway::BasePathMapping", + "Properties": { + "DomainName": "domainName", + "BasePath": "path", + "RestApiId": { + "Ref": "ApiF70053CD" + } + } + } + }, + "Outputs": { + "ApiEndpoint4F160690": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "ApiF70053CD" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "ApiDeploymentStageprod3EB9684E" + }, + "/" + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/tree.json b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/tree.json new file mode 100644 index 0000000000000..2a9baa7dc204d --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.integ.snapshot/tree.json @@ -0,0 +1,269 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.92" + } + }, + "test-stack": { + "id": "test-stack", + "path": "test-stack", + "children": { + "Api": { + "id": "Api", + "path": "test-stack/Api", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/Api/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::RestApi", + "aws:cdk:cloudformation:props": { + "name": "Api" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.CfnRestApi", + "version": "0.0.0" + } + }, + "Deployment": { + "id": "Deployment", + "path": "test-stack/Api/Deployment", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/Api/Deployment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Deployment", + "aws:cdk:cloudformation:props": { + "restApiId": { + "Ref": "ApiF70053CD" + }, + "description": "Automatically created by the RestApi construct" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.CfnDeployment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.Deployment", + "version": "0.0.0" + } + }, + "DeploymentStage.prod": { + "id": "DeploymentStage.prod", + "path": "test-stack/Api/DeploymentStage.prod", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/Api/DeploymentStage.prod/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Stage", + "aws:cdk:cloudformation:props": { + "restApiId": { + "Ref": "ApiF70053CD" + }, + "deploymentId": { + "Ref": "ApiDeploymentB17BE62Df672ad8455f9678e4a3db5854bdb8d73" + }, + "stageName": "prod" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.CfnStage", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.Stage", + "version": "0.0.0" + } + }, + "Endpoint": { + "id": "Endpoint", + "path": "test-stack/Api/Endpoint", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "Default": { + "id": "Default", + "path": "test-stack/Api/Default", + "children": { + "GET": { + "id": "GET", + "path": "test-stack/Api/Default/GET", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/Api/Default/GET/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "httpMethod": "GET", + "resourceId": { + "Fn::GetAtt": [ + "ApiF70053CD", + "RootResourceId" + ] + }, + "restApiId": { + "Ref": "ApiF70053CD" + }, + "authorizationType": "NONE", + "integration": { + "type": "MOCK" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.Method", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.ResourceBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.RestApi", + "version": "0.0.0" + } + }, + "Domain": { + "id": "Domain", + "path": "test-stack/Domain", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "MappingOne": { + "id": "MappingOne", + "path": "test-stack/MappingOne", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MappingOne/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::BasePathMapping", + "aws:cdk:cloudformation:props": { + "domainName": "domainName", + "restApiId": { + "Ref": "ApiF70053CD" + }, + "stage": { + "Ref": "ApiDeploymentStageprod3EB9684E" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.CfnBasePathMapping", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.BasePathMapping", + "version": "0.0.0" + } + }, + "MappingTwo": { + "id": "MappingTwo", + "path": "test-stack/MappingTwo", + "children": { + "Resource": { + "id": "Resource", + "path": "test-stack/MappingTwo/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::BasePathMapping", + "aws:cdk:cloudformation:props": { + "domainName": "domainName", + "basePath": "path", + "restApiId": { + "Ref": "ApiF70053CD" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.CfnBasePathMapping", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-apigateway.BasePathMapping", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "base-path-mapping": { + "id": "base-path-mapping", + "path": "base-path-mapping", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "base-path-mapping/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "base-path-mapping/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.92" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "base-path-mapping/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.test.ts b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.test.ts index a886b3c957dad..c3da93e83ba26 100644 --- a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.test.ts +++ b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.test.ts @@ -1,4 +1,4 @@ -import { Template } from '@aws-cdk/assertions'; +import { Match, Template } from '@aws-cdk/assertions'; import * as acm from '@aws-cdk/aws-certificatemanager'; import * as cdk from '@aws-cdk/core'; import * as apigw from '../lib'; @@ -25,6 +25,7 @@ describe('BasePathMapping', () => { Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::BasePathMapping', { DomainName: { Ref: 'MyDomainE4943FBC' }, RestApiId: { Ref: 'MyApi49610EDF' }, + Stage: { Ref: 'MyApiDeploymentStageprodE1054AF0' }, }); }); @@ -97,6 +98,7 @@ describe('BasePathMapping', () => { restApi: api, domainName: domain, stage, + attachToStage: true, }); // THEN @@ -104,4 +106,28 @@ describe('BasePathMapping', () => { Stage: { Ref: 'MyStage572B0482' }, }); }); + + test('specify attachToStage property', () => { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'MyApi'); + api.root.addMethod('GET'); // api must have atleast one method. + const domain = new apigw.DomainName(stack, 'MyDomain', { + domainName: 'example.com', + certificate: acm.Certificate.fromCertificateArn(stack, 'cert', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'), + endpointType: apigw.EndpointType.REGIONAL, + }); + + // WHEN + new apigw.BasePathMapping(stack, 'MyBasePath', { + restApi: api, + domainName: domain, + attachToStage: false, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::BasePathMapping', { + Stage: Match.absent(), + }); + }); }); diff --git a/packages/@aws-cdk/aws-apigateway/test/integ.base-path-mapping.ts b/packages/@aws-cdk/aws-apigateway/test/integ.base-path-mapping.ts new file mode 100644 index 0000000000000..9d3a31a3a205e --- /dev/null +++ b/packages/@aws-cdk/aws-apigateway/test/integ.base-path-mapping.ts @@ -0,0 +1,39 @@ +import * as cdk from '@aws-cdk/core'; +import { IntegTest } from '@aws-cdk/integ-tests'; +import * as apigateway from '../lib'; + +export class TestStack extends cdk.Stack { + constructor(scope: cdk.App, id: string) { + super(scope, id); + + const restApi = new apigateway.RestApi(this, 'Api'); + + restApi.root.addMethod('GET'); + + const domainName = apigateway.DomainName.fromDomainNameAttributes(this, 'Domain', { + domainName: 'domainName', + domainNameAliasHostedZoneId: 'domainNameAliasHostedZoneId', + domainNameAliasTarget: 'domainNameAliasTarget', + }); + + new apigateway.BasePathMapping(this, 'MappingOne', { + domainName, + restApi, + }); + + new apigateway.BasePathMapping(this, 'MappingTwo', { + domainName, + restApi, + basePath: 'path', + attachToStage: false, + }); + } +} + +const app = new cdk.App(); + +const testStack = new TestStack(app, 'test-stack'); + +new IntegTest(app, 'base-path-mapping', { + testCases: [testStack], +}); diff --git a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js index 48261e12d82e5..3794bfcee0769 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js +++ b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js @@ -65,6 +65,23 @@ let report = function (event, context, responseStatus, physicalResourceId, respo }); }; +/** + * Adds tags to an existing certificate + * + * @param {string} certificateArn the ARN of the certificate to add tags to + * @param {string} region the region the certificate exists in + * @param {map} tags Tags to add to the requested certificate + */ +const addTags = async function(certificateArn, region, tags) { + const result = Array.from(Object.entries(tags)).map(([Key, Value]) => ({ Key, Value })) + const acm = new aws.ACM({ region }); + + await acm.addTagsToCertificate({ + CertificateArn: certificateArn, + Tags: result, + }).promise(); +} + /** * Requests a public certificate from AWS Certificate Manager, using DNS validation. * The hosted zone ID must refer to a **public** Route53-managed DNS zone that is authoritative @@ -75,10 +92,9 @@ let report = function (event, context, responseStatus, physicalResourceId, respo * @param {string} requestId the CloudFormation request ID * @param {string} domainName the Common Name (CN) field for the requested certificate * @param {string} hostedZoneId the Route53 Hosted Zone ID - * @param {map} tags Tags to add to the requested certificate * @returns {string} Validated certificate ARN */ -const requestCertificate = async function (requestId, domainName, subjectAlternativeNames, certificateTransparencyLoggingPreference, hostedZoneId, region, route53Endpoint, tags) { +const requestCertificate = async function (requestId, domainName, subjectAlternativeNames, certificateTransparencyLoggingPreference, hostedZoneId, region, route53Endpoint) { const crypto = require('crypto'); const acm = new aws.ACM({ region }); const route53 = route53Endpoint ? new aws.Route53({ endpoint: route53Endpoint }) : new aws.Route53(); @@ -101,16 +117,6 @@ const requestCertificate = async function (requestId, domainName, subjectAlterna console.log(`Certificate ARN: ${reqCertResponse.CertificateArn}`); - - if (!!tags) { - const result = Array.from(Object.entries(tags)).map(([Key, Value]) => ({ Key, Value })) - - await acm.addTagsToCertificate({ - CertificateArn: reqCertResponse.CertificateArn, - Tags: result, - }).promise(); - } - console.log('Waiting for ACM to provide DNS records for validation...'); let records = []; @@ -275,6 +281,25 @@ async function commitRoute53Records(route53, records, hostedZoneId, action = 'UP }).promise(); } +/** + * Determines whether an update request should request a new certificate + * + * @param {map} oldParams the previously process request parameters + * @param {map} newParams the current process request parameters + * @param {string} physicalResourceId the physicalResourceId + * @returns {boolean} whether or not to request a new certificate + */ +function shouldUpdate(oldParams, newParams, physicalResourceId) { + if (!oldParams) return true; + if (oldParams.DomainName !== newParams.DomainName) return true; + if (oldParams.SubjectAlternativeNames !== newParams.SubjectAlternativeNames) return true; + if (oldParams.CertificateTransparencyLoggingPreference !== newParams.CertificateTransparencyLoggingPreference) return true; + if (oldParams.HostedZoneId !== newParams.HostedZoneId) return true; + if (oldParams.Region !== newParams.Region) return true; + if (!physicalResourceId || !physicalResourceId.startsWith('arn:')) return true; + return false; +} + /** * Main handler, invoked by Lambda */ @@ -282,28 +307,43 @@ exports.certificateRequestHandler = async function (event, context) { var responseData = {}; var physicalResourceId; var certificateArn; + async function processRequest() { + certificateArn = await requestCertificate( + event.RequestId, + event.ResourceProperties.DomainName, + event.ResourceProperties.SubjectAlternativeNames, + event.ResourceProperties.CertificateTransparencyLoggingPreference, + event.ResourceProperties.HostedZoneId, + event.ResourceProperties.Region, + event.ResourceProperties.Route53Endpoint, + ); + responseData.Arn = physicalResourceId = certificateArn; + } try { switch (event.RequestType) { case 'Create': + await processRequest(); + if (event.ResourceProperties.Tags && physicalResourceId.startsWith('arn:')) { + await addTags(physicalResourceId, event.ResourceProperties.Region, event.ResourceProperties.Tags); + } + break; case 'Update': - certificateArn = await requestCertificate( - event.RequestId, - event.ResourceProperties.DomainName, - event.ResourceProperties.SubjectAlternativeNames, - event.ResourceProperties.CertificateTransparencyLoggingPreference, - event.ResourceProperties.HostedZoneId, - event.ResourceProperties.Region, - event.ResourceProperties.Route53Endpoint, - event.ResourceProperties.Tags, - ); - responseData.Arn = physicalResourceId = certificateArn; + if (shouldUpdate(event.OldResourceProperties, event.ResourceProperties, event.PhysicalResourceId)) { + await processRequest(); + } else { + responseData.Arn = physicalResourceId = event.PhysicalResourceId; + } + if (event.ResourceProperties.Tags && physicalResourceId.startsWith('arn:')) { + await addTags(physicalResourceId, event.ResourceProperties.Region, event.ResourceProperties.Tags); + } break; case 'Delete': physicalResourceId = event.PhysicalResourceId; + const removalPolicy = event.ResourceProperties.RemovalPolicy ?? 'destroy'; // If the resource didn't create correctly, the physical resource ID won't be the // certificate ARN, so don't try to delete it in that case. - if (physicalResourceId.startsWith('arn:')) { + if (physicalResourceId.startsWith('arn:') && removalPolicy === 'destroy') { await deleteCertificate( physicalResourceId, event.ResourceProperties.Region, diff --git a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js index 37697f69b6e2e..be4f4fb20ba21 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js +++ b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js @@ -869,6 +869,243 @@ describe('DNS Validated Certificate Handler', () => { }); }); + test('Update operation requests a certificate', () => { + const requestCertificateFake = sinon.fake.resolves({ + CertificateArn: testCertificateArn, + }); + + const describeCertificateFake = sinon.stub(); + describeCertificateFake.onFirstCall().resolves({ + Certificate: { + CertificateArn: testCertificateArn + } + }); + describeCertificateFake.resolves({ + Certificate: { + CertificateArn: testCertificateArn, + DomainValidationOptions: [{ + ValidationStatus: 'SUCCESS', + ResourceRecord: { + Name: testRRName, + Type: 'CNAME', + Value: testRRValue + } + }] + } + }); + + const addTagsToCertificateFake = sinon.fake.resolves({}); + + const changeResourceRecordSetsFake = sinon.fake.resolves({ + ChangeInfo: { + Id: 'bogus' + } + }); + + AWS.mock('ACM', 'requestCertificate', requestCertificateFake); + AWS.mock('ACM', 'describeCertificate', describeCertificateFake); + AWS.mock('Route53', 'changeResourceRecordSets', changeResourceRecordSetsFake); + AWS.mock('ACM', 'addTagsToCertificate', addTagsToCertificateFake); + + const request = nock(ResponseURL).put('/', body => { + return body.Status === 'SUCCESS'; + }).reply(200); + + return LambdaTester(handler.certificateRequestHandler) + .event({ + RequestType: 'Update', + RequestId: testRequestId, + OldResourceProperties: { + DomainName: 'example.com', + HostedZoneId: testHostedZoneId, + Region: 'us-east-1', + Tags: testTags + }, + ResourceProperties: { + DomainName: testDomainName, + HostedZoneId: testHostedZoneId, + Region: 'us-east-1', + Tags: testTags + } + }) + .expectResolve(() => { + sinon.assert.calledWith(requestCertificateFake, sinon.match({ + DomainName: testDomainName, + ValidationMethod: 'DNS', + Options: { + CertificateTransparencyLoggingPreference: undefined + } + })); + sinon.assert.calledWith(changeResourceRecordSetsFake, sinon.match({ + ChangeBatch: { + Changes: [{ + Action: 'UPSERT', + ResourceRecordSet: { + Name: testRRName, + Type: 'CNAME', + TTL: 60, + ResourceRecords: [{ + Value: testRRValue + }] + } + }] + }, + HostedZoneId: testHostedZoneId + })); + sinon.assert.calledWith(addTagsToCertificateFake, sinon.match({ + "CertificateArn": testCertificateArn, + "Tags": testTagsValue, + })); + expect(request.isDone()).toBe(true); + }); + }); + + test('Update operation updates tags only', () => { + const requestCertificateFake = sinon.fake.resolves({ + CertificateArn: testCertificateArn, + }); + + const describeCertificateFake = sinon.stub(); + describeCertificateFake.onFirstCall().resolves({ + Certificate: { + CertificateArn: testCertificateArn + } + }); + describeCertificateFake.resolves({ + Certificate: { + CertificateArn: testCertificateArn, + DomainValidationOptions: [{ + ValidationStatus: 'SUCCESS', + ResourceRecord: { + Name: testRRName, + Type: 'CNAME', + Value: testRRValue + } + }] + } + }); + + const addTagsToCertificateFake = sinon.fake.resolves({}); + + const changeResourceRecordSetsFake = sinon.fake.resolves({ + ChangeInfo: { + Id: 'bogus' + } + }); + + AWS.mock('ACM', 'requestCertificate', requestCertificateFake); + AWS.mock('ACM', 'describeCertificate', describeCertificateFake); + AWS.mock('Route53', 'changeResourceRecordSets', changeResourceRecordSetsFake); + AWS.mock('ACM', 'addTagsToCertificate', addTagsToCertificateFake); + + const request = nock(ResponseURL).put('/', body => { + return body.Status === 'SUCCESS'; + }).reply(200); + + return LambdaTester(handler.certificateRequestHandler) + .event({ + RequestType: 'Update', + RequestId: testRequestId, + PhysicalResourceId: testCertificateArn, + OldResourceProperties: { + DomainName: testDomainName, + HostedZoneId: testHostedZoneId, + Region: 'us-east-1', + Tags: testTags, + }, + ResourceProperties: { + DomainName: testDomainName, + HostedZoneId: testHostedZoneId, + Region: 'us-east-1', + Tags: { + ...testTags, + Tag4: 'Value4', + }, + } + }) + .expectResolve(() => { + sinon.assert.notCalled(requestCertificateFake); + sinon.assert.notCalled(changeResourceRecordSetsFake); + sinon.assert.calledWith(addTagsToCertificateFake, sinon.match({ + "CertificateArn": testCertificateArn, + "Tags": [{ Key: 'Tag1', Value: 'Test1' }, { Key: 'Tag2', Value: 'Test2' }, { Key: 'Tag4', Value: 'Value4' }], + })); + expect(request.isDone()).toBe(true); + }); + }); + + test('Update operation does not request certificate if removal policy is changed', () => { + const requestCertificateFake = sinon.fake.resolves({ + CertificateArn: testCertificateArn, + }); + + const describeCertificateFake = sinon.stub(); + describeCertificateFake.onFirstCall().resolves({ + Certificate: { + CertificateArn: testCertificateArn + } + }); + describeCertificateFake.resolves({ + Certificate: { + CertificateArn: testCertificateArn, + DomainValidationOptions: [{ + ValidationStatus: 'SUCCESS', + ResourceRecord: { + Name: testRRName, + Type: 'CNAME', + Value: testRRValue + } + }] + } + }); + + const addTagsToCertificateFake = sinon.fake.resolves({}); + + const changeResourceRecordSetsFake = sinon.fake.resolves({ + ChangeInfo: { + Id: 'bogus' + } + }); + + AWS.mock('ACM', 'requestCertificate', requestCertificateFake); + AWS.mock('ACM', 'describeCertificate', describeCertificateFake); + AWS.mock('Route53', 'changeResourceRecordSets', changeResourceRecordSetsFake); + AWS.mock('ACM', 'addTagsToCertificate', addTagsToCertificateFake); + + const request = nock(ResponseURL).put('/', body => { + return body.Status === 'SUCCESS'; + }).reply(200); + + return LambdaTester(handler.certificateRequestHandler) + .event({ + RequestType: 'Update', + RequestId: testRequestId, + PhysicalResourceId: testCertificateArn, + OldResourceProperties: { + DomainName: testDomainName, + HostedZoneId: testHostedZoneId, + Region: 'us-east-1', + Tags: testTags, + }, + ResourceProperties: { + DomainName: testDomainName, + HostedZoneId: testHostedZoneId, + Region: 'us-east-1', + Tags: testTags, + RemovalPolicy: 'retain', + } + }) + .expectResolve(() => { + sinon.assert.notCalled(requestCertificateFake); + sinon.assert.notCalled(changeResourceRecordSetsFake); + sinon.assert.calledWith(addTagsToCertificateFake, sinon.match({ + "CertificateArn": testCertificateArn, + "Tags": testTagsValue, + })); + expect(request.isDone()).toBe(true); + }); + }); + test('Delete operation succeeds if certificate becomes not-in-use', () => { const usedByArn = 'arn:aws:cloudfront::123456789012:distribution/d111111abcdef8'; diff --git a/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts b/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts index eb4044cb7833f..b01062021fb2a 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts +++ b/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts @@ -79,6 +79,7 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi private normalizedZoneName: string; private hostedZoneId: string; private domainName: string; + private _removalPolicy?: cdk.RemovalPolicy; constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps) { super(scope, id); @@ -132,6 +133,7 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi HostedZoneId: this.hostedZoneId, Region: props.region, Route53Endpoint: props.route53Endpoint, + RemovalPolicy: cdk.Lazy.any({ produce: () => this._removalPolicy }), // Custom resources properties are always converted to strings; might as well be explict here. CleanupRecords: props.cleanupRoute53Records ? 'true' : undefined, Tags: cdk.Lazy.list({ produce: () => this.tags.renderTags() }), @@ -143,6 +145,10 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi this.node.addValidation({ validate: () => this.validateDnsValidatedCertificate() }); } + public applyRemovalPolicy(policy: cdk.RemovalPolicy): void { + this._removalPolicy = policy; + } + private validateDnsValidatedCertificate(): string[] { const errors: string[] = []; // Ensure the zone name is a parent zone of the certificate domain name diff --git a/packages/@aws-cdk/aws-certificatemanager/package.json b/packages/@aws-cdk/aws-certificatemanager/package.json index 2b396cdee2abe..5a6c030175093 100644 --- a/packages/@aws-cdk/aws-certificatemanager/package.json +++ b/packages/@aws-cdk/aws-certificatemanager/package.json @@ -81,6 +81,8 @@ "license": "Apache-2.0", "devDependencies": { "@aws-cdk/assertions": "0.0.0", + "@aws-cdk/integ-tests": "0.0.0", + "@aws-cdk/integ-runner": "0.0.0", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/cfn2ts": "0.0.0", "@aws-cdk/pkglint": "0.0.0", diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/asset.ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672/index.js b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/asset.ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672/index.js new file mode 100644 index 0000000000000..3794bfcee0769 --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/asset.ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672/index.js @@ -0,0 +1,437 @@ +'use strict'; + +const aws = require('aws-sdk'); + +const defaultSleep = function (ms) { + return new Promise(resolve => setTimeout(resolve, ms)); +}; + +// These are used for test purposes only +let defaultResponseURL; +let waiter; +let sleep = defaultSleep; +let random = Math.random; +let maxAttempts = 10; + +/** + * Upload a CloudFormation response object to S3. + * + * @param {object} event the Lambda event payload received by the handler function + * @param {object} context the Lambda context received by the handler function + * @param {string} responseStatus the response status, either 'SUCCESS' or 'FAILED' + * @param {string} physicalResourceId CloudFormation physical resource ID + * @param {object} [responseData] arbitrary response data object + * @param {string} [reason] reason for failure, if any, to convey to the user + * @returns {Promise} Promise that is resolved on success, or rejected on connection error or HTTP error response + */ +let report = function (event, context, responseStatus, physicalResourceId, responseData, reason) { + return new Promise((resolve, reject) => { + const https = require('https'); + const { URL } = require('url'); + + var responseBody = JSON.stringify({ + Status: responseStatus, + Reason: reason, + PhysicalResourceId: physicalResourceId || context.logStreamName, + StackId: event.StackId, + RequestId: event.RequestId, + LogicalResourceId: event.LogicalResourceId, + Data: responseData + }); + + const parsedUrl = new URL(event.ResponseURL || defaultResponseURL); + const options = { + hostname: parsedUrl.hostname, + port: 443, + path: parsedUrl.pathname + parsedUrl.search, + method: 'PUT', + headers: { + 'Content-Type': '', + 'Content-Length': responseBody.length + } + }; + + https.request(options) + .on('error', reject) + .on('response', res => { + res.resume(); + if (res.statusCode >= 400) { + reject(new Error(`Server returned error ${res.statusCode}: ${res.statusMessage}`)); + } else { + resolve(); + } + }) + .end(responseBody, 'utf8'); + }); +}; + +/** + * Adds tags to an existing certificate + * + * @param {string} certificateArn the ARN of the certificate to add tags to + * @param {string} region the region the certificate exists in + * @param {map} tags Tags to add to the requested certificate + */ +const addTags = async function(certificateArn, region, tags) { + const result = Array.from(Object.entries(tags)).map(([Key, Value]) => ({ Key, Value })) + const acm = new aws.ACM({ region }); + + await acm.addTagsToCertificate({ + CertificateArn: certificateArn, + Tags: result, + }).promise(); +} + +/** + * Requests a public certificate from AWS Certificate Manager, using DNS validation. + * The hosted zone ID must refer to a **public** Route53-managed DNS zone that is authoritative + * for the suffix of the certificate's Common Name (CN). For example, if the CN is + * `*.example.com`, the hosted zone ID must point to a Route 53 zone authoritative + * for `example.com`. + * + * @param {string} requestId the CloudFormation request ID + * @param {string} domainName the Common Name (CN) field for the requested certificate + * @param {string} hostedZoneId the Route53 Hosted Zone ID + * @returns {string} Validated certificate ARN + */ +const requestCertificate = async function (requestId, domainName, subjectAlternativeNames, certificateTransparencyLoggingPreference, hostedZoneId, region, route53Endpoint) { + const crypto = require('crypto'); + const acm = new aws.ACM({ region }); + const route53 = route53Endpoint ? new aws.Route53({ endpoint: route53Endpoint }) : new aws.Route53(); + if (waiter) { + // Used by the test suite, since waiters aren't mockable yet + route53.waitFor = acm.waitFor = waiter; + } + + console.log(`Requesting certificate for ${domainName}`); + + const reqCertResponse = await acm.requestCertificate({ + DomainName: domainName, + SubjectAlternativeNames: subjectAlternativeNames, + Options: { + CertificateTransparencyLoggingPreference: certificateTransparencyLoggingPreference + }, + IdempotencyToken: crypto.createHash('sha256').update(requestId).digest('hex').slice(0, 32), + ValidationMethod: 'DNS' + }).promise(); + + console.log(`Certificate ARN: ${reqCertResponse.CertificateArn}`); + + console.log('Waiting for ACM to provide DNS records for validation...'); + + let records = []; + for (let attempt = 0; attempt < maxAttempts && !records.length; attempt++) { + const { Certificate } = await acm.describeCertificate({ + CertificateArn: reqCertResponse.CertificateArn + }).promise(); + + records = getDomainValidationRecords(Certificate); + if (!records.length) { + // Exponential backoff with jitter based on 200ms base + // component of backoff fixed to ensure minimum total wait time on + // slow targets. + const base = Math.pow(2, attempt); + await sleep(random() * base * 50 + base * 150); + } + } + if (!records.length) { + throw new Error(`Response from describeCertificate did not contain DomainValidationOptions after ${maxAttempts} attempts.`) + } + + console.log(`Upserting ${records.length} DNS records into zone ${hostedZoneId}:`); + + await commitRoute53Records(route53, records, hostedZoneId); + + console.log('Waiting for validation...'); + await acm.waitFor('certificateValidated', { + // Wait up to 9 minutes and 30 seconds + $waiter: { + delay: 30, + maxAttempts: 19 + }, + CertificateArn: reqCertResponse.CertificateArn + }).promise(); + + return reqCertResponse.CertificateArn; +}; + +/** + * Deletes a certificate from AWS Certificate Manager (ACM) by its ARN. + * If the certificate does not exist, the function will return normally. + * + * @param {string} arn The certificate ARN + */ +const deleteCertificate = async function (arn, region, hostedZoneId, route53Endpoint, cleanupRecords) { + const acm = new aws.ACM({ region }); + const route53 = route53Endpoint ? new aws.Route53({ endpoint: route53Endpoint }) : new aws.Route53(); + if (waiter) { + // Used by the test suite, since waiters aren't mockable yet + route53.waitFor = acm.waitFor = waiter; + } + + try { + console.log(`Waiting for certificate ${arn} to become unused`); + + let inUseByResources; + let records = []; + for (let attempt = 0; attempt < maxAttempts; attempt++) { + const { Certificate } = await acm.describeCertificate({ + CertificateArn: arn + }).promise(); + + if (cleanupRecords) { + records = getDomainValidationRecords(Certificate); + } + inUseByResources = Certificate.InUseBy || []; + + if (inUseByResources.length || !records.length) { + // Exponential backoff with jitter based on 200ms base + // component of backoff fixed to ensure minimum total wait time on + // slow targets. + const base = Math.pow(2, attempt); + await sleep(random() * base * 50 + base * 150); + } else { + break; + } + } + + if (inUseByResources.length) { + throw new Error(`Response from describeCertificate did not contain an empty InUseBy list after ${maxAttempts} attempts.`) + } + if (cleanupRecords && !records.length) { + throw new Error(`Response from describeCertificate did not contain DomainValidationOptions after ${maxAttempts} attempts.`) + } + + console.log(`Deleting certificate ${arn}`); + + await acm.deleteCertificate({ + CertificateArn: arn + }).promise(); + + if (cleanupRecords) { + console.log(`Deleting ${records.length} DNS records from zone ${hostedZoneId}:`); + + await commitRoute53Records(route53, records, hostedZoneId, 'DELETE'); + } + + } catch (err) { + if (err.name !== 'ResourceNotFoundException') { + throw err; + } + } +}; + +/** + * Retrieve the unique domain validation options as records to be upserted (or deleted) from Route53. + * + * Returns an empty array ([]) if the domain validation options is empty or the records are not yet ready. + */ +function getDomainValidationRecords(certificate) { + const options = certificate.DomainValidationOptions || []; + // Ensure all records are ready; there is (at least a theory there's) a chance of a partial response here in rare cases. + if (options.length > 0 && options.every(opt => opt && !!opt.ResourceRecord)) { + // some alternative names will produce the same validation record + // as the main domain (eg. example.com + *.example.com) + // filtering duplicates to avoid errors with adding the same record + // to the route53 zone twice + const unique = options + .map((val) => val.ResourceRecord) + .reduce((acc, cur) => { + acc[cur.Name] = cur; + return acc; + }, {}); + return Object.keys(unique).sort().map(key => unique[key]); + } + return []; +} + +/** + * Execute Route53 ChangeResourceRecordSets for a set of records within a Hosted Zone, + * and wait for the records to commit. Defaults to an 'UPSERT' action. + */ +async function commitRoute53Records(route53, records, hostedZoneId, action = 'UPSERT') { + const changeBatch = await route53.changeResourceRecordSets({ + ChangeBatch: { + Changes: records.map((record) => { + console.log(`${record.Name} ${record.Type} ${record.Value}`); + return { + Action: action, + ResourceRecordSet: { + Name: record.Name, + Type: record.Type, + TTL: 60, + ResourceRecords: [{ + Value: record.Value + }] + } + }; + }), + }, + HostedZoneId: hostedZoneId + }).promise(); + + console.log('Waiting for DNS records to commit...'); + await route53.waitFor('resourceRecordSetsChanged', { + // Wait up to 5 minutes + $waiter: { + delay: 30, + maxAttempts: 10 + }, + Id: changeBatch.ChangeInfo.Id + }).promise(); +} + +/** + * Determines whether an update request should request a new certificate + * + * @param {map} oldParams the previously process request parameters + * @param {map} newParams the current process request parameters + * @param {string} physicalResourceId the physicalResourceId + * @returns {boolean} whether or not to request a new certificate + */ +function shouldUpdate(oldParams, newParams, physicalResourceId) { + if (!oldParams) return true; + if (oldParams.DomainName !== newParams.DomainName) return true; + if (oldParams.SubjectAlternativeNames !== newParams.SubjectAlternativeNames) return true; + if (oldParams.CertificateTransparencyLoggingPreference !== newParams.CertificateTransparencyLoggingPreference) return true; + if (oldParams.HostedZoneId !== newParams.HostedZoneId) return true; + if (oldParams.Region !== newParams.Region) return true; + if (!physicalResourceId || !physicalResourceId.startsWith('arn:')) return true; + return false; +} + +/** + * Main handler, invoked by Lambda + */ +exports.certificateRequestHandler = async function (event, context) { + var responseData = {}; + var physicalResourceId; + var certificateArn; + async function processRequest() { + certificateArn = await requestCertificate( + event.RequestId, + event.ResourceProperties.DomainName, + event.ResourceProperties.SubjectAlternativeNames, + event.ResourceProperties.CertificateTransparencyLoggingPreference, + event.ResourceProperties.HostedZoneId, + event.ResourceProperties.Region, + event.ResourceProperties.Route53Endpoint, + ); + responseData.Arn = physicalResourceId = certificateArn; + } + + try { + switch (event.RequestType) { + case 'Create': + await processRequest(); + if (event.ResourceProperties.Tags && physicalResourceId.startsWith('arn:')) { + await addTags(physicalResourceId, event.ResourceProperties.Region, event.ResourceProperties.Tags); + } + break; + case 'Update': + if (shouldUpdate(event.OldResourceProperties, event.ResourceProperties, event.PhysicalResourceId)) { + await processRequest(); + } else { + responseData.Arn = physicalResourceId = event.PhysicalResourceId; + } + if (event.ResourceProperties.Tags && physicalResourceId.startsWith('arn:')) { + await addTags(physicalResourceId, event.ResourceProperties.Region, event.ResourceProperties.Tags); + } + break; + case 'Delete': + physicalResourceId = event.PhysicalResourceId; + const removalPolicy = event.ResourceProperties.RemovalPolicy ?? 'destroy'; + // If the resource didn't create correctly, the physical resource ID won't be the + // certificate ARN, so don't try to delete it in that case. + if (physicalResourceId.startsWith('arn:') && removalPolicy === 'destroy') { + await deleteCertificate( + physicalResourceId, + event.ResourceProperties.Region, + event.ResourceProperties.HostedZoneId, + event.ResourceProperties.Route53Endpoint, + event.ResourceProperties.CleanupRecords === "true", + ); + } + break; + default: + throw new Error(`Unsupported request type ${event.RequestType}`); + } + + console.log(`Uploading SUCCESS response to S3...`); + await report(event, context, 'SUCCESS', physicalResourceId, responseData); + console.log('Done.'); + } catch (err) { + console.log(`Caught error ${err}. Uploading FAILED message to S3.`); + await report(event, context, 'FAILED', physicalResourceId, null, err.message); + } +}; + +/** + * @private + */ +exports.withReporter = function (reporter) { + report = reporter; +}; + +/** + * @private + */ +exports.withDefaultResponseURL = function (url) { + defaultResponseURL = url; +}; + +/** + * @private + */ +exports.withWaiter = function (w) { + waiter = w; +}; + +/** + * @private + */ +exports.resetWaiter = function () { + waiter = undefined; +}; + +/** + * @private + */ +exports.withSleep = function (s) { + sleep = s; +} + +/** + * @private + */ +exports.resetSleep = function () { + sleep = defaultSleep; +} + +/** + * @private + */ +exports.withRandom = function (r) { + random = r; +} + +/** + * @private + */ +exports.resetRandom = function () { + random = Math.random; +} + +/** + * @private + */ +exports.withMaxAttempts = function (ma) { + maxAttempts = ma; +} + +/** + * @private + */ +exports.resetMaxAttempts = function () { + maxAttempts = 10; +} diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..8ecc185e9dbee --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ-dns-validated-certificate.assets.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ-dns-validated-certificate.assets.json new file mode 100644 index 0000000000000..5aaa44e3f2869 --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ-dns-validated-certificate.assets.json @@ -0,0 +1,32 @@ +{ + "version": "21.0.0", + "files": { + "ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672": { + "source": { + "path": "asset.ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "5b59fa131b8bdd3fda9d78a8b7a199cff546fd4f13ffe4d1a707fa21f18f6146": { + "source": { + "path": "integ-dns-validated-certificate.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "5b59fa131b8bdd3fda9d78a8b7a199cff546fd4f13ffe4d1a707fa21f18f6146.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ-dns-validated-certificate.template.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ-dns-validated-certificate.template.json new file mode 100644 index 0000000000000..612bb403b5d0c --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ-dns-validated-certificate.template.json @@ -0,0 +1,188 @@ +{ + "Resources": { + "CertificateCertificateRequestorFunctionServiceRoleC04C13DA": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "acm:AddTagsToCertificate", + "acm:DeleteCertificate", + "acm:DescribeCertificate", + "acm:RequestCertificate", + "route53:GetChange" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "route53:changeResourceRecordSets", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":route53:::hostedzone/Z23ABC4XYZL05B" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC", + "Roles": [ + { + "Ref": "CertificateCertificateRequestorFunctionServiceRoleC04C13DA" + } + ] + } + }, + "CertificateCertificateRequestorFunction5E845413": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672.zip" + }, + "Role": { + "Fn::GetAtt": [ + "CertificateCertificateRequestorFunctionServiceRoleC04C13DA", + "Arn" + ] + }, + "Handler": "index.certificateRequestHandler", + "Runtime": "nodejs14.x", + "Timeout": 900 + }, + "DependsOn": [ + "CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC", + "CertificateCertificateRequestorFunctionServiceRoleC04C13DA" + ] + }, + "CertificateCertificateRequestorResource2890C6B7": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CertificateCertificateRequestorFunction5E845413", + "Arn" + ] + }, + "DomainName": "*.example.com", + "HostedZoneId": "Z23ABC4XYZL05B", + "RemovalPolicy": "retain" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Outputs": { + "CertificateArn": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "AWS::Region" + }, + ".console.aws.amazon.com/acm/home?region=", + { + "Ref": "AWS::Region" + }, + "#/certificates/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::GetAtt": [ + "CertificateCertificateRequestorResource2890C6B7", + "Arn" + ] + } + ] + } + ] + } + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ.json new file mode 100644 index 0000000000000..11b3ba887235c --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integ.json @@ -0,0 +1,14 @@ +{ + "enableLookups": true, + "version": "21.0.0", + "testCases": { + "integ-test/DefaultTest": { + "stacks": [ + "integ-dns-validated-certificate" + ], + "diffAssets": true, + "assertionStack": "integ-test/DefaultTest/DeployAssert", + "assertionStackName": "integtestDefaultTestDeployAssert24D5C536" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json new file mode 100644 index 0000000000000..c6322e79691df --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestDefaultTestDeployAssert24D5C536.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integtestDefaultTestDeployAssert24D5C536.template.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integtestDefaultTestDeployAssert24D5C536.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/integtestDefaultTestDeployAssert24D5C536.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..9f6568a8b811f --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/manifest.json @@ -0,0 +1,135 @@ +{ + "version": "21.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "integ-dns-validated-certificate.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integ-dns-validated-certificate.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integ-dns-validated-certificate": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integ-dns-validated-certificate.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5b59fa131b8bdd3fda9d78a8b7a199cff546fd4f13ffe4d1a707fa21f18f6146.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integ-dns-validated-certificate.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integ-dns-validated-certificate.assets" + ], + "metadata": { + "/integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CertificateCertificateRequestorFunctionServiceRoleC04C13DA" + } + ], + "/integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC" + } + ], + "/integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CertificateCertificateRequestorFunction5E845413" + } + ], + "/integ-dns-validated-certificate/Certificate/CertificateRequestorResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "CertificateCertificateRequestorResource2890C6B7" + } + ], + "/integ-dns-validated-certificate/CertificateArn": [ + { + "type": "aws:cdk:logicalId", + "data": "CertificateArn" + } + ], + "/integ-dns-validated-certificate/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-dns-validated-certificate/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-dns-validated-certificate" + }, + "integtestDefaultTestDeployAssert24D5C536.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestDefaultTestDeployAssert24D5C536.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestDefaultTestDeployAssert24D5C536": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestDefaultTestDeployAssert24D5C536.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestDefaultTestDeployAssert24D5C536.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestDefaultTestDeployAssert24D5C536.assets" + ], + "metadata": { + "/integ-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-test/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/tree.json b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/tree.json new file mode 100644 index 0000000000000..5f0cd725d482e --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.integ.snapshot/tree.json @@ -0,0 +1,285 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.102" + } + }, + "integ-dns-validated-certificate": { + "id": "integ-dns-validated-certificate", + "path": "integ-dns-validated-certificate", + "children": { + "HostedZone": { + "id": "HostedZone", + "path": "integ-dns-validated-certificate/HostedZone", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "Certificate": { + "id": "Certificate", + "path": "integ-dns-validated-certificate/Certificate", + "children": { + "CertificateRequestorFunction": { + "id": "CertificateRequestorFunction", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "acm:AddTagsToCertificate", + "acm:DeleteCertificate", + "acm:DescribeCertificate", + "acm:RequestCertificate", + "route53:GetChange" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "route53:changeResourceRecordSets", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":route53:::hostedzone/Z23ABC4XYZL05B" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC", + "roles": [ + { + "Ref": "CertificateCertificateRequestorFunctionServiceRoleC04C13DA" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorFunction/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "ef671dfd26b6dde1f73a4325587504813605a928622ebc466f4d0de6a0f3b672.zip" + }, + "role": { + "Fn::GetAtt": [ + "CertificateCertificateRequestorFunctionServiceRoleC04C13DA", + "Arn" + ] + }, + "handler": "index.certificateRequestHandler", + "runtime": "nodejs14.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "CertificateRequestorResource": { + "id": "CertificateRequestorResource", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorResource", + "children": { + "Default": { + "id": "Default", + "path": "integ-dns-validated-certificate/Certificate/CertificateRequestorResource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-certificatemanager.DnsValidatedCertificate", + "version": "0.0.0" + } + }, + "CertificateArn": { + "id": "CertificateArn", + "path": "integ-dns-validated-certificate/CertificateArn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "integ-test": { + "id": "integ-test", + "path": "integ-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.102" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-test/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts index 5ed77764de122..688a17ef25a69 100644 --- a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts @@ -1,7 +1,7 @@ import { Template } from '@aws-cdk/assertions'; import * as iam from '@aws-cdk/aws-iam'; import { HostedZone, PublicHostedZone } from '@aws-cdk/aws-route53'; -import { App, Stack, Token, Tags } from '@aws-cdk/core'; +import { App, Stack, Token, Tags, RemovalPolicy } from '@aws-cdk/core'; import { DnsValidatedCertificate } from '../lib/dns-validated-certificate'; test('creates CloudFormation Custom Resource', () => { @@ -266,4 +266,36 @@ test('test transparency logging settings is passed to the custom resource', () = }, CertificateTransparencyLoggingPreference: 'DISABLED', }); -}); \ No newline at end of file +}); + +test('can set removal policy', () => { + const stack = new Stack(); + + const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', { + zoneName: 'example.com', + }); + + const cert = new DnsValidatedCertificate(stack, 'Certificate', { + domainName: 'test.example.com', + hostedZone: exampleDotComZone, + subjectAlternativeNames: ['test2.example.com'], + cleanupRoute53Records: true, + }); + cert.applyRemovalPolicy(RemovalPolicy.RETAIN); + + Template.fromStack(stack).hasResourceProperties('AWS::CloudFormation::CustomResource', { + DomainName: 'test.example.com', + SubjectAlternativeNames: ['test2.example.com'], + RemovalPolicy: 'retain', + ServiceToken: { + 'Fn::GetAtt': [ + 'CertificateCertificateRequestorFunction5E845413', + 'Arn', + ], + }, + HostedZoneId: { + Ref: 'ExampleDotCom4D1B83AA', + }, + CleanupRecords: 'true', + }); +}); diff --git a/packages/@aws-cdk/aws-certificatemanager/test/integ.dns-validated-certificate.ts b/packages/@aws-cdk/aws-certificatemanager/test/integ.dns-validated-certificate.ts new file mode 100644 index 0000000000000..b5717d16b0005 --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/integ.dns-validated-certificate.ts @@ -0,0 +1,50 @@ +import { PublicHostedZone } from '@aws-cdk/aws-route53'; +import { App, Stack, RemovalPolicy, CfnOutput, Fn } from '@aws-cdk/core'; +import { IntegTest } from '@aws-cdk/integ-tests'; +import { DnsValidatedCertificate, CertificateValidation } from '../lib'; + +/** + * In order to test this you need to have a valid public hosted zone that you can use + * to request certificates for. Currently there is not a great way to test scenarios that involve + * multiple deploys so this is what I did to test these scenarios. + * + * 1. comment out the `cert.applyRemovalPolicy` line to create the certificate + * 2. Run `yarn integ --update-on-failed --no-clean` + * 3. uncomment the line to apply the removal policy + * 4. Run `yarn integ --update-on-failed --no-clean` to validate that changing + * that property does not cause a new certificate to be created + * 5. Run `yarn integ --force` to run the test again. Since we didn't pass `--no-clean` + * the stack will be deleted + * 6. Validate that the certificate was not deleted. + * 7. Delete the certificate manually. + */ + +const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID; +if (!hostedZoneId) throw new Error('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID"'); +const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME; +if (!hostedZoneName) throw new Error('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME"'); +const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME; +if (!domainName) throw new Error('For this test you must provide your own Domain Name as an env var "DOMAIN_NAME"'); + +const app = new App(); +const stack = new Stack(app, 'integ-dns-validated-certificate'); +const hostedZone = PublicHostedZone.fromHostedZoneAttributes(stack, 'HostedZone', { + hostedZoneId, + zoneName: hostedZoneName, +}); + +const cert = new DnsValidatedCertificate(stack, 'Certificate', { + domainName, + hostedZone, + validation: CertificateValidation.fromDns(hostedZone), +}); +cert.applyRemovalPolicy(RemovalPolicy.RETAIN); +new CfnOutput(stack, 'CertificateArn', { + value: `https://${stack.region}.console.aws.amazon.com/acm/home?region=${stack.region}#/certificates/${Fn.select(1, Fn.split('/', cert.certificateArn))}`, +}); + +new IntegTest(app, 'integ-test', { + testCases: [stack], + diffAssets: true, + enableLookups: true, +}); diff --git a/packages/@aws-cdk/aws-rds/lib/instance-engine.ts b/packages/@aws-cdk/aws-rds/lib/instance-engine.ts index 211bbfd154b31..cada0ef139c4a 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance-engine.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance-engine.ts @@ -350,6 +350,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_6_7 = MariaDbEngineVersion.of('10.6.7', '10.6'); /** Version "10.6.8". */ public static readonly VER_10_6_8 = MariaDbEngineVersion.of('10.6.8', '10.6'); + /** Version "10.6.10". */ + public static readonly VER_10_6_10 = MariaDbEngineVersion.of('10.6.10', '10.6'); /** * Create a new MariaDbEngineVersion with an arbitrary version. @@ -546,6 +548,10 @@ export class MysqlEngineVersion { public static readonly VER_5_7_36 = MysqlEngineVersion.of('5.7.36', '5.7'); /** Version "5.7.37". */ public static readonly VER_5_7_37 = MysqlEngineVersion.of('5.7.37', '5.7'); + /** Version "5.7.38". */ + public static readonly VER_5_7_38 = MysqlEngineVersion.of('5.7.38', '5.7'); + /** Version "5.7.39". */ + public static readonly VER_5_7_39 = MysqlEngineVersion.of('5.7.39', '5.7'); /** Version "8.0" (only a major version, without a specific minor version). */ public static readonly VER_8_0 = MysqlEngineVersion.of('8.0', '8.0'); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/athena/start-query-execution.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/athena/start-query-execution.ts index ba3f68b95abb1..9918535134c67 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/athena/start-query-execution.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/athena/start-query-execution.ts @@ -106,7 +106,15 @@ export class AthenaStartQueryExecution extends sfn.TaskStateBase { 's3:ListBucketMultipartUploads', 's3:ListMultipartUploadParts', 's3:PutObject'], - resources: [this.props.resultConfiguration?.outputLocation?.bucketName ? `arn:aws:s3:::${this.props.resultConfiguration?.outputLocation?.bucketName}/${this.props.resultConfiguration?.outputLocation?.objectKey}/*` : '*'], // Need S3 location where data is stored or Athena throws an Unable to verify/create output bucket https://docs.aws.amazon.com/athena/latest/ug/security-iam-athena.html + resources: [ + this.props.resultConfiguration?.outputLocation?.bucketName + ? cdk.Stack.of(this).formatArn({ + service: 's3', + resource: this.props.resultConfiguration?.outputLocation?.bucketName, + resourceName: this.props.resultConfiguration?.outputLocation?.objectKey, + }) + : '*', + ], }), ); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emrcontainers/start-job-run.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emrcontainers/start-job-run.ts index 02de5afaf5a4a..b2f6c98531445 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emrcontainers/start-job-run.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/emrcontainers/start-job-run.ts @@ -280,7 +280,10 @@ export class EmrContainersStartJobRun extends sfn.TaskStateBase implements iam.I jobExecutionRole.addToPrincipalPolicy( new iam.PolicyStatement({ resources: [ - 'arn:aws:logs:*:*:*', + cdk.Stack.of(this).formatArn({ + service: 'logs', + resource: '*', + }), ], actions: [ 'logs:DescribeLogGroups', @@ -301,7 +304,10 @@ export class EmrContainersStartJobRun extends sfn.TaskStateBase implements iam.I this.role.addToPrincipalPolicy( new iam.PolicyStatement({ resources: [ - 'arn:aws:logs:*:*:*', + cdk.Stack.of(this).formatArn({ + service: 'logs', + resource: '*', + }), ], actions: [ 'logs:DescribeLogGroups', diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts index c2936afc2d751..6b3c24b62a045 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts @@ -1,3 +1,4 @@ +import { Template, Match } from '@aws-cdk/assertions'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import * as cdk from '@aws-cdk/core'; import { AthenaStartQueryExecution, EncryptionOption } from '../../lib/athena/start-query-execution'; @@ -174,4 +175,62 @@ describe('Start Query Execution', () => { // THEN expect(stack.resolve(task.toStateJson())).not.toHaveProperty('Parameters.QueryExecutionContext'); }); + + test('bucket arn is formatted as expected in generated policy', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const task = new AthenaStartQueryExecution(stack, 'Query', { + queryString: 'CREATE DATABASE database', + clientRequestToken: 'unique-client-request-token', + resultConfiguration: { + outputLocation: { + bucketName: 'query-results-bucket', + objectKey: 'folder', + }, + }, + }); + + new sfn.StateMachine(stack, 'StateMachine', { + definition: task, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: Match.objectLike({ + Statement: Match.arrayWith([ + { + Action: [ + 's3:AbortMultipartUpload', + 's3:ListBucketMultipartUploads', + 's3:ListMultipartUploadParts', + 's3:PutObject', + ], + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':s3:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':query-results-bucket/folder', + ], + ], + }, + }, + ]), + }), + }); + }); }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip index cd5a78b26d045..5e88259eaadf5 100644 Binary files a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip and b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip index 2b20e7052c639..b51c0dcc7d103 100644 Binary files a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip and b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip index ac6ffb77173eb..dee385f9daf4d 100644 Binary files a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip and b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip differ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-integ.assets.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-integ.assets.json deleted file mode 100644 index 4b513a320626b..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-integ.assets.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "version": "21.0.0", - "files": { - "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee": { - "source": { - "path": "asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6": { - "source": { - "path": "asset.2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671": { - "source": { - "path": "asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb": { - "source": { - "path": "asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc": { - "source": { - "path": "asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed": { - "source": { - "path": "asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "7898fbcc6db6b68c168938b50e8d56a7d18b11f8ae6ec9a35bf6066ce31bd5f1": { - "source": { - "path": "awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksClusterResourceProviderA10A0351.nested.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7898fbcc6db6b68c168938b50e8d56a7d18b11f8ae6ec9a35bf6066ce31bd5f1.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "54df503311a78fbc844bf698bbfa009360873e3953c9e41259dd5f7dec3a4f25": { - "source": { - "path": "awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksKubectlProvider97EB2B07.nested.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "54df503311a78fbc844bf698bbfa009360873e3953c9e41259dd5f7dec3a4f25.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "5df06a818955e286053e36b052b26b0a585b1f9203624e95f1eeda1411934709": { - "source": { - "path": "aws-stepfunctions-tasks-emr-containers-all-services-integ.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5df06a818955e286053e36b052b26b0a585b1f9203624e95f1eeda1411934709.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-integ.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-integ.template.json deleted file mode 100644 index d91f2d8266cdd..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-integ.template.json +++ /dev/null @@ -1,1564 +0,0 @@ -{ - "Resources": { - "integrationtesteksclusterDefaultVpc395E1A86": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317" - } - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcIGW9ADAFE6F" - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317" - }, - "AllocationId": { - "Fn::GetAtt": [ - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "AllocationId" - ] - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7" - ] - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11" - } - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcIGW9ADAFE6F" - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11" - }, - "AllocationId": { - "Fn::GetAtt": [ - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "AllocationId" - ] - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52" - ] - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PrivateSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PrivateSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - } - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9" - } - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PrivateSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc/PrivateSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - } - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761" - } - } - }, - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-all-services-integ/integration-test-eks-cluster/DefaultVpc" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "InternetGatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcIGW9ADAFE6F" - } - } - }, - "integrationtesteksclusterRole03F70AF0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - } - ] - } - }, - "integrationtesteksclusterControlPlaneSecurityGroup6E92F333": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - } - } - }, - "integrationtesteksclusterCreationRoleB98FE02A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F", - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5", - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8", - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7", - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317", - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52", - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11", - "integrationtesteksclusterDefaultVpc395E1A86", - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterCreationRoleDefaultPolicy5417802D": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "integrationtesteksclusterRole03F70AF0", - "Arn" - ] - } - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", - "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:listAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "integrationtesteksclusterCreationRoleDefaultPolicy5417802D", - "Roles": [ - { - "Ref": "integrationtesteksclusterCreationRoleB98FE02A" - } - ] - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F", - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5", - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8", - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7", - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317", - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52", - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11", - "integrationtesteksclusterDefaultVpc395E1A86", - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterE5C0ED98": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksClusterResourceProviderframeworkonEventFF3F425BArn" - ] - }, - "Config": { - "version": "1.21", - "roleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterRole03F70AF0", - "Arn" - ] - }, - "resourcesVpcConfig": { - "subnetIds": [ - { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - } - ], - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "integrationtesteksclusterControlPlaneSecurityGroup6E92F333", - "GroupId" - ] - } - ], - "endpointPublicAccess": true, - "endpointPrivateAccess": true - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "AttributesRevision": 2 - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F", - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5", - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8", - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7", - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317", - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52", - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11", - "integrationtesteksclusterDefaultVpc395E1A86", - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204", - "integrationtesteksclusterCreationRoleDefaultPolicy5417802D", - "integrationtesteksclusterCreationRoleB98FE02A" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "integrationtesteksclusterKubectlReadyBarrier0D4A21B0": { - "Type": "AWS::SSM::Parameter", - "Properties": { - "Type": "String", - "Value": "aws:cdk:eks:kubectl-ready" - }, - "DependsOn": [ - "integrationtesteksclusterCreationRoleDefaultPolicy5417802D", - "integrationtesteksclusterCreationRoleB98FE02A", - "integrationtesteksclusterE5C0ED98" - ] - }, - "integrationtesteksclusterMastersRole63B9B0BF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "integrationtesteksclusterAwsAuthmanifestAEF9C6DF": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksKubectlProviderframeworkonEvent3B33A326Arn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c89f1e1be2a935f1b46af591dd13f7d1a5d084570d\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - }, - "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "integrationtesteksclusterNodegroupDefaultCapacityNodeGroupRole75D45BA7", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "RoleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c89f1e1be2a935f1b46af591dd13f7d1a5d084570d", - "Overwrite": true - }, - "DependsOn": [ - "integrationtesteksclusterKubectlReadyBarrier0D4A21B0" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "integrationtesteksclusterNodegroupDefaultCapacityNodeGroupRole75D45BA7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "integrationtesteksclusterNodegroupDefaultCapacity536CF32C": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "ClusterName": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "NodeRole": { - "Fn::GetAtt": [ - "integrationtesteksclusterNodegroupDefaultCapacityNodeGroupRole75D45BA7", - "Arn" - ] - }, - "Subnets": [ - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - } - ], - "AmiType": "AL2_x86_64", - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.xlarge" - ], - "ScalingConfig": { - "DesiredSize": 3, - "MaxSize": 3, - "MinSize": 3 - } - } - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/7898fbcc6db6b68c168938b50e8d56a7d18b11f8ae6ec9a35bf6066ce31bd5f1.json" - ] - ] - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - } - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/54df503311a78fbc844bf698bbfa009360873e3953c9e41259dd5f7dec3a4f25.json" - ] - ] - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterE5C0ED98", - "Arn" - ] - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetFBC220C4Ref": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet7E4A5E3BRef": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EClusterSecurityGroupId": { - "Fn::GetAtt": [ - "integrationtesteksclusterE5C0ED98", - "ClusterSecurityGroupId" - ] - } - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "JobExecutionRoleF19B4342": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "emr-containers.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region" - }, - "states" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "JobExecutionRolePolicy6968CCB9": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "StartaJobRunMonitoringBucket899C33D9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "StartaJobRunMonitoringBucket899C33D9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "StartaJobRunMonitoringLogGroupD033B7AF", - "Arn" - ] - } - }, - { - "Action": "logs:DescribeLogStreams", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "StartaJobRunMonitoringLogGroupD033B7AF", - "Arn" - ] - } - }, - { - "Action": "logs:DescribeLogGroups", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "JobExecutionRolePolicy6968CCB9", - "Roles": [ - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "JobExecutionRoleF19B4342", - "Arn" - ] - } - ] - } - ] - } - ] - } - ] - } - ] - } - }, - "StartaJobRunMonitoringLogGroupD033B7AF": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 731 - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "StartaJobRunMonitoringBucket899C33D9": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "StateMachineRoleB840431D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region" - }, - "states" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StateMachineRoleDefaultPolicyDF1E6607": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "emr-containers:CreateVirtualCluster", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "emr-containers.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers" - ] - ] - } - }, - { - "Action": "emr-containers:StartJobRun", - "Condition": { - "StringEquals": { - "emr-containers:ExecutionRoleArn": { - "Fn::GetAtt": [ - "JobExecutionRoleF19B4342", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":emr-containers:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":/virtualclusters/*" - ] - ] - } - }, - { - "Action": [ - "emr-containers:DescribeJobRun", - "emr-containers:CancelJobRun" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":emr-containers:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":/virtualclusters/*" - ] - ] - } - }, - { - "Action": "emr-containers:DeleteVirtualCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":emr-containers:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":/virtualclusters/*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "StateMachineRoleDefaultPolicyDF1E6607", - "Roles": [ - { - "Ref": "StateMachineRoleB840431D" - } - ] - } - }, - "StateMachine2E01A3A5": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRoleB840431D", - "Arn" - ] - }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Create a virtual Cluster\",\"States\":{\"Create a virtual Cluster\":{\"Next\":\"Start a Job Run\",\"Type\":\"Task\",\"ResultPath\":\"$.cluster\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::emr-containers:createVirtualCluster\",\"Parameters\":{\"Name\":\"Virtual-Cluster-Name\",\"ContainerProvider\":{\"Id\":\"", - { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "\",\"Info\":{\"EksInfo\":{\"Namespace\":\"default\"}},\"Type\":\"EKS\"}}},\"Start a Job Run\":{\"Next\":\"Delete a Virtual Cluster\",\"Type\":\"Task\",\"ResultPath\":\"$.job\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::emr-containers:startJobRun.sync\",\"Parameters\":{\"VirtualClusterId.$\":\"$.cluster.Id\",\"Name\":\"EMR-Containers-Job\",\"ExecutionRoleArn\":\"", - { - "Fn::GetAtt": [ - "JobExecutionRoleF19B4342", - "Arn" - ] - }, - "\",\"ReleaseLabel\":\"emr-6.2.0-latest\",\"JobDriver\":{\"SparkSubmitJobDriver\":{\"EntryPoint\":\"local:///usr/lib/spark/examples/src/main/python/pi.py\",\"EntryPointArguments\":[\"2\"],\"SparkSubmitParameters\":\"--conf spark.driver.memory=512M --conf spark.kubernetes.driver.request.cores=0.2 --conf spark.kubernetes.executor.request.cores=0.2 --conf spark.sql.shuffle.partitions=60 --conf spark.dynamicAllocation.enabled=false\"}},\"ConfigurationOverrides\":{\"ApplicationConfiguration\":[{\"Classification\":\"spark-defaults\",\"Properties\":{\"spark.executor.instances\":\"1\",\"spark.executor.memory\":\"512M\"}}],\"MonitoringConfiguration\":{\"CloudWatchMonitoringConfiguration\":{\"LogGroupName\":\"", - { - "Ref": "StartaJobRunMonitoringLogGroupD033B7AF" - }, - "\"},\"PersistentAppUI\":\"ENABLED\",\"S3MonitoringConfiguration\":{\"LogUri\":\"s3://", - { - "Ref": "StartaJobRunMonitoringBucket899C33D9" - }, - "\"}}}}},\"Delete a Virtual Cluster\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::emr-containers:deleteVirtualCluster\",\"Parameters\":{\"Id.$\":\"$.job.VirtualClusterId\"}}},\"TimeoutSeconds\":1200}" - ] - ] - } - }, - "DependsOn": [ - "StateMachineRoleDefaultPolicyDF1E6607", - "StateMachineRoleB840431D" - ] - } - }, - "Outputs": { - "integrationtesteksclusterConfigCommandFA814999": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - } - ] - ] - } - }, - "integrationtesteksclusterGetTokenCommandD7B92682": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - } - ] - ] - } - }, - "stateMachineArn": { - "Value": { - "Ref": "StateMachine2E01A3A5" - } - } - }, - "Mappings": { - "ServiceprincipalMap": { - "af-south-1": { - "states": "states.af-south-1.amazonaws.com" - }, - "ap-east-1": { - "states": "states.ap-east-1.amazonaws.com" - }, - "ap-northeast-1": { - "states": "states.ap-northeast-1.amazonaws.com" - }, - "ap-northeast-2": { - "states": "states.ap-northeast-2.amazonaws.com" - }, - "ap-northeast-3": { - "states": "states.ap-northeast-3.amazonaws.com" - }, - "ap-south-1": { - "states": "states.ap-south-1.amazonaws.com" - }, - "ap-southeast-1": { - "states": "states.ap-southeast-1.amazonaws.com" - }, - "ap-southeast-2": { - "states": "states.ap-southeast-2.amazonaws.com" - }, - "ap-southeast-3": { - "states": "states.ap-southeast-3.amazonaws.com" - }, - "ca-central-1": { - "states": "states.ca-central-1.amazonaws.com" - }, - "cn-north-1": { - "states": "states.cn-north-1.amazonaws.com" - }, - "cn-northwest-1": { - "states": "states.cn-northwest-1.amazonaws.com" - }, - "eu-central-1": { - "states": "states.eu-central-1.amazonaws.com" - }, - "eu-north-1": { - "states": "states.eu-north-1.amazonaws.com" - }, - "eu-south-1": { - "states": "states.eu-south-1.amazonaws.com" - }, - "eu-south-2": { - "states": "states.eu-south-2.amazonaws.com" - }, - "eu-west-1": { - "states": "states.eu-west-1.amazonaws.com" - }, - "eu-west-2": { - "states": "states.eu-west-2.amazonaws.com" - }, - "eu-west-3": { - "states": "states.eu-west-3.amazonaws.com" - }, - "me-south-1": { - "states": "states.me-south-1.amazonaws.com" - }, - "sa-east-1": { - "states": "states.sa-east-1.amazonaws.com" - }, - "us-east-1": { - "states": "states.us-east-1.amazonaws.com" - }, - "us-east-2": { - "states": "states.us-east-2.amazonaws.com" - }, - "us-gov-east-1": { - "states": "states.us-gov-east-1.amazonaws.com" - }, - "us-gov-west-1": { - "states": "states.us-gov-west-1.amazonaws.com" - }, - "us-iso-east-1": { - "states": "states.amazonaws.com" - }, - "us-iso-west-1": { - "states": "states.amazonaws.com" - }, - "us-isob-east-1": { - "states": "states.amazonaws.com" - }, - "us-west-1": { - "states": "states.us-west-1.amazonaws.com" - }, - "us-west-2": { - "states": "states.us-west-2.amazonaws.com" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.assets.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.assets.json index 2bccc08e57400..042373f52e796 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.assets.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.assets.json @@ -105,7 +105,7 @@ } } }, - "c662f656c61c4a82cb951b84c3fe536eb062ff48b73d70adf502cb20d7f4f046": { + "229a1b96384e2842cbf330c28b09b649d8739fc5697fe7e3b375e9a90b007bb0": { "source": { "path": "aws-stepfunctions-tasks-emr-containers-all-services-test.template.json", "packaging": "file" @@ -113,7 +113,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c662f656c61c4a82cb951b84c3fe536eb062ff48b73d70adf502cb20d7f4f046.json", + "objectKey": "229a1b96384e2842cbf330c28b09b649d8739fc5697fe7e3b375e9a90b007bb0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json index a1ca42923b6dd..3a3637306c5ad 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json @@ -1093,7 +1093,26 @@ { "Action": "logs:DescribeLogGroups", "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksClusterResourceProviderA10A0351.nested.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksClusterResourceProviderA10A0351.nested.template.json deleted file mode 100644 index dbddc28f421b1..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksClusterResourceProviderA10A0351.nested.template.json +++ /dev/null @@ -1,863 +0,0 @@ -{ - "Resources": { - "NodeProxyAgentLayer924C1971": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip" - }, - "Description": "/opt/nodejs/node_modules/proxy-agent" - } - }, - "OnEventHandlerServiceRole15A26729": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "OnEventHandlerServiceRoleDefaultPolicyC57085D4": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "OnEventHandlerServiceRoleDefaultPolicyC57085D4", - "Roles": [ - { - "Ref": "OnEventHandlerServiceRole15A26729" - } - ] - } - }, - "OnEventHandler42BEBAE0": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6.zip" - }, - "Role": { - "Fn::GetAtt": [ - "OnEventHandlerServiceRole15A26729", - "Arn" - ] - }, - "Description": "onEvent handler for EKS cluster resource provider", - "Environment": { - "Variables": { - "AWS_STS_REGIONAL_ENDPOINTS": "regional" - } - }, - "Handler": "index.onEvent", - "Layers": [ - { - "Ref": "NodeProxyAgentLayer924C1971" - } - ], - "Runtime": "nodejs14.x", - "Timeout": 60 - }, - "DependsOn": [ - "OnEventHandlerServiceRoleDefaultPolicyC57085D4", - "OnEventHandlerServiceRole15A26729" - ] - }, - "IsCompleteHandlerServiceRole5810CC58": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", - "Roles": [ - { - "Ref": "IsCompleteHandlerServiceRole5810CC58" - } - ] - } - }, - "IsCompleteHandler7073F4DA": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6.zip" - }, - "Role": { - "Fn::GetAtt": [ - "IsCompleteHandlerServiceRole5810CC58", - "Arn" - ] - }, - "Description": "isComplete handler for EKS cluster resource provider", - "Environment": { - "Variables": { - "AWS_STS_REGIONAL_ENDPOINTS": "regional" - } - }, - "Handler": "index.isComplete", - "Layers": [ - { - "Ref": "NodeProxyAgentLayer924C1971" - } - ], - "Runtime": "nodejs14.x", - "Timeout": 60 - }, - "DependsOn": [ - "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", - "IsCompleteHandlerServiceRole5810CC58" - ] - }, - "ProviderframeworkonEventServiceRole9FF04296": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": { - "Ref": "Providerwaiterstatemachine5D4A9DF0" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "Roles": [ - { - "Ref": "ProviderframeworkonEventServiceRole9FF04296" - } - ] - } - }, - "ProviderframeworkonEvent83C1D0A7": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonEventServiceRole9FF04296", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (aws-stepfunctions-tasks-emr-containers-all-services-integ/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - "WAITER_STATE_MACHINE_ARN": { - "Ref": "Providerwaiterstatemachine5D4A9DF0" - } - } - }, - "Handler": "framework.onEvent", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "ProviderframeworkonEventServiceRole9FF04296" - ] - }, - "ProviderframeworkisCompleteServiceRoleB1087139": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", - "Roles": [ - { - "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" - } - ] - } - }, - "ProviderframeworkisComplete26D7B0CB": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkisCompleteServiceRoleB1087139", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - isComplete (aws-stepfunctions-tasks-emr-containers-all-services-integ/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - } - } - }, - "Handler": "framework.isComplete", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", - "ProviderframeworkisCompleteServiceRoleB1087139" - ] - }, - "ProviderframeworkonTimeoutServiceRole28643D26": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", - "Roles": [ - { - "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" - } - ] - } - }, - "ProviderframeworkonTimeout0B47CA38": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonTimeoutServiceRole28643D26", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onTimeout (aws-stepfunctions-tasks-emr-containers-all-services-integ/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - } - } - }, - "Handler": "framework.onTimeout", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", - "ProviderframeworkonTimeoutServiceRole28643D26" - ] - }, - "ProviderwaiterstatemachineRole0C7159F9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region" - }, - "states" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", - "Roles": [ - { - "Ref": "ProviderwaiterstatemachineRole0C7159F9" - } - ] - } - }, - "Providerwaiterstatemachine5D4A9DF0": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":60,\"MaxAttempts\":60,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - "\"}}}" - ] - ] - }, - "RoleArn": { - "Fn::GetAtt": [ - "ProviderwaiterstatemachineRole0C7159F9", - "Arn" - ] - } - }, - "DependsOn": [ - "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", - "ProviderwaiterstatemachineRole0C7159F9" - ] - } - }, - "Mappings": { - "ServiceprincipalMap": { - "af-south-1": { - "states": "states.af-south-1.amazonaws.com" - }, - "ap-east-1": { - "states": "states.ap-east-1.amazonaws.com" - }, - "ap-northeast-1": { - "states": "states.ap-northeast-1.amazonaws.com" - }, - "ap-northeast-2": { - "states": "states.ap-northeast-2.amazonaws.com" - }, - "ap-northeast-3": { - "states": "states.ap-northeast-3.amazonaws.com" - }, - "ap-south-1": { - "states": "states.ap-south-1.amazonaws.com" - }, - "ap-southeast-1": { - "states": "states.ap-southeast-1.amazonaws.com" - }, - "ap-southeast-2": { - "states": "states.ap-southeast-2.amazonaws.com" - }, - "ap-southeast-3": { - "states": "states.ap-southeast-3.amazonaws.com" - }, - "ca-central-1": { - "states": "states.ca-central-1.amazonaws.com" - }, - "cn-north-1": { - "states": "states.cn-north-1.amazonaws.com" - }, - "cn-northwest-1": { - "states": "states.cn-northwest-1.amazonaws.com" - }, - "eu-central-1": { - "states": "states.eu-central-1.amazonaws.com" - }, - "eu-north-1": { - "states": "states.eu-north-1.amazonaws.com" - }, - "eu-south-1": { - "states": "states.eu-south-1.amazonaws.com" - }, - "eu-south-2": { - "states": "states.eu-south-2.amazonaws.com" - }, - "eu-west-1": { - "states": "states.eu-west-1.amazonaws.com" - }, - "eu-west-2": { - "states": "states.eu-west-2.amazonaws.com" - }, - "eu-west-3": { - "states": "states.eu-west-3.amazonaws.com" - }, - "me-south-1": { - "states": "states.me-south-1.amazonaws.com" - }, - "sa-east-1": { - "states": "states.sa-east-1.amazonaws.com" - }, - "us-east-1": { - "states": "states.us-east-1.amazonaws.com" - }, - "us-east-2": { - "states": "states.us-east-2.amazonaws.com" - }, - "us-gov-east-1": { - "states": "states.us-gov-east-1.amazonaws.com" - }, - "us-gov-west-1": { - "states": "states.us-gov-west-1.amazonaws.com" - }, - "us-iso-east-1": { - "states": "states.amazonaws.com" - }, - "us-iso-west-1": { - "states": "states.amazonaws.com" - }, - "us-isob-east-1": { - "states": "states.amazonaws.com" - }, - "us-west-1": { - "states": "states.us-west-1.amazonaws.com" - }, - "us-west-2": { - "states": "states.us-west-2.amazonaws.com" - } - } - }, - "Outputs": { - "awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksClusterResourceProviderframeworkonEventFF3F425BArn": { - "Value": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] - } - } - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn": { - "Type": "String" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksKubectlProvider97EB2B07.nested.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksKubectlProvider97EB2B07.nested.template.json deleted file mode 100644 index 00fc1336486bb..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksKubectlProvider97EB2B07.nested.template.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "Resources": { - "HandlerServiceRoleFCDC14AE": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "HandlerServiceRoleDefaultPolicyCBD0CC91": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "eks:DescribeCluster", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EArn" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "HandlerServiceRoleDefaultPolicyCBD0CC91", - "Roles": [ - { - "Ref": "HandlerServiceRoleFCDC14AE" - } - ] - } - }, - "Handler886CB40B": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip" - }, - "Role": { - "Fn::GetAtt": [ - "HandlerServiceRoleFCDC14AE", - "Arn" - ] - }, - "Description": "onEvent handler for EKS kubectl resource provider", - "Handler": "index.handler", - "Layers": [ - { - "Ref": "AwsCliLayerF44AAF94" - }, - { - "Ref": "KubectlLayer600207B5" - } - ], - "MemorySize": 1024, - "Runtime": "python3.7", - "Timeout": 900, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EClusterSecurityGroupId" - } - ], - "SubnetIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetFBC220C4Ref" - }, - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet7E4A5E3BRef" - } - ] - } - }, - "DependsOn": [ - "HandlerServiceRoleDefaultPolicyCBD0CC91", - "HandlerServiceRoleFCDC14AE" - ] - }, - "AwsCliLayerF44AAF94": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip" - }, - "Description": "/opt/awscli/aws" - } - }, - "KubectlLayer600207B5": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip" - }, - "Description": "/opt/kubectl/kubectl and /opt/helm/helm" - } - }, - "ProviderframeworkonEventServiceRole9FF04296": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "Roles": [ - { - "Ref": "ProviderframeworkonEventServiceRole9FF04296" - } - ] - } - }, - "ProviderframeworkonEvent83C1D0A7": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonEventServiceRole9FF04296", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (aws-stepfunctions-tasks-emr-containers-all-services-integ/@aws-cdk--aws-eks.KubectlProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - } - } - }, - "Handler": "framework.onEvent", - "Runtime": "nodejs14.x", - "Timeout": 900, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EClusterSecurityGroupId" - } - ], - "SubnetIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetFBC220C4Ref" - }, - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet7E4A5E3BRef" - } - ] - } - }, - "DependsOn": [ - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "ProviderframeworkonEventServiceRole9FF04296" - ] - } - }, - "Outputs": { - "awsstepfunctionstasksemrcontainersallservicesintegawscdkawseksKubectlProviderframeworkonEvent3B33A326Arn": { - "Value": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] - } - } - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EArn": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterCreationRole78F8A91EArn": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetFBC220C4Ref": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet7E4A5E3BRef": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegintegrationtestekscluster4FFBB19EClusterSecurityGroupId": { - "Type": "String" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/manifest.json index b3491424494b3..0187031cf8440 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c662f656c61c4a82cb951b84c3fe536eb062ff48b73d70adf502cb20d7f4f046.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/229a1b96384e2842cbf330c28b09b649d8739fc5697fe7e3b375e9a90b007bb0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/tree.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/tree.json index 138f9448b6fed..60f2a7fb63c61 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/job-submission-workflow.integ.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "aws-stepfunctions-tasks-emr-containers-all-services-test": { @@ -952,7 +952,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "KubectlReadyBarrier": { @@ -2386,7 +2386,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } } }, @@ -2473,7 +2473,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "@aws-cdk--aws-eks.KubectlProvider": { @@ -3143,7 +3143,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "JobExecutionRole": { @@ -3270,7 +3270,26 @@ { "Action": "logs:DescribeLogGroups", "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } } ], "Version": "2012-10-17" @@ -3659,7 +3678,7 @@ "path": "aws-stepfunctions-tasks-emr-containers-all-services/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "DeployAssert": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip index cd5a78b26d045..5e88259eaadf5 100644 Binary files a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip and b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip index 2b20e7052c639..b51c0dcc7d103 100644 Binary files a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip and b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip index ac6ffb77173eb..dee385f9daf4d 100644 Binary files a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip and b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip differ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.assets.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.assets.json deleted file mode 100644 index f384d82b36be7..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.assets.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "version": "21.0.0", - "files": { - "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee": { - "source": { - "path": "asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6": { - "source": { - "path": "asset.2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671": { - "source": { - "path": "asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb": { - "source": { - "path": "asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc": { - "source": { - "path": "asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed": { - "source": { - "path": "asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "105b4f39ae68785e705640aa91919e412fcba2dd454aca53412747be8d955286": { - "source": { - "path": "asset.105b4f39ae68785e705640aa91919e412fcba2dd454aca53412747be8d955286", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "105b4f39ae68785e705640aa91919e412fcba2dd454aca53412747be8d955286.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "de2da116e1de2db20dc2bc88a1e97df050dde2917a4122674e054e87ee53e334": { - "source": { - "path": "asset.de2da116e1de2db20dc2bc88a1e97df050dde2917a4122674e054e87ee53e334", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "de2da116e1de2db20dc2bc88a1e97df050dde2917a4122674e054e87ee53e334.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "e9aee046003806e01758c649a83bcecd108c5015299bfe2dcd5420c41ee8f115": { - "source": { - "path": "awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksClusterResourceProviderB5D967DC.nested.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e9aee046003806e01758c649a83bcecd108c5015299bfe2dcd5420c41ee8f115.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "df7788eb8853ac792f558c2a91ce072f996448fc7c85114280f48690f53f285f": { - "source": { - "path": "awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderC26A0FC7.nested.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "df7788eb8853ac792f558c2a91ce072f996448fc7c85114280f48690f53f285f.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "b8f3c7427c2da58140cd8b04dcc8d2561dfcb41089839c4aeebd72d0fb807abe": { - "source": { - "path": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b8f3c7427c2da58140cd8b04dcc8d2561dfcb41089839c4aeebd72d0fb807abe.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.template.json deleted file mode 100644 index e3f4fcde73a2f..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test.template.json +++ /dev/null @@ -1,1869 +0,0 @@ -{ - "Resources": { - "integrationtesteksclusterDefaultVpc395E1A86": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317" - } - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcIGW9ADAFE6F" - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317" - }, - "AllocationId": { - "Fn::GetAtt": [ - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "AllocationId" - ] - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7" - ] - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11" - } - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcIGW9ADAFE6F" - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11" - }, - "AllocationId": { - "Fn::GetAtt": [ - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "AllocationId" - ] - }, - "Tags": [ - { - "Key": "kubernetes.io/role/elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PublicSubnet2" - } - ] - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52" - ] - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PrivateSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PrivateSubnet1" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - } - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9" - } - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PrivateSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "Tags": [ - { - "Key": "kubernetes.io/role/internal-elb", - "Value": "1" - }, - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc/PrivateSubnet2" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903" - }, - "SubnetId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - } - } - }, - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761" - } - } - }, - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/integration-test-eks-cluster/DefaultVpc" - } - ] - } - }, - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - }, - "InternetGatewayId": { - "Ref": "integrationtesteksclusterDefaultVpcIGW9ADAFE6F" - } - } - }, - "integrationtesteksclusterRole03F70AF0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "eks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSClusterPolicy" - ] - ] - } - ] - } - }, - "integrationtesteksclusterControlPlaneSecurityGroup6E92F333": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "EKS Control Plane Security Group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "integrationtesteksclusterDefaultVpc395E1A86" - } - } - }, - "integrationtesteksclusterCreationRoleB98FE02A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F", - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5", - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8", - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7", - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317", - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52", - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11", - "integrationtesteksclusterDefaultVpc395E1A86", - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterCreationRoleDefaultPolicy5417802D": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "integrationtesteksclusterRole03F70AF0", - "Arn" - ] - } - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", - "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:listAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "integrationtesteksclusterCreationRoleDefaultPolicy5417802D", - "Roles": [ - { - "Ref": "integrationtesteksclusterCreationRoleB98FE02A" - } - ] - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F", - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5", - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8", - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7", - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317", - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52", - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11", - "integrationtesteksclusterDefaultVpc395E1A86", - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204" - ] - }, - "integrationtesteksclusterE5C0ED98": { - "Type": "Custom::AWSCDK-EKS-Cluster", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", - "Outputs.awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksClusterResourceProviderframeworkonEventD439F3D7Arn" - ] - }, - "Config": { - "version": "1.21", - "roleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterRole03F70AF0", - "Arn" - ] - }, - "resourcesVpcConfig": { - "subnetIds": [ - { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - } - ], - "securityGroupIds": [ - { - "Fn::GetAtt": [ - "integrationtesteksclusterControlPlaneSecurityGroup6E92F333", - "GroupId" - ] - } - ], - "endpointPublicAccess": true, - "endpointPrivateAccess": true - } - }, - "AssumeRoleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "AttributesRevision": 2 - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcIGW9ADAFE6F", - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTable4A47F4AC", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableD7E59903", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5", - "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8", - "integrationtesteksclusterDefaultVpcPublicSubnet1DefaultRoute33CE7FC3", - "integrationtesteksclusterDefaultVpcPublicSubnet1EIP62A0A17B", - "integrationtesteksclusterDefaultVpcPublicSubnet1NATGatewayC9C984F9", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTable1D5A7569", - "integrationtesteksclusterDefaultVpcPublicSubnet1RouteTableAssociation4831B6A7", - "integrationtesteksclusterDefaultVpcPublicSubnet1Subnet58061317", - "integrationtesteksclusterDefaultVpcPublicSubnet2DefaultRoute253A231E", - "integrationtesteksclusterDefaultVpcPublicSubnet2EIPFC53AC43", - "integrationtesteksclusterDefaultVpcPublicSubnet2NATGatewayE109B761", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableA4C7B327", - "integrationtesteksclusterDefaultVpcPublicSubnet2RouteTableAssociation62710C52", - "integrationtesteksclusterDefaultVpcPublicSubnet2Subnet68EAAF11", - "integrationtesteksclusterDefaultVpc395E1A86", - "integrationtesteksclusterDefaultVpcVPCGWE4DC2204", - "integrationtesteksclusterCreationRoleDefaultPolicy5417802D", - "integrationtesteksclusterCreationRoleB98FE02A" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "integrationtesteksclusterKubectlReadyBarrier0D4A21B0": { - "Type": "AWS::SSM::Parameter", - "Properties": { - "Type": "String", - "Value": "aws:cdk:eks:kubectl-ready" - }, - "DependsOn": [ - "integrationtesteksclusterCreationRoleDefaultPolicy5417802D", - "integrationtesteksclusterCreationRoleB98FE02A", - "integrationtesteksclusterE5C0ED98" - ] - }, - "integrationtesteksclusterMastersRole63B9B0BF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "integrationtesteksclusterAwsAuthmanifestAEF9C6DF": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderframeworkonEvent69C4EA38Arn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c89091867a17cdada4a752b4f280c4353e38671b20\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - }, - "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "integrationtesteksclusterNodegroupDefaultCapacityNodeGroupRole75D45BA7", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"arn:aws:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/AWSServiceRoleForAmazonEMRContainers\\\",\\\"username\\\":\\\"emr-containers\\\",\\\"groups\\\":[]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" - ] - ] - }, - "ClusterName": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "RoleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c89091867a17cdada4a752b4f280c4353e38671b20", - "Overwrite": true - }, - "DependsOn": [ - "integrationtesteksclusterKubectlReadyBarrier0D4A21B0" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "integrationtesteksclusterNodegroupDefaultCapacityNodeGroupRole75D45BA7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "integrationtesteksclusterNodegroupDefaultCapacity536CF32C": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "ClusterName": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "NodeRole": { - "Fn::GetAtt": [ - "integrationtesteksclusterNodegroupDefaultCapacityNodeGroupRole75D45BA7", - "Arn" - ] - }, - "Subnets": [ - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - }, - { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - } - ], - "AmiType": "AL2_x86_64", - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.xlarge" - ], - "ScalingConfig": { - "DesiredSize": 3, - "MaxSize": 3, - "MinSize": 3 - } - } - }, - "integrationtesteksclustermanifestemrRoleCCE4E328": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderframeworkonEvent69C4EA38Arn" - ] - }, - "Manifest": "[{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"Role\",\"metadata\":{\"name\":\"emr-containers\",\"namespace\":\"default\",\"labels\":{\"aws.cdk.eks/prune-c8cef729fffd80e01dd767818967a268148bb13a2a\":\"\"}},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"namespaces\"],\"verbs\":[\"get\"]},{\"apiGroups\":[\"\"],\"resources\":[\"serviceaccounts\",\"services\",\"configmaps\",\"events\",\"pods\",\"pods/log\"],\"verbs\":[\"get\",\"list\",\"watch\",\"describe\",\"create\",\"edit\",\"delete\",\"deletecollection\",\"annotate\",\"patch\",\"label\"]},{\"apiGroups\":[\"\"],\"resources\":[\"secrets\"],\"verbs\":[\"create\",\"patch\",\"delete\",\"watch\"]},{\"apiGroups\":[\"apps\"],\"resources\":[\"statefulsets\",\"deployments\"],\"verbs\":[\"get\",\"list\",\"watch\",\"describe\",\"create\",\"edit\",\"delete\",\"annotate\",\"patch\",\"label\"]},{\"apiGroups\":[\"batch\"],\"resources\":[\"jobs\"],\"verbs\":[\"get\",\"list\",\"watch\",\"describe\",\"create\",\"edit\",\"delete\",\"annotate\",\"patch\",\"label\"]},{\"apiGroups\":[\"extensions\"],\"resources\":[\"ingresses\"],\"verbs\":[\"get\",\"list\",\"watch\",\"describe\",\"create\",\"edit\",\"delete\",\"annotate\",\"patch\",\"label\"]},{\"apiGroups\":[\"rbac.authorization.k8s.io\"],\"resources\":[\"roles\",\"rolebindings\"],\"verbs\":[\"get\",\"list\",\"watch\",\"describe\",\"create\",\"edit\",\"delete\",\"deletecollection\",\"annotate\",\"patch\",\"label\"]}]}]", - "ClusterName": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "RoleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c8cef729fffd80e01dd767818967a268148bb13a2a" - }, - "DependsOn": [ - "integrationtesteksclusterKubectlReadyBarrier0D4A21B0" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "integrationtesteksclustermanifestemrRoleBind8B35D2A2": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderframeworkonEvent69C4EA38Arn" - ] - }, - "Manifest": "[{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"RoleBinding\",\"metadata\":{\"name\":\"emr-containers\",\"namespace\":\"default\",\"labels\":{\"aws.cdk.eks/prune-c892a3812e60d138dd377a538f9d47aace2a0a8bb6\":\"\"}},\"subjects\":[{\"kind\":\"User\",\"name\":\"emr-containers\",\"apiGroup\":\"rbac.authorization.k8s.io\"}],\"roleRef\":{\"kind\":\"Role\",\"name\":\"emr-containers\",\"apiGroup\":\"rbac.authorization.k8s.io\"}}]", - "ClusterName": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "RoleArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c892a3812e60d138dd377a538f9d47aace2a0a8bb6" - }, - "DependsOn": [ - "integrationtesteksclusterKubectlReadyBarrier0D4A21B0", - "integrationtesteksclustermanifestemrRoleCCE4E328" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/e9aee046003806e01758c649a83bcecd108c5015299bfe2dcd5420c41ee8f115.json" - ] - ] - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - } - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Join": [ - "", - [ - "https://s3.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/df7788eb8853ac792f558c2a91ce072f996448fc7c85114280f48690f53f285f.json" - ] - ] - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterE5C0ED98", - "Arn" - ] - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn": { - "Fn::GetAtt": [ - "integrationtesteksclusterCreationRoleB98FE02A", - "Arn" - ] - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetDFF56EB6Ref": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet1Subnet4E00CAFB" - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0E779258Ref": { - "Ref": "integrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0C3539A8" - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FClusterSecurityGroupId": { - "Fn::GetAtt": [ - "integrationtesteksclusterE5C0ED98", - "ClusterSecurityGroupId" - ] - } - } - }, - "DependsOn": [ - "integrationtesteksclusterDefaultVpcPrivateSubnet1DefaultRouteCC99A72C", - "integrationtesteksclusterDefaultVpcPrivateSubnet1RouteTableAssociation7482DD1E", - "integrationtesteksclusterDefaultVpcPrivateSubnet2DefaultRoute50FF167F", - "integrationtesteksclusterDefaultVpcPrivateSubnet2RouteTableAssociation99F934D5" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "VirtualCluster": { - "Type": "AWS::EMRContainers::VirtualCluster", - "Properties": { - "ContainerProvider": { - "Id": { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - "Info": { - "EksInfo": { - "Namespace": "default" - } - }, - "Type": "EKS" - }, - "Name": "Virtual-Cluster-Name" - }, - "DependsOn": [ - "integrationtesteksclusterAwsAuthmanifestAEF9C6DF", - "integrationtesteksclustermanifestemrRoleBind8B35D2A2" - ] - }, - "StartaJobRunJobExecutionRole157B6BE1": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "emr-containers.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region" - }, - "states" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StartaJobRunJobExecutionRoleDefaultPolicyEA7882C0": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "logs:DescribeLogGroups", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "StartaJobRunJobExecutionRoleDefaultPolicyEA7882C0", - "Roles": [ - { - "Ref": "StartaJobRunJobExecutionRole157B6BE1" - } - ] - } - }, - "StartaJobRunGetEksClusterInfoD0E31373": { - "Type": "Custom::AWS", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "AWS679f53fac002430cb0da5b7982bd22872D164C4C", - "Arn" - ] - }, - "Create": { - "Fn::Join": [ - "", - [ - "{\"service\":\"EMRcontainers\",\"action\":\"describeVirtualCluster\",\"parameters\":{\"id\":\"", - { - "Fn::GetAtt": [ - "VirtualCluster", - "Id" - ] - }, - "\"},\"outputPaths\":[\"virtualCluster.containerProvider.info.eksInfo.namespace\",\"virtualCluster.containerProvider.id\"],\"physicalResourceId\":{\"id\":\"id\"}}" - ] - ] - }, - "InstallLatestAwsSdk": true - }, - "DependsOn": [ - "StartaJobRunGetEksClusterInfoCustomResourcePolicy7AA7B106" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "StartaJobRunGetEksClusterInfoCustomResourcePolicy7AA7B106": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "emr-containers:DescribeVirtualCluster", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "StartaJobRunGetEksClusterInfoCustomResourcePolicy7AA7B106", - "Roles": [ - { - "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" - } - ] - } - }, - "StartaJobRunawsclilayer110EEF0B": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip" - }, - "Description": "/opt/awscli/aws" - } - }, - "StartaJobRunCustomResourceProviderframeworkonEventServiceRole1D6E2464": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "StartaJobRunCustomResourceProviderframeworkonEventServiceRoleDefaultPolicy95FB1565": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CB6182A5B", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CB6182A5B", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "StartaJobRunCustomResourceProviderframeworkonEventServiceRoleDefaultPolicy95FB1565", - "Roles": [ - { - "Ref": "StartaJobRunCustomResourceProviderframeworkonEventServiceRole1D6E2464" - } - ] - } - }, - "StartaJobRunCustomResourceProviderframeworkonEventAC961165": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "StartaJobRunCustomResourceProviderframeworkonEventServiceRole1D6E2464", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/Start a Job Run/CustomResourceProvider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CB6182A5B", - "Arn" - ] - } - } - }, - "Handler": "framework.onEvent", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "StartaJobRunCustomResourceProviderframeworkonEventServiceRoleDefaultPolicy95FB1565", - "StartaJobRunCustomResourceProviderframeworkonEventServiceRole1D6E2464" - ] - }, - "StartaJobRunCustomResource3BD90664": { - "Type": "AWS::CloudFormation::CustomResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "StartaJobRunCustomResourceProviderframeworkonEventAC961165", - "Arn" - ] - }, - "eksNamespace": { - "Fn::GetAtt": [ - "StartaJobRunGetEksClusterInfoD0E31373", - "virtualCluster.containerProvider.info.eksInfo.namespace" - ] - }, - "eksClusterId": { - "Fn::GetAtt": [ - "StartaJobRunGetEksClusterInfoD0E31373", - "virtualCluster.containerProvider.id" - ] - }, - "roleName": { - "Ref": "StartaJobRunJobExecutionRole157B6BE1" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "AWS679f53fac002430cb0da5b7982bd22872D164C4C": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "105b4f39ae68785e705640aa91919e412fcba2dd454aca53412747be8d955286.zip" - }, - "Role": { - "Fn::GetAtt": [ - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "nodejs14.x", - "Timeout": 120 - }, - "DependsOn": [ - "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" - ] - }, - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleF99BDB4C": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleDefaultPolicy87B52EEA": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "eks:DescribeCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":eks:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster/", - { - "Fn::GetAtt": [ - "StartaJobRunGetEksClusterInfoD0E31373", - "virtualCluster.containerProvider.id" - ] - } - ] - ] - } - }, - { - "Action": [ - "iam:GetRole", - "iam:UpdateAssumeRolePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "StartaJobRunJobExecutionRole157B6BE1", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleDefaultPolicy87B52EEA", - "Roles": [ - { - "Ref": "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleF99BDB4C" - } - ] - } - }, - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CB6182A5B": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "de2da116e1de2db20dc2bc88a1e97df050dde2917a4122674e054e87ee53e334.zip" - }, - "Role": { - "Fn::GetAtt": [ - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleF99BDB4C", - "Arn" - ] - }, - "Handler": "index.handler", - "Layers": [ - { - "Ref": "StartaJobRunawsclilayer110EEF0B" - } - ], - "MemorySize": 256, - "Runtime": "python3.9", - "Timeout": 30 - }, - "DependsOn": [ - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleDefaultPolicy87B52EEA", - "SingletonLambda8693BB64968944B69AAFB0CC9EB8757CServiceRoleF99BDB4C" - ] - }, - "StateMachineRoleB840431D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region" - }, - "states" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StateMachineRoleDefaultPolicyDF1E6607": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "emr-containers:StartJobRun", - "Condition": { - "StringEquals": { - "emr-containers:ExecutionRoleArn": { - "Fn::GetAtt": [ - "StartaJobRunJobExecutionRole157B6BE1", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":emr-containers:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":/virtualclusters/", - { - "Fn::GetAtt": [ - "VirtualCluster", - "Id" - ] - } - ] - ] - } - }, - { - "Action": [ - "emr-containers:DescribeJobRun", - "emr-containers:CancelJobRun" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":emr-containers:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":/virtualclusters/", - { - "Fn::GetAtt": [ - "VirtualCluster", - "Id" - ] - }, - "/jobruns/*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "StateMachineRoleDefaultPolicyDF1E6607", - "Roles": [ - { - "Ref": "StateMachineRoleB840431D" - } - ] - } - }, - "StateMachine2E01A3A5": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRoleB840431D", - "Arn" - ] - }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Start a Job Run\",\"States\":{\"Start a Job Run\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::emr-containers:startJobRun.sync\",\"Parameters\":{\"VirtualClusterId\":\"", - { - "Fn::GetAtt": [ - "VirtualCluster", - "Id" - ] - }, - "\",\"Name\":\"EMR-Containers-Job\",\"ExecutionRoleArn\":\"", - { - "Fn::GetAtt": [ - "StartaJobRunJobExecutionRole157B6BE1", - "Arn" - ] - }, - "\",\"ReleaseLabel\":\"emr-6.2.0-latest\",\"JobDriver\":{\"SparkSubmitJobDriver\":{\"EntryPoint\":\"local:///usr/lib/spark/examples/src/main/python/pi.py\",\"EntryPointArguments\":[\"2\"],\"SparkSubmitParameters\":\"--conf spark.driver.memory=512M --conf spark.kubernetes.driver.request.cores=0.2 --conf spark.kubernetes.executor.request.cores=0.2 --conf spark.sql.shuffle.partitions=60 --conf spark.dynamicAllocation.enabled=false\"}},\"ConfigurationOverrides\":{\"MonitoringConfiguration\":{\"PersistentAppUI\":\"ENABLED\"}}}}},\"TimeoutSeconds\":1000}" - ] - ] - } - }, - "DependsOn": [ - "StateMachineRoleDefaultPolicyDF1E6607", - "StateMachineRoleB840431D" - ] - } - }, - "Outputs": { - "integrationtesteksclusterConfigCommandFA814999": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks update-kubeconfig --name ", - { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - } - ] - ] - } - }, - "integrationtesteksclusterGetTokenCommandD7B92682": { - "Value": { - "Fn::Join": [ - "", - [ - "aws eks get-token --cluster-name ", - { - "Ref": "integrationtesteksclusterE5C0ED98" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " --role-arn ", - { - "Fn::GetAtt": [ - "integrationtesteksclusterMastersRole63B9B0BF", - "Arn" - ] - } - ] - ] - } - }, - "stateMachineArn": { - "Value": { - "Ref": "StateMachine2E01A3A5" - } - } - }, - "Mappings": { - "ServiceprincipalMap": { - "af-south-1": { - "states": "states.af-south-1.amazonaws.com" - }, - "ap-east-1": { - "states": "states.ap-east-1.amazonaws.com" - }, - "ap-northeast-1": { - "states": "states.ap-northeast-1.amazonaws.com" - }, - "ap-northeast-2": { - "states": "states.ap-northeast-2.amazonaws.com" - }, - "ap-northeast-3": { - "states": "states.ap-northeast-3.amazonaws.com" - }, - "ap-south-1": { - "states": "states.ap-south-1.amazonaws.com" - }, - "ap-southeast-1": { - "states": "states.ap-southeast-1.amazonaws.com" - }, - "ap-southeast-2": { - "states": "states.ap-southeast-2.amazonaws.com" - }, - "ap-southeast-3": { - "states": "states.ap-southeast-3.amazonaws.com" - }, - "ca-central-1": { - "states": "states.ca-central-1.amazonaws.com" - }, - "cn-north-1": { - "states": "states.cn-north-1.amazonaws.com" - }, - "cn-northwest-1": { - "states": "states.cn-northwest-1.amazonaws.com" - }, - "eu-central-1": { - "states": "states.eu-central-1.amazonaws.com" - }, - "eu-north-1": { - "states": "states.eu-north-1.amazonaws.com" - }, - "eu-south-1": { - "states": "states.eu-south-1.amazonaws.com" - }, - "eu-south-2": { - "states": "states.eu-south-2.amazonaws.com" - }, - "eu-west-1": { - "states": "states.eu-west-1.amazonaws.com" - }, - "eu-west-2": { - "states": "states.eu-west-2.amazonaws.com" - }, - "eu-west-3": { - "states": "states.eu-west-3.amazonaws.com" - }, - "me-south-1": { - "states": "states.me-south-1.amazonaws.com" - }, - "sa-east-1": { - "states": "states.sa-east-1.amazonaws.com" - }, - "us-east-1": { - "states": "states.us-east-1.amazonaws.com" - }, - "us-east-2": { - "states": "states.us-east-2.amazonaws.com" - }, - "us-gov-east-1": { - "states": "states.us-gov-east-1.amazonaws.com" - }, - "us-gov-west-1": { - "states": "states.us-gov-west-1.amazonaws.com" - }, - "us-iso-east-1": { - "states": "states.amazonaws.com" - }, - "us-iso-west-1": { - "states": "states.amazonaws.com" - }, - "us-isob-east-1": { - "states": "states.amazonaws.com" - }, - "us-west-1": { - "states": "states.us-west-1.amazonaws.com" - }, - "us-west-2": { - "states": "states.us-west-2.amazonaws.com" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.assets.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.assets.json index 5e8231343c32d..af33422f4284b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.assets.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.assets.json @@ -131,7 +131,7 @@ } } }, - "f8478e4f5adc52f32316a1ee08a418807f272a788ad96491c685f0cac3240b21": { + "de5999b0b9f5565873884b194ad31fb92542ba44f3f4d52561f75ba8fa14f142": { "source": { "path": "aws-stepfunctions-tasks-emr-containers-start-job-run-test.template.json", "packaging": "file" @@ -139,7 +139,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f8478e4f5adc52f32316a1ee08a418807f272a788ad96491c685f0cac3240b21.json", + "objectKey": "de5999b0b9f5565873884b194ad31fb92542ba44f3f4d52561f75ba8fa14f142.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.template.json index 1eec6a01d8d9d..260d57d2a597a 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.template.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/aws-stepfunctions-tasks-emr-containers-start-job-run-test.template.json @@ -1122,7 +1122,26 @@ { "Action": "logs:DescribeLogGroups", "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksClusterResourceProviderB5D967DC.nested.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksClusterResourceProviderB5D967DC.nested.template.json deleted file mode 100644 index 21894e82f6b3b..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksClusterResourceProviderB5D967DC.nested.template.json +++ /dev/null @@ -1,863 +0,0 @@ -{ - "Resources": { - "NodeProxyAgentLayer924C1971": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip" - }, - "Description": "/opt/nodejs/node_modules/proxy-agent" - } - }, - "OnEventHandlerServiceRole15A26729": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "OnEventHandlerServiceRoleDefaultPolicyC57085D4": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "OnEventHandlerServiceRoleDefaultPolicyC57085D4", - "Roles": [ - { - "Ref": "OnEventHandlerServiceRole15A26729" - } - ] - } - }, - "OnEventHandler42BEBAE0": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6.zip" - }, - "Role": { - "Fn::GetAtt": [ - "OnEventHandlerServiceRole15A26729", - "Arn" - ] - }, - "Description": "onEvent handler for EKS cluster resource provider", - "Environment": { - "Variables": { - "AWS_STS_REGIONAL_ENDPOINTS": "regional" - } - }, - "Handler": "index.onEvent", - "Layers": [ - { - "Ref": "NodeProxyAgentLayer924C1971" - } - ], - "Runtime": "nodejs14.x", - "Timeout": 60 - }, - "DependsOn": [ - "OnEventHandlerServiceRoleDefaultPolicyC57085D4", - "OnEventHandlerServiceRole15A26729" - ] - }, - "IsCompleteHandlerServiceRole5810CC58": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", - "Roles": [ - { - "Ref": "IsCompleteHandlerServiceRole5810CC58" - } - ] - } - }, - "IsCompleteHandler7073F4DA": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "2c98a634e36e3f2a1c1a78958953ed173e2c6cf8446c15dabbef67d4e30b33d6.zip" - }, - "Role": { - "Fn::GetAtt": [ - "IsCompleteHandlerServiceRole5810CC58", - "Arn" - ] - }, - "Description": "isComplete handler for EKS cluster resource provider", - "Environment": { - "Variables": { - "AWS_STS_REGIONAL_ENDPOINTS": "regional" - } - }, - "Handler": "index.isComplete", - "Layers": [ - { - "Ref": "NodeProxyAgentLayer924C1971" - } - ], - "Runtime": "nodejs14.x", - "Timeout": 60 - }, - "DependsOn": [ - "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", - "IsCompleteHandlerServiceRole5810CC58" - ] - }, - "ProviderframeworkonEventServiceRole9FF04296": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": { - "Ref": "Providerwaiterstatemachine5D4A9DF0" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "Roles": [ - { - "Ref": "ProviderframeworkonEventServiceRole9FF04296" - } - ] - } - }, - "ProviderframeworkonEvent83C1D0A7": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonEventServiceRole9FF04296", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - "WAITER_STATE_MACHINE_ARN": { - "Ref": "Providerwaiterstatemachine5D4A9DF0" - } - } - }, - "Handler": "framework.onEvent", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "ProviderframeworkonEventServiceRole9FF04296" - ] - }, - "ProviderframeworkisCompleteServiceRoleB1087139": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", - "Roles": [ - { - "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" - } - ] - } - }, - "ProviderframeworkisComplete26D7B0CB": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkisCompleteServiceRoleB1087139", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - isComplete (aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - } - } - }, - "Handler": "framework.isComplete", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", - "ProviderframeworkisCompleteServiceRoleB1087139" - ] - }, - "ProviderframeworkonTimeoutServiceRole28643D26": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", - "Roles": [ - { - "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" - } - ] - } - }, - "ProviderframeworkonTimeout0B47CA38": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonTimeoutServiceRole28643D26", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onTimeout (aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "OnEventHandler42BEBAE0", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "IsCompleteHandler7073F4DA", - "Arn" - ] - } - } - }, - "Handler": "framework.onTimeout", - "Runtime": "nodejs14.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", - "ProviderframeworkonTimeoutServiceRole28643D26" - ] - }, - "ProviderwaiterstatemachineRole0C7159F9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region" - }, - "states" - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", - "Roles": [ - { - "Ref": "ProviderwaiterstatemachineRole0C7159F9" - } - ] - } - }, - "Providerwaiterstatemachine5D4A9DF0": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":60,\"MaxAttempts\":60,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - "\"}}}" - ] - ] - }, - "RoleArn": { - "Fn::GetAtt": [ - "ProviderwaiterstatemachineRole0C7159F9", - "Arn" - ] - } - }, - "DependsOn": [ - "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", - "ProviderwaiterstatemachineRole0C7159F9" - ] - } - }, - "Mappings": { - "ServiceprincipalMap": { - "af-south-1": { - "states": "states.af-south-1.amazonaws.com" - }, - "ap-east-1": { - "states": "states.ap-east-1.amazonaws.com" - }, - "ap-northeast-1": { - "states": "states.ap-northeast-1.amazonaws.com" - }, - "ap-northeast-2": { - "states": "states.ap-northeast-2.amazonaws.com" - }, - "ap-northeast-3": { - "states": "states.ap-northeast-3.amazonaws.com" - }, - "ap-south-1": { - "states": "states.ap-south-1.amazonaws.com" - }, - "ap-southeast-1": { - "states": "states.ap-southeast-1.amazonaws.com" - }, - "ap-southeast-2": { - "states": "states.ap-southeast-2.amazonaws.com" - }, - "ap-southeast-3": { - "states": "states.ap-southeast-3.amazonaws.com" - }, - "ca-central-1": { - "states": "states.ca-central-1.amazonaws.com" - }, - "cn-north-1": { - "states": "states.cn-north-1.amazonaws.com" - }, - "cn-northwest-1": { - "states": "states.cn-northwest-1.amazonaws.com" - }, - "eu-central-1": { - "states": "states.eu-central-1.amazonaws.com" - }, - "eu-north-1": { - "states": "states.eu-north-1.amazonaws.com" - }, - "eu-south-1": { - "states": "states.eu-south-1.amazonaws.com" - }, - "eu-south-2": { - "states": "states.eu-south-2.amazonaws.com" - }, - "eu-west-1": { - "states": "states.eu-west-1.amazonaws.com" - }, - "eu-west-2": { - "states": "states.eu-west-2.amazonaws.com" - }, - "eu-west-3": { - "states": "states.eu-west-3.amazonaws.com" - }, - "me-south-1": { - "states": "states.me-south-1.amazonaws.com" - }, - "sa-east-1": { - "states": "states.sa-east-1.amazonaws.com" - }, - "us-east-1": { - "states": "states.us-east-1.amazonaws.com" - }, - "us-east-2": { - "states": "states.us-east-2.amazonaws.com" - }, - "us-gov-east-1": { - "states": "states.us-gov-east-1.amazonaws.com" - }, - "us-gov-west-1": { - "states": "states.us-gov-west-1.amazonaws.com" - }, - "us-iso-east-1": { - "states": "states.amazonaws.com" - }, - "us-iso-west-1": { - "states": "states.amazonaws.com" - }, - "us-isob-east-1": { - "states": "states.amazonaws.com" - }, - "us-west-1": { - "states": "states.us-west-1.amazonaws.com" - }, - "us-west-2": { - "states": "states.us-west-2.amazonaws.com" - } - } - }, - "Outputs": { - "awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksClusterResourceProviderframeworkonEventD439F3D7Arn": { - "Value": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] - } - } - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn": { - "Type": "String" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderC26A0FC7.nested.template.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderC26A0FC7.nested.template.json deleted file mode 100644 index 5e5dd15f728cc..0000000000000 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderC26A0FC7.nested.template.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "Resources": { - "HandlerServiceRoleFCDC14AE": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "HandlerServiceRoleDefaultPolicyCBD0CC91": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "eks:DescribeCluster", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FArn" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "HandlerServiceRoleDefaultPolicyCBD0CC91", - "Roles": [ - { - "Ref": "HandlerServiceRoleFCDC14AE" - } - ] - } - }, - "Handler886CB40B": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip" - }, - "Role": { - "Fn::GetAtt": [ - "HandlerServiceRoleFCDC14AE", - "Arn" - ] - }, - "Description": "onEvent handler for EKS kubectl resource provider", - "Handler": "index.handler", - "Layers": [ - { - "Ref": "AwsCliLayerF44AAF94" - }, - { - "Ref": "KubectlLayer600207B5" - } - ], - "MemorySize": 1024, - "Runtime": "python3.7", - "Timeout": 900, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FClusterSecurityGroupId" - } - ], - "SubnetIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetDFF56EB6Ref" - }, - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0E779258Ref" - } - ] - } - }, - "DependsOn": [ - "HandlerServiceRoleDefaultPolicyCBD0CC91", - "HandlerServiceRoleFCDC14AE" - ] - }, - "AwsCliLayerF44AAF94": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip" - }, - "Description": "/opt/awscli/aws" - } - }, - "KubectlLayer600207B5": { - "Type": "AWS::Lambda::LayerVersion", - "Properties": { - "Content": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip" - }, - "Description": "/opt/kubectl/kubectl and /opt/helm/helm" - } - }, - "ProviderframeworkonEventServiceRole9FF04296": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" - ] - ] - } - ] - } - }, - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "Roles": [ - { - "Ref": "ProviderframeworkonEventServiceRole9FF04296" - } - ] - } - }, - "ProviderframeworkonEvent83C1D0A7": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonEventServiceRole9FF04296", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (aws-stepfunctions-tasks-emr-containers-start-job-run-integ-test/@aws-cdk--aws-eks.KubectlProvider/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - } - } - }, - "Handler": "framework.onEvent", - "Runtime": "nodejs14.x", - "Timeout": 900, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FClusterSecurityGroupId" - } - ], - "SubnetIds": [ - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetDFF56EB6Ref" - }, - { - "Ref": "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0E779258Ref" - } - ] - } - }, - "DependsOn": [ - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "ProviderframeworkonEventServiceRole9FF04296" - ] - } - }, - "Outputs": { - "awsstepfunctionstasksemrcontainersstartjobrunintegtestawscdkawseksKubectlProviderframeworkonEvent69C4EA38Arn": { - "Value": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] - } - } - }, - "Parameters": { - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FArn": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterCreationRole19DB152EArn": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet1SubnetDFF56EB6Ref": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtesteksclusterDefaultVpcPrivateSubnet2Subnet0E779258Ref": { - "Type": "String" - }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestintegrationtestekscluster4D8C900FClusterSecurityGroupId": { - "Type": "String" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/manifest.json index 884cc97dee388..2faef8f276e65 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f8478e4f5adc52f32316a1ee08a418807f272a788ad96491c685f0cac3240b21.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/de5999b0b9f5565873884b194ad31fb92542ba44f3f4d52561f75ba8fa14f142.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/tree.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/tree.json index 530f5ec58830e..4bff8bcb351fd 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.integ.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "aws-stepfunctions-tasks-emr-containers-start-job-run-test": { @@ -952,7 +952,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "KubectlReadyBarrier": { @@ -2442,7 +2442,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } } }, @@ -2529,7 +2529,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "@aws-cdk--aws-eks.KubectlProvider": { @@ -3199,7 +3199,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "Virtual Cluster": { @@ -3277,7 +3277,26 @@ { "Action": "logs:DescribeLogGroups", "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":*" + ] + ] + } } ], "Version": "2012-10-17" @@ -4214,7 +4233,7 @@ "path": "aws-stepfunctions-tasks-emr-containers-start-job-run/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.108" } }, "DeployAssert": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts index 363d79521fd54..85cecc9eab1e8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts @@ -281,7 +281,26 @@ describe('Invoke EMR Containers Start Job Run with ', () => { { Action: 'logs:DescribeLogGroups', Effect: 'Allow', - Resource: 'arn:aws:logs:*:*:*', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':logs:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':*', + ], + ], + }, }, ], Version: '2012-10-17', @@ -439,7 +458,26 @@ describe('Invoke EMR Containers Start Job Run with ', () => { { Action: 'logs:DescribeLogGroups', Effect: 'Allow', - Resource: 'arn:aws:logs:*:*:*', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':logs:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':*', + ], + ], + }, }, ], Version: '2012-10-17', diff --git a/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts b/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts index c8fc073d89918..9ddaf2e7e4de4 100644 --- a/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts +++ b/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts @@ -417,5 +417,8 @@ export const DEFAULT_SYNTH_OPTIONS = { env: { CDK_INTEG_ACCOUNT: '12345678', CDK_INTEG_REGION: 'test-region', + CDK_INTEG_HOSTED_ZONE_ID: 'Z23ABC4XYZL05B', + CDK_INTEG_HOSTED_ZONE_NAME: 'example.com', + CDK_INTEG_DOMAIN_NAME: '*.example.com', }, };