Skip to content

Commit

Permalink
Merge branch 'master' into eks/bug-irsaid
Browse files Browse the repository at this point in the history
  • Loading branch information
vlesierse authored May 21, 2020
2 parents dd2865b + ed43305 commit b3dd3d1
Show file tree
Hide file tree
Showing 35 changed files with 1,161 additions and 55 deletions.
18 changes: 18 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,24 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [1.41.0](https://github.com/aws/aws-cdk/compare/v1.40.0...v1.41.0) (2020-05-21)


### Features

* **cloudtrail:** create cloudwatch event without needing to create a Trail ([#8076](https://github.com/aws/aws-cdk/issues/8076)) ([0567a23](https://github.com/aws/aws-cdk/commit/0567a2360ac713e3171c9a82767611174dadb6c6)), closes [#6716](https://github.com/aws/aws-cdk/issues/6716)
* **cognito:** user pool - case sensitivity for sign in ([460394f](https://github.com/aws/aws-cdk/commit/460394f3dc4737cee80504d6c8ef106ecc3b67d5)), closes [#7988](https://github.com/aws/aws-cdk/issues/7988) [#7235](https://github.com/aws/aws-cdk/issues/7235)
* **core:** CfnJson enables intrinsics in hash keys ([#8099](https://github.com/aws/aws-cdk/issues/8099)) ([195cd40](https://github.com/aws/aws-cdk/commit/195cd405d9f0869875de2ec78661aee3af2c7c7d)), closes [#8084](https://github.com/aws/aws-cdk/issues/8084)
* **secretsmanager:** adds grantWrite to Secret ([#7858](https://github.com/aws/aws-cdk/issues/7858)) ([3fed84b](https://github.com/aws/aws-cdk/commit/3fed84ba9eec3f53c662966e366aa629209b7bf5))
* **sns:** add support for subscription DLQ in SNS ([383cdb8](https://github.com/aws/aws-cdk/commit/383cdb86effeafdf5d0767ed379b16b3d78a933b))
* **stepfunctions:** new service integration classes for Lambda, SNS, and SQS ([#7946](https://github.com/aws/aws-cdk/issues/7946)) ([c038848](https://github.com/aws/aws-cdk/commit/c0388483524832ca7863de4ee9c472b8ab39de8e)), closes [#6715](https://github.com/aws/aws-cdk/issues/6715) [#6489](https://github.com/aws/aws-cdk/issues/6489)


### Bug Fixes

* **apigateway:** contextAccountId in AccessLogField incorrectly resolves to requestId ([7b89e80](https://github.com/aws/aws-cdk/commit/7b89e805c716fa73d41cc97fcb728634e7a59136)), closes [#7952](https://github.com/aws/aws-cdk/issues/7952) [#7951](https://github.com/aws/aws-cdk/issues/7951)
* **autoscaling:** add noDevice as a volume type ([#7253](https://github.com/aws/aws-cdk/issues/7253)) ([751958b](https://github.com/aws/aws-cdk/commit/751958b69225fdfc52622781c618f5a77f881fb6)), closes [#7242](https://github.com/aws/aws-cdk/issues/7242)

## [1.40.0](https://github.com/aws/aws-cdk/compare/v1.39.0...v1.40.0) (2020-05-20)


Expand Down
2 changes: 1 addition & 1 deletion lerna.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@
"tools/*"
],
"rejectCycles": "true",
"version": "1.40.0"
"version": "1.41.0"
}
4 changes: 3 additions & 1 deletion packages/@aws-cdk/aws-cloudtrail/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,9 @@ const trail = new cloudtrail.Trail(this, 'CloudTrail', {
```

This creates the same setup as above - but also logs events to a created CloudWatch Log stream.
By default, the created log group has a retention period of 365 Days, but this is also configurable.
By default, the created log group has a retention period of 365 Days, but this is also configurable
via the `cloudWatchLogsRetention` property. If you would like to specify the log group explicitly,
use the `cloudwatchLogGroup` property.

For using CloudTrail event selector to log specific S3 events,
you can use the `CloudTrailProps` configuration object.
Expand Down
34 changes: 25 additions & 9 deletions packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,19 @@ export interface TrailProps {
readonly sendToCloudWatchLogs?: boolean;

/**
* How long to retain logs in CloudWatchLogs. Ignored if sendToCloudWatchLogs is false
* How long to retain logs in CloudWatchLogs.
* Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
*
* @default logs.RetentionDays.OneYear
* @default logs.RetentionDays.ONE_YEAR
*/
readonly cloudWatchLogsRetention?: logs.RetentionDays;

/**
* Log Group to which CloudTrail to push logs to. Ignored if sendToCloudWatchLogs is set to false.
* @default - a new log group is created and used.
*/
readonly cloudWatchLogGroup?: logs.ILogGroup;

/** The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
*
* @default - No encryption.
Expand Down Expand Up @@ -171,6 +178,12 @@ export class Trail extends Resource {
*/
public readonly trailSnsTopicArn: string;

/**
* The CloudWatch log group to which CloudTrail events are sent.
* `undefined` if `sendToCloudWatchLogs` property is false.
*/
public readonly logGroup?: logs.ILogGroup;

private s3bucket: s3.IBucket;
private eventSelectors: EventSelector[] = [];

Expand Down Expand Up @@ -200,19 +213,22 @@ export class Trail extends Resource {
},
}));

let logGroup: logs.CfnLogGroup | undefined;
let logsRole: iam.IRole | undefined;

if (props.sendToCloudWatchLogs) {
logGroup = new logs.CfnLogGroup(this, 'LogGroup', {
retentionInDays: props.cloudWatchLogsRetention || logs.RetentionDays.ONE_YEAR,
});
if (props.cloudWatchLogGroup) {
this.logGroup = props.cloudWatchLogGroup;
} else {
this.logGroup = new logs.LogGroup(this, 'LogGroup', {
retention: props.cloudWatchLogsRetention ?? logs.RetentionDays.ONE_YEAR,
});
}

logsRole = new iam.Role(this, 'LogsRole', { assumedBy: cloudTrailPrincipal });

logsRole.addToPolicy(new iam.PolicyStatement({
actions: ['logs:PutLogEvents', 'logs:CreateLogStream'],
resources: [logGroup.attrArn],
resources: [this.logGroup.logGroupArn],
}));
}

Expand All @@ -234,8 +250,8 @@ export class Trail extends Resource {
kmsKeyId: props.kmsKey && props.kmsKey.keyArn,
s3BucketName: this.s3bucket.bucketName,
s3KeyPrefix: props.s3KeyPrefix,
cloudWatchLogsLogGroupArn: logGroup && logGroup.attrArn,
cloudWatchLogsRoleArn: logsRole && logsRole.roleArn,
cloudWatchLogsLogGroupArn: this.logGroup?.logGroupArn,
cloudWatchLogsRoleArn: logsRole?.roleArn,
snsTopicName: props.snsTopic,
eventSelectors: this.eventSelectors,
});
Expand Down
42 changes: 40 additions & 2 deletions packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { SynthUtils } from '@aws-cdk/assert';
import '@aws-cdk/assert/jest';
import * as iam from '@aws-cdk/aws-iam';
import * as lambda from '@aws-cdk/aws-lambda';
import { RetentionDays } from '@aws-cdk/aws-logs';
import { LogGroup, RetentionDays } from '@aws-cdk/aws-logs';
import * as s3 from '@aws-cdk/aws-s3';
import { Stack } from '@aws-cdk/core';
import { ReadWriteType, Trail } from '../lib';
Expand Down Expand Up @@ -176,7 +176,7 @@ describe('cloudtrail', () => {
Effect: 'Allow',
Action: ['logs:PutLogEvents', 'logs:CreateLogStream'],
Resource: {
'Fn::GetAtt': ['MyAmazingCloudTrailLogGroupAAD65144', 'Arn'],
'Fn::GetAtt': ['MyAmazingCloudTrailLogGroup2BE67F87', 'Arn'],
},
}],
},
Expand Down Expand Up @@ -205,6 +205,44 @@ describe('cloudtrail', () => {
const trail: any = SynthUtils.synthesize(stack).template.Resources.MyAmazingCloudTrail54516E8D;
expect(trail.DependsOn).toEqual([logsRolePolicyName, logsRoleName, 'MyAmazingCloudTrailS3Policy39C120B0']);
});

test('enabled and with custom log group', () => {
const stack = getTestStack();
const cloudWatchLogGroup = new LogGroup(stack, 'MyLogGroup', {
retention: RetentionDays.FIVE_DAYS,
});
new Trail(stack, 'MyAmazingCloudTrail', {
sendToCloudWatchLogs: true,
cloudWatchLogsRetention: RetentionDays.ONE_WEEK,
cloudWatchLogGroup,
});

expect(stack).toHaveResource('AWS::Logs::LogGroup', {
RetentionInDays: 5,
});

expect(stack).toHaveResource('AWS::CloudTrail::Trail', {
CloudWatchLogsLogGroupArn: stack.resolve(cloudWatchLogGroup.logGroupArn),
});

expect(stack).toHaveResourceLike('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [{
Resource: stack.resolve(cloudWatchLogGroup.logGroupArn),
}],
},
});
});

test('disabled', () => {
const stack = getTestStack();
const t = new Trail(stack, 'MyAmazingCloudTrail', {
sendToCloudWatchLogs: false,
cloudWatchLogsRetention: RetentionDays.ONE_WEEK,
});
expect(t.logGroup).toBeUndefined();
expect(stack).not.toHaveResource('AWS::Logs::LogGroup');
});
});

describe('with event selectors', () => {
Expand Down
4 changes: 4 additions & 0 deletions packages/@aws-cdk/aws-cloudwatch-actions/lib/appscaling.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ export class ApplicationScalingAction implements cloudwatch.IAlarmAction {
constructor(private readonly stepScalingAction: appscaling.StepScalingAction) {
}

/**
* Returns an alarm action configuration to use an ApplicationScaling StepScalingAction
* as an alarm action
*/
public bind(_scope: cdk.Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
return { alarmActionArn: this.stepScalingAction.scalingPolicyArn };
}
Expand Down
4 changes: 4 additions & 0 deletions packages/@aws-cdk/aws-cloudwatch-actions/lib/autoscaling.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ export class AutoScalingAction implements cloudwatch.IAlarmAction {
constructor(private readonly stepScalingAction: autoscaling.StepScalingAction) {
}

/**
* Returns an alarm action configuration to use an AutoScaling StepScalingAction
* as an alarm action
*/
public bind(_scope: cdk.Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
return { alarmActionArn: this.stepScalingAction.scalingPolicyArn };
}
Expand Down
3 changes: 3 additions & 0 deletions packages/@aws-cdk/aws-cloudwatch-actions/lib/sns.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ export class SnsAction implements cloudwatch.IAlarmAction {
constructor(private readonly topic: sns.ITopic) {
}

/**
* Returns an alarm action configuration to use an SNS topic as an alarm action
*/
public bind(_scope: Construct, _alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig {
return { alarmActionArn: this.topic.topicArn };
}
Expand Down
7 changes: 0 additions & 7 deletions packages/@aws-cdk/aws-cloudwatch-actions/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,6 @@
"node": ">= 10.13.0 <13 || >=13.7.0"
},
"stability": "stable",
"awslint": {
"exclude": [
"docs-public-apis:@aws-cdk/aws-cloudwatch-actions.ApplicationScalingAction.bind",
"docs-public-apis:@aws-cdk/aws-cloudwatch-actions.AutoScalingAction.bind",
"docs-public-apis:@aws-cdk/aws-cloudwatch-actions.SnsAction.bind"
]
},
"awscdkio": {
"announce": false
},
Expand Down
17 changes: 10 additions & 7 deletions packages/@aws-cdk/aws-elasticloadbalancingv2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,16 +64,17 @@ updated to allow the network traffic.
#### Conditions

It's possible to route traffic to targets based on conditions in the incoming
HTTP request. Path- and host-based conditions are supported. For example, the
following will route requests to the indicated AutoScalingGroup only if the
requested host in the request is either for `example.com/ok` or
`example.com/path`:
HTTP request. For example, the following will route requests to the indicated
AutoScalingGroup only if the requested host in the request is either for
`example.com/ok` or `example.com/path`:

```ts
listener.addTargets('Example.Com Fleet', {
priority: 10,
pathPatterns: ['/ok', '/path'],
hostHeader: 'example.com',
conditions: [
ListenerCondition.hostHeaders(['example.com']),
ListenerCondition.pathPatterns(['/ok', '/path']),
],
port: 8080,
targets: [asg]
});
Expand Down Expand Up @@ -126,8 +127,10 @@ Here's an example of serving a fixed response at the `/ok` URL:

```ts
listener.addAction('Fixed', {
pathPatterns: ['/ok'],
priority: 10,
conditions: [
ListenerCondition.pathPatterns(['/ok']),
],
action: ListenerAction.fixedResponse(200, {
contentType: elbv2.ContentType.TEXT_PLAIN,
messageBody: 'OK',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import { IListenerAction } from '../shared/listener-action';
import { IApplicationListener } from './application-listener';
import { ListenerAction } from './application-listener-action';
import { IApplicationTargetGroup } from './application-target-group';
import { ListenerCondition } from './conditions';

/**
* Basic properties for defining a rule on a listener
Expand Down Expand Up @@ -58,6 +59,15 @@ export interface BaseApplicationListenerRuleProps {
*/
readonly redirectResponse?: RedirectResponse;

/**
* Rule applies if matches the conditions.
*
* @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
*
* @default - No conditions.
*/
readonly conditions?: ListenerCondition[];

/**
* Rule applies if the requested host matches the indicated host
*
Expand All @@ -66,6 +76,7 @@ export interface BaseApplicationListenerRuleProps {
* @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#host-conditions
*
* @default - No host condition.
* @deprecated Use `conditions` instead.
*/
readonly hostHeader?: string;

Expand All @@ -74,7 +85,7 @@ export interface BaseApplicationListenerRuleProps {
*
* @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions
* @default - No path condition.
* @deprecated Use `pathPatterns` instead.
* @deprecated Use `conditions` instead.
*/
readonly pathPattern?: string;

Expand All @@ -85,6 +96,7 @@ export interface BaseApplicationListenerRuleProps {
*
* @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions
* @default - No path conditions.
* @deprecated Use `conditions` instead.
*/
readonly pathPatterns?: string[];
}
Expand Down Expand Up @@ -187,17 +199,20 @@ export class ApplicationListenerRule extends cdk.Construct {
*/
public readonly listenerRuleArn: string;

private readonly conditions: {[key: string]: string[] | undefined} = {};
private readonly conditions: ListenerCondition[];
private readonly legacyConditions: {[key: string]: string[]} = {};

private readonly listener: IApplicationListener;
private action?: IListenerAction;

constructor(scope: cdk.Construct, id: string, props: ApplicationListenerRuleProps) {
super(scope, id);

this.conditions = props.conditions || [];

const hasPathPatterns = props.pathPatterns || props.pathPattern;
if (!props.hostHeader && !hasPathPatterns) {
throw new Error('At least one of \'hostHeader\', \'pathPattern\' or \'pathPatterns\' is required when defining a load balancing rule.');
if (this.conditions.length === 0 && !props.hostHeader && !hasPathPatterns) {
throw new Error('At least one of \'conditions\', \'hostHeader\', \'pathPattern\' or \'pathPatterns\' is required when defining a load balancing rule.');
}

const possibleActions: Array<keyof ApplicationListenerRuleProps> = ['action', 'targetGroups', 'fixedResponse', 'redirectResponse'];
Expand Down Expand Up @@ -248,9 +263,25 @@ export class ApplicationListenerRule extends cdk.Construct {

/**
* Add a non-standard condition to this rule
*
* If the condition conflicts with an already set condition, it will be overwritten by the one you specified.
*
* @deprecated use `addCondition` instead.
*/
public setCondition(field: string, values: string[] | undefined) {
this.conditions[field] = values;
if (values === undefined) {
delete this.legacyConditions[field];
return;
}

this.legacyConditions[field] = values;
}

/**
* Add a non-standard condition to this rule
*/
public addCondition(condition: ListenerCondition) {
this.conditions.push(condition);
}

/**
Expand Down Expand Up @@ -322,20 +353,28 @@ export class ApplicationListenerRule extends cdk.Construct {
if (this.action === undefined) {
return ['Listener rule needs at least one action'];
}

const legacyConditionFields = Object.keys(this.legacyConditions);
if (legacyConditionFields.length === 0 && this.conditions.length === 0) {
return ['Listener rule needs at least one condition'];
}

return [];
}

/**
* Render the conditions for this rule
*/
private renderConditions() {
const ret = new Array<{ field: string, values: string[] }>();
for (const [field, values] of Object.entries(this.conditions)) {
if (values !== undefined) {
ret.push({ field, values });
}
}
return ret;
private renderConditions(): any {
const legacyConditions = Object.entries(this.legacyConditions).map(([field, values]) => {
return { field, values };
});
const conditions = this.conditions.map(condition => condition.renderRawCondition());

return [
...legacyConditions,
...conditions,
];
}
}

Expand Down
Loading

0 comments on commit b3dd3d1

Please sign in to comment.