diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index c3843d23481d8..7512a919e56fb 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -20,6 +20,21 @@ body: description: What is the problem? A clear and concise description of the bug. validations: required: true + - type: checkboxes + id: regression + attributes: + label: Regression Issue + description: What is a regression? If it worked in a previous version but doesn’t in the latest version, it’s considered a regression. In this case, please provide specific version number in the report. + options: + - label: Select this option if this issue appears to be a regression. + required: false + - type: input + id: working-version + attributes: + label: Last Known Working CDK Version + description: Specify the last known CDK version where this code was functioning as expected (if applicable). + validations: + required: false - type: textarea id: expected attributes: diff --git a/.github/ISSUE_TEMPLATE/notice.yml b/.github/ISSUE_TEMPLATE/notice.yml index f75640e0258c3..f90f63deb325e 100644 --- a/.github/ISSUE_TEMPLATE/notice.yml +++ b/.github/ISSUE_TEMPLATE/notice.yml @@ -1,8 +1,8 @@ --- name: "❗ Notice" -description: Post a notice for a high impact issue +description: Post a notice for a high impact issue. Internal CDK team use only. title: "❗ NOTICE (module name): (short notice description)" -labels: [p0, management/tracking] +labels: [needs-triage, management/tracking] body: - type: dropdown attributes: diff --git a/.github/ISSUE_TEMPLATE/region.yml b/.github/ISSUE_TEMPLATE/region.yml index 0e6ed816993f4..8ef3aa3ca8835 100644 --- a/.github/ISSUE_TEMPLATE/region.yml +++ b/.github/ISSUE_TEMPLATE/region.yml @@ -1,7 +1,7 @@ name: New Region -description: Register a new region. +description: Register a new region. Internal CDK team use only. title: "Register new region: [region]" -labels: ["@aws-cdk/region-info", "feature-request", "p1", "effort/medium"] +labels: ["@aws-cdk/region-info", "feature-request", needs-triage, "effort/medium"] body: - type: input id: ROUTE_53_BUCKET_WEBSITE_ZONE_IDS diff --git a/.github/ISSUE_TEMPLATE/tracking.yml b/.github/ISSUE_TEMPLATE/tracking.yml index 0ecfc903b002c..798be3162f769 100644 --- a/.github/ISSUE_TEMPLATE/tracking.yml +++ b/.github/ISSUE_TEMPLATE/tracking.yml @@ -1,7 +1,7 @@ name: Tracking Issue -description: Add a module tracking issue (internal use only) +description: Add a module tracking issue. Internal CDK team use only. title: "Tracking: [service]" -labels: [management/tracking] +labels: [needs-triage, management/tracking] body: - type: markdown attributes: diff --git a/.github/workflows/issue-regression-labeler.yml b/.github/workflows/issue-regression-labeler.yml new file mode 100644 index 0000000000000..bd000719d101b --- /dev/null +++ b/.github/workflows/issue-regression-labeler.yml @@ -0,0 +1,32 @@ +# Apply potential regression label on issues +name: issue-regression-label +on: + issues: + types: [opened, edited] +jobs: + add-regression-label: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Fetch template body + id: check_regression + uses: actions/github-script@v7 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TEMPLATE_BODY: ${{ github.event.issue.body }} + with: + script: | + const regressionPattern = /\[x\] Select this option if this issue appears to be a regression\./i; + const template = `${process.env.TEMPLATE_BODY}` + const match = regressionPattern.test(template); + core.setOutput('is_regression', match); + - name: Manage regression label + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + if [ "${{ steps.check_regression.outputs.is_regression }}" == "true" ]; then + gh issue edit ${{ github.event.issue.number }} --add-label "potential-regression" -R ${{ github.repository }} + else + gh issue edit ${{ github.event.issue.number }} --remove-label "potential-regression" -R ${{ github.repository }} + fi diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 5d85f5628d34b..a85d24901e71d 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -12,11 +12,11 @@ Shout out to our top contributors! - [shivlaks](https://github.com/shivlaks) - [otaviomacedo](https://github.com/otaviomacedo) - [mrgrain](https://github.com/mrgrain) -- [madeline-k](https://github.com/madeline-k) - [pahud](https://github.com/pahud) +- [madeline-k](https://github.com/madeline-k) - [comcalvi](https://github.com/comcalvi) -- [NetaNir](https://github.com/NetaNir) - [TheRealAmazonKendra](https://github.com/TheRealAmazonKendra) +- [NetaNir](https://github.com/NetaNir) - [robertd](https://github.com/robertd) - [MrArnoldPalmer](https://github.com/MrArnoldPalmer) - [go-to-k](https://github.com/go-to-k) @@ -24,9 +24,9 @@ Shout out to our top contributors! - [peterwoodworth](https://github.com/peterwoodworth) - [colifran](https://github.com/colifran) - [msambol](https://github.com/msambol) -- [nija-at](https://github.com/nija-at) - [watany-dev](https://github.com/watany-dev) +- [nija-at](https://github.com/nija-at) - [hoegertn](https://github.com/hoegertn) -_Last updated: Mon, 01 Jul 24 00:11:02 +0000_ \ No newline at end of file +_Last updated: Thu, 01 Aug 24 00:10:57 +0000_ \ No newline at end of file diff --git a/package.json b/package.json index 4b07be0640957..6e7b4575961f2 100644 --- a/package.json +++ b/package.json @@ -25,9 +25,9 @@ "fs-extra": "^9.1.0", "graceful-fs": "^4.2.11", "jest-junit": "^13.2.0", - "jsii-diff": "1.101.0", - "jsii-pacmak": "1.101.0", - "jsii-reflect": "1.101.0", + "jsii-diff": "1.102.0", + "jsii-pacmak": "1.102.0", + "jsii-reflect": "1.102.0", "lerna": "^8.1.5", "nx": "^19.4.0", "patch-package": "^6.5.1", @@ -177,4 +177,4 @@ "dependencies": { "string-width": "^4.2.3" } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json index db4752252f4fa..de953f1e34aad 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json index e2d86bf155bda..7fbccde788f96 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33": { + "29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d": { "source": { "path": "batch-stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33.json", + "objectKey": "29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json index 1ef8be9489013..c99047b447f4b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json @@ -1118,6 +1118,108 @@ "Type": "managed", "UpdatePolicy": {} } + }, + "ECSAL2023SecurityGroup7AE4A1D4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/ECS_AL2023/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "ECSAL2023InstanceProfileRoleEBA7FF23": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "ECSAL2023InstanceProfile14B35A51": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ] + } + }, + "ECSAL20239DA0188B": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "ComputeResources": { + "AllocationStrategy": "BEST_FIT_PROGRESSIVE", + "Ec2Configuration": [ + { + "ImageType": "ECS_AL2023" + } + ], + "InstanceRole": { + "Fn::GetAtt": [ + "ECSAL2023InstanceProfile14B35A51", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ECSAL2023SecurityGroup7AE4A1D4", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "EC2" + }, + "ReplaceComputeEnvironment": false, + "State": "ENABLED", + "Type": "managed", + "UpdatePolicy": {} + } } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json index 824bd984c00e7..1d97ef0a4308e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "BatchManagedComputeEnvironmentTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json index 7fff489e95068..9ec827b896504 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "batch-stack.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "batch-stack.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -339,6 +340,30 @@ "data": "taggedCE5029E6F8" } ], + "/batch-stack/ECS_AL2023/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023SecurityGroup7AE4A1D4" + } + ], + "/batch-stack/ECS_AL2023/InstanceProfileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ], + "/batch-stack/ECS_AL2023/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023InstanceProfile14B35A51" + } + ], + "/batch-stack/ECS_AL2023/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL20239DA0188B" + } + ], "/batch-stack/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -367,6 +392,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json index 029a5cd85e503..7d665f06bcdc1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json @@ -1880,6 +1880,178 @@ "version": "0.0.0" } }, + "ECS_AL2023": { + "id": "ECS_AL2023", + "path": "batch-stack/ECS_AL2023", + "children": { + "SecurityGroup": { + "id": "SecurityGroup", + "path": "batch-stack/ECS_AL2023/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/ECS_AL2023/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceProfileRole": { + "id": "InstanceProfileRole", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole", + "children": { + "ImportInstanceProfileRole": { + "id": "ImportInstanceProfileRole", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole/ImportInstanceProfileRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "batch-stack/ECS_AL2023/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "computeResources": { + "maxvCpus": 256, + "type": "EC2", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ECSAL2023SecurityGroup7AE4A1D4", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "minvCpus": 0, + "instanceRole": { + "Fn::GetAtt": [ + "ECSAL2023InstanceProfile14B35A51", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "allocationStrategy": "BEST_FIT_PROGRESSIVE", + "ec2Configuration": [ + { + "imageType": "ECS_AL2023" + } + ] + }, + "replaceComputeEnvironment": false, + "state": "ENABLED", + "type": "managed", + "updatePolicy": {} + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironment", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "batch-stack/BootstrapVersion", @@ -1915,7 +2087,7 @@ "path": "BatchManagedComputeEnvironmentTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -1961,7 +2133,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts index 61de496afa32c..0d71b9cfbff4e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts @@ -3,7 +3,7 @@ import { LaunchTemplate } from 'aws-cdk-lib/aws-ec2'; import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import { App, Duration, Stack, Tags } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; -import { AllocationStrategy, FargateComputeEnvironment, ManagedEc2EcsComputeEnvironment } from 'aws-cdk-lib/aws-batch'; +import { AllocationStrategy, FargateComputeEnvironment, ManagedEc2EcsComputeEnvironment, EcsMachineImageType } from 'aws-cdk-lib/aws-batch'; const app = new App(); const stack = new Stack(app, 'batch-stack'); @@ -79,6 +79,13 @@ const taggedEc2Ecs = new ManagedEc2EcsComputeEnvironment(stack, 'taggedCE', { Tags.of(taggedEc2Ecs).add('foo', 'bar'); Tags.of(taggedEc2Ecs).add('super', 'salamander'); +new ManagedEc2EcsComputeEnvironment(stack, 'ECS_AL2023', { + vpc, + images: [{ + imageType: EcsMachineImageType.ECS_AL2023, + }], +}); + new integ.IntegTest(app, 'BatchManagedComputeEnvironmentTest', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json new file mode 100644 index 0000000000000..a07133b76fc7d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json @@ -0,0 +1,20 @@ +{ + "version": "36.0.0", + "files": { + "f6c3259c52a142bbcf580bb47c14037f7819c4cebfb51d6c8586c38bc79c5509": { + "source": { + "path": "aws-cdk-global-table-v2.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-eu-west-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-eu-west-1", + "objectKey": "f6c3259c52a142bbcf580bb47c14037f7819c4cebfb51d6c8586c38bc79c5509.json", + "region": "eu-west-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-eu-west-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json new file mode 100644 index 0000000000000..35b13b4c70e59 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json @@ -0,0 +1,117 @@ +{ + "Resources": { + "GlobalTableV212B4E024": { + "Type": "AWS::DynamoDB::GlobalTable", + "Properties": { + "AttributeDefinitions": [ + { + "AttributeName": "pk", + "AttributeType": "S" + }, + { + "AttributeName": "sk", + "AttributeType": "N" + } + ], + "BillingMode": "PAY_PER_REQUEST", + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi2", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + } + ], + "Projection": { + "ProjectionType": "ALL" + }, + "WriteOnDemandThroughputSettings": { + "MaxWriteRequestUnits": 2001 + } + } + ], + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + }, + { + "AttributeName": "sk", + "KeyType": "RANGE" + } + ], + "Replicas": [ + { + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 222 + }, + "Region": "us-east-1" + }, + { + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "Region": "eu-west-1" + } + ], + "StreamSpecification": { + "StreamViewType": "NEW_AND_OLD_IMAGES" + }, + "TableName": "my-global-table-v2", + "WriteOnDemandThroughputSettings": { + "MaxWriteRequestUnits": 10 + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json new file mode 100644 index 0000000000000..02772f0375026 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json new file mode 100644 index 0000000000000..d1446d6169277 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json @@ -0,0 +1,16 @@ +{ + "version": "36.0.0", + "testCases": { + "aws-cdk-global-table-integ-v2/DefaultTest": { + "stacks": [ + "aws-cdk-global-table-v2" + ], + "regions": [ + "eu-west-1" + ], + "stackUpdateWorkflow": false, + "assertionStack": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert", + "assertionStackName": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json new file mode 100644 index 0000000000000..0377675ebe18a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json @@ -0,0 +1,121 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-global-table-v2.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-global-table-v2.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-global-table-v2": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/eu-west-1", + "properties": { + "templateFile": "aws-cdk-global-table-v2.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-eu-west-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-eu-west-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-eu-west-1/f6c3259c52a142bbcf580bb47c14037f7819c4cebfb51d6c8586c38bc79c5509.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-global-table-v2.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-eu-west-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-global-table-v2.assets" + ], + "metadata": { + "/aws-cdk-global-table-v2/GlobalTableV2": [ + { + "type": "aws:cdk:hasPhysicalName", + "data": { + "Ref": "GlobalTableV212B4E024" + } + } + ], + "/aws-cdk-global-table-v2/GlobalTableV2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalTableV212B4E024" + } + ], + "/aws-cdk-global-table-v2/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table-v2/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table-v2" + }, + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets" + ], + "metadata": { + "/aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json new file mode 100644 index 0000000000000..574bf311dffef --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json @@ -0,0 +1,196 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-global-table-v2": { + "id": "aws-cdk-global-table-v2", + "path": "aws-cdk-global-table-v2", + "children": { + "GlobalTableV2": { + "id": "GlobalTableV2", + "path": "aws-cdk-global-table-v2/GlobalTableV2", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-global-table-v2/GlobalTableV2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::DynamoDB::GlobalTable", + "aws:cdk:cloudformation:props": { + "attributeDefinitions": [ + { + "attributeName": "pk", + "attributeType": "S" + }, + { + "attributeName": "sk", + "attributeType": "N" + } + ], + "billingMode": "PAY_PER_REQUEST", + "globalSecondaryIndexes": [ + { + "indexName": "gsi2", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + } + ], + "projection": { + "projectionType": "ALL" + }, + "writeOnDemandThroughputSettings": { + "maxWriteRequestUnits": 2001 + } + } + ], + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + }, + { + "attributeName": "sk", + "keyType": "RANGE" + } + ], + "replicas": [ + { + "region": "us-east-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + } + } + ], + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 222 + } + }, + { + "region": "eu-west-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + } + } + ] + } + ], + "streamSpecification": { + "streamViewType": "NEW_AND_OLD_IMAGES" + }, + "tableName": "my-global-table-v2", + "writeOnDemandThroughputSettings": { + "maxWriteRequestUnits": 10 + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.CfnGlobalTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.TableBaseV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table-v2/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table-v2/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-global-table-integ-v2": { + "id": "aws-cdk-global-table-integ-v2", + "path": "aws-cdk-global-table-integ-v2", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-global-table-integ-v2/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts new file mode 100644 index 0000000000000..794266767b156 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts @@ -0,0 +1,41 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import { AttributeType, Billing, TableV2 } from 'aws-cdk-lib/aws-dynamodb'; +import { Construct } from 'constructs'; + +class TestStack extends Stack { + public constructor(scope: Construct, id: string, props: StackProps) { + super(scope, id, props); + + new TableV2(this, 'GlobalTableV2', { + tableName: 'my-global-table-v2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + sortKey: { name: 'sk', type: AttributeType.NUMBER }, + billing: Billing.onDemand({ + maxWriteRequestUnits: 10, + }), + removalPolicy: RemovalPolicy.DESTROY, + replicas: [ + { + region: 'us-east-1', + maxReadRequestUnits: 222, + }, + ], + globalSecondaryIndexes: [ + { + indexName: 'gsi2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 2001, + maxWriteRequestUnits: 2001, + }, + ], + }); + } +} + +const app = new App(); +new IntegTest(app, 'aws-cdk-global-table-integ-v2', { + testCases: [new TestStack(app, 'aws-cdk-global-table-v2', { env: { region: 'eu-west-1' } })], + regions: ['eu-west-1'], + stackUpdateWorkflow: false, +}); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json new file mode 100644 index 0000000000000..aa94a2c7845ca --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json @@ -0,0 +1,20 @@ +{ + "version": "36.0.0", + "files": { + "cc5278f2745ed14e48839e10ba3e84d52a026101a039e164e937d90f16b69c34": { + "source": { + "path": "aws-cdk-global-table.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "cc5278f2745ed14e48839e10ba3e84d52a026101a039e164e937d90f16b69c34.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json new file mode 100644 index 0000000000000..e1e71ad2043c7 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json @@ -0,0 +1,247 @@ +{ + "Resources": { + "Stream790BDEE4": { + "Type": "AWS::Kinesis::Stream", + "Properties": { + "RetentionPeriodHours": 24, + "ShardCount": 1, + "StreamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "GlobalTable89F068B2": { + "Type": "AWS::DynamoDB::GlobalTable", + "Properties": { + "AttributeDefinitions": [ + { + "AttributeName": "pk", + "AttributeType": "S" + }, + { + "AttributeName": "sk", + "AttributeType": "N" + } + ], + "BillingMode": "PAY_PER_REQUEST", + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi1", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + } + ], + "Projection": { + "ProjectionType": "ALL" + } + }, + { + "IndexName": "gsi2", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + } + ], + "Projection": { + "ProjectionType": "ALL" + }, + "WriteOnDemandThroughputSettings": { + "MaxWriteRequestUnits": 2001 + } + } + ], + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + }, + { + "AttributeName": "sk", + "KeyType": "RANGE" + } + ], + "LocalSecondaryIndexes": [ + { + "IndexName": "lsi", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + }, + { + "AttributeName": "sk", + "KeyType": "RANGE" + } + ], + "Projection": { + "ProjectionType": "ALL" + } + } + ], + "Replicas": [ + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "GlobalSecondaryIndexes": [ + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi1", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 1002 + } + }, + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "PointInTimeRecoverySpecification": { + "PointInTimeRecoveryEnabled": true + }, + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 222 + }, + "Region": "eu-west-1", + "TableClass": "STANDARD_INFREQUENT_ACCESS" + }, + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "GlobalSecondaryIndexes": [ + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi1", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 1002 + } + }, + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "KinesisStreamSpecification": { + "StreamArn": { + "Fn::GetAtt": [ + "Stream790BDEE4", + "Arn" + ] + } + }, + "PointInTimeRecoverySpecification": { + "PointInTimeRecoveryEnabled": true + }, + "Region": "us-east-1", + "TableClass": "STANDARD_INFREQUENT_ACCESS", + "Tags": [ + { + "Key": "primaryTableTagKey", + "Value": "primaryTableTagValue" + } + ] + } + ], + "SSESpecification": { + "SSEEnabled": true, + "SSEType": "KMS" + }, + "StreamSpecification": { + "StreamViewType": "NEW_AND_OLD_IMAGES" + }, + "TableName": "my-global-table", + "TimeToLiveSpecification": { + "AttributeName": "attr", + "Enabled": true + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Conditions": { + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-north-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-northwest-1" + ] + } + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json similarity index 63% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json index 06bf236bec53b..0a9ffc385b09a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json @@ -1,15 +1,15 @@ { "version": "36.0.0", "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { - "path": "PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json", + "path": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json", "packaging": "file" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json new file mode 100644 index 0000000000000..15437c63539c9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json @@ -0,0 +1,16 @@ +{ + "version": "36.0.0", + "testCases": { + "aws-cdk-global-table-integ/DefaultTest": { + "stacks": [ + "aws-cdk-global-table" + ], + "regions": [ + "us-east-1" + ], + "stackUpdateWorkflow": false, + "assertionStack": "aws-cdk-global-table-integ/DefaultTest/DeployAssert", + "assertionStackName": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f36374c4697b1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json @@ -0,0 +1,133 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-global-table.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-global-table.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-global-table": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/us-east-1", + "properties": { + "templateFile": "aws-cdk-global-table.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/cc5278f2745ed14e48839e10ba3e84d52a026101a039e164e937d90f16b69c34.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-global-table.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-global-table.assets" + ], + "metadata": { + "/aws-cdk-global-table/Stream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Stream790BDEE4" + } + ], + "/aws-cdk-global-table/AwsCdkKinesisEncryptedStreamsUnsupportedRegions": [ + { + "type": "aws:cdk:logicalId", + "data": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions" + } + ], + "/aws-cdk-global-table/GlobalTable": [ + { + "type": "aws:cdk:hasPhysicalName", + "data": { + "Ref": "GlobalTable89F068B2" + } + } + ], + "/aws-cdk-global-table/GlobalTable/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalTable89F068B2" + } + ], + "/aws-cdk-global-table/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table" + }, + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets" + ], + "metadata": { + "/aws-cdk-global-table-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json new file mode 100644 index 0000000000000..963c19fb401dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json @@ -0,0 +1,328 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-global-table": { + "id": "aws-cdk-global-table", + "path": "aws-cdk-global-table", + "children": { + "Stream": { + "id": "Stream", + "path": "aws-cdk-global-table/Stream", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-global-table/Stream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Kinesis::Stream", + "aws:cdk:cloudformation:props": { + "retentionPeriodHours": 24, + "shardCount": 1, + "streamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.CfnStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.Stream", + "version": "0.0.0" + } + }, + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "id": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "path": "aws-cdk-global-table/AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnCondition", + "version": "0.0.0" + } + }, + "GlobalTable": { + "id": "GlobalTable", + "path": "aws-cdk-global-table/GlobalTable", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-global-table/GlobalTable/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::DynamoDB::GlobalTable", + "aws:cdk:cloudformation:props": { + "attributeDefinitions": [ + { + "attributeName": "pk", + "attributeType": "S" + }, + { + "attributeName": "sk", + "attributeType": "N" + } + ], + "billingMode": "PAY_PER_REQUEST", + "globalSecondaryIndexes": [ + { + "indexName": "gsi1", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + } + ], + "projection": { + "projectionType": "ALL" + } + }, + { + "indexName": "gsi2", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + } + ], + "projection": { + "projectionType": "ALL" + }, + "writeOnDemandThroughputSettings": { + "maxWriteRequestUnits": 2001 + } + } + ], + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + }, + { + "attributeName": "sk", + "keyType": "RANGE" + } + ], + "localSecondaryIndexes": [ + { + "indexName": "lsi", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + }, + { + "attributeName": "sk", + "keyType": "RANGE" + } + ], + "projection": { + "projectionType": "ALL" + } + } + ], + "replicas": [ + { + "region": "eu-west-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi1", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 1002 + }, + "contributorInsightsSpecification": { + "enabled": true + } + }, + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + }, + "contributorInsightsSpecification": { + "enabled": true + } + } + ], + "tableClass": "STANDARD_INFREQUENT_ACCESS", + "contributorInsightsSpecification": { + "enabled": true + }, + "pointInTimeRecoverySpecification": { + "pointInTimeRecoveryEnabled": true + }, + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 222 + } + }, + { + "region": "us-east-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi1", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 1002 + }, + "contributorInsightsSpecification": { + "enabled": true + } + }, + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + }, + "contributorInsightsSpecification": { + "enabled": true + } + } + ], + "tableClass": "STANDARD_INFREQUENT_ACCESS", + "kinesisStreamSpecification": { + "streamArn": { + "Fn::GetAtt": [ + "Stream790BDEE4", + "Arn" + ] + } + }, + "contributorInsightsSpecification": { + "enabled": true + }, + "pointInTimeRecoverySpecification": { + "pointInTimeRecoveryEnabled": true + }, + "tags": [ + { + "key": "primaryTableTagKey", + "value": "primaryTableTagValue" + } + ] + } + ], + "sseSpecification": { + "sseEnabled": true, + "sseType": "KMS" + }, + "streamSpecification": { + "streamViewType": "NEW_AND_OLD_IMAGES" + }, + "tableName": "my-global-table", + "timeToLiveSpecification": { + "attributeName": "attr", + "enabled": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.CfnGlobalTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.TableBaseV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-global-table-integ": { + "id": "aws-cdk-global-table-integ", + "path": "aws-cdk-global-table-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-global-table-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-global-table-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-global-table-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts new file mode 100644 index 0000000000000..c2070e0b45754 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts @@ -0,0 +1,60 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import { AttributeType, Billing, TableV2, TableClass, TableEncryptionV2 } from 'aws-cdk-lib/aws-dynamodb'; +import { Stream } from 'aws-cdk-lib/aws-kinesis'; +import { Construct } from 'constructs'; + +class TestStack extends Stack { + public constructor(scope: Construct, id: string, props: StackProps) { + super(scope, id, props); + + const stream = new Stream(this, 'Stream'); + + new TableV2(this, 'GlobalTable', { + tableName: 'my-global-table', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + sortKey: { name: 'sk', type: AttributeType.NUMBER }, + billing: Billing.onDemand(), + encryption: TableEncryptionV2.awsManagedKey(), + contributorInsights: true, + pointInTimeRecovery: true, + tableClass: TableClass.STANDARD_INFREQUENT_ACCESS, + timeToLiveAttribute: 'attr', + removalPolicy: RemovalPolicy.DESTROY, + kinesisStream: stream, + replicas: [ + { + region: 'eu-west-1', + maxReadRequestUnits: 222, + }, + ], + globalSecondaryIndexes: [ + { + indexName: 'gsi1', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 1002, + }, + { + indexName: 'gsi2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 2001, + maxWriteRequestUnits: 2001, + }, + ], + localSecondaryIndexes: [ + { + indexName: 'lsi', + sortKey: { name: 'sk', type: AttributeType.NUMBER }, + }, + ], + tags: [{ key: 'primaryTableTagKey', value: 'primaryTableTagValue' }], + }); + } +} + +const app = new App(); +new IntegTest(app, 'aws-cdk-global-table-integ', { + testCases: [new TestStack(app, 'aws-cdk-global-table', { env: { region: 'us-east-1' } })], + regions: ['us-east-1'], + stackUpdateWorkflow: false, +}); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json index 32e11a1d2250a..5e8e335699b08 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json @@ -5,16 +5,6 @@ "stacks": [ "ResourcePolicyTest-v2" ], - "regions": [ - "us-east-1" - ], - "cdkCommandOptions": { - "deploy": { - "args": { - "rollback": true - } - } - }, "assertionStack": "table-v2-resource-policy-integ-test/DefaultTest/DeployAssert", "assertionStackName": "tablev2resourcepolicyintegtestDefaultTestDeployAssertBE3353C7" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json index 3a0a1c50405d4..8417b42605972 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json @@ -71,7 +71,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_dynamodb.TableV2", + "fqn": "aws-cdk-lib.aws_dynamodb.TableBaseV2", "version": "0.0.0" } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json index fd6b84f880be7..a06498ad4deee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "36.0.0", "files": { - "6721dc6f360c620369b9c3be4b289ff536e0faa87f39bac615b56ff31b2c609e": { + "4413d3171770b8ef5d6566130e7d33ddf852ba9ac51a59b9aea634446217bb3f": { "source": { "path": "aws-cdk-dynamodb.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6721dc6f360c620369b9c3be4b289ff536e0faa87f39bac615b56ff31b2c609e.json", + "objectKey": "4413d3171770b8ef5d6566130e7d33ddf852ba9ac51a59b9aea634446217bb3f.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json index 4b943cf19b09d..6c7b3cd8fad33 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json @@ -3,19 +3,23 @@ "TableCD117FA1": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ + "AttributeDefinitions": [ { "AttributeName": "hashKey", - "KeyType": "HASH" + "AttributeType": "S" } ], - "AttributeDefinitions": [ + "BillingMode": "PAY_PER_REQUEST", + "KeySchema": [ { "AttributeName": "hashKey", - "AttributeType": "S" + "KeyType": "HASH" } ], - "BillingMode": "PAY_PER_REQUEST" + "OnDemandThroughput": { + "MaxReadRequestUnits": 100, + "MaxWriteRequestUnits": 200 + } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" @@ -23,16 +27,6 @@ "TableWithGlobalAndLocalSecondaryIndexBC540710": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ - { - "AttributeName": "hashKey", - "KeyType": "HASH" - }, - { - "AttributeName": "sortKey", - "KeyType": "RANGE" - } - ], "AttributeDefinitions": [ { "AttributeName": "hashKey", @@ -65,6 +59,10 @@ "KeyType": "HASH" } ], + "OnDemandThroughput": { + "MaxReadRequestUnits": 100, + "MaxWriteRequestUnits": 100 + }, "Projection": { "ProjectionType": "ALL" } @@ -146,6 +144,16 @@ } } ], + "KeySchema": [ + { + "AttributeName": "hashKey", + "KeyType": "HASH" + }, + { + "AttributeName": "sortKey", + "KeyType": "RANGE" + } + ], "LocalSecondaryIndexes": [ { "IndexName": "LSI-PartitionAndTableSortKey", @@ -250,12 +258,6 @@ "TableWithGlobalSecondaryIndexCC8E841E": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ - { - "AttributeName": "hashKey", - "KeyType": "HASH" - } - ], "AttributeDefinitions": [ { "AttributeName": "hashKey", @@ -280,6 +282,12 @@ "ProjectionType": "ALL" } } + ], + "KeySchema": [ + { + "AttributeName": "hashKey", + "KeyType": "HASH" + } ] }, "UpdateReplacePolicy": "Delete", @@ -288,16 +296,6 @@ "TableWithLocalSecondaryIndex4DA3D08F": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ - { - "AttributeName": "hashKey", - "KeyType": "HASH" - }, - { - "AttributeName": "sortKey", - "KeyType": "RANGE" - } - ], "AttributeDefinitions": [ { "AttributeName": "hashKey", @@ -313,6 +311,16 @@ } ], "BillingMode": "PAY_PER_REQUEST", + "KeySchema": [ + { + "AttributeName": "hashKey", + "KeyType": "HASH" + }, + { + "AttributeName": "sortKey", + "KeyType": "RANGE" + } + ], "LocalSecondaryIndexes": [ { "IndexName": "LSI-PartitionAndSortKey", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out index 588d7b269d34f..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json index 8c1bf3f2a284a..41061cbfbe3ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "36.0.0", "testCases": { "integ.dynamodb.ondemand": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json index fda20497ff2a4..46a693620203b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "36.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "aws-cdk-dynamodb.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-dynamodb.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6721dc6f360c620369b9c3be4b289ff536e0faa87f39bac615b56ff31b2c609e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4413d3171770b8ef5d6566130e7d33ddf852ba9ac51a59b9aea634446217bb3f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -77,6 +72,12 @@ ] }, "displayName": "aws-cdk-dynamodb" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json index e5ea52068becf..c149e06017f7a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "aws-cdk-dynamodb": { "id": "aws-cdk-dynamodb", "path": "aws-cdk-dynamodb", @@ -26,23 +18,27 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ + "attributeDefinitions": [ { "attributeName": "hashKey", - "keyType": "HASH" + "attributeType": "S" } ], - "attributeDefinitions": [ + "billingMode": "PAY_PER_REQUEST", + "keySchema": [ { "attributeName": "hashKey", - "attributeType": "S" + "keyType": "HASH" } ], - "billingMode": "PAY_PER_REQUEST" + "onDemandThroughput": { + "maxReadRequestUnits": 100, + "maxWriteRequestUnits": 200 + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -50,13 +46,13 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/Table/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", "version": "0.0.0" } }, @@ -70,16 +66,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ - { - "attributeName": "hashKey", - "keyType": "HASH" - }, - { - "attributeName": "sortKey", - "keyType": "RANGE" - } - ], "attributeDefinitions": [ { "attributeName": "hashKey", @@ -114,6 +100,10 @@ ], "projection": { "projectionType": "ALL" + }, + "onDemandThroughput": { + "maxReadRequestUnits": 100, + "maxWriteRequestUnits": 100 } }, { @@ -193,6 +183,16 @@ } } ], + "keySchema": [ + { + "attributeName": "hashKey", + "keyType": "HASH" + }, + { + "attributeName": "sortKey", + "keyType": "RANGE" + } + ], "localSecondaryIndexes": [ { "indexName": "LSI-PartitionAndTableSortKey", @@ -293,7 +293,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -301,13 +301,13 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/TableWithGlobalAndLocalSecondaryIndex/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", "version": "0.0.0" } }, @@ -321,12 +321,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ - { - "attributeName": "hashKey", - "keyType": "HASH" - } - ], "attributeDefinitions": [ { "attributeName": "hashKey", @@ -351,11 +345,17 @@ "projectionType": "ALL" } } + ], + "keySchema": [ + { + "attributeName": "hashKey", + "keyType": "HASH" + } ] } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -363,13 +363,13 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/TableWithGlobalSecondaryIndex/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", "version": "0.0.0" } }, @@ -383,16 +383,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ - { - "attributeName": "hashKey", - "keyType": "HASH" - }, - { - "attributeName": "sortKey", - "keyType": "RANGE" - } - ], "attributeDefinitions": [ { "attributeName": "hashKey", @@ -408,6 +398,16 @@ } ], "billingMode": "PAY_PER_REQUEST", + "keySchema": [ + { + "attributeName": "hashKey", + "keyType": "HASH" + }, + { + "attributeName": "sortKey", + "keyType": "RANGE" + } + ], "localSecondaryIndexes": [ { "indexName": "LSI-PartitionAndSortKey", @@ -429,7 +429,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -437,26 +437,50 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/TableWithLocalSecondaryIndex/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-dynamodb/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-dynamodb/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts index 5a82c86155d65..e28fe9af89c43 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts @@ -45,6 +45,8 @@ new Table(stack, TABLE, { billingMode: BillingMode.PAY_PER_REQUEST, partitionKey: TABLE_PARTITION_KEY, removalPolicy: RemovalPolicy.DESTROY, + maxReadRequestUnits: 100, + maxWriteRequestUnits: 200, }); const tableWithGlobalAndLocalSecondaryIndex = new Table(stack, TABLE_WITH_GLOBAL_AND_LOCAL_SECONDARY_INDEX, { @@ -63,6 +65,8 @@ Tags.of(tableWithGlobalAndLocalSecondaryIndex).add('Environment', 'Production'); tableWithGlobalAndLocalSecondaryIndex.addGlobalSecondaryIndex({ indexName: GSI_TEST_CASE_1, partitionKey: GSI_PARTITION_KEY, + maxReadRequestUnits: 100, + maxWriteRequestUnits: 100, }); tableWithGlobalAndLocalSecondaryIndex.addGlobalSecondaryIndex({ indexName: GSI_TEST_CASE_2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json index 37139758282cd..efd673ae6169d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json @@ -40,7 +40,7 @@ } } }, - "55adc2a4d264e77d2c794df6cb13dd26ee0a9986d5b00a9bfe3cd48b6e0b2dfe": { + "db1c5d9623e5e22db4e511f52daf89f93fb1cbb8f325df40d03d5c50413e63a3": { "source": { "path": "integ-ec2-multiple-instances-in-stack.template.json", "packaging": "file" @@ -48,7 +48,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "55adc2a4d264e77d2c794df6cb13dd26ee0a9986d5b00a9bfe3cd48b6e0b2dfe.json", + "objectKey": "db1c5d9623e5e22db4e511f52daf89f93fb1cbb8f325df40d03d5c50413e63a3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json index 787b41606da14..e09958092be8c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json @@ -906,7 +906,7 @@ "Fn::Join": [ "", [ - "#!/bin/bash\n# fingerprint: 8787022e9944cbeb\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", + "#!/bin/bash\n# fingerprint: 370d9b2dcf8bf44b\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", { "Ref": "AWS::Region" }, @@ -955,6 +955,29 @@ "owner": "root", "group": "root" } + }, + "commands": { + "000": { + "command": [ + "useradd", + "-u", + "1001", + "-g", + "1001", + "eguser" + ] + }, + "001": { + "command": [ + "useradd", + "-a", + "-u", + "1001", + "-g", + "1001", + "eguser" + ] + } } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json index 9d805bac6514b..bd244eaf3c6a4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/55adc2a4d264e77d2c794df6cb13dd26ee0a9986d5b00a9bfe3cd48b6e0b2dfe.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/db1c5d9623e5e22db4e511f52daf89f93fb1cbb8f325df40d03d5c50413e63a3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -259,7 +259,10 @@ "/integ-ec2-multiple-instances-in-stack/SecondInstance/Resource": [ { "type": "aws:cdk:logicalId", - "data": "SecondInstance4834A636" + "data": "SecondInstance4834A636", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/integ-ec2-multiple-instances-in-stack/BootstrapVersion": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json index e556e0419844d..11c69d2c333ad 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json @@ -1265,7 +1265,7 @@ "Fn::Join": [ "", [ - "#!/bin/bash\n# fingerprint: 8787022e9944cbeb\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", + "#!/bin/bash\n# fingerprint: 370d9b2dcf8bf44b\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", { "Ref": "AWS::Region" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts index 87a8ab87c74e6..de01a25b4715f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts @@ -55,6 +55,12 @@ class TestStack extends cdk.Stack { '/target/path/config.json', path.join(tmpDir, 'testConfigFile2'), ), + ec2.InitCommand.argvCommand([ + 'useradd', '-u', '1001', '-g', '1001', 'eguser', + ]), + ec2.InitCommand.argvCommand([ + 'useradd', '-a', '-u', '1001', '-g', '1001', 'eguser', + ]), ]), }, }), diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json index b0e1d19683224..e49e7eba966a3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json @@ -199,7 +199,10 @@ "/integ-init/Instance2/Resource": [ { "type": "aws:cdk:logicalId", - "data": "Instance255F3526574cbd507dfce8b71" + "data": "Instance255F3526574cbd507dfce8b71", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], "/integ-init/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ @@ -219,15 +222,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "Instance255F35265a0c5f577d761edb0": [ - { - "type": "aws:cdk:logicalId", - "data": "Instance255F35265a0c5f577d761edb0", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "integ-init" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json index 28ecb25ccfeed..df5670060ea0f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json @@ -6,1014 +6,850 @@ "": { "name": "eks-service-account-sdk-call-integ-test", "dependencies": { - "@aws-sdk/client-s3": "3.421.0" + "@aws-sdk/client-s3": "3.623.0" } }, "node_modules/@aws-crypto/crc32": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", - "integrity": "sha512-IzSgsrxUcsrejQbPVilIKy16kAT52EwB6zSaI+M3xxIhKh5+aldEyvI+z6erM7TCLB2BJsFrtHjp6/4/sr+3dA==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-5.2.0.tgz", + "integrity": "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==", "dependencies": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, - "node_modules/@aws-crypto/crc32/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, "node_modules/@aws-crypto/crc32c": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", - "integrity": "sha512-ENNPPManmnVJ4BTXlOjAgD7URidbAznURqD0KvfREyc4o20DPYdEldU1f5cQ7Jbj0CJJSPaMIk/9ZshdB3210w==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-5.2.0.tgz", + "integrity": "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag==", "dependencies": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/crc32c/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/ie11-detection": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", - "integrity": "sha512-341lBBkiY1DfDNKai/wXM3aujNBkXR7tq1URPQDL9wi3AUbI80NR74uF1TXHMm7po1AcnFk8iu2S2IeU/+/A+Q==", - "dependencies": { - "tslib": "^1.11.1" + "tslib": "^2.6.2" } }, - "node_modules/@aws-crypto/ie11-detection/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, "node_modules/@aws-crypto/sha1-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", - "integrity": "sha512-NJth5c997GLHs6nOYTzFKTbYdMNA6/1XlKVgnZoaZcQ7z7UJlOgj2JdbHE8tiYLS3fzXNCguct77SPGat2raSw==", - "dependencies": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", - "@aws-sdk/types": "^3.222.0", - "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/sha1-browser/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/sha256-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", - "integrity": "sha512-8VLmW2B+gjFbU5uMeqtQM6Nj0/F1bro80xQXCW6CQBWgosFWXTx77aeOF5CAIAmbOK64SdMBJdNr6J41yP5mvQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-5.2.0.tgz", + "integrity": "sha512-OH6lveCFfcDjX4dbAvCFSYUjJZjDr/3XJ3xHtjn3Oj5b9RjojQo8npoLeA/bNwkOkrSQ0wgrHzXk4tDRxGKJeg==", "dependencies": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/sha256-js": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/sha256-browser/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/sha256-js": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", - "integrity": "sha512-PnNN7os0+yd1XvXAy23CFOmTbMaDxgxXtTKHybrJ39Y8kGzBATgBFibWJKH6BhytLI/Zyszs87xCOBNyBig6vQ==", - "dependencies": { - "@aws-crypto/util": "^3.0.0", - "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/sha256-js/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/supports-web-crypto": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", - "integrity": "sha512-06hBdMwUAb2WFTuGG73LSC0wfPu93xWwo5vL2et9eymgmu3Id5vFAHBbajVWiGhPO37qcsdCap/FqXvJGJWPIg==", - "dependencies": { - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/util": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", - "integrity": "sha512-2OJlpeJpCR48CC8r+uKVChzs9Iungj9wkZrl8Z041DWEWvyIHILYKCPNzJghKsivj+S3mLo6BVc7mBNzdxA46w==", - "dependencies": { - "@aws-sdk/types": "^3.222.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/util/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-sdk/client-s3": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.421.0.tgz", - "integrity": "sha512-vUXTY4toeHDf5EY2kOn04Ww9vTW2IVGy4+cymFp1cz5QT7g9KKj4Okj5DMdPld2y7wjgc+J/viTWEf26By49vw==", - "dependencies": { - "@aws-crypto/sha1-browser": "3.0.0", - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/client-sts": "3.421.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-bucket-endpoint": "3.418.0", - "@aws-sdk/middleware-expect-continue": "3.418.0", - "@aws-sdk/middleware-flexible-checksums": "3.418.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-location-constraint": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-s3": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-ssec": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/signature-v4-multi-region": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@aws-sdk/xml-builder": "3.310.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/eventstream-serde-browser": "^2.0.9", - "@smithy/eventstream-serde-config-resolver": "^2.0.9", - "@smithy/eventstream-serde-node": "^2.0.9", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-blob-browser": "^2.0.9", - "@smithy/hash-node": "^2.0.9", - "@smithy/hash-stream-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/md5-js": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-stream": "^2.0.12", "@smithy/util-utf8": "^2.0.0", - "@smithy/util-waiter": "^2.0.9", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/client-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.421.0.tgz", - "integrity": "sha512-40CmW7K2/FZEn3CbOjbpRYeVjKu6aJQlpRHcAgEJGNoVEAnRA3YNH4H0BN2iWWITfYg3B7sIjMm5VE9fCIK1Ng==", - "dependencies": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "dependencies": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/client-sso/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/client-sts": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.421.0.tgz", - "integrity": "sha512-/92NOZMcdkBcvGrINk5B/l+6DGcVzYE4Ab3ME4vcY9y//u2gd0yNn5YYRSzzjVBLvhDP3u6CbTfLX2Bm4qihPw==", - "dependencies": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-sts": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", + "node_modules/@aws-crypto/sha256-browser": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz", + "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==", + "dependencies": { + "@aws-crypto/sha256-js": "^5.2.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", + "@aws-sdk/types": "^3.222.0", + "@aws-sdk/util-locate-window": "^3.0.0", "@smithy/util-utf8": "^2.0.0", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-env": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.418.0.tgz", - "integrity": "sha512-e74sS+x63EZUBO+HaI8zor886YdtmULzwKdctsZp5/37Xho1CVUNtEC+fYa69nigBD9afoiH33I4JggaHgrekQ==", + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-env/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/credential-provider-ini": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.421.0.tgz", - "integrity": "sha512-J5yH/gkpAk6FMeH5F9u5Nr6oG+97tj1kkn5q49g3XMbtWw7GiynadxdtoRBCeIg1C7o2LOQx4B1AnhNhIw1z/g==", - "dependencies": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-ini/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha256-js": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz", + "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/credential-provider-node": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.421.0.tgz", - "integrity": "sha512-g1dvdvfDj0u8B/gOsHR3o1arP4O4QE/dFm2IJBYr/eUdKISMUgbQULWtg4zdtAf0Oz4xN0723i7fpXAF1gTnRA==", - "dependencies": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-ini": "3.421.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-crypto/util": "^5.2.0", + "@aws-sdk/types": "^3.222.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/credential-provider-node/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/supports-web-crypto": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz", + "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/credential-provider-process": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.418.0.tgz", - "integrity": "sha512-xPbdm2WKz1oH6pTkrJoUmr3OLuqvvcPYTQX0IIlc31tmDwDWPQjXGGFD/vwZGIZIkKaFpFxVMgAzfFScxox7dw==", + "node_modules/@aws-crypto/util": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz", + "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "@aws-sdk/types": "^3.222.0", + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/credential-provider-process/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/util/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.421.0.tgz", - "integrity": "sha512-f8T3L5rhImL6T6RTSvbOxaWw9k2fDOT2DZbNjcPz9ITWmwXj2NNbdHGWuRi3dv2HoY/nW2IJdNxnhdhbn6Fc1A==", + "node_modules/@aws-crypto/util/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", "dependencies": { - "@aws-sdk/client-sso": "3.421.0", - "@aws-sdk/token-providers": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-sso/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/util/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-web-identity": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.418.0.tgz", - "integrity": "sha512-do7ang565n9p3dS1JdsQY01rUfRx8vkxQqz5M8OlcEHBNiCdi2PvSjNwcBdrv/FKkyIxZb0TImOfBSt40hVdxQ==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node_modules/@aws-sdk/client-s3": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.623.0.tgz", + "integrity": "sha512-vEroSYEtbp5n289xsQnnAhKxg3R5NGkbhKXWpW1m7GGDsFihwVT9CVsDHpIW2Hvezz5ob65gB4ZAYMnJWZuUpA==", + "dependencies": { + "@aws-crypto/sha1-browser": "5.2.0", + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/client-sts": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-bucket-endpoint": "3.620.0", + "@aws-sdk/middleware-expect-continue": "3.620.0", + "@aws-sdk/middleware-flexible-checksums": "3.620.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-location-constraint": "3.609.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/middleware-signing": "3.620.0", + "@aws-sdk/middleware-ssec": "3.609.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/signature-v4-multi-region": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@aws-sdk/xml-builder": "3.609.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/eventstream-serde-browser": "^3.0.5", + "@smithy/eventstream-serde-config-resolver": "^3.0.3", + "@smithy/eventstream-serde-node": "^3.0.4", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-blob-browser": "^3.1.2", + "@smithy/hash-node": "^3.0.3", + "@smithy/hash-stream-node": "^3.1.2", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/md5-js": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "@smithy/util-waiter": "^3.1.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/credential-provider-web-identity/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "node_modules/@aws-sdk/client-sso": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.623.0.tgz", + "integrity": "sha512-oEACriysQMnHIVcNp7TD6D1nzgiHfYK0tmMBMbUxgoFuCBkW9g9QYvspHN+S9KgoePfMEXHuPUe9mtG9AH9XeA==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@aws-sdk/client-sso-oidc": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.623.0.tgz", + "integrity": "sha512-lMFEXCa6ES/FGV7hpyrppT1PiAkqQb51AbG0zVU3TIgI2IO4XX02uzMUXImRSRqRpGymRCbJCaCs9LtKvS/37Q==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" }, - "engines": { - "node": ">=14.0.0" + "peerDependencies": { + "@aws-sdk/client-sts": "^3.623.0" } }, - "node_modules/@aws-sdk/middleware-bucket-endpoint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.418.0.tgz", - "integrity": "sha512-gj/mj1UfbKkGbQ1N4YUvjTTp8BVs5fO1QAL2AjFJ+jfJOToLReX72aNEkm7sPGbHML0TqOY4cQbJuWYy+zdD5g==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node_modules/@aws-sdk/client-sts": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.623.0.tgz", + "integrity": "sha512-iJNdx76SOw0YjHAUv8aj3HXzSu3TKI7qSGuR+OGATwA/kpJZDd+4+WYBdGtr8YK+hPrGGqhfecuCkEg805O5iA==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@aws-sdk/core": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.623.0.tgz", + "integrity": "sha512-8Toq3X6trX/67obSdh4K0MFQY4f132bEbr1i0YPDWk/O3KdBt12mLC/sW3aVRnlIs110XMuX9yrWWqJ8fDW10g==", + "dependencies": { + "@smithy/core": "^2.3.2", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "fast-xml-parser": "4.4.1", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-bucket-endpoint/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-env": { + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.620.1.tgz", + "integrity": "sha512-ExuILJ2qLW5ZO+rgkNRj0xiAipKT16Rk77buvPP8csR7kkCflT/gXTyzRe/uzIiETTxM7tr8xuO9MP/DQXqkfg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-expect-continue": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.418.0.tgz", - "integrity": "sha512-6x4rcIj685EmqDLQkbWoCur3Dg5DRClHMen6nHXmD3CR5Xyt3z1Gk/+jmZICxyJo9c6M4AeZht8o95BopkmYAQ==", + "node_modules/@aws-sdk/credential-provider-http": { + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.622.0.tgz", + "integrity": "sha512-VUHbr24Oll1RK3WR8XLUugLpgK9ZuxEm/NVeVqyFts1Ck9gsKpRg1x4eH7L7tW3SJ4TDEQNMbD7/7J+eoL2svg==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-expect-continue/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-ini": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.623.0.tgz", + "integrity": "sha512-kvXA1SwGneqGzFwRZNpESitnmaENHGFFuuTvgGwtMe7mzXWuA/LkXdbiHmdyAzOo0iByKTCD8uetuwh3CXy4Pw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-flexible-checksums": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.418.0.tgz", - "integrity": "sha512-3O203dqS2JU5P1TAAbo7p1qplXQh59pevw9nqzPVb3EG8B+mSucVf2kKmF7kGHqKSk+nK/mB/4XGSsZBzGt6Wg==", - "dependencies": { - "@aws-crypto/crc32": "3.0.0", - "@aws-crypto/crc32c": "3.0.0", - "@aws-sdk/types": "3.418.0", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "node": ">=16.0.0" }, - "engines": { - "node": ">=14.0.0" + "peerDependencies": { + "@aws-sdk/client-sts": "^3.623.0" } }, - "node_modules/@aws-sdk/middleware-flexible-checksums/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-node": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.623.0.tgz", + "integrity": "sha512-qDwCOkhbu5PfaQHyuQ+h57HEx3+eFhKdtIw7aISziWkGdFrMe07yIBd7TJqGe4nxXnRF1pfkg05xeOlMId997g==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-ini": "3.623.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-host-header": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.418.0.tgz", - "integrity": "sha512-LrMTdzalkPw/1ujLCKPLwCGvPMCmT4P+vOZQRbSEVZPnlZk+Aj++aL/RaHou0jL4kJH3zl8iQepriBt4a7UvXQ==", + "node_modules/@aws-sdk/credential-provider-process": { + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.620.1.tgz", + "integrity": "sha512-hWqFMidqLAkaV9G460+1at6qa9vySbjQKKc04p59OT7lZ5cO5VH5S4aI05e+m4j364MBROjjk2ugNvfNf/8ILg==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-host-header/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-sso": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.623.0.tgz", + "integrity": "sha512-70LZhUb3l7cttEsg4A0S4Jq3qrCT/v5Jfyl8F7w1YZJt5zr3oPPcvDJxo/UYckFz4G4/5BhGa99jK8wMlNE9QA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/client-sso": "3.623.0", + "@aws-sdk/token-providers": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-location-constraint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.418.0.tgz", - "integrity": "sha512-cc8M3VEaESHJhDsDV8tTpt2QYUprDWhvAVVSlcL43cTdZ54Quc0W+toDiaVOUlwrAZz2Y7g5NDj22ibJGFbOvw==", + "node_modules/@aws-sdk/credential-provider-web-identity": { + "version": "3.621.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.621.0.tgz", + "integrity": "sha512-w7ASSyfNvcx7+bYGep3VBgC3K6vEdLmlpjT7nSIHxxQf+WSdvy+HynwJosrpZax0sK5q0D1Jpn/5q+r5lwwW6w==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-location-constraint/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "node": ">=16.0.0" }, - "engines": { - "node": ">=14.0.0" + "peerDependencies": { + "@aws-sdk/client-sts": "^3.621.0" } }, - "node_modules/@aws-sdk/middleware-logger": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.418.0.tgz", - "integrity": "sha512-StKGmyPVfoO/wdNTtKemYwoJsqIl4l7oqarQY7VSf2Mp3mqaa+njLViHsQbirYpyqpgUEusOnuTlH5utxJ1NsQ==", + "node_modules/@aws-sdk/middleware-bucket-endpoint": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.620.0.tgz", + "integrity": "sha512-eGLL0W6L3HDb3OACyetZYOWpHJ+gLo0TehQKeQyy2G8vTYXqNTeqYhuI6up9HVjBzU9eQiULVQETmgQs7TFaRg==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-logger/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-expect-continue": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.620.0.tgz", + "integrity": "sha512-QXeRFMLfyQ31nAHLbiTLtk0oHzG9QLMaof5jIfqcUwnOkO8YnQdeqzakrg1Alpy/VQ7aqzIi8qypkBe2KXZz0A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-recursion-detection": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.418.0.tgz", - "integrity": "sha512-kKFrIQglBLUFPbHSDy1+bbe3Na2Kd70JSUC3QLMbUHmqipXN8KeXRfAj7vTv97zXl0WzG0buV++WcNwOm1rFjg==", + "node_modules/@aws-sdk/middleware-flexible-checksums": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.620.0.tgz", + "integrity": "sha512-ftz+NW7qka2sVuwnnO1IzBku5ccP+s5qZGeRTPgrKB7OzRW85gthvIo1vQR2w+OwHFk7WJbbhhWwbCbktnP4UA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-crypto/crc32": "5.2.0", + "@aws-crypto/crc32c": "5.2.0", + "@aws-sdk/types": "3.609.0", + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-recursion-detection/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-host-header": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.620.0.tgz", + "integrity": "sha512-VMtPEZwqYrII/oUkffYsNWY9PZ9xpNJpMgmyU0rlDQ25O1c0Hk3fJmZRe6pEkAJ0omD7kLrqGl1DUjQVxpd/Rg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-s3": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.418.0.tgz", - "integrity": "sha512-rei32LF45SyqL3NlWDjEOfMwAca9A5F4QgUyXJqvASc43oWC1tJnLIhiCxNh8qkWAiRyRzFpcanTeqyaRSsZpA==", + "node_modules/@aws-sdk/middleware-location-constraint": { + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.609.0.tgz", + "integrity": "sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-logger": { + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.609.0.tgz", + "integrity": "sha512-S62U2dy4jMDhDFDK5gZ4VxFdWzCtLzwbYyFZx2uvPYTECkepLUfzLic2BHg2Qvtu4QjX+oGE3P/7fwaGIsGNuQ==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-sts": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.418.0.tgz", - "integrity": "sha512-cW8ijrCTP+mgihvcq4+TbhAcE/we5lFl4ydRqvTdtcSnYQAVQADg47rnTScQiFsPFEB3NKq7BGeyTJF9MKolPA==", + "node_modules/@aws-sdk/middleware-recursion-detection": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.620.0.tgz", + "integrity": "sha512-nh91S7aGK3e/o1ck64sA/CyoFw+gAYj2BDOnoNa6ouyCrVJED96ZXWbhye/fz9SgmNUZR2g7GdVpiLpMKZoI5w==", "dependencies": { - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-sts/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-sdk-s3": { + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.622.0.tgz", + "integrity": "sha512-tX9wZ2ALx5Ez4bkY+SvSj6DpNZ6TmY4zlsVsdgV95LZFLjNwqnZkKkS+uKnsIyLBiBp6g92JVQwnUEIp7ov2Zw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/middleware-signing": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.418.0.tgz", - "integrity": "sha512-onvs5KoYQE8OlOE740RxWBGtsUyVIgAo0CzRKOQO63ZEYqpL1Os+MS1CGzdNhvQnJgJruE1WW+Ix8fjN30zKPA==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.620.0.tgz", + "integrity": "sha512-gxI7rubiaanUXaLfJ4NybERa9MGPNg2Ycl/OqANsozrBnR3Pw8vqy3EuVImQOyn2pJ2IFvl8ZPoSMHf4pX56FQ==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-signing/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/middleware-ssec": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.418.0.tgz", - "integrity": "sha512-J7K+5h6aP7IYMlu/NwHEIjb0+WDu1eFvO8TCPo6j1H9xYRi8B/6h+6pa9Rk9IgRUzFnrdlDu9FazG8Tp0KKLyg==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-ssec/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.609.0.tgz", + "integrity": "sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/middleware-user-agent": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.418.0.tgz", - "integrity": "sha512-Jdcztg9Tal9SEAL0dKRrnpKrm6LFlWmAhvuwv0dQ7bNTJxIxyEFbpqdgy7mpQHsLVZgq1Aad/7gT/72c9igyZw==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.620.0.tgz", + "integrity": "sha512-bvS6etn+KsuL32ubY5D3xNof1qkenpbJXf/ugGXbg0n98DvDFQ/F+SMLxHgbnER5dsKYchNnhmtI6/FC3HFu/A==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-user-agent/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/region-config-resolver": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.418.0.tgz", - "integrity": "sha512-lJRZ/9TjZU6yLz+mAwxJkcJZ6BmyYoIJVo1p5+BN//EFdEmC8/c0c9gXMRzfISV/mqWSttdtccpAyN4/goHTYA==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.614.0.tgz", + "integrity": "sha512-vDCeMXvic/LU0KFIUjpC3RiSTIkkvESsEfbVHiHH0YINfl8HnEqR5rj+L8+phsCeVg2+LmYwYxd5NRz4PHxt5g==", "dependencies": { - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/signature-v4-multi-region": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.418.0.tgz", - "integrity": "sha512-LeVYMZeUQUURFqDf4yZxTEv016g64hi0LqYBjU0mjwd8aPc0k6hckwvshezc80jCNbuLyjNfQclvlg3iFliItQ==", + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.622.0.tgz", + "integrity": "sha512-K7ddofVNzwTFRjmLZLfs/v+hiE9m5LguajHk8WULxXQgkcDI3nPgOfmMMGuslYohaQhRwW+ic+dzYlateLUudQ==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/token-providers": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.418.0.tgz", - "integrity": "sha512-9P7Q0VN0hEzTngy3Sz5eya2qEOEf0Q8qf1vB3um0gE6ID6EVAdz/nc/DztfN32MFxk8FeVBrCP5vWdoOzmd72g==", - "dependencies": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.614.0.tgz", + "integrity": "sha512-okItqyY6L9IHdxqs+Z116y5/nda7rHxLvROxtAJdLavWTYDydxrZstImNgGWTeVdmc0xX2gJCI77UYUTQWnhRw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" + }, + "peerDependencies": { + "@aws-sdk/client-sso-oidc": "^3.614.0" } }, "node_modules/@aws-sdk/types": { - "version": "3.433.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.433.0.tgz", - "integrity": "sha512-0jEE2mSrNDd8VGFjTc1otYrwYPIkzZJEIK90ZxisKvQ/EURGBhNzWn7ejWB9XCMFT6XumYLBR0V9qq5UPisWtA==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.609.0.tgz", + "integrity": "sha512-+Tqnh9w0h2LcrUsdXyT1F8mNhXz+tVYBtP19LpeEGntmvHwa2XzvLUCWpoIAIVsHp5+HdB2X9Sn0KAtmbFXc2Q==", "dependencies": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-arn-parser": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.310.0.tgz", - "integrity": "sha512-jL8509owp/xB9+Or0pvn3Fe+b94qfklc2yPowZZIFAkFcCSIdkIglz18cPDWnYAcy9JGewpMS1COXKIUhZkJsA==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "integrity": "sha512-XUKJWWo+KOB7fbnPP0+g/o5Ulku/X53t7i/h+sPHr5xxYTJJ9CYnbToo95mzxe7xWvkLrsNtJ8L+MnNn9INs2w==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-endpoints": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.418.0.tgz", - "integrity": "sha512-sYSDwRTl7yE7LhHkPzemGzmIXFVHSsi3AQ1KeNEk84eBqxMHHcCc2kqklaBk2roXWe50QDgRMy1ikZUxvtzNHQ==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/util-endpoints/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.614.0.tgz", + "integrity": "sha512-wK2cdrXHH4oz4IomV/yrGkftU9A+ITB6nFL+rxxyO78is2ifHJpFdV4aqk4LSkXYPi6CXWNru/Dqc7yiKXgJPw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "@smithy/util-endpoints": "^2.0.5", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-locate-window": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.310.0.tgz", - "integrity": "sha512-qo2t/vBTnoXpjKxlsC2e1gBrRm80M3bId27r0BRB2VniSSe7bL1mmzM+/HFtujm0iAxtPM+aLEflLJlJeDPg0w==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.568.0.tgz", + "integrity": "sha512-3nh4TINkXYr+H41QaPelCceEB2FXP3fxp93YZXB/kqJvX0U9j0N0Uk45gvsjmEPzG8XxkPEeLIfT2I1M7A6Lig==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-user-agent-browser": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.418.0.tgz", - "integrity": "sha512-c4p4mc0VV/jIeNH0lsXzhJ1MpWRLuboGtNEpqE4s1Vl9ck2amv9VdUUZUmHbg+bVxlMgRQ4nmiovA4qIrqGuyg==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.609.0.tgz", + "integrity": "sha512-fojPU+mNahzQ0YHYBsx0ZIhmMA96H+ZIZ665ObU9tl+SGdbLneVZVikGve+NmHTQwHzwkFsZYYnVKAkreJLAtA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" - } - }, - "node_modules/@aws-sdk/util-user-agent-browser/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, "node_modules/@aws-sdk/util-user-agent-node": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.418.0.tgz", - "integrity": "sha512-BXMskXFtg+dmzSCgmnWOffokxIbPr1lFqa1D9kvM3l3IFRiFGx2IyDg+8MAhq11aPDLvoa/BDuQ0Yqma5izOhg==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.614.0.tgz", + "integrity": "sha512-15ElZT88peoHnq5TEoEtZwoXTXRxNrk60TZNdpl/TUBJ5oNJ9Dqb5Z4ryb8ofN6nm9aFf59GVAerFDz8iUoHBA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" }, "peerDependencies": { "aws-crt": ">=1.0.0" @@ -1024,641 +860,654 @@ } } }, - "node_modules/@aws-sdk/util-user-agent-node/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/util-utf8-browser": { - "version": "3.259.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", - "integrity": "sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw==", - "dependencies": { - "tslib": "^2.3.1" - } - }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.310.0.tgz", - "integrity": "sha512-TqELu4mOuSIKQCqj63fGVs86Yh+vBx5nHRpWKNUNhB2nPTpfbziTs5c1X358be3peVWA4wPxW7Nt53KIg1tnNw==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.609.0.tgz", + "integrity": "sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==", "dependencies": { - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/abort-controller": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-2.0.16.tgz", - "integrity": "sha512-4foO7738k8kM9flMHu3VLabqu7nPgvIj8TB909S0CnKx0YZz/dcDH3pZ/4JHdatfxlZdKF1JWOYCw9+v3HVVsw==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.1.tgz", + "integrity": "sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/chunked-blob-reader": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-2.0.0.tgz", - "integrity": "sha512-k+J4GHJsMSAIQPChGBrjEmGS+WbPonCXesoqP9fynIqjn7rdOThdH8FAeCmokP9mxTYKQAKoHCLPzNlm6gh7Wg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "integrity": "sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "node_modules/@smithy/chunked-blob-reader-native": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-2.0.0.tgz", - "integrity": "sha512-HM8V2Rp1y8+1343tkZUKZllFhEQPNmpNdgFAncbTsxkZ18/gqjk23XXv3qGyXWp412f3o43ZZ1UZHVcHrpRnCQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "integrity": "sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==", "dependencies": { - "@smithy/util-base64": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/config-resolver": { - "version": "2.0.23", - "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-2.0.23.tgz", - "integrity": "sha512-XakUqgtP2YY8Mi+Nlif5BiqJgWdvfxJafSpOSQeCOMizu+PUhE4fBQSy6xFcR+eInrwVadaABNxoJyGUMn15ew==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.5.tgz", + "integrity": "sha512-SkW5LxfkSI1bUC74OtfBbdz+grQXYiPYolyu8VfpLIjEoN/sHVBlLeGXMQ1vX4ejkgfv6sxVbQJ32yF2cl1veA==", "dependencies": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/types": "^2.8.0", - "@smithy/util-config-provider": "^2.1.0", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" + } + }, + "node_modules/@smithy/core": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.3.2.tgz", + "integrity": "sha512-in5wwt6chDBcUv1Lw1+QzZxN9fBffi+qOixfb65yK4sDuKG7zAUO9HAFqmVzsZM3N+3tTyvZjtnDXePpvp007Q==", + "dependencies": { + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, "node_modules/@smithy/credential-provider-imds": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-2.1.5.tgz", - "integrity": "sha512-VfvE6Wg1MUWwpTZFBnUD7zxvPhLY8jlHCzu6bCjlIYoWgXCDzZAML76IlZUEf45nib3rjehnFgg0s1rgsuN/bg==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.0.tgz", + "integrity": "sha512-0SCIzgd8LYZ9EJxUjLXBmEKSZR/P/w6l7Rz/pab9culE/RWuqelAKGJvn5qUOl8BgX8Yj5HWM50A5hiB/RzsgA==", "dependencies": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-codec": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-2.0.16.tgz", - "integrity": "sha512-umYh5pdCE9GHgiMAH49zu9wXWZKNHHdKPm/lK22WYISTjqu29SepmpWNmPiBLy/yUu4HFEGJHIFrDWhbDlApaw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.2.tgz", + "integrity": "sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==", "dependencies": { - "@aws-crypto/crc32": "3.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "tslib": "^2.5.0" + "@aws-crypto/crc32": "5.2.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/eventstream-serde-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-2.0.12.tgz", - "integrity": "sha512-0pi8QlU/pwutNshoeJcbKR1p7Ie5STd8UFAMX5xhSoSJjNlxIv/OsHbF023jscMRN2Prrqd6ToGgdCnsZVQjvg==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.5.tgz", + "integrity": "sha512-dEyiUYL/ekDfk+2Ra4GxV+xNnFoCmk1nuIXg+fMChFTrM2uI/1r9AdiTYzPqgb72yIv/NtAj6C3dG//1wwgakQ==", "dependencies": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-serde-config-resolver": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-2.0.12.tgz", - "integrity": "sha512-I0XfwQkIX3gAnbrU5rLMkBSjTM9DHttdbLwf12CXmj7SSI5dT87PxtKLRrZGanaCMbdf2yCep+MW5/4M7IbvQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.3.tgz", + "integrity": "sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==", "dependencies": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-serde-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-2.0.12.tgz", - "integrity": "sha512-vf1vMHGOkG3uqN9x1zKOhnvW/XgvhJXWqjV6zZiT2FMjlEayugQ1mzpSqr7uf89+BzjTzuZKERmOsEAmewLbxw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.4.tgz", + "integrity": "sha512-mjlG0OzGAYuUpdUpflfb9zyLrBGgmQmrobNT8b42ZTsGv/J03+t24uhhtVEKG/b2jFtPIHF74Bq+VUtbzEKOKg==", "dependencies": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-serde-universal": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-2.0.12.tgz", - "integrity": "sha512-xZ3ZNpCxIND+q+UCy7y1n1/5VQEYicgSTNCcPqsKawX+Vd+6OcFX7gUHMyPzL8cZr+GdmJuxNleqHlH4giK2tw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.4.tgz", + "integrity": "sha512-Od9dv8zh3PgOD7Vj4T3HSuox16n0VG8jJIM2gvKASL6aCtcS8CfHZDWe1Ik3ZXW6xBouU+45Q5wgoliWDZiJ0A==", "dependencies": { - "@smithy/eventstream-codec": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-codec": "^3.1.2", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/fetch-http-handler": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-2.3.2.tgz", - "integrity": "sha512-O9R/OlnAOTsnysuSDjt0v2q6DcSvCz5cCFC/CFAWWcLyBwJDeFyGTCTszgpQTb19+Fi8uRwZE5/3ziAQBFeDMQ==", + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.4.tgz", + "integrity": "sha512-kBprh5Gs5h7ug4nBWZi1FZthdqSM+T7zMmsZxx0IBvWUn7dK3diz2SHn7Bs4dQGFDk8plDv375gzenDoNwrXjg==", "dependencies": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/hash-blob-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-2.0.12.tgz", - "integrity": "sha512-riLnV16f27yyePX8UF0deRHAeccUK8SrOxyTykSTrnVkgS3DsjNapZtTbd8OGNKEbI60Ncdb5GwN3rHZudXvog==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.2.tgz", + "integrity": "sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==", "dependencies": { - "@smithy/chunked-blob-reader": "^2.0.0", - "@smithy/chunked-blob-reader-native": "^2.0.0", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/chunked-blob-reader": "^3.0.0", + "@smithy/chunked-blob-reader-native": "^3.0.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/hash-node": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-2.0.18.tgz", - "integrity": "sha512-gN2JFvAgnZCyDN9rJgcejfpK0uPPJrSortVVVVWsru9whS7eQey6+gj2eM5ln2i6rHNntIXzal1Fm9XOPuoaKA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.3.tgz", + "integrity": "sha512-2ctBXpPMG+B3BtWSGNnKELJ7SH9e4TNefJS0cd2eSkOOROeBnnVBnAy9LtJ8tY4vUEoe55N4CNPxzbWvR39iBw==", "dependencies": { - "@smithy/types": "^2.8.0", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/hash-stream-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-2.0.12.tgz", - "integrity": "sha512-x/DrSynPKrW0k00q7aZ/vy531a3mRw79mOajHp+cIF0TrA1SqEMFoy/B8X0XtoAtlJWt/vvgeDNqt/KAeaAqMw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.2.tgz", + "integrity": "sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==", "dependencies": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/invalid-dependency": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-2.0.16.tgz", - "integrity": "sha512-apEHakT/kmpNo1VFHP4W/cjfeP9U0x5qvfsLJubgp7UM/gq4qYp0GbqdE7QhsjUaYvEnrftRqs7+YrtWreV0wA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.3.tgz", + "integrity": "sha512-ID1eL/zpDULmHJbflb864k72/SNOZCADRc9i7Exq3RUNJw6raWUSlFEQ+3PX3EYs++bTxZB2dE9mEHTQLv61tw==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/is-array-buffer": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.0.0.tgz", - "integrity": "sha512-z3PjFjMyZNI98JFRJi/U0nGoLWMSJlDjAW4QUX2WNZLas5C0CmVV6LJ01JI0k90l7FvpmixjWxPFmENSClQ7ug==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/md5-js": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-2.0.12.tgz", - "integrity": "sha512-OgDt+Xnrw+W5z3MSl5KZZzebqmXrYl9UdbCiBYnnjErmNywwSjV6QB/Oic3/7hnsPniSU81n7Rvlhz2kH4EREQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.3.tgz", + "integrity": "sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==", "dependencies": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/middleware-content-length": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-2.0.18.tgz", - "integrity": "sha512-ZJ9uKPTfxYheTKSKYB+GCvcj+izw9WGzRLhjn8n254q0jWLojUzn7Vw0l4R/Gq7Wdpf/qmk/ptD+6CCXHNVCaw==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.5.tgz", + "integrity": "sha512-ILEzC2eyxx6ncej3zZSwMpB5RJ0zuqH7eMptxC4KN3f+v9bqT8ohssKbhNR78k/2tWW+KS5Spw+tbPF4Ejyqvw==", "dependencies": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-endpoint": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-2.3.0.tgz", - "integrity": "sha512-VsOAG2YQ8ykjSmKO+CIXdJBIWFo6AAvG6Iw95BakBTqk66/4BI7XyqLevoNSq/lZ6NgZv24sLmrcIN+fLDWBCg==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.1.0.tgz", + "integrity": "sha512-5y5aiKCEwg9TDPB4yFE7H6tYvGFf1OJHNczeY10/EFF8Ir8jZbNntQJxMWNfeQjC1mxPsaQ6mR9cvQbf+0YeMw==", "dependencies": { - "@smithy/middleware-serde": "^2.0.16", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/middleware-serde": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-retry": { - "version": "2.0.26", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-2.0.26.tgz", - "integrity": "sha512-Qzpxo0U5jfNiq9iD38U3e2bheXwvTEX4eue9xruIvEgh+UKq6dKuGqcB66oBDV7TD/mfoJi9Q/VmaiqwWbEp7A==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.14.tgz", + "integrity": "sha512-7ZaWZJOjUxa5hgmuMspyt8v/zVsh0GXYuF7OvCmdcbVa/xbnKQoYC+uYKunAqRGTkxjOyuOCw9rmFUFOqqC0eQ==", "dependencies": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/protocol-http": "^3.0.12", - "@smithy/service-error-classification": "^2.0.9", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-retry": "^2.0.9", - "tslib": "^2.5.0", - "uuid": "^8.3.2" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/service-error-classification": "^3.0.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "tslib": "^2.6.2", + "uuid": "^9.0.1" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-serde": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-2.0.16.tgz", - "integrity": "sha512-5EAd4t30pcc4M8TSSGq7q/x5IKrxfXR5+SrU4bgxNy7RPHQo2PSWBUco9C+D9Tfqp/JZvprRpK42dnupZafk2g==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz", + "integrity": "sha512-puUbyJQBcg9eSErFXjKNiGILJGtiqmuuNKEYNYfUD57fUl4i9+mfmThtQhvFXU0hCVG0iEJhvQUipUf+/SsFdA==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-stack": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-2.0.10.tgz", - "integrity": "sha512-I2rbxctNq9FAPPEcuA1ntZxkTKOPQFy7YBPOaD/MLg1zCvzv21CoNxR0py6J8ZVC35l4qE4nhxB0f7TF5/+Ldw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.3.tgz", + "integrity": "sha512-r4klY9nFudB0r9UdSMaGSyjyQK5adUyPnQN/ZM6M75phTxOdnc/AhpvGD1fQUvgmqjQEBGCwpnPbDm8pH5PapA==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/node-config-provider": { - "version": "2.1.9", - "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-2.1.9.tgz", - "integrity": "sha512-tUyW/9xrRy+s7RXkmQhgYkAPMpTIF8izK4orhHjNFEKR3QZiOCbWB546Y8iB/Fpbm3O9+q0Af9rpywLKJOwtaQ==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.4.tgz", + "integrity": "sha512-YvnElQy8HR4vDcAjoy7Xkx9YT8xZP4cBXcbJSgm/kxmiQu08DwUwj8rkGnyoJTpfl/3xYHH+d8zE+eHqoDCSdQ==", "dependencies": { - "@smithy/property-provider": "^2.0.17", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/node-http-handler": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-2.2.2.tgz", - "integrity": "sha512-XO58TO/Eul/IBQKFKaaBtXJi0ItEQQCT+NI4IiKHCY/4KtqaUT6y/wC1EvDqlA9cP7Dyjdj7FdPs4DyynH3u7g==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.1.4.tgz", + "integrity": "sha512-+UmxgixgOr/yLsUxcEKGH0fMNVteJFGkmRltYFHnBMlogyFdpzn2CwqWmxOrfJELhV34v0WSlaqG1UtE1uXlJg==", "dependencies": { - "@smithy/abort-controller": "^2.0.16", - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/property-provider": { - "version": "2.0.17", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-2.0.17.tgz", - "integrity": "sha512-+VkeZbVu7qtQ2DjI48Qwaf9fPOr3gZIwxQpuLJgRRSkWsdSvmaTCxI3gzRFKePB63Ts9r4yjn4HkxSCSkdWmcQ==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.3.tgz", + "integrity": "sha512-zahyOVR9Q4PEoguJ/NrFP4O7SMAfYO1HLhB18M+q+Z4KFd4V2obiMnlVoUFzFLSPeVt1POyNWneHHrZaTMoc/g==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/protocol-http": { - "version": "3.0.12", - "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-3.0.12.tgz", - "integrity": "sha512-Xz4iaqLiaBfbQpB9Hgi3VcZYbP7xRDXYhd8XWChh4v94uw7qwmvlxdU5yxzfm6ACJM66phHrTbS5TVvj5uQ72w==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.0.tgz", + "integrity": "sha512-dPVoHYQ2wcHooGXg3LQisa1hH0e4y0pAddPMeeUPipI1tEOqL6A4N0/G7abeq+K8wrwSgjk4C0wnD1XZpJm5aA==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/querystring-builder": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-2.0.16.tgz", - "integrity": "sha512-Q/GsJT0C0mijXMRs7YhZLLCP5FcuC4797lYjKQkME5CZohnLC4bEhylAd2QcD3gbMKNjCw8+T2I27WKiV/wToA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz", + "integrity": "sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw==", "dependencies": { - "@smithy/types": "^2.8.0", - "@smithy/util-uri-escape": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-uri-escape": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/querystring-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-2.0.16.tgz", - "integrity": "sha512-c4ueAuL6BDYKWpkubjrQthZKoC3L5kql5O++ovekNxiexRXTlLIVlCR4q3KziOktLIw66EU9SQljPXd/oN6Okg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.3.tgz", + "integrity": "sha512-zahM1lQv2YjmznnfQsWbYojFe55l0SLG/988brlLv1i8z3dubloLF+75ATRsqPBboUXsW6I9CPGE5rQgLfY0vQ==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/service-error-classification": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-2.0.9.tgz", - "integrity": "sha512-0K+8GvtwI7VkGmmInPydM2XZyBfIqLIbfR7mDQ+oPiz8mIinuHbV6sxOLdvX1Jv/myk7XTK9orgt3tuEpBu/zg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.3.tgz", + "integrity": "sha512-Jn39sSl8cim/VlkLsUhRFq/dKDnRUFlfRkvhOJaUbLBXUsLRLNf9WaxDv/z9BjuQ3A6k/qE8af1lsqcwm7+DaQ==", "dependencies": { - "@smithy/types": "^2.8.0" + "@smithy/types": "^3.3.0" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/shared-ini-file-loader": { - "version": "2.2.8", - "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-2.2.8.tgz", - "integrity": "sha512-E62byatbwSWrtq9RJ7xN40tqrRKDGrEL4EluyNpaIDvfvet06a/QC58oHw2FgVaEgkj0tXZPjZaKrhPfpoU0qw==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.4.tgz", + "integrity": "sha512-qMxS4hBGB8FY2GQqshcRUy1K6k8aBWP5vwm8qKkCT3A9K2dawUwOIJfqh9Yste/Bl0J2lzosVyrXDj68kLcHXQ==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/signature-v4": { - "version": "2.0.19", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-2.0.19.tgz", - "integrity": "sha512-nwc3JihdM+kcJjtORv/n7qRHN2Kfh7S2RJI2qr8pz9UcY5TD8rSCRGQ0g81HgyS3jZ5X9U/L4p014P3FonBPhg==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.1.0.tgz", + "integrity": "sha512-aRryp2XNZeRcOtuJoxjydO6QTaVhxx/vjaR+gx7ZjaFgrgPRyZ3HCTbfwqYj6ZWEBHkCSUfcaymKPURaByukag==", "dependencies": { - "@smithy/eventstream-codec": "^2.0.16", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-uri-escape": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-uri-escape": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/smithy-client": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-2.2.1.tgz", - "integrity": "sha512-SpD7FLK92XV2fon2hMotaNDa2w5VAy5/uVjP9WFmjGSgWM8pTPVkHcDl1yFs5Z8LYbij0FSz+DbCBK6i+uXXUA==", + "version": "3.1.12", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.12.tgz", + "integrity": "sha512-wtm8JtsycthkHy1YA4zjIh2thJgIQ9vGkoR639DBx5lLlLNU0v4GARpQZkr2WjXue74nZ7MiTSWfVrLkyD8RkA==", "dependencies": { - "@smithy/middleware-endpoint": "^2.3.0", - "@smithy/middleware-stack": "^2.0.10", - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "@smithy/util-stream": "^2.0.24", - "tslib": "^2.5.0" + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/types": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-2.8.0.tgz", - "integrity": "sha512-h9sz24cFgt/W1Re22OlhQKmUZkNh244ApgRsUDYinqF8R+QgcsBIX344u2j61TPshsTz3CvL6HYU1DnQdsSrHA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.3.0.tgz", + "integrity": "sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/url-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-2.0.16.tgz", - "integrity": "sha512-Wfz5WqAoRT91TjRy1JeLR0fXtkIXHGsMbgzKFTx7E68SrZ55TB8xoG+vm11Ru4gheFTMXjAjwAxv1jQdC+pAQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.3.tgz", + "integrity": "sha512-pw3VtZtX2rg+s6HMs6/+u9+hu6oY6U7IohGhVNnjbgKy86wcIsSZwgHrFR+t67Uyxvp4Xz3p3kGXXIpTNisq8A==", "dependencies": { - "@smithy/querystring-parser": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/querystring-parser": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/util-base64": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-2.0.1.tgz", - "integrity": "sha512-DlI6XFYDMsIVN+GH9JtcRp3j02JEVuWIn/QOZisVzpIAprdsxGveFed0bjbMRCqmIFe8uetn5rxzNrBtIGrPIQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "integrity": "sha512-Kxvoh5Qtt0CDsfajiZOCpJxgtPHXOKwmM+Zy4waD43UoEMA+qPxxa98aE/7ZhdnBFZFXMOiBR5xbcaMhLtznQQ==", "dependencies": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-body-length-browser": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-2.0.1.tgz", - "integrity": "sha512-NXYp3ttgUlwkaug4bjBzJ5+yIbUbUx8VsSLuHZROQpoik+gRkIBeEG9MPVYfvPNpuXb/puqodeeUXcKFe7BLOQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "integrity": "sha512-cbjJs2A1mLYmqmyVl80uoLTJhAcfzMOyPgjwAYusWKMdLeNtzmMz9YxNl3/jRLoxSS3wkqkf0jwNdtXWtyEBaQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "node_modules/@smithy/util-body-length-node": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-2.1.0.tgz", - "integrity": "sha512-/li0/kj/y3fQ3vyzn36NTLGmUwAICb7Jbe/CsWCktW363gh1MOcpEcSO3mJ344Gv2dqz8YJCLQpb6hju/0qOWw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "integrity": "sha512-Tj7pZ4bUloNUP6PzwhN7K386tmSmEET9QtQg0TgdNOnxhZvCssHji+oZTUIuzxECRfG8rdm2PMw2WCFs6eIYkA==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-buffer-from": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.0.0.tgz", - "integrity": "sha512-/YNnLoHsR+4W4Vf2wL5lGv0ksg8Bmk3GEGxn2vEQt52AQaPSCuaO5PM5VM7lP1K9qHRKHwrPGktqVoAHKWHxzw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==", "dependencies": { - "@smithy/is-array-buffer": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-config-provider": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-2.1.0.tgz", - "integrity": "sha512-S6V0JvvhQgFSGLcJeT1CBsaTR03MM8qTuxMH9WPCCddlSo2W0V5jIHimHtIQALMLEDPGQ0ROSRr/dU0O+mxiQg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "integrity": "sha512-pbjk4s0fwq3Di/ANL+rCvJMKM5bzAQdE5S/6RL5NXgMExFAi6UgQMPOm5yPaIWPpr+EOXKXRonJ3FoxKf4mCJQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-defaults-mode-browser": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-2.0.24.tgz", - "integrity": "sha512-TsP5mBuLgO2C21+laNG2nHYZEyUdkbGURv2tHvSuQQxLz952MegX95uwdxOY2jR2H4GoKuVRfdJq7w4eIjGYeg==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.14.tgz", + "integrity": "sha512-0iwTgKKmAIf+vFLV8fji21Jb2px11ktKVxbX6LIDPAUJyWQqGqBVfwba7xwa1f2FZUoolYQgLvxQEpJycXuQ5w==", "dependencies": { - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">= 10.0.0" } }, "node_modules/@smithy/util-defaults-mode-node": { - "version": "2.0.32", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-2.0.32.tgz", - "integrity": "sha512-d0S33dXA2cq1NyorVMroMrEtqKMr3MlyLITcfTBf9pXiigYiPMOtbSI7czHIfDbuVuM89Cg0urAgpt73QV9mPQ==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.14.tgz", + "integrity": "sha512-e9uQarJKfXApkTMMruIdxHprhcXivH1flYCe8JRDTzkkLx8dA3V5J8GZlST9yfDiRWkJpZJlUXGN9Rc9Ade3OQ==", "dependencies": { - "@smithy/config-resolver": "^2.0.23", - "@smithy/credential-provider-imds": "^2.1.5", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/config-resolver": "^3.0.5", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { "node": ">= 10.0.0" } }, + "node_modules/@smithy/util-endpoints": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.5.tgz", + "integrity": "sha512-ReQP0BWihIE68OAblC/WQmDD40Gx+QY1Ez8mTdFMXpmjfxSyz2fVQu3A4zXRfQU9sZXtewk3GmhfOHswvX+eNg==", + "dependencies": { + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, "node_modules/@smithy/util-hex-encoding": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-2.0.0.tgz", - "integrity": "sha512-c5xY+NUnFqG6d7HFh1IFfrm3mGl29lC+vF+geHv4ToiuJCBmIfzx6IeHLg+OgRdPFKDXIw6pvi+p3CsscaMcMA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "integrity": "sha512-eFndh1WEK5YMUYvy3lPlVmYY/fZcQE1D8oSf41Id2vCeIkKJXPcYDCZD+4+xViI6b1XSd7tE+s5AmXzz5ilabQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-middleware": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-2.0.9.tgz", - "integrity": "sha512-PnCnBJ07noMX1lMDTEefmxSlusWJUiLfrme++MfK5TD0xz8NYmakgoXy5zkF/16zKGmiwOeKAztWT/Vjk1KRIQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.3.tgz", + "integrity": "sha512-l+StyYYK/eO3DlVPbU+4Bi06Jjal+PFLSMmlWM1BEwyLxZ3aKkf1ROnoIakfaA7mC6uw3ny7JBkau4Yc+5zfWw==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-retry": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-2.0.9.tgz", - "integrity": "sha512-46BFWe9RqB6g7f4mxm3W3HlqknqQQmWHKlhoqSFZuGNuiDU5KqmpebMbvC3tjTlUkqn4xa2Z7s3Hwb0HNs5scw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.3.tgz", + "integrity": "sha512-AFw+hjpbtVApzpNDhbjNG5NA3kyoMs7vx0gsgmlJF4s+yz1Zlepde7J58zpIRIsdjc+emhpAITxA88qLkPF26w==", "dependencies": { - "@smithy/service-error-classification": "^2.0.9", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/service-error-classification": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">= 14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-stream": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-2.0.24.tgz", - "integrity": "sha512-hRpbcRrOxDriMVmbya+Mv77VZVupxRAsfxVDKS54XuiURhdiwCUXJP0X1iJhHinuUf6n8pBF0MkG9C8VooMnWw==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.1.3.tgz", + "integrity": "sha512-FIv/bRhIlAxC0U7xM1BCnF2aDRPq0UaelqBHkM2lsCp26mcBbgI0tCVTv+jGdsQLUmAMybua/bjDsSu8RQHbmw==", "dependencies": { - "@smithy/fetch-http-handler": "^2.3.2", - "@smithy/node-http-handler": "^2.2.2", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-uri-escape": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-2.0.0.tgz", - "integrity": "sha512-ebkxsqinSdEooQduuk9CbKcI+wheijxEb3utGXkCoYQkJnwTnLbH1JXGimJtUkQwNQbsbuYwG2+aFVyZf5TLaw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "integrity": "sha512-LqR7qYLgZTD7nWLBecUi4aqolw8Mhza9ArpNEQ881MJJIU2sE5iHCK6TdyqqzcDLy0OPe10IY4T8ctVdtynubg==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-utf8": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.0.2.tgz", - "integrity": "sha512-qOiVORSPm6Ce4/Yu6hbSgNHABLP2VMv8QOC3tTDNHHlWY19pPyc++fBTbZPtx6egPXi4HQxKDnMxVxpbtX2GoA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==", "dependencies": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-waiter": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-2.0.12.tgz", - "integrity": "sha512-3sENmyVa1NnOPoiT2NCApPmu7ukP7S/v7kL9IxNmnygkDldn7/yK0TP42oPJLwB2k3mospNsSePIlqdXEUyPHA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.2.tgz", + "integrity": "sha512-4pP0EV3iTsexDx+8PPGAKCQpd/6hsQBaQhqWzU4hqKPHN5epPsxKbvUTIiYIHTxaKt6/kEaqPBpu/ufvfbrRzw==", "dependencies": { - "@smithy/abort-controller": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/bowser": { @@ -1667,17 +1516,17 @@ "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==" }, "node_modules/fast-xml-parser": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "integrity": "sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz", + "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==", "funding": [ - { - "type": "paypal", - "url": "https://paypal.me/naturalintelligence" - }, { "type": "github", "url": "https://github.com/sponsors/NaturalIntelligence" + }, + { + "type": "paypal", + "url": "https://paypal.me/naturalintelligence" } ], "dependencies": { @@ -1693,14 +1542,18 @@ "integrity": "sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==" }, "node_modules/tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" }, "node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], "bin": { "uuid": "dist/bin/uuid" } @@ -1708,1430 +1561,1238 @@ }, "dependencies": { "@aws-crypto/crc32": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", - "integrity": "sha512-IzSgsrxUcsrejQbPVilIKy16kAT52EwB6zSaI+M3xxIhKh5+aldEyvI+z6erM7TCLB2BJsFrtHjp6/4/sr+3dA==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-5.2.0.tgz", + "integrity": "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==", "requires": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/crc32c": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", - "integrity": "sha512-ENNPPManmnVJ4BTXlOjAgD7URidbAznURqD0KvfREyc4o20DPYdEldU1f5cQ7Jbj0CJJSPaMIk/9ZshdB3210w==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-5.2.0.tgz", + "integrity": "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag==", "requires": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } - } - }, - "@aws-crypto/ie11-detection": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", - "integrity": "sha512-341lBBkiY1DfDNKai/wXM3aujNBkXR7tq1URPQDL9wi3AUbI80NR74uF1TXHMm7po1AcnFk8iu2S2IeU/+/A+Q==", - "requires": { - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/sha1-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", - "integrity": "sha512-NJth5c997GLHs6nOYTzFKTbYdMNA6/1XlKVgnZoaZcQ7z7UJlOgj2JdbHE8tiYLS3fzXNCguct77SPGat2raSw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-5.2.0.tgz", + "integrity": "sha512-OH6lveCFfcDjX4dbAvCFSYUjJZjDr/3XJ3xHtjn3Oj5b9RjojQo8npoLeA/bNwkOkrSQ0wgrHzXk4tDRxGKJeg==", "requires": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" }, "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "requires": { + "tslib": "^2.6.2" + } + }, + "@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "requires": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", + "requires": { + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" + } } } }, "@aws-crypto/sha256-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", - "integrity": "sha512-8VLmW2B+gjFbU5uMeqtQM6Nj0/F1bro80xQXCW6CQBWgosFWXTx77aeOF5CAIAmbOK64SdMBJdNr6J41yP5mvQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz", + "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==", "requires": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/sha256-js": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/sha256-js": "^5.2.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" }, "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "requires": { + "tslib": "^2.6.2" + } + }, + "@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "requires": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", + "requires": { + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" + } } } }, "@aws-crypto/sha256-js": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", - "integrity": "sha512-PnNN7os0+yd1XvXAy23CFOmTbMaDxgxXtTKHybrJ39Y8kGzBATgBFibWJKH6BhytLI/Zyszs87xCOBNyBig6vQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz", + "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==", "requires": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/supports-web-crypto": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", - "integrity": "sha512-06hBdMwUAb2WFTuGG73LSC0wfPu93xWwo5vL2et9eymgmu3Id5vFAHBbajVWiGhPO37qcsdCap/FqXvJGJWPIg==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz", + "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==", "requires": { - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/util": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", - "integrity": "sha512-2OJlpeJpCR48CC8r+uKVChzs9Iungj9wkZrl8Z041DWEWvyIHILYKCPNzJghKsivj+S3mLo6BVc7mBNzdxA46w==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz", + "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==", "requires": { "@aws-sdk/types": "^3.222.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } - } - }, - "@aws-sdk/client-s3": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.421.0.tgz", - "integrity": "sha512-vUXTY4toeHDf5EY2kOn04Ww9vTW2IVGy4+cymFp1cz5QT7g9KKj4Okj5DMdPld2y7wjgc+J/viTWEf26By49vw==", - "requires": { - "@aws-crypto/sha1-browser": "3.0.0", - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/client-sts": "3.421.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-bucket-endpoint": "3.418.0", - "@aws-sdk/middleware-expect-continue": "3.418.0", - "@aws-sdk/middleware-flexible-checksums": "3.418.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-location-constraint": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-s3": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-ssec": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/signature-v4-multi-region": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@aws-sdk/xml-builder": "3.310.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/eventstream-serde-browser": "^2.0.9", - "@smithy/eventstream-serde-config-resolver": "^2.0.9", - "@smithy/eventstream-serde-node": "^2.0.9", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-blob-browser": "^2.0.9", - "@smithy/hash-node": "^2.0.9", - "@smithy/hash-stream-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/md5-js": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-stream": "^2.0.12", "@smithy/util-utf8": "^2.0.0", - "@smithy/util-waiter": "^2.0.9", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "requires": { + "tslib": "^2.6.2" + } + }, + "@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "requires": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" } } } }, + "@aws-sdk/client-s3": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.623.0.tgz", + "integrity": "sha512-vEroSYEtbp5n289xsQnnAhKxg3R5NGkbhKXWpW1m7GGDsFihwVT9CVsDHpIW2Hvezz5ob65gB4ZAYMnJWZuUpA==", + "requires": { + "@aws-crypto/sha1-browser": "5.2.0", + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/client-sts": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-bucket-endpoint": "3.620.0", + "@aws-sdk/middleware-expect-continue": "3.620.0", + "@aws-sdk/middleware-flexible-checksums": "3.620.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-location-constraint": "3.609.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/middleware-signing": "3.620.0", + "@aws-sdk/middleware-ssec": "3.609.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/signature-v4-multi-region": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@aws-sdk/xml-builder": "3.609.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/eventstream-serde-browser": "^3.0.5", + "@smithy/eventstream-serde-config-resolver": "^3.0.3", + "@smithy/eventstream-serde-node": "^3.0.4", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-blob-browser": "^3.1.2", + "@smithy/hash-node": "^3.0.3", + "@smithy/hash-stream-node": "^3.1.2", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/md5-js": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "@smithy/util-waiter": "^3.1.2", + "tslib": "^2.6.2" + } + }, "@aws-sdk/client-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.421.0.tgz", - "integrity": "sha512-40CmW7K2/FZEn3CbOjbpRYeVjKu6aJQlpRHcAgEJGNoVEAnRA3YNH4H0BN2iWWITfYg3B7sIjMm5VE9fCIK1Ng==", - "requires": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.623.0.tgz", + "integrity": "sha512-oEACriysQMnHIVcNp7TD6D1nzgiHfYK0tmMBMbUxgoFuCBkW9g9QYvspHN+S9KgoePfMEXHuPUe9mtG9AH9XeA==", + "requires": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + } + }, + "@aws-sdk/client-sso-oidc": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.623.0.tgz", + "integrity": "sha512-lMFEXCa6ES/FGV7hpyrppT1PiAkqQb51AbG0zVU3TIgI2IO4XX02uzMUXImRSRqRpGymRCbJCaCs9LtKvS/37Q==", + "requires": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/client-sts": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.421.0.tgz", - "integrity": "sha512-/92NOZMcdkBcvGrINk5B/l+6DGcVzYE4Ab3ME4vcY9y//u2gd0yNn5YYRSzzjVBLvhDP3u6CbTfLX2Bm4qihPw==", - "requires": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-sts": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.623.0.tgz", + "integrity": "sha512-iJNdx76SOw0YjHAUv8aj3HXzSu3TKI7qSGuR+OGATwA/kpJZDd+4+WYBdGtr8YK+hPrGGqhfecuCkEg805O5iA==", + "requires": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + } + }, + "@aws-sdk/core": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.623.0.tgz", + "integrity": "sha512-8Toq3X6trX/67obSdh4K0MFQY4f132bEbr1i0YPDWk/O3KdBt12mLC/sW3aVRnlIs110XMuX9yrWWqJ8fDW10g==", + "requires": { + "@smithy/core": "^2.3.2", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "fast-xml-parser": "4.4.1", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-env": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.418.0.tgz", - "integrity": "sha512-e74sS+x63EZUBO+HaI8zor886YdtmULzwKdctsZp5/37Xho1CVUNtEC+fYa69nigBD9afoiH33I4JggaHgrekQ==", + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.620.1.tgz", + "integrity": "sha512-ExuILJ2qLW5ZO+rgkNRj0xiAipKT16Rk77buvPP8csR7kkCflT/gXTyzRe/uzIiETTxM7tr8xuO9MP/DQXqkfg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" + } + }, + "@aws-sdk/credential-provider-http": { + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.622.0.tgz", + "integrity": "sha512-VUHbr24Oll1RK3WR8XLUugLpgK9ZuxEm/NVeVqyFts1Ck9gsKpRg1x4eH7L7tW3SJ4TDEQNMbD7/7J+eoL2svg==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-ini": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.421.0.tgz", - "integrity": "sha512-J5yH/gkpAk6FMeH5F9u5Nr6oG+97tj1kkn5q49g3XMbtWw7GiynadxdtoRBCeIg1C7o2LOQx4B1AnhNhIw1z/g==", - "requires": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.623.0.tgz", + "integrity": "sha512-kvXA1SwGneqGzFwRZNpESitnmaENHGFFuuTvgGwtMe7mzXWuA/LkXdbiHmdyAzOo0iByKTCD8uetuwh3CXy4Pw==", + "requires": { + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-node": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.421.0.tgz", - "integrity": "sha512-g1dvdvfDj0u8B/gOsHR3o1arP4O4QE/dFm2IJBYr/eUdKISMUgbQULWtg4zdtAf0Oz4xN0723i7fpXAF1gTnRA==", - "requires": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-ini": "3.421.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.623.0.tgz", + "integrity": "sha512-qDwCOkhbu5PfaQHyuQ+h57HEx3+eFhKdtIw7aISziWkGdFrMe07yIBd7TJqGe4nxXnRF1pfkg05xeOlMId997g==", + "requires": { + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-ini": "3.623.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-process": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.418.0.tgz", - "integrity": "sha512-xPbdm2WKz1oH6pTkrJoUmr3OLuqvvcPYTQX0IIlc31tmDwDWPQjXGGFD/vwZGIZIkKaFpFxVMgAzfFScxox7dw==", + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.620.1.tgz", + "integrity": "sha512-hWqFMidqLAkaV9G460+1at6qa9vySbjQKKc04p59OT7lZ5cO5VH5S4aI05e+m4j364MBROjjk2ugNvfNf/8ILg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.421.0.tgz", - "integrity": "sha512-f8T3L5rhImL6T6RTSvbOxaWw9k2fDOT2DZbNjcPz9ITWmwXj2NNbdHGWuRi3dv2HoY/nW2IJdNxnhdhbn6Fc1A==", - "requires": { - "@aws-sdk/client-sso": "3.421.0", - "@aws-sdk/token-providers": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.623.0.tgz", + "integrity": "sha512-70LZhUb3l7cttEsg4A0S4Jq3qrCT/v5Jfyl8F7w1YZJt5zr3oPPcvDJxo/UYckFz4G4/5BhGa99jK8wMlNE9QA==", + "requires": { + "@aws-sdk/client-sso": "3.623.0", + "@aws-sdk/token-providers": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-web-identity": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.418.0.tgz", - "integrity": "sha512-do7ang565n9p3dS1JdsQY01rUfRx8vkxQqz5M8OlcEHBNiCdi2PvSjNwcBdrv/FKkyIxZb0TImOfBSt40hVdxQ==", + "version": "3.621.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.621.0.tgz", + "integrity": "sha512-w7ASSyfNvcx7+bYGep3VBgC3K6vEdLmlpjT7nSIHxxQf+WSdvy+HynwJosrpZax0sK5q0D1Jpn/5q+r5lwwW6w==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-bucket-endpoint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.418.0.tgz", - "integrity": "sha512-gj/mj1UfbKkGbQ1N4YUvjTTp8BVs5fO1QAL2AjFJ+jfJOToLReX72aNEkm7sPGbHML0TqOY4cQbJuWYy+zdD5g==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.620.0.tgz", + "integrity": "sha512-eGLL0W6L3HDb3OACyetZYOWpHJ+gLo0TehQKeQyy2G8vTYXqNTeqYhuI6up9HVjBzU9eQiULVQETmgQs7TFaRg==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-expect-continue": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.418.0.tgz", - "integrity": "sha512-6x4rcIj685EmqDLQkbWoCur3Dg5DRClHMen6nHXmD3CR5Xyt3z1Gk/+jmZICxyJo9c6M4AeZht8o95BopkmYAQ==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.620.0.tgz", + "integrity": "sha512-QXeRFMLfyQ31nAHLbiTLtk0oHzG9QLMaof5jIfqcUwnOkO8YnQdeqzakrg1Alpy/VQ7aqzIi8qypkBe2KXZz0A==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-flexible-checksums": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.418.0.tgz", - "integrity": "sha512-3O203dqS2JU5P1TAAbo7p1qplXQh59pevw9nqzPVb3EG8B+mSucVf2kKmF7kGHqKSk+nK/mB/4XGSsZBzGt6Wg==", - "requires": { - "@aws-crypto/crc32": "3.0.0", - "@aws-crypto/crc32c": "3.0.0", - "@aws-sdk/types": "3.418.0", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.620.0.tgz", + "integrity": "sha512-ftz+NW7qka2sVuwnnO1IzBku5ccP+s5qZGeRTPgrKB7OzRW85gthvIo1vQR2w+OwHFk7WJbbhhWwbCbktnP4UA==", + "requires": { + "@aws-crypto/crc32": "5.2.0", + "@aws-crypto/crc32c": "5.2.0", + "@aws-sdk/types": "3.609.0", + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-host-header": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.418.0.tgz", - "integrity": "sha512-LrMTdzalkPw/1ujLCKPLwCGvPMCmT4P+vOZQRbSEVZPnlZk+Aj++aL/RaHou0jL4kJH3zl8iQepriBt4a7UvXQ==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.620.0.tgz", + "integrity": "sha512-VMtPEZwqYrII/oUkffYsNWY9PZ9xpNJpMgmyU0rlDQ25O1c0Hk3fJmZRe6pEkAJ0omD7kLrqGl1DUjQVxpd/Rg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-location-constraint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.418.0.tgz", - "integrity": "sha512-cc8M3VEaESHJhDsDV8tTpt2QYUprDWhvAVVSlcL43cTdZ54Quc0W+toDiaVOUlwrAZz2Y7g5NDj22ibJGFbOvw==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.609.0.tgz", + "integrity": "sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-logger": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.418.0.tgz", - "integrity": "sha512-StKGmyPVfoO/wdNTtKemYwoJsqIl4l7oqarQY7VSf2Mp3mqaa+njLViHsQbirYpyqpgUEusOnuTlH5utxJ1NsQ==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.609.0.tgz", + "integrity": "sha512-S62U2dy4jMDhDFDK5gZ4VxFdWzCtLzwbYyFZx2uvPYTECkepLUfzLic2BHg2Qvtu4QjX+oGE3P/7fwaGIsGNuQ==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-recursion-detection": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.418.0.tgz", - "integrity": "sha512-kKFrIQglBLUFPbHSDy1+bbe3Na2Kd70JSUC3QLMbUHmqipXN8KeXRfAj7vTv97zXl0WzG0buV++WcNwOm1rFjg==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.620.0.tgz", + "integrity": "sha512-nh91S7aGK3e/o1ck64sA/CyoFw+gAYj2BDOnoNa6ouyCrVJED96ZXWbhye/fz9SgmNUZR2g7GdVpiLpMKZoI5w==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-sdk-s3": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.418.0.tgz", - "integrity": "sha512-rei32LF45SyqL3NlWDjEOfMwAca9A5F4QgUyXJqvASc43oWC1tJnLIhiCxNh8qkWAiRyRzFpcanTeqyaRSsZpA==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } - } - }, - "@aws-sdk/middleware-sdk-sts": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.418.0.tgz", - "integrity": "sha512-cW8ijrCTP+mgihvcq4+TbhAcE/we5lFl4ydRqvTdtcSnYQAVQADg47rnTScQiFsPFEB3NKq7BGeyTJF9MKolPA==", - "requires": { - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.622.0.tgz", + "integrity": "sha512-tX9wZ2ALx5Ez4bkY+SvSj6DpNZ6TmY4zlsVsdgV95LZFLjNwqnZkKkS+uKnsIyLBiBp6g92JVQwnUEIp7ov2Zw==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-signing": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.418.0.tgz", - "integrity": "sha512-onvs5KoYQE8OlOE740RxWBGtsUyVIgAo0CzRKOQO63ZEYqpL1Os+MS1CGzdNhvQnJgJruE1WW+Ix8fjN30zKPA==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.620.0.tgz", + "integrity": "sha512-gxI7rubiaanUXaLfJ4NybERa9MGPNg2Ycl/OqANsozrBnR3Pw8vqy3EuVImQOyn2pJ2IFvl8ZPoSMHf4pX56FQ==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-ssec": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.418.0.tgz", - "integrity": "sha512-J7K+5h6aP7IYMlu/NwHEIjb0+WDu1eFvO8TCPo6j1H9xYRi8B/6h+6pa9Rk9IgRUzFnrdlDu9FazG8Tp0KKLyg==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.609.0.tgz", + "integrity": "sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-user-agent": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.418.0.tgz", - "integrity": "sha512-Jdcztg9Tal9SEAL0dKRrnpKrm6LFlWmAhvuwv0dQ7bNTJxIxyEFbpqdgy7mpQHsLVZgq1Aad/7gT/72c9igyZw==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.620.0.tgz", + "integrity": "sha512-bvS6etn+KsuL32ubY5D3xNof1qkenpbJXf/ugGXbg0n98DvDFQ/F+SMLxHgbnER5dsKYchNnhmtI6/FC3HFu/A==", "requires": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/region-config-resolver": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.418.0.tgz", - "integrity": "sha512-lJRZ/9TjZU6yLz+mAwxJkcJZ6BmyYoIJVo1p5+BN//EFdEmC8/c0c9gXMRzfISV/mqWSttdtccpAyN4/goHTYA==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.614.0.tgz", + "integrity": "sha512-vDCeMXvic/LU0KFIUjpC3RiSTIkkvESsEfbVHiHH0YINfl8HnEqR5rj+L8+phsCeVg2+LmYwYxd5NRz4PHxt5g==", "requires": { - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@aws-sdk/signature-v4-multi-region": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.418.0.tgz", - "integrity": "sha512-LeVYMZeUQUURFqDf4yZxTEv016g64hi0LqYBjU0mjwd8aPc0k6hckwvshezc80jCNbuLyjNfQclvlg3iFliItQ==", + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.622.0.tgz", + "integrity": "sha512-K7ddofVNzwTFRjmLZLfs/v+hiE9m5LguajHk8WULxXQgkcDI3nPgOfmMMGuslYohaQhRwW+ic+dzYlateLUudQ==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/token-providers": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.418.0.tgz", - "integrity": "sha512-9P7Q0VN0hEzTngy3Sz5eya2qEOEf0Q8qf1vB3um0gE6ID6EVAdz/nc/DztfN32MFxk8FeVBrCP5vWdoOzmd72g==", - "requires": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.614.0.tgz", + "integrity": "sha512-okItqyY6L9IHdxqs+Z116y5/nda7rHxLvROxtAJdLavWTYDydxrZstImNgGWTeVdmc0xX2gJCI77UYUTQWnhRw==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/types": { - "version": "3.433.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.433.0.tgz", - "integrity": "sha512-0jEE2mSrNDd8VGFjTc1otYrwYPIkzZJEIK90ZxisKvQ/EURGBhNzWn7ejWB9XCMFT6XumYLBR0V9qq5UPisWtA==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.609.0.tgz", + "integrity": "sha512-+Tqnh9w0h2LcrUsdXyT1F8mNhXz+tVYBtP19LpeEGntmvHwa2XzvLUCWpoIAIVsHp5+HdB2X9Sn0KAtmbFXc2Q==", "requires": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/util-arn-parser": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.310.0.tgz", - "integrity": "sha512-jL8509owp/xB9+Or0pvn3Fe+b94qfklc2yPowZZIFAkFcCSIdkIglz18cPDWnYAcy9JGewpMS1COXKIUhZkJsA==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "integrity": "sha512-XUKJWWo+KOB7fbnPP0+g/o5Ulku/X53t7i/h+sPHr5xxYTJJ9CYnbToo95mzxe7xWvkLrsNtJ8L+MnNn9INs2w==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@aws-sdk/util-endpoints": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.418.0.tgz", - "integrity": "sha512-sYSDwRTl7yE7LhHkPzemGzmIXFVHSsi3AQ1KeNEk84eBqxMHHcCc2kqklaBk2roXWe50QDgRMy1ikZUxvtzNHQ==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.614.0.tgz", + "integrity": "sha512-wK2cdrXHH4oz4IomV/yrGkftU9A+ITB6nFL+rxxyO78is2ifHJpFdV4aqk4LSkXYPi6CXWNru/Dqc7yiKXgJPw==", "requires": { - "@aws-sdk/types": "3.418.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "@smithy/util-endpoints": "^2.0.5", + "tslib": "^2.6.2" } }, "@aws-sdk/util-locate-window": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.310.0.tgz", - "integrity": "sha512-qo2t/vBTnoXpjKxlsC2e1gBrRm80M3bId27r0BRB2VniSSe7bL1mmzM+/HFtujm0iAxtPM+aLEflLJlJeDPg0w==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.568.0.tgz", + "integrity": "sha512-3nh4TINkXYr+H41QaPelCceEB2FXP3fxp93YZXB/kqJvX0U9j0N0Uk45gvsjmEPzG8XxkPEeLIfT2I1M7A6Lig==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@aws-sdk/util-user-agent-browser": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.418.0.tgz", - "integrity": "sha512-c4p4mc0VV/jIeNH0lsXzhJ1MpWRLuboGtNEpqE4s1Vl9ck2amv9VdUUZUmHbg+bVxlMgRQ4nmiovA4qIrqGuyg==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.609.0.tgz", + "integrity": "sha512-fojPU+mNahzQ0YHYBsx0ZIhmMA96H+ZIZ665ObU9tl+SGdbLneVZVikGve+NmHTQwHzwkFsZYYnVKAkreJLAtA==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "tslib": "^2.6.2" } }, "@aws-sdk/util-user-agent-node": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.418.0.tgz", - "integrity": "sha512-BXMskXFtg+dmzSCgmnWOffokxIbPr1lFqa1D9kvM3l3IFRiFGx2IyDg+8MAhq11aPDLvoa/BDuQ0Yqma5izOhg==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } - } - }, - "@aws-sdk/util-utf8-browser": { - "version": "3.259.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", - "integrity": "sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.614.0.tgz", + "integrity": "sha512-15ElZT88peoHnq5TEoEtZwoXTXRxNrk60TZNdpl/TUBJ5oNJ9Dqb5Z4ryb8ofN6nm9aFf59GVAerFDz8iUoHBA==", "requires": { - "tslib": "^2.3.1" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/xml-builder": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.310.0.tgz", - "integrity": "sha512-TqELu4mOuSIKQCqj63fGVs86Yh+vBx5nHRpWKNUNhB2nPTpfbziTs5c1X358be3peVWA4wPxW7Nt53KIg1tnNw==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.609.0.tgz", + "integrity": "sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==", "requires": { - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/abort-controller": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-2.0.16.tgz", - "integrity": "sha512-4foO7738k8kM9flMHu3VLabqu7nPgvIj8TB909S0CnKx0YZz/dcDH3pZ/4JHdatfxlZdKF1JWOYCw9+v3HVVsw==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.1.tgz", + "integrity": "sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/chunked-blob-reader": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-2.0.0.tgz", - "integrity": "sha512-k+J4GHJsMSAIQPChGBrjEmGS+WbPonCXesoqP9fynIqjn7rdOThdH8FAeCmokP9mxTYKQAKoHCLPzNlm6gh7Wg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "integrity": "sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/chunked-blob-reader-native": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-2.0.0.tgz", - "integrity": "sha512-HM8V2Rp1y8+1343tkZUKZllFhEQPNmpNdgFAncbTsxkZ18/gqjk23XXv3qGyXWp412f3o43ZZ1UZHVcHrpRnCQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "integrity": "sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==", "requires": { - "@smithy/util-base64": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/config-resolver": { - "version": "2.0.23", - "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-2.0.23.tgz", - "integrity": "sha512-XakUqgtP2YY8Mi+Nlif5BiqJgWdvfxJafSpOSQeCOMizu+PUhE4fBQSy6xFcR+eInrwVadaABNxoJyGUMn15ew==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.5.tgz", + "integrity": "sha512-SkW5LxfkSI1bUC74OtfBbdz+grQXYiPYolyu8VfpLIjEoN/sHVBlLeGXMQ1vX4ejkgfv6sxVbQJ32yF2cl1veA==", + "requires": { + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" + } + }, + "@smithy/core": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.3.2.tgz", + "integrity": "sha512-in5wwt6chDBcUv1Lw1+QzZxN9fBffi+qOixfb65yK4sDuKG7zAUO9HAFqmVzsZM3N+3tTyvZjtnDXePpvp007Q==", "requires": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/types": "^2.8.0", - "@smithy/util-config-provider": "^2.1.0", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@smithy/credential-provider-imds": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-2.1.5.tgz", - "integrity": "sha512-VfvE6Wg1MUWwpTZFBnUD7zxvPhLY8jlHCzu6bCjlIYoWgXCDzZAML76IlZUEf45nib3rjehnFgg0s1rgsuN/bg==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.0.tgz", + "integrity": "sha512-0SCIzgd8LYZ9EJxUjLXBmEKSZR/P/w6l7Rz/pab9culE/RWuqelAKGJvn5qUOl8BgX8Yj5HWM50A5hiB/RzsgA==", "requires": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "tslib": "^2.6.2" } }, "@smithy/eventstream-codec": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-2.0.16.tgz", - "integrity": "sha512-umYh5pdCE9GHgiMAH49zu9wXWZKNHHdKPm/lK22WYISTjqu29SepmpWNmPiBLy/yUu4HFEGJHIFrDWhbDlApaw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.2.tgz", + "integrity": "sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==", "requires": { - "@aws-crypto/crc32": "3.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "tslib": "^2.5.0" + "@aws-crypto/crc32": "5.2.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-2.0.12.tgz", - "integrity": "sha512-0pi8QlU/pwutNshoeJcbKR1p7Ie5STd8UFAMX5xhSoSJjNlxIv/OsHbF023jscMRN2Prrqd6ToGgdCnsZVQjvg==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.5.tgz", + "integrity": "sha512-dEyiUYL/ekDfk+2Ra4GxV+xNnFoCmk1nuIXg+fMChFTrM2uI/1r9AdiTYzPqgb72yIv/NtAj6C3dG//1wwgakQ==", "requires": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-config-resolver": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-2.0.12.tgz", - "integrity": "sha512-I0XfwQkIX3gAnbrU5rLMkBSjTM9DHttdbLwf12CXmj7SSI5dT87PxtKLRrZGanaCMbdf2yCep+MW5/4M7IbvQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.3.tgz", + "integrity": "sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==", "requires": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-2.0.12.tgz", - "integrity": "sha512-vf1vMHGOkG3uqN9x1zKOhnvW/XgvhJXWqjV6zZiT2FMjlEayugQ1mzpSqr7uf89+BzjTzuZKERmOsEAmewLbxw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.4.tgz", + "integrity": "sha512-mjlG0OzGAYuUpdUpflfb9zyLrBGgmQmrobNT8b42ZTsGv/J03+t24uhhtVEKG/b2jFtPIHF74Bq+VUtbzEKOKg==", "requires": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-universal": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-2.0.12.tgz", - "integrity": "sha512-xZ3ZNpCxIND+q+UCy7y1n1/5VQEYicgSTNCcPqsKawX+Vd+6OcFX7gUHMyPzL8cZr+GdmJuxNleqHlH4giK2tw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.4.tgz", + "integrity": "sha512-Od9dv8zh3PgOD7Vj4T3HSuox16n0VG8jJIM2gvKASL6aCtcS8CfHZDWe1Ik3ZXW6xBouU+45Q5wgoliWDZiJ0A==", "requires": { - "@smithy/eventstream-codec": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-codec": "^3.1.2", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/fetch-http-handler": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-2.3.2.tgz", - "integrity": "sha512-O9R/OlnAOTsnysuSDjt0v2q6DcSvCz5cCFC/CFAWWcLyBwJDeFyGTCTszgpQTb19+Fi8uRwZE5/3ziAQBFeDMQ==", + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.4.tgz", + "integrity": "sha512-kBprh5Gs5h7ug4nBWZi1FZthdqSM+T7zMmsZxx0IBvWUn7dK3diz2SHn7Bs4dQGFDk8plDv375gzenDoNwrXjg==", "requires": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/hash-blob-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-2.0.12.tgz", - "integrity": "sha512-riLnV16f27yyePX8UF0deRHAeccUK8SrOxyTykSTrnVkgS3DsjNapZtTbd8OGNKEbI60Ncdb5GwN3rHZudXvog==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.2.tgz", + "integrity": "sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==", "requires": { - "@smithy/chunked-blob-reader": "^2.0.0", - "@smithy/chunked-blob-reader-native": "^2.0.0", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/chunked-blob-reader": "^3.0.0", + "@smithy/chunked-blob-reader-native": "^3.0.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/hash-node": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-2.0.18.tgz", - "integrity": "sha512-gN2JFvAgnZCyDN9rJgcejfpK0uPPJrSortVVVVWsru9whS7eQey6+gj2eM5ln2i6rHNntIXzal1Fm9XOPuoaKA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.3.tgz", + "integrity": "sha512-2ctBXpPMG+B3BtWSGNnKELJ7SH9e4TNefJS0cd2eSkOOROeBnnVBnAy9LtJ8tY4vUEoe55N4CNPxzbWvR39iBw==", "requires": { - "@smithy/types": "^2.8.0", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/hash-stream-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-2.0.12.tgz", - "integrity": "sha512-x/DrSynPKrW0k00q7aZ/vy531a3mRw79mOajHp+cIF0TrA1SqEMFoy/B8X0XtoAtlJWt/vvgeDNqt/KAeaAqMw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.2.tgz", + "integrity": "sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==", "requires": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/invalid-dependency": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-2.0.16.tgz", - "integrity": "sha512-apEHakT/kmpNo1VFHP4W/cjfeP9U0x5qvfsLJubgp7UM/gq4qYp0GbqdE7QhsjUaYvEnrftRqs7+YrtWreV0wA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.3.tgz", + "integrity": "sha512-ID1eL/zpDULmHJbflb864k72/SNOZCADRc9i7Exq3RUNJw6raWUSlFEQ+3PX3EYs++bTxZB2dE9mEHTQLv61tw==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/is-array-buffer": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.0.0.tgz", - "integrity": "sha512-z3PjFjMyZNI98JFRJi/U0nGoLWMSJlDjAW4QUX2WNZLas5C0CmVV6LJ01JI0k90l7FvpmixjWxPFmENSClQ7ug==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/md5-js": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-2.0.12.tgz", - "integrity": "sha512-OgDt+Xnrw+W5z3MSl5KZZzebqmXrYl9UdbCiBYnnjErmNywwSjV6QB/Oic3/7hnsPniSU81n7Rvlhz2kH4EREQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.3.tgz", + "integrity": "sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==", "requires": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/middleware-content-length": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-2.0.18.tgz", - "integrity": "sha512-ZJ9uKPTfxYheTKSKYB+GCvcj+izw9WGzRLhjn8n254q0jWLojUzn7Vw0l4R/Gq7Wdpf/qmk/ptD+6CCXHNVCaw==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.5.tgz", + "integrity": "sha512-ILEzC2eyxx6ncej3zZSwMpB5RJ0zuqH7eMptxC4KN3f+v9bqT8ohssKbhNR78k/2tWW+KS5Spw+tbPF4Ejyqvw==", "requires": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/middleware-endpoint": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-2.3.0.tgz", - "integrity": "sha512-VsOAG2YQ8ykjSmKO+CIXdJBIWFo6AAvG6Iw95BakBTqk66/4BI7XyqLevoNSq/lZ6NgZv24sLmrcIN+fLDWBCg==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.1.0.tgz", + "integrity": "sha512-5y5aiKCEwg9TDPB4yFE7H6tYvGFf1OJHNczeY10/EFF8Ir8jZbNntQJxMWNfeQjC1mxPsaQ6mR9cvQbf+0YeMw==", "requires": { - "@smithy/middleware-serde": "^2.0.16", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/middleware-serde": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@smithy/middleware-retry": { - "version": "2.0.26", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-2.0.26.tgz", - "integrity": "sha512-Qzpxo0U5jfNiq9iD38U3e2bheXwvTEX4eue9xruIvEgh+UKq6dKuGqcB66oBDV7TD/mfoJi9Q/VmaiqwWbEp7A==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.14.tgz", + "integrity": "sha512-7ZaWZJOjUxa5hgmuMspyt8v/zVsh0GXYuF7OvCmdcbVa/xbnKQoYC+uYKunAqRGTkxjOyuOCw9rmFUFOqqC0eQ==", "requires": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/protocol-http": "^3.0.12", - "@smithy/service-error-classification": "^2.0.9", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-retry": "^2.0.9", - "tslib": "^2.5.0", - "uuid": "^8.3.2" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/service-error-classification": "^3.0.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "tslib": "^2.6.2", + "uuid": "^9.0.1" } }, "@smithy/middleware-serde": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-2.0.16.tgz", - "integrity": "sha512-5EAd4t30pcc4M8TSSGq7q/x5IKrxfXR5+SrU4bgxNy7RPHQo2PSWBUco9C+D9Tfqp/JZvprRpK42dnupZafk2g==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz", + "integrity": "sha512-puUbyJQBcg9eSErFXjKNiGILJGtiqmuuNKEYNYfUD57fUl4i9+mfmThtQhvFXU0hCVG0iEJhvQUipUf+/SsFdA==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/middleware-stack": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-2.0.10.tgz", - "integrity": "sha512-I2rbxctNq9FAPPEcuA1ntZxkTKOPQFy7YBPOaD/MLg1zCvzv21CoNxR0py6J8ZVC35l4qE4nhxB0f7TF5/+Ldw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.3.tgz", + "integrity": "sha512-r4klY9nFudB0r9UdSMaGSyjyQK5adUyPnQN/ZM6M75phTxOdnc/AhpvGD1fQUvgmqjQEBGCwpnPbDm8pH5PapA==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/node-config-provider": { - "version": "2.1.9", - "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-2.1.9.tgz", - "integrity": "sha512-tUyW/9xrRy+s7RXkmQhgYkAPMpTIF8izK4orhHjNFEKR3QZiOCbWB546Y8iB/Fpbm3O9+q0Af9rpywLKJOwtaQ==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.4.tgz", + "integrity": "sha512-YvnElQy8HR4vDcAjoy7Xkx9YT8xZP4cBXcbJSgm/kxmiQu08DwUwj8rkGnyoJTpfl/3xYHH+d8zE+eHqoDCSdQ==", "requires": { - "@smithy/property-provider": "^2.0.17", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/node-http-handler": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-2.2.2.tgz", - "integrity": "sha512-XO58TO/Eul/IBQKFKaaBtXJi0ItEQQCT+NI4IiKHCY/4KtqaUT6y/wC1EvDqlA9cP7Dyjdj7FdPs4DyynH3u7g==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.1.4.tgz", + "integrity": "sha512-+UmxgixgOr/yLsUxcEKGH0fMNVteJFGkmRltYFHnBMlogyFdpzn2CwqWmxOrfJELhV34v0WSlaqG1UtE1uXlJg==", "requires": { - "@smithy/abort-controller": "^2.0.16", - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/property-provider": { - "version": "2.0.17", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-2.0.17.tgz", - "integrity": "sha512-+VkeZbVu7qtQ2DjI48Qwaf9fPOr3gZIwxQpuLJgRRSkWsdSvmaTCxI3gzRFKePB63Ts9r4yjn4HkxSCSkdWmcQ==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.3.tgz", + "integrity": "sha512-zahyOVR9Q4PEoguJ/NrFP4O7SMAfYO1HLhB18M+q+Z4KFd4V2obiMnlVoUFzFLSPeVt1POyNWneHHrZaTMoc/g==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/protocol-http": { - "version": "3.0.12", - "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-3.0.12.tgz", - "integrity": "sha512-Xz4iaqLiaBfbQpB9Hgi3VcZYbP7xRDXYhd8XWChh4v94uw7qwmvlxdU5yxzfm6ACJM66phHrTbS5TVvj5uQ72w==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.0.tgz", + "integrity": "sha512-dPVoHYQ2wcHooGXg3LQisa1hH0e4y0pAddPMeeUPipI1tEOqL6A4N0/G7abeq+K8wrwSgjk4C0wnD1XZpJm5aA==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/querystring-builder": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-2.0.16.tgz", - "integrity": "sha512-Q/GsJT0C0mijXMRs7YhZLLCP5FcuC4797lYjKQkME5CZohnLC4bEhylAd2QcD3gbMKNjCw8+T2I27WKiV/wToA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz", + "integrity": "sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw==", "requires": { - "@smithy/types": "^2.8.0", - "@smithy/util-uri-escape": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-uri-escape": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/querystring-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-2.0.16.tgz", - "integrity": "sha512-c4ueAuL6BDYKWpkubjrQthZKoC3L5kql5O++ovekNxiexRXTlLIVlCR4q3KziOktLIw66EU9SQljPXd/oN6Okg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.3.tgz", + "integrity": "sha512-zahM1lQv2YjmznnfQsWbYojFe55l0SLG/988brlLv1i8z3dubloLF+75ATRsqPBboUXsW6I9CPGE5rQgLfY0vQ==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/service-error-classification": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-2.0.9.tgz", - "integrity": "sha512-0K+8GvtwI7VkGmmInPydM2XZyBfIqLIbfR7mDQ+oPiz8mIinuHbV6sxOLdvX1Jv/myk7XTK9orgt3tuEpBu/zg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.3.tgz", + "integrity": "sha512-Jn39sSl8cim/VlkLsUhRFq/dKDnRUFlfRkvhOJaUbLBXUsLRLNf9WaxDv/z9BjuQ3A6k/qE8af1lsqcwm7+DaQ==", "requires": { - "@smithy/types": "^2.8.0" + "@smithy/types": "^3.3.0" } }, "@smithy/shared-ini-file-loader": { - "version": "2.2.8", - "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-2.2.8.tgz", - "integrity": "sha512-E62byatbwSWrtq9RJ7xN40tqrRKDGrEL4EluyNpaIDvfvet06a/QC58oHw2FgVaEgkj0tXZPjZaKrhPfpoU0qw==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.4.tgz", + "integrity": "sha512-qMxS4hBGB8FY2GQqshcRUy1K6k8aBWP5vwm8qKkCT3A9K2dawUwOIJfqh9Yste/Bl0J2lzosVyrXDj68kLcHXQ==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/signature-v4": { - "version": "2.0.19", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-2.0.19.tgz", - "integrity": "sha512-nwc3JihdM+kcJjtORv/n7qRHN2Kfh7S2RJI2qr8pz9UcY5TD8rSCRGQ0g81HgyS3jZ5X9U/L4p014P3FonBPhg==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.1.0.tgz", + "integrity": "sha512-aRryp2XNZeRcOtuJoxjydO6QTaVhxx/vjaR+gx7ZjaFgrgPRyZ3HCTbfwqYj6ZWEBHkCSUfcaymKPURaByukag==", "requires": { - "@smithy/eventstream-codec": "^2.0.16", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-uri-escape": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-uri-escape": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/smithy-client": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-2.2.1.tgz", - "integrity": "sha512-SpD7FLK92XV2fon2hMotaNDa2w5VAy5/uVjP9WFmjGSgWM8pTPVkHcDl1yFs5Z8LYbij0FSz+DbCBK6i+uXXUA==", + "version": "3.1.12", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.12.tgz", + "integrity": "sha512-wtm8JtsycthkHy1YA4zjIh2thJgIQ9vGkoR639DBx5lLlLNU0v4GARpQZkr2WjXue74nZ7MiTSWfVrLkyD8RkA==", "requires": { - "@smithy/middleware-endpoint": "^2.3.0", - "@smithy/middleware-stack": "^2.0.10", - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "@smithy/util-stream": "^2.0.24", - "tslib": "^2.5.0" + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" } }, "@smithy/types": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-2.8.0.tgz", - "integrity": "sha512-h9sz24cFgt/W1Re22OlhQKmUZkNh244ApgRsUDYinqF8R+QgcsBIX344u2j61TPshsTz3CvL6HYU1DnQdsSrHA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.3.0.tgz", + "integrity": "sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/url-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-2.0.16.tgz", - "integrity": "sha512-Wfz5WqAoRT91TjRy1JeLR0fXtkIXHGsMbgzKFTx7E68SrZ55TB8xoG+vm11Ru4gheFTMXjAjwAxv1jQdC+pAQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.3.tgz", + "integrity": "sha512-pw3VtZtX2rg+s6HMs6/+u9+hu6oY6U7IohGhVNnjbgKy86wcIsSZwgHrFR+t67Uyxvp4Xz3p3kGXXIpTNisq8A==", "requires": { - "@smithy/querystring-parser": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/querystring-parser": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-base64": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-2.0.1.tgz", - "integrity": "sha512-DlI6XFYDMsIVN+GH9JtcRp3j02JEVuWIn/QOZisVzpIAprdsxGveFed0bjbMRCqmIFe8uetn5rxzNrBtIGrPIQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "integrity": "sha512-Kxvoh5Qtt0CDsfajiZOCpJxgtPHXOKwmM+Zy4waD43UoEMA+qPxxa98aE/7ZhdnBFZFXMOiBR5xbcaMhLtznQQ==", "requires": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-body-length-browser": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-2.0.1.tgz", - "integrity": "sha512-NXYp3ttgUlwkaug4bjBzJ5+yIbUbUx8VsSLuHZROQpoik+gRkIBeEG9MPVYfvPNpuXb/puqodeeUXcKFe7BLOQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "integrity": "sha512-cbjJs2A1mLYmqmyVl80uoLTJhAcfzMOyPgjwAYusWKMdLeNtzmMz9YxNl3/jRLoxSS3wkqkf0jwNdtXWtyEBaQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-body-length-node": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-2.1.0.tgz", - "integrity": "sha512-/li0/kj/y3fQ3vyzn36NTLGmUwAICb7Jbe/CsWCktW363gh1MOcpEcSO3mJ344Gv2dqz8YJCLQpb6hju/0qOWw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "integrity": "sha512-Tj7pZ4bUloNUP6PzwhN7K386tmSmEET9QtQg0TgdNOnxhZvCssHji+oZTUIuzxECRfG8rdm2PMw2WCFs6eIYkA==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-buffer-from": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.0.0.tgz", - "integrity": "sha512-/YNnLoHsR+4W4Vf2wL5lGv0ksg8Bmk3GEGxn2vEQt52AQaPSCuaO5PM5VM7lP1K9qHRKHwrPGktqVoAHKWHxzw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==", "requires": { - "@smithy/is-array-buffer": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-config-provider": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-2.1.0.tgz", - "integrity": "sha512-S6V0JvvhQgFSGLcJeT1CBsaTR03MM8qTuxMH9WPCCddlSo2W0V5jIHimHtIQALMLEDPGQ0ROSRr/dU0O+mxiQg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "integrity": "sha512-pbjk4s0fwq3Di/ANL+rCvJMKM5bzAQdE5S/6RL5NXgMExFAi6UgQMPOm5yPaIWPpr+EOXKXRonJ3FoxKf4mCJQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-defaults-mode-browser": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-2.0.24.tgz", - "integrity": "sha512-TsP5mBuLgO2C21+laNG2nHYZEyUdkbGURv2tHvSuQQxLz952MegX95uwdxOY2jR2H4GoKuVRfdJq7w4eIjGYeg==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.14.tgz", + "integrity": "sha512-0iwTgKKmAIf+vFLV8fji21Jb2px11ktKVxbX6LIDPAUJyWQqGqBVfwba7xwa1f2FZUoolYQgLvxQEpJycXuQ5w==", "requires": { - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-defaults-mode-node": { - "version": "2.0.32", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-2.0.32.tgz", - "integrity": "sha512-d0S33dXA2cq1NyorVMroMrEtqKMr3MlyLITcfTBf9pXiigYiPMOtbSI7czHIfDbuVuM89Cg0urAgpt73QV9mPQ==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.14.tgz", + "integrity": "sha512-e9uQarJKfXApkTMMruIdxHprhcXivH1flYCe8JRDTzkkLx8dA3V5J8GZlST9yfDiRWkJpZJlUXGN9Rc9Ade3OQ==", + "requires": { + "@smithy/config-resolver": "^3.0.5", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-endpoints": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.5.tgz", + "integrity": "sha512-ReQP0BWihIE68OAblC/WQmDD40Gx+QY1Ez8mTdFMXpmjfxSyz2fVQu3A4zXRfQU9sZXtewk3GmhfOHswvX+eNg==", "requires": { - "@smithy/config-resolver": "^2.0.23", - "@smithy/credential-provider-imds": "^2.1.5", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-hex-encoding": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-2.0.0.tgz", - "integrity": "sha512-c5xY+NUnFqG6d7HFh1IFfrm3mGl29lC+vF+geHv4ToiuJCBmIfzx6IeHLg+OgRdPFKDXIw6pvi+p3CsscaMcMA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "integrity": "sha512-eFndh1WEK5YMUYvy3lPlVmYY/fZcQE1D8oSf41Id2vCeIkKJXPcYDCZD+4+xViI6b1XSd7tE+s5AmXzz5ilabQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-middleware": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-2.0.9.tgz", - "integrity": "sha512-PnCnBJ07noMX1lMDTEefmxSlusWJUiLfrme++MfK5TD0xz8NYmakgoXy5zkF/16zKGmiwOeKAztWT/Vjk1KRIQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.3.tgz", + "integrity": "sha512-l+StyYYK/eO3DlVPbU+4Bi06Jjal+PFLSMmlWM1BEwyLxZ3aKkf1ROnoIakfaA7mC6uw3ny7JBkau4Yc+5zfWw==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-retry": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-2.0.9.tgz", - "integrity": "sha512-46BFWe9RqB6g7f4mxm3W3HlqknqQQmWHKlhoqSFZuGNuiDU5KqmpebMbvC3tjTlUkqn4xa2Z7s3Hwb0HNs5scw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.3.tgz", + "integrity": "sha512-AFw+hjpbtVApzpNDhbjNG5NA3kyoMs7vx0gsgmlJF4s+yz1Zlepde7J58zpIRIsdjc+emhpAITxA88qLkPF26w==", "requires": { - "@smithy/service-error-classification": "^2.0.9", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/service-error-classification": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-stream": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-2.0.24.tgz", - "integrity": "sha512-hRpbcRrOxDriMVmbya+Mv77VZVupxRAsfxVDKS54XuiURhdiwCUXJP0X1iJhHinuUf6n8pBF0MkG9C8VooMnWw==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.1.3.tgz", + "integrity": "sha512-FIv/bRhIlAxC0U7xM1BCnF2aDRPq0UaelqBHkM2lsCp26mcBbgI0tCVTv+jGdsQLUmAMybua/bjDsSu8RQHbmw==", "requires": { - "@smithy/fetch-http-handler": "^2.3.2", - "@smithy/node-http-handler": "^2.2.2", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-uri-escape": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-2.0.0.tgz", - "integrity": "sha512-ebkxsqinSdEooQduuk9CbKcI+wheijxEb3utGXkCoYQkJnwTnLbH1JXGimJtUkQwNQbsbuYwG2+aFVyZf5TLaw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "integrity": "sha512-LqR7qYLgZTD7nWLBecUi4aqolw8Mhza9ArpNEQ881MJJIU2sE5iHCK6TdyqqzcDLy0OPe10IY4T8ctVdtynubg==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-utf8": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.0.2.tgz", - "integrity": "sha512-qOiVORSPm6Ce4/Yu6hbSgNHABLP2VMv8QOC3tTDNHHlWY19pPyc++fBTbZPtx6egPXi4HQxKDnMxVxpbtX2GoA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==", "requires": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-waiter": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-2.0.12.tgz", - "integrity": "sha512-3sENmyVa1NnOPoiT2NCApPmu7ukP7S/v7kL9IxNmnygkDldn7/yK0TP42oPJLwB2k3mospNsSePIlqdXEUyPHA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.2.tgz", + "integrity": "sha512-4pP0EV3iTsexDx+8PPGAKCQpd/6hsQBaQhqWzU4hqKPHN5epPsxKbvUTIiYIHTxaKt6/kEaqPBpu/ufvfbrRzw==", "requires": { - "@smithy/abort-controller": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "bowser": { @@ -3140,9 +2801,9 @@ "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==" }, "fast-xml-parser": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "integrity": "sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz", + "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==", "requires": { "strnum": "^1.0.5" } @@ -3153,14 +2814,14 @@ "integrity": "sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==" }, "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" }, "uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==" } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json index f565aa9f233ba..9399afd0396ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json @@ -2,6 +2,6 @@ "name": "eks-service-account-sdk-call-integ-test", "private": "true", "dependencies": { - "@aws-sdk/client-s3": "3.421.0" + "@aws-sdk/client-s3": "3.623.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json new file mode 100644 index 0000000000000..96376cfedf68a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json @@ -0,0 +1,84 @@ +{ + "version": "36.0.0", + "files": { + "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { + "source": { + "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961": { + "source": { + "path": "asset.3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d": { + "source": { + "path": "asset.2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295": { + "source": { + "path": "asset.3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "0a87c14e32369e6154b50e10726881c54b3ea07abefb1b01a8ebd0388b64e857": { + "source": { + "path": "alb-mtls-test-stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0a87c14e32369e6154b50e10726881c54b3ea07abefb1b01a8ebd0388b64e857.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json new file mode 100644 index 0000000000000..4d59bd91353a1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json @@ -0,0 +1,1352 @@ +{ + "Resources": { + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + }, + { + "Key": "aws-cdk:cr-owned:987d6a23", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, + "DeployCaCertAwsCliLayer0CCD78B3": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip" + }, + "Description": "/opt/awscli/aws" + } + }, + "DeployCaCertCustomResourceCDD68C79": { + "Type": "Custom::CDKBucketDeployment", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", + "Arn" + ] + }, + "SourceBucketNames": [ + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ], + "SourceObjectKeys": [ + "3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295.zip" + ], + "DestinationBucketName": { + "Ref": "Bucket83908E77" + }, + "Prune": true + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "Roles": [ + { + "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + } + ] + } + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip" + }, + "Environment": { + "Variables": { + "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" + } + }, + "Handler": "index.handler", + "Layers": [ + { + "Ref": "DeployCaCertAwsCliLayer0CCD78B3" + } + ], + "Role": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + "Arn" + ] + }, + "Runtime": "python3.9", + "Timeout": 900 + }, + "DependsOn": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + ] + }, + "Stack8A423254": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "StackPublicSubnet1Subnet0AD81D22": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet1RouteTable5057189D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet1RouteTableAssociation74F1C1B6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + }, + "SubnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + } + } + }, + "StackPublicSubnet1DefaultRoute16154E3D": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "RouteTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + } + }, + "DependsOn": [ + "StackVPCGWFFCB6290" + ] + }, + "StackPublicSubnet1EIPBDAAB2A5": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + } + }, + "StackPublicSubnet1NATGatewayD2E1ABF7": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet1EIPBDAAB2A5", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "StackPublicSubnet1DefaultRoute16154E3D", + "StackPublicSubnet1RouteTableAssociation74F1C1B6" + ] + }, + "StackPublicSubnet2Subnet3C7D2288": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet2RouteTableCD306445": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet2RouteTableAssociation5E8F73F1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + }, + "SubnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + } + } + }, + "StackPublicSubnet2DefaultRoute0319539B": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "RouteTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + } + }, + "DependsOn": [ + "StackVPCGWFFCB6290" + ] + }, + "StackPublicSubnet2EIP8CDBC8C2": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + } + }, + "StackPublicSubnet2NATGatewayA8E03AB3": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet2EIP8CDBC8C2", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "StackPublicSubnet2DefaultRoute0319539B", + "StackPublicSubnet2RouteTableAssociation5E8F73F1" + ] + }, + "StackPublicSubnet3SubnetCC1055D9": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet3RouteTable44D8F838": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet3RouteTableAssociationD026A62D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + }, + "SubnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + } + }, + "StackPublicSubnet3DefaultRouteBC0DA152": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "RouteTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + } + }, + "DependsOn": [ + "StackVPCGWFFCB6290" + ] + }, + "StackPublicSubnet3EIP3201E7C8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + } + }, + "StackPublicSubnet3NATGatewayAB6A10EF": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet3EIP3201E7C8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + }, + "DependsOn": [ + "StackPublicSubnet3DefaultRouteBC0DA152", + "StackPublicSubnet3RouteTableAssociationD026A62D" + ] + }, + "StackPrivateSubnet1Subnet47AC2BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet1RouteTable8ADA6A0C": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet1RouteTableAssociationFFE38495": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + }, + "SubnetId": { + "Ref": "StackPrivateSubnet1Subnet47AC2BC7" + } + } + }, + "StackPrivateSubnet1DefaultRouteFBF81BA5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "StackPublicSubnet1NATGatewayD2E1ABF7" + }, + "RouteTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + } + } + }, + "StackPrivateSubnet2SubnetA2F8EDD8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet2RouteTableA5546697": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet2RouteTableAssociation68ACB8C1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + }, + "SubnetId": { + "Ref": "StackPrivateSubnet2SubnetA2F8EDD8" + } + } + }, + "StackPrivateSubnet2DefaultRoute22004492": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "StackPublicSubnet2NATGatewayA8E03AB3" + }, + "RouteTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + } + } + }, + "StackPrivateSubnet3Subnet28548F2E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet3RouteTable9B1F2842": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet3RouteTableAssociationC9C6644E": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + }, + "SubnetId": { + "Ref": "StackPrivateSubnet3Subnet28548F2E" + } + } + }, + "StackPrivateSubnet3DefaultRoute361AE708": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "StackPublicSubnet3NATGatewayAB6A10EF" + }, + "RouteTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + } + } + }, + "StackIGW2F0A1126": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "StackVPCGWFFCB6290": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackRestrictDefaultSecurityGroupCustomResource804DC9E2": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Stack8A423254", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Stack8A423254", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Certificate4E7ABB08": { + "Type": "AWS::CertificateManager::Certificate", + "Properties": { + "DomainName": "*.example.com", + "DomainValidationOptions": [ + { + "DomainName": "*.example.com", + "HostedZoneId": "Z23ABC4XYZL05B" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Certificate" + } + ], + "ValidationMethod": "DNS" + } + }, + "LB8A12904C": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internet-facing", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "LBSecurityGroup8A41EA2B", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + ], + "Type": "application" + }, + "DependsOn": [ + "StackPublicSubnet1DefaultRoute16154E3D", + "StackPublicSubnet1RouteTableAssociation74F1C1B6", + "StackPublicSubnet2DefaultRoute0319539B", + "StackPublicSubnet2RouteTableAssociation5E8F73F1", + "StackPublicSubnet3DefaultRouteBC0DA152", + "StackPublicSubnet3RouteTableAssociationD026A62D" + ] + }, + "LBSecurityGroup8A41EA2B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatically created Security Group for ELB albmtlsteststackLBDC4031A8", + "SecurityGroupEgress": [ + { + "CidrIp": "255.255.255.255/32", + "Description": "Disallow all traffic", + "FromPort": 252, + "IpProtocol": "icmp", + "ToPort": 86 + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow from anyone on port 443", + "FromPort": 443, + "IpProtocol": "tcp", + "ToPort": 443 + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "LBListener49E825B4": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "Certificates": [ + { + "CertificateArn": { + "Ref": "Certificate4E7ABB08" + } + } + ], + "DefaultActions": [ + { + "FixedResponseConfig": { + "ContentType": "text/plain", + "MessageBody": "Success mTLS", + "StatusCode": "200" + }, + "Type": "fixed-response" + } + ], + "LoadBalancerArn": { + "Ref": "LB8A12904C" + }, + "MutualAuthentication": { + "IgnoreClientCertificateExpiry": false, + "Mode": "verify", + "TrustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + }, + "Port": 443, + "Protocol": "HTTPS" + } + }, + "Store1D2A845B": { + "Type": "AWS::ElasticLoadBalancingV2::TrustStore", + "Properties": { + "CaCertificatesBundleS3Bucket": { + "Ref": "Bucket83908E77" + }, + "CaCertificatesBundleS3Key": "rootCA_cert.pem", + "Name": "albmtlsteststackStore63864577" + }, + "DependsOn": [ + "DeployCaCertAwsCliLayer0CCD78B3", + "DeployCaCertCustomResourceCDD68C79" + ] + }, + "Revocation2857AF0C": { + "Type": "AWS::ElasticLoadBalancingV2::TrustStoreRevocation", + "Properties": { + "RevocationContents": [ + { + "S3Bucket": { + "Ref": "Bucket83908E77" + }, + "S3Key": "crl.pem" + } + ], + "TrustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + }, + "DependsOn": [ + "DeployCaCertAwsCliLayer0CCD78B3", + "DeployCaCertCustomResourceCDD68C79" + ] + }, + "ARecordE7B57761": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "AliasTarget": { + "DNSName": { + "Fn::Join": [ + "", + [ + "dualstack.", + { + "Fn::GetAtt": [ + "LB8A12904C", + "DNSName" + ] + } + ] + ] + }, + "HostedZoneId": { + "Fn::GetAtt": [ + "LB8A12904C", + "CanonicalHostedZoneID" + ] + } + }, + "HostedZoneId": "Z23ABC4XYZL05B", + "Name": "example.com.", + "Type": "A" + } + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json similarity index 88% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json index 8f0029884a021..2cdadacf0eb8c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json @@ -3,7 +3,7 @@ "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { - "path": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", + "path": "albmtlsintegDefaultTestDeployAssert30225695.template.json", "packaging": "file" }, "destinations": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json new file mode 100644 index 0000000000000..a9e3fe653cba5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json @@ -0,0 +1,14 @@ +{ + "enableLookups": true, + "version": "36.0.0", + "testCases": { + "alb-mtls-integ/DefaultTest": { + "stacks": [ + "alb-mtls-test-stack" + ], + "stackUpdateWorkflow": false, + "assertionStack": "alb-mtls-integ/DefaultTest/DeployAssert", + "assertionStackName": "albmtlsintegDefaultTestDeployAssert30225695" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json new file mode 100644 index 0000000000000..32e54f1dad29c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json @@ -0,0 +1,431 @@ +{ + "version": "36.0.0", + "artifacts": { + "alb-mtls-test-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "alb-mtls-test-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "alb-mtls-test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "alb-mtls-test-stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0a87c14e32369e6154b50e10726881c54b3ea07abefb1b01a8ebd0388b64e857.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "alb-mtls-test-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "alb-mtls-test-stack.assets" + ], + "metadata": { + "/alb-mtls-test-stack/Bucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Bucket83908E77" + } + ], + "/alb-mtls-test-stack/Bucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BucketPolicyE9A3008A" + } + ], + "/alb-mtls-test-stack/Bucket/AutoDeleteObjectsCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "BucketAutoDeleteObjectsCustomResourceBAFD23C2" + } + ], + "/alb-mtls-test-stack/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + } + ], + "/alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" + } + ], + "/alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DeployCaCertAwsCliLayer0CCD78B3" + } + ], + "/alb-mtls-test-stack/DeployCaCert/CustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "DeployCaCertCustomResourceCDD68C79" + } + ], + "/alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + } + ], + "/alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF" + } + ], + "/alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536" + } + ], + "/alb-mtls-test-stack/Stack/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Stack8A423254" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1Subnet0AD81D22" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1RouteTable5057189D" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1RouteTableAssociation74F1C1B6" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1DefaultRoute16154E3D" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1EIPBDAAB2A5" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1NATGatewayD2E1ABF7" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2Subnet3C7D2288" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2RouteTableCD306445" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2RouteTableAssociation5E8F73F1" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2DefaultRoute0319539B" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2EIP8CDBC8C2" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2NATGatewayA8E03AB3" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3SubnetCC1055D9" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3RouteTable44D8F838" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3RouteTableAssociationD026A62D" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3DefaultRouteBC0DA152" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3EIP3201E7C8" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3NATGatewayAB6A10EF" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1Subnet47AC2BC7" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1RouteTable8ADA6A0C" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1RouteTableAssociationFFE38495" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1DefaultRouteFBF81BA5" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2SubnetA2F8EDD8" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2RouteTableA5546697" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2RouteTableAssociation68ACB8C1" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2DefaultRoute22004492" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3Subnet28548F2E" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3RouteTable9B1F2842" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3RouteTableAssociationC9C6644E" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3DefaultRoute361AE708" + } + ], + "/alb-mtls-test-stack/Stack/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "StackIGW2F0A1126" + } + ], + "/alb-mtls-test-stack/Stack/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "StackVPCGWFFCB6290" + } + ], + "/alb-mtls-test-stack/Stack/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "StackRestrictDefaultSecurityGroupCustomResource804DC9E2" + } + ], + "/alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/alb-mtls-test-stack/Certificate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Certificate4E7ABB08" + } + ], + "/alb-mtls-test-stack/LB/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LB8A12904C" + } + ], + "/alb-mtls-test-stack/LB/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBSecurityGroup8A41EA2B" + } + ], + "/alb-mtls-test-stack/LB/Listener/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBListener49E825B4" + } + ], + "/alb-mtls-test-stack/Store/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Store1D2A845B" + } + ], + "/alb-mtls-test-stack/Revocation/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Revocation2857AF0C" + } + ], + "/alb-mtls-test-stack/ARecord/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ARecordE7B57761" + } + ], + "/alb-mtls-test-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/alb-mtls-test-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "alb-mtls-test-stack" + }, + "albmtlsintegDefaultTestDeployAssert30225695.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "albmtlsintegDefaultTestDeployAssert30225695.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "albmtlsintegDefaultTestDeployAssert30225695": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "albmtlsintegDefaultTestDeployAssert30225695.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "albmtlsintegDefaultTestDeployAssert30225695.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "albmtlsintegDefaultTestDeployAssert30225695.assets" + ], + "metadata": { + "/alb-mtls-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/alb-mtls-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "alb-mtls-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json new file mode 100644 index 0000000000000..868262d5007a3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json @@ -0,0 +1,1872 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "alb-mtls-test-stack": { + "id": "alb-mtls-test-stack", + "path": "alb-mtls-test-stack", + "children": { + "Bucket": { + "id": "Bucket", + "path": "alb-mtls-test-stack/Bucket", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Bucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "aws-cdk:auto-delete-objects", + "value": "true" + }, + { + "key": "aws-cdk:cr-owned:987d6a23", + "value": "true" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "alb-mtls-test-stack/Bucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Bucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "Bucket83908E77" + }, + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + }, + "AutoDeleteObjectsCustomResource": { + "id": "AutoDeleteObjectsCustomResource", + "path": "alb-mtls-test-stack/Bucket/AutoDeleteObjectsCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-test-stack/Bucket/AutoDeleteObjectsCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "alb-mtls-test-stack/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "Custom::S3AutoDeleteObjectsCustomResourceProvider": { + "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "DeployCaCert": { + "id": "DeployCaCert", + "path": "alb-mtls-test-stack/DeployCaCert", + "children": { + "AwsCliLayer": { + "id": "AwsCliLayer", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer", + "children": { + "Code": { + "id": "Code", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip" + }, + "description": "/opt/awscli/aws" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.lambda_layer_awscli.AwsCliLayer", + "version": "0.0.0" + } + }, + "CustomResourceHandler": { + "id": "CustomResourceHandler", + "path": "alb-mtls-test-stack/DeployCaCert/CustomResourceHandler", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "0.0.0" + } + }, + "Asset1": { + "id": "Asset1", + "path": "alb-mtls-test-stack/DeployCaCert/Asset1", + "children": { + "Stage": { + "id": "Stage", + "path": "alb-mtls-test-stack/DeployCaCert/Asset1/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "alb-mtls-test-stack/DeployCaCert/Asset1/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "CustomResource": { + "id": "CustomResource", + "path": "alb-mtls-test-stack/DeployCaCert/CustomResource", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-test-stack/DeployCaCert/CustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_deployment.BucketDeployment", + "version": "0.0.0" + } + }, + "Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C": { + "id": "Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "roles": [ + { + "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip" + }, + "environment": { + "variables": { + "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" + } + }, + "handler": "index.handler", + "layers": [ + { + "Ref": "DeployCaCertAwsCliLayer0CCD78B3" + } + ], + "role": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + "Arn" + ] + }, + "runtime": "python3.9", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "Stack": { + "id": "Stack", + "path": "alb-mtls-test-stack/Stack", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Stack/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1a", + "cidrBlock": "10.0.0.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + }, + "subnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "routeTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet1EIPBDAAB2A5", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1b", + "cidrBlock": "10.0.32.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + }, + "subnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "routeTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet2EIP8CDBC8C2", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet3": { + "id": "PublicSubnet3", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1c", + "cidrBlock": "10.0.64.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + }, + "subnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "routeTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet3EIP3201E7C8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + }, + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1a", + "cidrBlock": "10.0.96.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + }, + "subnetId": { + "Ref": "StackPrivateSubnet1Subnet47AC2BC7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "StackPublicSubnet1NATGatewayD2E1ABF7" + }, + "routeTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1b", + "cidrBlock": "10.0.128.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + }, + "subnetId": { + "Ref": "StackPrivateSubnet2SubnetA2F8EDD8" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "StackPublicSubnet2NATGatewayA8E03AB3" + }, + "routeTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet3": { + "id": "PrivateSubnet3", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1c", + "cidrBlock": "10.0.160.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + }, + "subnetId": { + "Ref": "StackPrivateSubnet3Subnet28548F2E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "StackPublicSubnet3NATGatewayAB6A10EF" + }, + "routeTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "alb-mtls-test-stack/Stack/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "alb-mtls-test-stack/Stack/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "alb-mtls-test-stack/Stack/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-test-stack/Stack/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "HostedZone": { + "id": "HostedZone", + "path": "alb-mtls-test-stack/HostedZone", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Certificate": { + "id": "Certificate", + "path": "alb-mtls-test-stack/Certificate", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Certificate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CertificateManager::Certificate", + "aws:cdk:cloudformation:props": { + "domainName": "*.example.com", + "domainValidationOptions": [ + { + "domainName": "*.example.com", + "hostedZoneId": "Z23ABC4XYZL05B" + } + ], + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Certificate" + } + ], + "validationMethod": "DNS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.CfnCertificate", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.Certificate", + "version": "0.0.0" + } + }, + "LB": { + "id": "LB", + "path": "alb-mtls-test-stack/LB", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/LB/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "aws:cdk:cloudformation:props": { + "loadBalancerAttributes": [ + { + "key": "deletion_protection.enabled", + "value": "false" + } + ], + "scheme": "internet-facing", + "securityGroups": [ + { + "Fn::GetAtt": [ + "LBSecurityGroup8A41EA2B", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + ], + "type": "application" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnLoadBalancer", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "alb-mtls-test-stack/LB/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/LB/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatically created Security Group for ELB albmtlsteststackLBDC4031A8", + "securityGroupEgress": [ + { + "cidrIp": "255.255.255.255/32", + "description": "Disallow all traffic", + "ipProtocol": "icmp", + "fromPort": 252, + "toPort": 86 + } + ], + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 443, + "toPort": 443, + "description": "Allow from anyone on port 443" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Listener": { + "id": "Listener", + "path": "alb-mtls-test-stack/LB/Listener", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/LB/Listener/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::Listener", + "aws:cdk:cloudformation:props": { + "certificates": [ + { + "certificateArn": { + "Ref": "Certificate4E7ABB08" + } + } + ], + "defaultActions": [ + { + "type": "fixed-response", + "fixedResponseConfig": { + "statusCode": "200", + "contentType": "text/plain", + "messageBody": "Success mTLS" + } + } + ], + "loadBalancerArn": { + "Ref": "LB8A12904C" + }, + "mutualAuthentication": { + "ignoreClientCertificateExpiry": false, + "mode": "verify", + "trustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + }, + "port": 443, + "protocol": "HTTPS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListener", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer", + "version": "0.0.0" + } + }, + "Store": { + "id": "Store", + "path": "alb-mtls-test-stack/Store", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Store/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::TrustStore", + "aws:cdk:cloudformation:props": { + "caCertificatesBundleS3Bucket": { + "Ref": "Bucket83908E77" + }, + "caCertificatesBundleS3Key": "rootCA_cert.pem", + "name": "albmtlsteststackStore63864577" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnTrustStore", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.TrustStore", + "version": "0.0.0" + } + }, + "Revocation": { + "id": "Revocation", + "path": "alb-mtls-test-stack/Revocation", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Revocation/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::TrustStoreRevocation", + "aws:cdk:cloudformation:props": { + "revocationContents": [ + { + "s3Bucket": { + "Ref": "Bucket83908E77" + }, + "s3Key": "crl.pem" + } + ], + "trustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnTrustStoreRevocation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.TrustStoreRevocation", + "version": "0.0.0" + } + }, + "ARecord": { + "id": "ARecord", + "path": "alb-mtls-test-stack/ARecord", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/ARecord/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "aliasTarget": { + "hostedZoneId": { + "Fn::GetAtt": [ + "LB8A12904C", + "CanonicalHostedZoneID" + ] + }, + "dnsName": { + "Fn::Join": [ + "", + [ + "dualstack.", + { + "Fn::GetAtt": [ + "LB8A12904C", + "DNSName" + ] + } + ] + ] + } + }, + "hostedZoneId": "Z23ABC4XYZL05B", + "name": "example.com.", + "type": "A" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnRecordSet", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.ARecord", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "alb-mtls-test-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "alb-mtls-test-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "alb-mtls-integ": { + "id": "alb-mtls-integ", + "path": "alb-mtls-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "alb-mtls-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "alb-mtls-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "alb-mtls-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "alb-mtls-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts new file mode 100644 index 0000000000000..90a634fc2cc89 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts @@ -0,0 +1,162 @@ +import * as path from 'path'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import * as route53targets from 'aws-cdk-lib/aws-route53-targets'; +import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; +import { Construct } from 'constructs'; + +/** + * In order to test this you must create certificates, keys and Certificate Revocation List (CRL). + * + * 1. Generate root Certificate Authority (CA) certificate and private key (valid for 7 days): + * `openssl req -x509 -new -days 7 -keyout rootCA_key.pem -out rootCA_cert.pem` + * + * 2. Generate client certificate and private key (valid for 7 days): + * `openssl req -x509 -CA rootCA_cert.pem -CAkey rootCA_key.pem -days 7 -new -nodes -keyout client_key.pem -out client_cert.pem` + * + * 3. Create OpenSSL configuration file (openssl.cnf): +``` +cat << EOF > openssl.cnf +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = . +database = \$dir/index.txt +new_certs_dir = \$dir/newcerts +certificate = \$dir/rootCA_cert.pem +serial = \$dir/serial +private_key = \$dir/rootCA_key.pem +RANDFILE = \$dir/private/.rand +default_crl_days = 30 +default_md = sha256 +preserve = no +policy = policy_match +crl_extensions = crl_ext + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ crl_ext ] +authorityKeyIdentifier=keyid:always +EOF +``` + * + * 4. Generate Certificate Revocation List (CRL) (valid for 30 days): + * `openssl ca -config openssl.cnf -gencrl -out crl.pem -crldays 30 -md sha256` + * + * 5. Place `rootCA_cert.pem` and `crl.pem` into the `mtls` directory. + * + * 6. Perform an HTTPS request using the generated client key and certificate: + * `curl https://YOUR-DOMAIN --key client_key.pem --cert client_cert.pem -v` + */ + +interface MutualTlsStackProps extends StackProps { + hostedZoneId: string; + hostedZoneName: string; + domainName: string; +} + +class MutualTls extends Stack { + constructor(scope: Construct, id: string, props: MutualTlsStackProps) { + super(scope, id); + + const bucket = new s3.Bucket(this, 'Bucket', { + autoDeleteObjects: true, + removalPolicy: RemovalPolicy.DESTROY, + }); + + const deploy = new s3deploy.BucketDeployment(this, 'DeployCaCert', { + sources: [s3deploy.Source.asset(path.join(__dirname, 'mtls'))], + destinationBucket: bucket, + }); + + const vpc = new ec2.Vpc(this, 'Stack'); + + const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', { + hostedZoneId: props.hostedZoneId, + zoneName: props.hostedZoneName, + }); + const certificate = new acm.Certificate(this, 'Certificate', { + domainName: props.domainName, + validation: acm.CertificateValidation.fromDns(hostedZone), + }); + + const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', { + vpc, + internetFacing: true, + }); + + const trustStore = new elbv2.TrustStore(this, 'Store', { + bucket, + key: 'rootCA_cert.pem', + }); + + trustStore.node.addDependency(deploy); + + const trustStoreRevocation = new elbv2.TrustStoreRevocation(this, 'Revocation', { + trustStore, + revocationContents: [ + { + bucket, + key: 'crl.pem', + }, + ], + }); + + trustStoreRevocation.node.addDependency(deploy); + + lb.addListener('Listener', { + port: 443, + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [certificate], + mutualAuthentication: { + ignoreClientCertificateExpiry: false, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + new route53.ARecord(this, 'ARecord', { + target: route53.RecordTarget.fromAlias(new route53targets.LoadBalancerTarget(lb)), + zone: hostedZone, + }); + } +} + +/** + * In order to test this you need to have a valid public hosted zone that you can use + * to request certificates for. + * +*/ +const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID; +if (!hostedZoneId) throw new Error('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.'); +const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME; +if (!hostedZoneName) throw new Error('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.'); +const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME; +if (!domainName) throw new Error('For this test you must provide your own DomainName as an env var "DOMAIN_NAME". See framework-integ/README.md for details.'); + +const app = new App(); +const stack = new MutualTls(app, 'alb-mtls-test-stack', { + hostedZoneId, + hostedZoneName, + domainName, +}); + +new IntegTest(app, 'alb-mtls-integ', { + testCases: [stack], + enableLookups: true, + stackUpdateWorkflow: false, +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json index 5f6c1f273d748..627c94b6f11d6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "33.0.0", + "version": "36.0.0", "files": { - "07df570609ba80d7ccc6a61dc96229756a5e4fc6a10d9a68ac076b94a8ce3e55": { + "dd9140945011edcbce692a37f5f7cbd8334730c6955bb30907758d7bda777b77": { "source": { "path": "aws-cdk-elbv2-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "07df570609ba80d7ccc6a61dc96229756a5e4fc6a10d9a68ac076b94a8ce3e55.json", + "objectKey": "dd9140945011edcbce692a37f5f7cbd8334730c6955bb30907758d7bda777b77.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json index ce3d2ff8e018f..428814b9ed734 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json @@ -412,6 +412,20 @@ { "Key": "access_logs.s3.prefix", "Value": "" + }, + { + "Key": "connection_logs.s3.enabled", + "Value": "true" + }, + { + "Key": "connection_logs.s3.bucket", + "Value": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + } + }, + { + "Key": "connection_logs.s3.prefix", + "Value": "" } ], "Scheme": "internet-facing", @@ -434,7 +448,8 @@ "Type": "application" }, "DependsOn": [ - "LBALBAccessLogsBucket6AE92937", + "LBALBAccessLogsBucketPolicy1E4EBAFE", + "LBALBConnectionLogsBucketPolicy62509153", "VPCPublicSubnet1DefaultRoute91CEF279", "VPCPublicSubnet1RouteTableAssociation0B0896DC", "VPCPublicSubnet2DefaultRouteB7481BBA", @@ -647,6 +662,185 @@ } } }, + "LBALBConnectionLogsBucket4BFA48DB": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "LoggingConfiguration": { + "LogFilePrefix": "selflog/" + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "LBALBConnectionLogsBucketPolicy62509153": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/selflog/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, "LBListener49E825B4": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out index 560dae10d018f..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"33.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json index c98fca8690504..dc7f5be9c0bd5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json index b013204787762..28a35b8f9fe2f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "testCases": { "cdk-integ-alb-extended-log/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json index e13264e6591cb..0e3250c83fd85 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-elbv2-integ.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/07df570609ba80d7ccc6a61dc96229756a5e4fc6a10d9a68ac076b94a8ce3e55.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/dd9140945011edcbce692a37f5f7cbd8334730c6955bb30907758d7bda777b77.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -196,6 +196,18 @@ "data": "LBALBAccessLogsBucketPolicy1E4EBAFE" } ], + "/aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBALBConnectionLogsBucket4BFA48DB" + } + ], + "/aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBALBConnectionLogsBucketPolicy62509153" + } + ], "/aws-cdk-elbv2-integ/LB/Listener/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json index 42f17234eebb4..c87d487493897 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json @@ -679,6 +679,20 @@ { "key": "access_logs.s3.prefix", "value": "" + }, + { + "key": "connection_logs.s3.enabled", + "value": "true" + }, + { + "key": "connection_logs.s3.bucket", + "value": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + } + }, + { + "key": "connection_logs.s3.prefix", + "value": "" } ], "scheme": "internet-facing", @@ -964,6 +978,219 @@ "version": "0.0.0" } }, + "ALBConnectionLogsBucket": { + "id": "ALBConnectionLogsBucket", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "AES256" + } + } + ] + }, + "loggingConfiguration": { + "logFilePrefix": "selflog/" + }, + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + }, + "versioningConfiguration": { + "status": "Enabled" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/selflog/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, "Listener": { "id": "Listener", "path": "aws-cdk-elbv2-integ/LB/Listener", @@ -1089,7 +1316,7 @@ "path": "cdk-integ-alb-extended-log/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -1135,7 +1362,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts index 17b1a0009461e..5fc676d118357 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts @@ -18,8 +18,16 @@ class ExtendedLB extends elbv2.ApplicationLoadBalancer { serverAccessLogsPrefix: 'selflog/', enforceSSL: true, }); - this.logAccessLogs(accessLogsBucket); + + const connectionLogsBucket = new s3.Bucket(this, 'ALBConnectionLogsBucket', { + blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, + encryption: s3.BucketEncryption.S3_MANAGED, + versioned: true, + serverAccessLogsPrefix: 'selflog/', + enforceSSL: true, + }); + this.logConnectionLogs(connectionLogsBucket); } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json index 3e91c58d25201..9234509c27957 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "d102d01a93a63d71a570164bdea30b0eca472ac745027643a4a1b0adb9b0640b": { + "7bcbcac4ed21e823d8252892771a6da060dd1d6110cdf42e73693f1e5c831046": { "source": { "path": "aws-cdk-alb-log-imported-bucket-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "d102d01a93a63d71a570164bdea30b0eca472ac745027643a4a1b0adb9b0640b.json", + "objectKey": "7bcbcac4ed21e823d8252892771a6da060dd1d6110cdf42e73693f1e5c831046.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json index e596a9c1e41e8..ff10559471e6d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json @@ -438,6 +438,47 @@ "Principal": { "Service": "delivery.logs.amazonaws.com" }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, "Resource": { "Fn::Join": [ "", @@ -445,21 +486,16 @@ "arn:aws:s3:::", { "Ref": "Bucket83908E77" - }, - "/prefix/AWSLogs/", - { - "Ref": "AWS::AccountId" - }, - "/*" + } ] ] } }, { - "Action": "s3:GetBucketAcl", + "Action": "s3:PutObject", "Effect": "Allow", "Principal": { - "Service": "delivery.logs.amazonaws.com" + "AWS": "arn:aws:iam::797873946194:root" }, "Resource": { "Fn::Join": [ @@ -468,7 +504,12 @@ "arn:aws:s3:::", { "Ref": "Bucket83908E77" - } + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" ] ] } @@ -499,6 +540,20 @@ { "Key": "access_logs.s3.prefix", "Value": "prefix" + }, + { + "Key": "connection_logs.s3.enabled", + "Value": "true" + }, + { + "Key": "connection_logs.s3.bucket", + "Value": { + "Ref": "Bucket83908E77" + } + }, + { + "Key": "connection_logs.s3.prefix", + "Value": "prefix-connection-log" } ], "Scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json index e45f2e7f3aa99..33278825135ec 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json index 5198aa8d08cc7..c2f7d046cc525 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "cdk-integ-alb-log-imported-bucket/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json index 4c9a325295e57..e0362c5216bff 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-alb-log-imported-bucket-integ.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/d102d01a93a63d71a570164bdea30b0eca472ac745027643a4a1b0adb9b0640b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/7bcbcac4ed21e823d8252892771a6da060dd1d6110cdf42e73693f1e5c831046.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -178,10 +178,10 @@ "data": "Bucket83908E77" } ], - "/aws-cdk-alb-log-imported-bucket-integ/ImportedBucket/Policy/Resource": [ + "/aws-cdk-alb-log-imported-bucket-integ/ImportedBucketPolicy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ImportedBucketPolicy71C80354" + "data": "ImportedBucketPolicyAE50CA2C" } ], "/aws-cdk-alb-log-imported-bucket-integ/LB/Resource": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json index ebc9d24af07a2..f5423598f7b90 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json @@ -676,110 +676,149 @@ "ImportedBucket": { "id": "ImportedBucket", "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + }, + "ImportedBucketPolicy": { + "id": "ImportedBucketPolicy", + "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucketPolicy", "children": { - "Policy": { - "id": "Policy", - "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "Bucket83908E77" + "Resource": { + "id": "Resource", + "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucketPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "Bucket83908E77" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } }, - "policyDocument": { - "Statement": [ + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": [ { - "Action": "s3:PutObject", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::797873946194:root" - }, - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "Bucket83908E77" - }, - "/prefix/AWSLogs/", - { - "Ref": "AWS::AccountId" - }, - "/*" - ] + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" ] - } + ] }, { - "Action": "s3:PutObject", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - }, - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "Bucket83908E77" - }, - "/prefix/AWSLogs/", - { - "Ref": "AWS::AccountId" - }, - "/*" - ] + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" ] - } - }, - { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "Bucket83908E77" - } - ] - ] - } + ] } - ], - "Version": "2012-10-17" + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + } + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" + ], + "Version": "2012-10-17" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "0.0.0" } }, @@ -811,6 +850,20 @@ { "key": "access_logs.s3.prefix", "value": "prefix" + }, + { + "key": "connection_logs.s3.enabled", + "value": "true" + }, + { + "key": "connection_logs.s3.bucket", + "value": { + "Ref": "Bucket83908E77" + } + }, + { + "key": "connection_logs.s3.prefix", + "value": "prefix-connection-log" } ], "scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts index 0aefeaa37378e..cd79500605179 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts @@ -27,6 +27,7 @@ const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { }); lb.logAccessLogs(importedBucket, 'prefix'); +lb.logConnectionLogs(importedBucket, 'prefix-connection-log'); const listener = lb.addListener('Listener', { port: 80, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json index 462409afac89d..19a55187da880 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json @@ -15,7 +15,7 @@ } } }, - "e8dcef11b871328ec18d29401ebba343dec78affd3ec6055ab6d8be5b9223c97": { + "c4df03d0ac9684e50da08e315219cabc9dd964956b22ef483cb737334b396ac8": { "source": { "path": "aws-cdk-elbv2-integ.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "e8dcef11b871328ec18d29401ebba343dec78affd3ec6055ab6d8be5b9223c97.json", + "objectKey": "c4df03d0ac9684e50da08e315219cabc9dd964956b22ef483cb737334b396ac8.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json index 49fdcd32c9472..77f2b0a8c6b32 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json @@ -487,6 +487,64 @@ "Principal": { "Service": "delivery.logs.amazonaws.com" }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, "Resource": { "Fn::Join": [ "", @@ -497,7 +555,7 @@ "Arn" ] }, - "/prefix/AWSLogs/", + "/prefix-connection-log/AWSLogs/", { "Ref": "AWS::AccountId" }, @@ -505,19 +563,6 @@ ] ] } - }, - { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -622,6 +667,20 @@ { "Key": "access_logs.s3.prefix", "Value": "prefix" + }, + { + "Key": "connection_logs.s3.enabled", + "Value": "true" + }, + { + "Key": "connection_logs.s3.bucket", + "Value": { + "Ref": "Bucket83908E77" + } + }, + { + "Key": "connection_logs.s3.prefix", + "Value": "prefix-connection-log" } ], "Scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json index 0cd90bc7f55a6..1fe10a574fc59 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/e8dcef11b871328ec18d29401ebba343dec78affd3ec6055ab6d8be5b9223c97.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/c4df03d0ac9684e50da08e315219cabc9dd964956b22ef483cb737334b396ac8.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json index 90720258641d3..819371b497c9a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json @@ -764,6 +764,64 @@ "Principal": { "Service": "delivery.logs.amazonaws.com" }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, "Resource": { "Fn::Join": [ "", @@ -774,7 +832,7 @@ "Arn" ] }, - "/prefix/AWSLogs/", + "/prefix-connection-log/AWSLogs/", { "Ref": "AWS::AccountId" }, @@ -782,19 +840,6 @@ ] ] } - }, - { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -898,6 +943,20 @@ { "key": "access_logs.s3.prefix", "value": "prefix" + }, + { + "key": "connection_logs.s3.enabled", + "value": "true" + }, + { + "key": "connection_logs.s3.bucket", + "value": { + "Ref": "Bucket83908E77" + } + }, + { + "key": "connection_logs.s3.prefix", + "value": "prefix-connection-log" } ], "scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts index cab793d0e6a35..69a96e98340f6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts @@ -25,6 +25,7 @@ const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { }); lb.logAccessLogs(bucket, 'prefix'); +lb.logConnectionLogs(bucket, 'prefix-connection-log'); const listener = lb.addListener('Listener', { port: 80, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem new file mode 100644 index 0000000000000..2995a4d0e7491 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem @@ -0,0 +1 @@ +dummy \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem new file mode 100644 index 0000000000000..2995a4d0e7491 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem @@ -0,0 +1 @@ +dummy \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json deleted file mode 100644 index f698f535c5907..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { - "source": { - "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6": { - "source": { - "path": "asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "e9491d10b7f496e4aa18e0f88da57dc8e342c62cbfbb5190f663fc8039981448": { - "source": { - "path": "PipelineSecurityStack.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e9491d10b7f496e4aa18e0f88da57dc8e342c62cbfbb5190f663fc8039981448.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json deleted file mode 100644 index a9a989ab4a39e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json +++ /dev/null @@ -1,3184 +0,0 @@ -{ - "Resources": { - "SourceBucketDDD2130A": { - "Type": "AWS::S3::Bucket", - "Properties": { - "Tags": [ - { - "Key": "aws-cdk:auto-delete-objects", - "Value": "true" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "SourceBucketPolicy703DFBF9": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { - "Type": "Custom::S3AutoDeleteObjects", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", - "Arn" - ] - }, - "BucketName": { - "Ref": "SourceBucketDDD2130A" - } - }, - "DependsOn": [ - "SourceBucketPolicy703DFBF9" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "TestPipelineArtifactsBucketEncryptionKey13258842": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestPipelineArtifactsBucketEncryptionKeyAliasE8D86DD3": { - "Type": "AWS::KMS::Alias", - "Properties": { - "AliasName": "alias/codepipeline-pipelinesecuritystack-testpipeline-f7060861", - "TargetKeyId": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestPipelineArtifactsBucket026AF2F9": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "TestPipelineArtifactsBucketPolicyDF75C611": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "TestPipelineArtifactsBucket026AF2F9" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineRole63C35BBD": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineRoleDefaultPolicyFA69BF2D": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineRoleDefaultPolicyFA69BF2D", - "Roles": [ - { - "Ref": "TestPipelineRole63C35BBD" - } - ] - } - }, - "TestPipeline34ACDBF9": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Type": "KMS" - }, - "Location": { - "Ref": "TestPipelineArtifactsBucket026AF2F9" - }, - "Type": "S3" - }, - "Name": "TestPipeline", - "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineRole63C35BBD", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "S3", - "Version": "1" - }, - "Configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "Name": "S3", - "OutputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"8c69c5d954446d78352846c8ddc8ff911cec11c1f93f8aab1fac67556cf1a058\"}]" - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "Synth", - "OutputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Build" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - "EnvironmentVariables": { - "Fn::Join": [ - "", - [ - "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/SingleStage\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"UnattachedStage\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"SingleStageManualApproval\"},{\"name\":\"NOTIFICATION_ARN\",\"type\":\"PLAINTEXT\",\"value\":\"", - { - "Ref": "SecurityChangesTopic9762A9B3" - }, - "\"},{\"name\":\"NOTIFICATION_SUBJECT\",\"type\":\"PLAINTEXT\",\"value\":\"Confirm permission broadening in SingleStage\"}]" - ] - ] - } - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SingleStageSecurityCheck", - "Namespace": "SingleStageSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2", - "Arn" - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{SingleStageSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{SingleStageSecurityCheck.LINK}" - }, - "Name": "SingleStageManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", - "Arn" - ] - }, - "RunOrder": 2 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SingleStage-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SingleStage-MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 3 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SingleStage-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "SingleStage-MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 4 - } - ], - "Name": "UnattachedStage" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "EnvironmentVariables": { - "Fn::Join": [ - "", - [ - "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/PreProduction\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"PreProduction\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"PreProductionManualApproval\"},{\"name\":\"NOTIFICATION_ARN\",\"type\":\"PLAINTEXT\",\"value\":\"", - { - "Ref": "SecurityChangesTopic9762A9B3" - }, - "\"},{\"name\":\"NOTIFICATION_SUBJECT\",\"type\":\"PLAINTEXT\",\"value\":\"Confirm permission broadening in PreProduction\"}]" - ] - ] - } - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "PreProductionSecurityCheck", - "Namespace": "PreProductionSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194", - "Arn" - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{PreProductionSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{PreProductionSecurityCheck.LINK}" - }, - "Name": "PreProductionManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9", - "Arn" - ] - }, - "RunOrder": 2 - }, - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "EnvironmentVariables": { - "Fn::Join": [ - "", - [ - "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/SafeProduction\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"PreProduction\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"SafeProductionManualApproval\"},{\"name\":\"NOTIFICATION_ARN\",\"type\":\"PLAINTEXT\",\"value\":\"", - { - "Ref": "SecurityChangesTopic9762A9B3" - }, - "\"},{\"name\":\"NOTIFICATION_SUBJECT\",\"type\":\"PLAINTEXT\",\"value\":\"Confirm permission broadening in SafeProduction\"}]" - ] - ] - } - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SafeProductionSecurityCheck", - "Namespace": "SafeProductionSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6", - "Arn" - ] - }, - "RunOrder": 5 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{SafeProductionSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{SafeProductionSecurityCheck.LINK}" - }, - "Name": "SafeProductionManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9", - "Arn" - ] - }, - "RunOrder": 6 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProduction-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 3 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProduction-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 4 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SafeProduction-MySafeStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SafeProduction-MySafeStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 7 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SafeProduction-MySafeStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "SafeProduction-MySafeStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 8 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "DisableSecurityCheck-MySafeStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "DisableSecurityCheck-MySafeStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 9 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "DisableSecurityCheck-MySafeStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "DisableSecurityCheck-MySafeStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 10 - } - ], - "Name": "PreProduction" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "EnvironmentVariables": "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/EnableSecurityCheck\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"NoSecurityCheck\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"EnableSecurityCheckManualApproval\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "EnableSecurityCheckSecurityCheck", - "Namespace": "EnableSecurityCheckSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D", - "Arn" - ] - }, - "RunOrder": 3 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{EnableSecurityCheckSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{EnableSecurityCheckSecurityCheck.LINK}" - }, - "Name": "EnableSecurityCheckManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015", - "Arn" - ] - }, - "RunOrder": 4 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "NoSecurityCheck-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "NoSecurityCheck-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 2 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "EnableSecurityCheck-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "EnableSecurityCheck-MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 5 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "EnableSecurityCheck-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "EnableSecurityCheck-MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 6 - } - ], - "Name": "NoSecurityCheck" - } - ], - "Tags": [ - { - "Key": "SECURITY_CHECK", - "Value": "ALLOW_APPROVE" - } - ] - }, - "DependsOn": [ - "TestPipelineRoleDefaultPolicyFA69BF2D", - "TestPipelineRole63C35BBD" - ] - }, - "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD", - "Roles": [ - { - "Ref": "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0" - } - ] - } - }, - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineBuildSynthCodePipelineActionRoleDefaultPolicy65DF5C76": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCdkBuildProject755D4B01", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineBuildSynthCodePipelineActionRoleDefaultPolicy65DF5C76", - "Roles": [ - { - "Ref": "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926" - } - ] - } - }, - "TestPipelineBuildSynthCdkBuildProjectRole4C6E5729": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineBuildSynthCdkBuildProjectRoleDefaultPolicy73DC4481": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineBuildSynthCdkBuildProjectRoleDefaultPolicy73DC4481", - "Roles": [ - { - "Ref": "TestPipelineBuildSynthCdkBuildProjectRole4C6E5729" - } - ] - } - }, - "TestPipelineBuildSynthCdkBuildProject755D4B01": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "NPM_CONFIG_UNSAFE_PERM", - "Type": "PLAINTEXT", - "Value": "true" - } - ], - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCdkBuildProjectRole4C6E5729", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"yarn install --frozen-lockfile\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"yarn build\",\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleDefaultPolicyFC737D71": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleDefaultPolicyFC737D71", - "Roles": [ - { - "Ref": "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2" - } - ] - } - }, - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRoleDefaultPolicy10D0864F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRoleDefaultPolicy10D0864F", - "Roles": [ - { - "Ref": "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194" - } - ] - } - }, - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRoleDefaultPolicyB836B566": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRoleDefaultPolicyB836B566", - "Roles": [ - { - "Ref": "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6" - } - ] - } - }, - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRoleDefaultPolicyE83A2CA1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRoleDefaultPolicyE83A2CA1", - "Roles": [ - { - "Ref": "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D" - } - ] - } - }, - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicyE47AE90F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipelineState", - "codepipeline:PutApprovalResult" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/SECURITY_CHECK": "ALLOW_APPROVE" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicyE47AE90F", - "Roles": [ - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D" - } - ] - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6.zip" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Timeout": 300 - }, - "DependsOn": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicyE47AE90F", - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D" - ] - }, - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleA54CF050": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicyF2137052": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": { - "Ref": "SecurityChangesTopic9762A9B3" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicyF2137052", - "Roles": [ - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleA54CF050" - } - ] - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "NO_ARTIFACTS" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleA54CF050", - "Arn" - ] - }, - "Source": { - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": 0.2,\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"npm install -g aws-cdk\",\n \"export PIPELINE_NAME=\\\"$(node -pe '`${process.env.CODEBUILD_INITIATOR}`.split(\\\"/\\\")[1]')\\\"\",\n \"payload=\\\"$(node -pe 'JSON.stringify({ \\\"PipelineName\\\": process.env.PIPELINE_NAME, \\\"StageName\\\": process.env.STAGE_NAME, \\\"ActionName\\\": process.env.ACTION_NAME })' )\\\"\",\n \"ARN=$CODEBUILD_BUILD_ARN\",\n \"REGION=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[3]')\\\"\",\n \"ACCOUNT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[4]')\\\"\",\n \"PROJECT_NAME=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[5].split(\\\"/\\\")[1]')\\\"\",\n \"PROJECT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[6]')\\\"\",\n \"export LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codebuild/$ACCOUNT_ID/projects/$PROJECT_NAME/build/$PROJECT_NAME:$PROJECT_ID/?region=$REGION\\\"\",\n \"export PIPELINE_LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codepipeline/pipelines/$PIPELINE_NAME/view?region=$REGION\\\"\",\n \"if cdk diff -a . --security-only --fail $STAGE_PATH/\\\\*; then aws lambda invoke --function-name ", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81" - }, - " --invocation-type Event --cli-binary-format raw-in-base64-out --payload \\\"$payload\\\" lambda.out; export MESSAGE=\\\"No security-impacting changes detected.\\\"; else [ -z \\\"${NOTIFICATION_ARN}\\\" ] || aws sns publish --topic-arn $NOTIFICATION_ARN --subject \\\"$NOTIFICATION_SUBJECT\\\" --message \\\"An upcoming change would broaden security changes in $PIPELINE_NAME.\\nReview and approve the changes in CodePipeline to proceed with the deployment.\\n\\nReview the changes in CodeBuild:\\n\\n$LINK\\n\\nApprove the changes in CodePipeline (stage $STAGE_NAME, action $ACTION_NAME):\\n\\n$PIPELINE_LINK\\\"; export MESSAGE=\\\"Deployment would make security-impacting changes. Click the link below to inspect them, then click Approve if all changes are expected.\\\"; fi\"\n ]\n }\n },\n \"env\": {\n \"exported-variables\": [\n \"LINK\",\n \"MESSAGE\"\n ]\n }\n}" - ] - ] - }, - "Type": "NO_SOURCE" - } - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicy5AF69BD3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipelineState", - "codepipeline:PutApprovalResult" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/SECURITY_CHECK": "ALLOW_APPROVE" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicy5AF69BD3", - "Roles": [ - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A" - } - ] - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6.zip" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Timeout": 300 - }, - "DependsOn": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicy5AF69BD3", - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A" - ] - }, - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleD3505CF0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicy6F6EA2A6": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": { - "Ref": "SecurityChangesTopic9762A9B3" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicy6F6EA2A6", - "Roles": [ - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleD3505CF0" - } - ] - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "NO_ARTIFACTS" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleD3505CF0", - "Arn" - ] - }, - "Source": { - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": 0.2,\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"npm install -g aws-cdk\",\n \"export PIPELINE_NAME=\\\"$(node -pe '`${process.env.CODEBUILD_INITIATOR}`.split(\\\"/\\\")[1]')\\\"\",\n \"payload=\\\"$(node -pe 'JSON.stringify({ \\\"PipelineName\\\": process.env.PIPELINE_NAME, \\\"StageName\\\": process.env.STAGE_NAME, \\\"ActionName\\\": process.env.ACTION_NAME })' )\\\"\",\n \"ARN=$CODEBUILD_BUILD_ARN\",\n \"REGION=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[3]')\\\"\",\n \"ACCOUNT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[4]')\\\"\",\n \"PROJECT_NAME=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[5].split(\\\"/\\\")[1]')\\\"\",\n \"PROJECT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[6]')\\\"\",\n \"export LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codebuild/$ACCOUNT_ID/projects/$PROJECT_NAME/build/$PROJECT_NAME:$PROJECT_ID/?region=$REGION\\\"\",\n \"export PIPELINE_LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codepipeline/pipelines/$PIPELINE_NAME/view?region=$REGION\\\"\",\n \"if cdk diff -a . --security-only --fail $STAGE_PATH/\\\\*; then aws lambda invoke --function-name ", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9" - }, - " --invocation-type Event --cli-binary-format raw-in-base64-out --payload \\\"$payload\\\" lambda.out; export MESSAGE=\\\"No security-impacting changes detected.\\\"; else [ -z \\\"${NOTIFICATION_ARN}\\\" ] || aws sns publish --topic-arn $NOTIFICATION_ARN --subject \\\"$NOTIFICATION_SUBJECT\\\" --message \\\"An upcoming change would broaden security changes in $PIPELINE_NAME.\\nReview and approve the changes in CodePipeline to proceed with the deployment.\\n\\nReview the changes in CodeBuild:\\n\\n$LINK\\n\\nApprove the changes in CodePipeline (stage $STAGE_NAME, action $ACTION_NAME):\\n\\n$PIPELINE_LINK\\\"; export MESSAGE=\\\"Deployment would make security-impacting changes. Click the link below to inspect them, then click Approve if all changes are expected.\\\"; fi\"\n ]\n }\n },\n \"env\": {\n \"exported-variables\": [\n \"LINK\",\n \"MESSAGE\"\n ]\n }\n}" - ] - ] - }, - "Type": "NO_SOURCE" - } - } - }, - "SecurityChangesTopic9762A9B3": { - "Type": "AWS::SNS::Topic" - }, - "SecurityChangesTopictestemailcom7C32D452": { - "Type": "AWS::SNS::Subscription", - "Properties": { - "Endpoint": "test@email.com", - "Protocol": "email", - "TopicArn": { - "Ref": "SecurityChangesTopic9762A9B3" - } - } - } - }, - "Mappings": { - "LatestNodeRuntimeMap": { - "af-south-1": { - "value": "nodejs20.x" - }, - "ap-east-1": { - "value": "nodejs20.x" - }, - "ap-northeast-1": { - "value": "nodejs20.x" - }, - "ap-northeast-2": { - "value": "nodejs20.x" - }, - "ap-northeast-3": { - "value": "nodejs20.x" - }, - "ap-south-1": { - "value": "nodejs20.x" - }, - "ap-south-2": { - "value": "nodejs20.x" - }, - "ap-southeast-1": { - "value": "nodejs20.x" - }, - "ap-southeast-2": { - "value": "nodejs20.x" - }, - "ap-southeast-3": { - "value": "nodejs20.x" - }, - "ap-southeast-4": { - "value": "nodejs20.x" - }, - "ap-southeast-5": { - "value": "nodejs20.x" - }, - "ap-southeast-7": { - "value": "nodejs20.x" - }, - "ca-central-1": { - "value": "nodejs20.x" - }, - "ca-west-1": { - "value": "nodejs20.x" - }, - "cn-north-1": { - "value": "nodejs18.x" - }, - "cn-northwest-1": { - "value": "nodejs18.x" - }, - "eu-central-1": { - "value": "nodejs20.x" - }, - "eu-central-2": { - "value": "nodejs20.x" - }, - "eu-isoe-west-1": { - "value": "nodejs18.x" - }, - "eu-north-1": { - "value": "nodejs20.x" - }, - "eu-south-1": { - "value": "nodejs20.x" - }, - "eu-south-2": { - "value": "nodejs20.x" - }, - "eu-west-1": { - "value": "nodejs20.x" - }, - "eu-west-2": { - "value": "nodejs20.x" - }, - "eu-west-3": { - "value": "nodejs20.x" - }, - "il-central-1": { - "value": "nodejs20.x" - }, - "me-central-1": { - "value": "nodejs20.x" - }, - "me-south-1": { - "value": "nodejs20.x" - }, - "mx-central-1": { - "value": "nodejs20.x" - }, - "sa-east-1": { - "value": "nodejs20.x" - }, - "us-east-1": { - "value": "nodejs20.x" - }, - "us-east-2": { - "value": "nodejs20.x" - }, - "us-gov-east-1": { - "value": "nodejs18.x" - }, - "us-gov-west-1": { - "value": "nodejs18.x" - }, - "us-iso-east-1": { - "value": "nodejs18.x" - }, - "us-iso-west-1": { - "value": "nodejs18.x" - }, - "us-isob-east-1": { - "value": "nodejs18.x" - }, - "us-west-1": { - "value": "nodejs20.x" - }, - "us-west-2": { - "value": "nodejs20.x" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json deleted file mode 100644 index 56bf2e32c37ca..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50": { - "source": { - "path": "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json deleted file mode 100644 index 5c2441812122d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "DisableSecurityCheck-MySafeStack" - }, - "dependencies": [ - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets" - ], - "metadata": { - "/PipelineSecurityStack/DisableSecurityCheck/MySafeStack/MySafeTopic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySafeTopicCC243D11" - } - ], - "/PipelineSecurityStack/DisableSecurityCheck/MySafeStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/DisableSecurityCheck/MySafeStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/DisableSecurityCheck/MySafeStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json deleted file mode 100644 index 07f739c5f5923..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { - "source": { - "path": "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json deleted file mode 100644 index 9f723f7ccb5fa..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "EnableSecurityCheck-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets" - ], - "metadata": { - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/EnableSecurityCheck/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json deleted file mode 100644 index ff06078cec81f..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { - "source": { - "path": "PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json deleted file mode 100644 index 2122aeedd21b5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackNoSecurityCheckMyStack3484019E": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "NoSecurityCheck-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets" - ], - "metadata": { - "/PipelineSecurityStack/NoSecurityCheck/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/NoSecurityCheck/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/NoSecurityCheck/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/NoSecurityCheck/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/NoSecurityCheck/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json deleted file mode 100644 index 9175443047e81..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackPreProductionMyStackDCCBB4EA": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "PreProduction-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets" - ], - "metadata": { - "/PipelineSecurityStack/PreProduction/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/PreProduction/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/PreProduction/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/PreProduction/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/PreProduction/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json deleted file mode 100644 index 8fb0d8df01aa2..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50": { - "source": { - "path": "PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json deleted file mode 100644 index 25c091b2d6bdc..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackSafeProductionMySafeStackC0D87904": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "SafeProduction-MySafeStack" - }, - "dependencies": [ - "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets" - ], - "metadata": { - "/PipelineSecurityStack/SafeProduction/MySafeStack/MySafeTopic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySafeTopicCC243D11" - } - ], - "/PipelineSecurityStack/SafeProduction/MySafeStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/SafeProduction/MySafeStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/SafeProduction/MySafeStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json deleted file mode 100644 index dbe924b8efbae..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackSingleStageMyStack29962269.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackSingleStageMyStack29962269.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackSingleStageMyStack29962269": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackSingleStageMyStack29962269.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackSingleStageMyStack29962269.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "SingleStage-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackSingleStageMyStack29962269.assets" - ], - "metadata": { - "/PipelineSecurityStack/SingleStage/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/SingleStage/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/SingleStage/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/SingleStage/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/SingleStage/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js deleted file mode 100644 index 1002ba018e9fb..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var f=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t};var l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t);var q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H});module.exports=B(q);var h=require("@aws-sdk/client-s3");var y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}0&&(module.exports={autoDeleteHandler,handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js deleted file mode 100644 index c9fe4b293ebbf..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var l=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var w=Object.prototype.hasOwnProperty;var S=(t,e)=>{for(var n in e)l(t,n,{get:e[n],enumerable:!0})},v=(t,e,n,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let a of f(e))!w.call(t,a)&&a!==n&&l(t,a,{get:()=>e[a],enumerable:!(s=y(e,a))||s.enumerable});return t};var h=t=>v(l({},"__esModule",{value:!0}),t);var b={};S(b,{handler:()=>T});module.exports=h(b);var d=require("@aws-sdk/client-codepipeline"),u=new d.CodePipeline,A=5,P=t=>new Promise(e=>setTimeout(e,t*1e3));async function T(t,e){let{PipelineName:n,StageName:s,ActionName:a}=t;function g(o){let m=o.stageStates?.filter(r=>r.stageName===s),c=m.length&&m[0].actionStates.filter(r=>r.actionName===a),p=c&&c.length&&c[0].latestExecution;return p?p.token:void 0}let N=Date.now()+A*6e4;for(;Date.now() undefined, - stackOutputArtifact: () => undefined, - }, - }); - - const topic = new sns.Topic(this, 'SecurityChangesTopic'); - topic.addSubscription(new subscriptions.EmailSubscription('test@email.com')); - - unattachedStage.addApplication(new MyStage(this, 'SingleStage', { - }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); - - const stage1 = pipeline.addApplicationStage(new MyStage(this, 'PreProduction', { - }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); - - stage1.addApplication(new MySafeStage(this, 'SafeProduction', { - })); - - stage1.addApplication(new MySafeStage(this, 'DisableSecurityCheck', { - }), { confirmBroadeningPermissions: false }); - - const stage2 = pipeline.addApplicationStage(new MyStage(this, 'NoSecurityCheck', { - })); - - stage2.addApplication(new MyStage(this, 'EnableSecurityCheck', { }), { confirmBroadeningPermissions: true }); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); -const stack = new TestCdkStack(app, 'PipelineSecurityStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new integ.IntegTest(app, 'PipelineSecurityTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json deleted file mode 100644 index 2c35bdd4a6304..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { - "source": { - "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "d638ba18659142158a20f892d018e0ed7ea71928d1859cbece1b4d50f7f514f5": { - "source": { - "path": "PipelineStack.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d638ba18659142158a20f892d018e0ed7ea71928d1859cbece1b4d50f7f514f5.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json deleted file mode 100644 index 3b4d32b92b138..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json +++ /dev/null @@ -1,2148 +0,0 @@ -{ - "Resources": { - "SourceBucketDDD2130A": { - "Type": "AWS::S3::Bucket", - "Properties": { - "Tags": [ - { - "Key": "aws-cdk:auto-delete-objects", - "Value": "true" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "SourceBucketPolicy703DFBF9": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { - "Type": "Custom::S3AutoDeleteObjects", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", - "Arn" - ] - }, - "BucketName": { - "Ref": "SourceBucketDDD2130A" - } - }, - "DependsOn": [ - "SourceBucketPolicy703DFBF9" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "PipelineArtifactsBucketEncryptionKeyF5BF0670": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketEncryptionKeyAlias94A07392": { - "Type": "AWS::KMS::Alias", - "Properties": { - "AliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "TargetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketAEA9A052": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "PipelineArtifactsBucketPolicyF53CCC52": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleB27FAA37": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleDefaultPolicy7BDC1ABB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "Roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "Pipeline9850B417": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Type": "KMS" - }, - "Location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "Type": "S3" - }, - "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "S3", - "Version": "1" - }, - "Configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "Name": "S3", - "OutputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "Synth", - "OutputArtifacts": [ - { - "Name": "CloudAsm" - }, - { - "Name": "IntegTests" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Build" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SelfMutate", - "RoleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "UpdatePipeline" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineAssetsFileAsset5D8C5DA6" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "FileAsset", - "RoleArn": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Assets" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "UseSource", - "RoleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - "RunOrder": 100 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "Stack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "Stack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 2 - } - ], - "Name": "PreProd" - } - ] - }, - "DependsOn": [ - "PipelineRoleDefaultPolicy7BDC1ABB", - "PipelineRoleB27FAA37" - ] - }, - "PipelineSourceS3CodePipelineActionRole83895A58": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "Roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "Roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "Roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProject6BEFA8E6": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "NPM_CONFIG_UNSAFE_PERM", - "Type": "PLAINTEXT", - "Value": "true" - } - ], - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "Name": "MyServicePipeline-synth", - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "PipelinePreProdUseSourceProjectRole69B20A71": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "PipelinePreProdUseSourceProject2E711EB4": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutationRole57E559E8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "PipelineUpdatePipelineSelfMutationDAA41400": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineAssetsFileRole59943A77": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - }, - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineAssetsFileRoleDefaultPolicy14DB8755": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineAssetsFileRoleDefaultPolicy14DB8755", - "Roles": [ - { - "Ref": "PipelineAssetsFileRole59943A77" - } - ] - } - }, - "PipelineAssetsFileAsset5D8C5DA6": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - "Source": { - "BuildSpec": "buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml", - "Type": "CODEPIPELINE" - } - } - } - }, - "Mappings": { - "LatestNodeRuntimeMap": { - "af-south-1": { - "value": "nodejs20.x" - }, - "ap-east-1": { - "value": "nodejs20.x" - }, - "ap-northeast-1": { - "value": "nodejs20.x" - }, - "ap-northeast-2": { - "value": "nodejs20.x" - }, - "ap-northeast-3": { - "value": "nodejs20.x" - }, - "ap-south-1": { - "value": "nodejs20.x" - }, - "ap-south-2": { - "value": "nodejs20.x" - }, - "ap-southeast-1": { - "value": "nodejs20.x" - }, - "ap-southeast-2": { - "value": "nodejs20.x" - }, - "ap-southeast-3": { - "value": "nodejs20.x" - }, - "ap-southeast-4": { - "value": "nodejs20.x" - }, - "ap-southeast-5": { - "value": "nodejs20.x" - }, - "ap-southeast-7": { - "value": "nodejs20.x" - }, - "ca-central-1": { - "value": "nodejs20.x" - }, - "ca-west-1": { - "value": "nodejs20.x" - }, - "cn-north-1": { - "value": "nodejs18.x" - }, - "cn-northwest-1": { - "value": "nodejs18.x" - }, - "eu-central-1": { - "value": "nodejs20.x" - }, - "eu-central-2": { - "value": "nodejs20.x" - }, - "eu-isoe-west-1": { - "value": "nodejs18.x" - }, - "eu-north-1": { - "value": "nodejs20.x" - }, - "eu-south-1": { - "value": "nodejs20.x" - }, - "eu-south-2": { - "value": "nodejs20.x" - }, - "eu-west-1": { - "value": "nodejs20.x" - }, - "eu-west-2": { - "value": "nodejs20.x" - }, - "eu-west-3": { - "value": "nodejs20.x" - }, - "il-central-1": { - "value": "nodejs20.x" - }, - "me-central-1": { - "value": "nodejs20.x" - }, - "me-south-1": { - "value": "nodejs20.x" - }, - "mx-central-1": { - "value": "nodejs20.x" - }, - "sa-east-1": { - "value": "nodejs20.x" - }, - "us-east-1": { - "value": "nodejs20.x" - }, - "us-east-2": { - "value": "nodejs20.x" - }, - "us-gov-east-1": { - "value": "nodejs18.x" - }, - "us-gov-west-1": { - "value": "nodejs18.x" - }, - "us-iso-east-1": { - "value": "nodejs18.x" - }, - "us-iso-west-1": { - "value": "nodejs18.x" - }, - "us-isob-east-1": { - "value": "nodejs18.x" - }, - "us-west-1": { - "value": "nodejs20.x" - }, - "us-west-2": { - "value": "nodejs20.x" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json deleted file mode 100644 index 6343ec9323d0c..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5": { - "source": { - "path": "../asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e": { - "source": { - "path": "../asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4": { - "source": { - "path": "PipelineStackPreProdStack65A0AD1F.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json deleted file mode 100644 index a85b758286df0..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineStackPreProdStack65A0AD1F.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackPreProdStack65A0AD1F.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackPreProdStack65A0AD1F": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackPreProdStack65A0AD1F.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "PreProd-Stack" - }, - "dependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "metadata": { - "/PipelineStack/PreProd/Stack/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Resource" - } - ], - "/PipelineStack/PreProd/Stack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/PreProd/Stack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack/PreProd/Stack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js deleted file mode 100644 index 1002ba018e9fb..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var f=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t};var l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t);var q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H});module.exports=B(q);var h=require("@aws-sdk/client-s3");var y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}0&&(module.exports={autoDeleteHandler,handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt deleted file mode 100644 index 95e9dcd2e3bf0..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt +++ /dev/null @@ -1 +0,0 @@ -This is a file asset that's just here for kicks. \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt deleted file mode 100644 index 8b1c7231bf2f4..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt +++ /dev/null @@ -1 +0,0 @@ -Here's a second file asset. \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml deleted file mode 100644 index 06708bb7e14f9..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{ - "version": "0.2", - "phases": { - "install": { - "commands": [ - "npm install -g cdk-assets@2" - ] - }, - "build": { - "commands": [ - "cdk-assets --path \"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\" --verbose publish \"8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5:current_account-current_region\"", - "cdk-assets --path \"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\" --verbose publish \"ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e:current_account-current_region\"" - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json deleted file mode 100644 index 5315ad6d43743..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "PipelineStackTest/DefaultTest": { - "stacks": [ - "PipelineStack" - ], - "diffAssets": true, - "assertionStack": "PipelineStackTest/DefaultTest/DeployAssert", - "assertionStackName": "PipelineStackTestDefaultTestDeployAssertBC780F98" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json deleted file mode 100644 index e3dd3aa926f06..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json +++ /dev/null @@ -1,318 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "assembly-PipelineStack-PreProd": { - "type": "cdk:cloud-assembly", - "properties": { - "directoryName": "assembly-PipelineStack-PreProd", - "displayName": "PipelineStack/PreProd" - } - }, - "PipelineStack.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStack.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStack.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d638ba18659142158a20f892d018e0ed7ea71928d1859cbece1b4d50f7f514f5.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStack.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStack.assets" - ], - "metadata": { - "/PipelineStack/SourceBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketDDD2130A" - } - ], - "/PipelineStack/SourceBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketPolicy703DFBF9" - } - ], - "/PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketAutoDeleteObjectsCustomResourceC68FC040" - } - ], - "/PipelineStack/LatestNodeRuntimeMap": [ - { - "type": "aws:cdk:logicalId", - "data": "LatestNodeRuntimeMap" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" - } - ], - "/PipelineStack/Pipeline/Pipeline": [ - { - "type": "aws:cdk:warning", - "data": "V1 pipeline type is implicitly selected when `pipelineType` is not set. If you want to use V2 type, set `PipelineType.V2`. [ack: @aws-cdk/aws-codepipeline:unspecifiedPipelineType]" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyF5BF0670" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyAlias94A07392" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketAEA9A052" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketPolicyF53CCC52" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleB27FAA37" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleDefaultPolicy7BDC1ABB" - } - ], - "/PipelineStack/Pipeline/Pipeline/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Pipeline9850B417" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProject2E711EB4" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ], - "/PipelineStack/Pipeline/Assets/FileRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineAssetsFileRole59943A77" - } - ], - "/PipelineStack/Pipeline/Assets/FileRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineAssetsFileRoleDefaultPolicy14DB8755" - } - ], - "/PipelineStack/Pipeline/Assets/FileAsset/Default/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineAssetsFileAsset5D8C5DA6" - } - ], - "/PipelineStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack" - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "metadata": { - "/PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStackTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json deleted file mode 100644 index 2f8c1da478a39..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json +++ /dev/null @@ -1,2946 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "PipelineStack": { - "id": "PipelineStack", - "path": "PipelineStack", - "children": { - "SourceBucket": { - "id": "SourceBucket", - "path": "PipelineStack/SourceBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "aws-cdk:auto-delete-objects", - "value": "true" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/SourceBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - }, - "AutoDeleteObjectsCustomResource": { - "id": "AutoDeleteObjectsCustomResource", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "LatestNodeRuntimeMap": { - "id": "LatestNodeRuntimeMap", - "path": "PipelineStack/LatestNodeRuntimeMap", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" - } - }, - "Custom::S3AutoDeleteObjectsCustomResourceProvider": { - "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline", - "children": { - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline/Pipeline", - "children": { - "ArtifactsBucketEncryptionKey": { - "id": "ArtifactsBucketEncryptionKey", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Key", - "aws:cdk:cloudformation:props": { - "keyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" - } - }, - "ArtifactsBucketEncryptionKeyAlias": { - "id": "ArtifactsBucketEncryptionKeyAlias", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Alias", - "aws:cdk:cloudformation:props": { - "aliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "targetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnAlias", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Alias", - "version": "0.0.0" - } - }, - "ArtifactsBucket": { - "id": "ArtifactsBucket", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "bucketEncryption": { - "serverSideEncryptionConfiguration": [ - { - "serverSideEncryptionByDefault": { - "sseAlgorithm": "aws:kms", - "kmsMasterKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - } - ] - }, - "publicAccessBlockConfiguration": { - "blockPublicAcls": true, - "blockPublicPolicy": true, - "ignorePublicAcls": true, - "restrictPublicBuckets": true - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "policyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", - "aws:cdk:cloudformation:props": { - "artifactStore": { - "type": "S3", - "location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "encryptionKey": { - "type": "KMS", - "id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "restartExecutionOnUpdate": true, - "roleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "stages": [ - { - "name": "Source", - "actions": [ - { - "name": "S3", - "outputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Source", - "version": "1", - "owner": "AWS", - "provider": "S3" - }, - "configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - } - } - ] - }, - { - "name": "Build", - "actions": [ - { - "name": "Synth", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "outputArtifacts": [ - { - "name": "CloudAsm" - }, - { - "name": "IntegTests" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - } - ] - }, - { - "name": "UpdatePipeline", - "actions": [ - { - "name": "SelfMutate", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - } - ] - }, - { - "name": "Assets", - "actions": [ - { - "name": "FileAsset", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineAssetsFileAsset5D8C5DA6" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - } - } - ] - }, - { - "name": "PreProd", - "actions": [ - { - "name": "UseSource", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "runOrder": 100, - "roleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "name": "Stack.Prepare", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "runOrder": 1, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - { - "name": "Stack.Deploy", - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "runOrder": 2, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - } - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", - "version": "0.0.0" - } - }, - "Source": { - "id": "Source", - "path": "PipelineStack/Pipeline/Pipeline/Source", - "children": { - "S3": { - "id": "S3", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Build": { - "id": "Build", - "path": "PipelineStack/Pipeline/Pipeline/Build", - "children": { - "Synth": { - "id": "Synth", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "CdkBuildProject": { - "id": "CdkBuildProject", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL", - "environmentVariables": [ - { - "name": "NPM_CONFIG_UNSAFE_PERM", - "type": "PLAINTEXT", - "value": "true" - } - ] - }, - "name": "MyServicePipeline-synth", - "serviceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline", - "children": { - "SelfMutate": { - "id": "SelfMutate", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/Pipeline/PreProd", - "children": { - "UseSource": { - "id": "UseSource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Project": { - "id": "Project", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Deploy": { - "id": "Stack.Deploy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Deploy", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Prepare": { - "id": "Stack.Prepare", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Prepare", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Assets": { - "id": "Assets", - "path": "PipelineStack/Pipeline/Pipeline/Assets", - "children": { - "FileAsset": { - "id": "FileAsset", - "path": "PipelineStack/Pipeline/Pipeline/Assets/FileAsset", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", - "version": "0.0.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/UpdatePipeline", - "children": { - "SelfMutation": { - "id": "SelfMutation", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.UpdatePipelineAction", - "version": "0.0.0" - } - }, - "Assets": { - "id": "Assets", - "path": "PipelineStack/Pipeline/Assets", - "children": { - "FileRole": { - "id": "FileRole", - "path": "PipelineStack/Pipeline/Assets/FileRole", - "children": { - "ImportFileRole": { - "id": "ImportFileRole", - "path": "PipelineStack/Pipeline/Assets/FileRole/ImportFileRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Assets/FileRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - }, - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Assets/FileRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Assets/FileRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineAssetsFileRoleDefaultPolicy14DB8755", - "roles": [ - { - "Ref": "PipelineAssetsFileRole59943A77" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "FileAsset": { - "id": "FileAsset", - "path": "PipelineStack/Pipeline/Assets/FileAsset", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStack/Pipeline/Assets/FileAsset/Default", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Assets/FileAsset/Default/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.PublishAssetsAction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/PreProd", - "children": { - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "children": { - "8389e75f-0810-4838-bf64-d6f85a95cf83": { - "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}/8389e75f-0810-4838-bf64-d6f85a95cf83", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkStage", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkPipeline", - "version": "0.0.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/PreProd", - "children": { - "Stack": { - "id": "Stack", - "path": "PipelineStack/PreProd/Stack", - "children": { - "Asset": { - "id": "Asset", - "path": "PipelineStack/PreProd/Stack/Asset", - "children": { - "Stage": { - "id": "Stage", - "path": "PipelineStack/PreProd/Stack/Asset/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "PipelineStack/PreProd/Stack/Asset/AssetBucket", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" - } - }, - "Asset2": { - "id": "Asset2", - "path": "PipelineStack/PreProd/Stack/Asset2", - "children": { - "Stage": { - "id": "Stage", - "path": "PipelineStack/PreProd/Stack/Asset2/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "PipelineStack/PreProd/Stack/Asset2/AssetBucket", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/PreProd/Stack/Resource", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/PreProd/Stack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/PreProd/Stack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stage", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "PipelineStackTest": { - "id": "PipelineStackTest", - "path": "PipelineStackTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "PipelineStackTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStackTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "PipelineStackTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts deleted file mode 100644 index c05a52e685eba..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts +++ /dev/null @@ -1,107 +0,0 @@ -/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import * as path from 'path'; -import * as codepipeline from 'aws-cdk-lib/aws-codepipeline'; -import * as codepipeline_actions from 'aws-cdk-lib/aws-codepipeline-actions'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import * as s3_assets from 'aws-cdk-lib/aws-s3-assets'; -import { App, CfnResource, RemovalPolicy, DefaultStackSynthesizer, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; -import { Construct } from 'constructs'; -import * as cdkp from 'aws-cdk-lib/pipelines'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -class MyStage extends Stage { - constructor(scope: Construct, id: string, props?: StageProps) { - super(scope, id, props); - - const stack = new Stack(this, 'Stack', { - ...props, - synthesizer: new DefaultStackSynthesizer(), - }); - - new s3_assets.Asset(stack, 'Asset', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset.txt'), - }); - new s3_assets.Asset(stack, 'Asset2', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset-two.txt'), - }); - - new CfnResource(stack, 'Resource', { - type: 'AWS::Test::SomeResource', - }); - } -} - -/** - * The stack that defines the application pipeline - */ -class CdkpipelinesDemoPipelineStack extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - - const sourceBucket = new s3.Bucket(this, 'SourceBucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { - crossAccountKeys: true, - cloudAssemblyArtifact, - singlePublisherPerType: true, - - // Where the source can be found - sourceAction: new codepipeline_actions.S3SourceAction({ - bucket: sourceBucket, - output: sourceArtifact, - bucketKey: 'key', - actionName: 'S3', - }), - - // How it will be built - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - projectName: 'MyServicePipeline-synth', - additionalArtifacts: [ - { - directory: 'test', - artifact: integTestArtifact, - }, - ], - }), - }); - - // This is where we add the application stages - // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); - stage.addActions( - new cdkp.ShellScriptAction({ - actionName: 'UseSource', - commands: [ - // Comes from source - 'cat README.md', - ], - additionalArtifacts: [sourceArtifact], - }), - ); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); -const stack = new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new IntegTest(app, 'PipelineStackTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts deleted file mode 100644 index 3c71922e1e02d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts +++ /dev/null @@ -1,106 +0,0 @@ -/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import * as path from 'path'; -import * as codepipeline from 'aws-cdk-lib/aws-codepipeline'; -import * as codepipeline_actions from 'aws-cdk-lib/aws-codepipeline-actions'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import * as s3_assets from 'aws-cdk-lib/aws-s3-assets'; -import { App, CfnResource, DefaultStackSynthesizer, RemovalPolicy, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; -import { Construct } from 'constructs'; -import * as cdkp from 'aws-cdk-lib/pipelines'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -class MyStage extends Stage { - constructor(scope: Construct, id: string, props?: StageProps) { - super(scope, id, props); - - const stack = new Stack(this, 'Stack', { - ...props, - synthesizer: new DefaultStackSynthesizer(), - }); - - new s3_assets.Asset(stack, 'Asset', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset.txt'), - }); - new s3_assets.Asset(stack, 'Asset2', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset-two.txt'), - }); - - new CfnResource(stack, 'Resource', { - type: 'AWS::Test::SomeResource', - }); - } -} - -/** - * The stack that defines the application pipeline - */ -class CdkpipelinesDemoPipelineStack extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - - const sourceBucket = new s3.Bucket(this, 'SourceBucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { - crossAccountKeys: true, - cloudAssemblyArtifact, - - // Where the source can be found - sourceAction: new codepipeline_actions.S3SourceAction({ - bucket: sourceBucket, - output: sourceArtifact, - bucketKey: 'key', - actionName: 'S3', - }), - - // How it will be built - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - projectName: 'MyServicePipeline-synth', - additionalArtifacts: [ - { - directory: 'test', - artifact: integTestArtifact, - }, - ], - }), - }); - - // This is where we add the application stages - // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); - stage.addActions( - new cdkp.ShellScriptAction({ - actionName: 'UseSource', - commands: [ - // Comes from source - 'cat README.md', - ], - additionalArtifacts: [sourceArtifact], - }), - ); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); -const stack = new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new IntegTest(app, 'PipelineStackTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json deleted file mode 100644 index d96305350050e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { - "source": { - "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "e7f81f8bda67ff3e586b06697af53694f5743a8e161a832b871afb6b753f90a9": { - "source": { - "path": "PipelineStack.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e7f81f8bda67ff3e586b06697af53694f5743a8e161a832b871afb6b753f90a9.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json deleted file mode 100644 index b95f0f452e79f..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json +++ /dev/null @@ -1,1910 +0,0 @@ -{ - "Resources": { - "SourceBucketDDD2130A": { - "Type": "AWS::S3::Bucket", - "Properties": { - "Tags": [ - { - "Key": "aws-cdk:auto-delete-objects", - "Value": "true" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "SourceBucketPolicy703DFBF9": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { - "Type": "Custom::S3AutoDeleteObjects", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", - "Arn" - ] - }, - "BucketName": { - "Ref": "SourceBucketDDD2130A" - } - }, - "DependsOn": [ - "SourceBucketPolicy703DFBF9" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "PipelineArtifactsBucketEncryptionKeyF5BF0670": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketEncryptionKeyAlias94A07392": { - "Type": "AWS::KMS::Alias", - "Properties": { - "AliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "TargetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketAEA9A052": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "PipelineArtifactsBucketPolicyF53CCC52": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleB27FAA37": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleDefaultPolicy7BDC1ABB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "Roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "Pipeline9850B417": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Type": "KMS" - }, - "Location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "Type": "S3" - }, - "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "S3", - "Version": "1" - }, - "Configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "Name": "S3", - "OutputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "Synth", - "OutputArtifacts": [ - { - "Name": "CloudAsm" - }, - { - "Name": "IntegTests" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Build" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SelfMutate", - "RoleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "UpdatePipeline" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "UseSource", - "RoleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - "RunOrder": 100 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "Stack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "Stack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 2 - } - ], - "Name": "PreProd" - } - ] - }, - "DependsOn": [ - "PipelineRoleDefaultPolicy7BDC1ABB", - "PipelineRoleB27FAA37" - ] - }, - "PipelineSourceS3CodePipelineActionRole83895A58": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "Roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "Roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "Roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProject6BEFA8E6": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "NPM_CONFIG_UNSAFE_PERM", - "Type": "PLAINTEXT", - "Value": "true" - } - ], - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "Name": "MyServicePipeline-synth", - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "PipelinePreProdUseSourceProjectRole69B20A71": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "PipelinePreProdUseSourceProject2E711EB4": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutationRole57E559E8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "PipelineUpdatePipelineSelfMutationDAA41400": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - } - }, - "Mappings": { - "LatestNodeRuntimeMap": { - "af-south-1": { - "value": "nodejs20.x" - }, - "ap-east-1": { - "value": "nodejs20.x" - }, - "ap-northeast-1": { - "value": "nodejs20.x" - }, - "ap-northeast-2": { - "value": "nodejs20.x" - }, - "ap-northeast-3": { - "value": "nodejs20.x" - }, - "ap-south-1": { - "value": "nodejs20.x" - }, - "ap-south-2": { - "value": "nodejs20.x" - }, - "ap-southeast-1": { - "value": "nodejs20.x" - }, - "ap-southeast-2": { - "value": "nodejs20.x" - }, - "ap-southeast-3": { - "value": "nodejs20.x" - }, - "ap-southeast-4": { - "value": "nodejs20.x" - }, - "ap-southeast-5": { - "value": "nodejs20.x" - }, - "ap-southeast-7": { - "value": "nodejs20.x" - }, - "ca-central-1": { - "value": "nodejs20.x" - }, - "ca-west-1": { - "value": "nodejs20.x" - }, - "cn-north-1": { - "value": "nodejs18.x" - }, - "cn-northwest-1": { - "value": "nodejs18.x" - }, - "eu-central-1": { - "value": "nodejs20.x" - }, - "eu-central-2": { - "value": "nodejs20.x" - }, - "eu-isoe-west-1": { - "value": "nodejs18.x" - }, - "eu-north-1": { - "value": "nodejs20.x" - }, - "eu-south-1": { - "value": "nodejs20.x" - }, - "eu-south-2": { - "value": "nodejs20.x" - }, - "eu-west-1": { - "value": "nodejs20.x" - }, - "eu-west-2": { - "value": "nodejs20.x" - }, - "eu-west-3": { - "value": "nodejs20.x" - }, - "il-central-1": { - "value": "nodejs20.x" - }, - "me-central-1": { - "value": "nodejs20.x" - }, - "me-south-1": { - "value": "nodejs20.x" - }, - "mx-central-1": { - "value": "nodejs20.x" - }, - "sa-east-1": { - "value": "nodejs20.x" - }, - "us-east-1": { - "value": "nodejs20.x" - }, - "us-east-2": { - "value": "nodejs20.x" - }, - "us-gov-east-1": { - "value": "nodejs18.x" - }, - "us-gov-west-1": { - "value": "nodejs18.x" - }, - "us-iso-east-1": { - "value": "nodejs18.x" - }, - "us-iso-west-1": { - "value": "nodejs18.x" - }, - "us-isob-east-1": { - "value": "nodejs18.x" - }, - "us-west-1": { - "value": "nodejs20.x" - }, - "us-west-2": { - "value": "nodejs20.x" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json deleted file mode 100644 index a85b758286df0..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineStackPreProdStack65A0AD1F.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackPreProdStack65A0AD1F.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackPreProdStack65A0AD1F": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackPreProdStack65A0AD1F.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "PreProd-Stack" - }, - "dependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "metadata": { - "/PipelineStack/PreProd/Stack/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Resource" - } - ], - "/PipelineStack/PreProd/Stack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/PreProd/Stack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack/PreProd/Stack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js deleted file mode 100644 index 1002ba018e9fb..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var f=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t};var l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t);var q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H});module.exports=B(q);var h=require("@aws-sdk/client-s3");var y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}0&&(module.exports={autoDeleteHandler,handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json deleted file mode 100644 index 5315ad6d43743..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "PipelineStackTest/DefaultTest": { - "stacks": [ - "PipelineStack" - ], - "diffAssets": true, - "assertionStack": "PipelineStackTest/DefaultTest/DeployAssert", - "assertionStackName": "PipelineStackTestDefaultTestDeployAssertBC780F98" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json deleted file mode 100644 index 515495bbbc66a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json +++ /dev/null @@ -1,300 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "assembly-PipelineStack-PreProd": { - "type": "cdk:cloud-assembly", - "properties": { - "directoryName": "assembly-PipelineStack-PreProd", - "displayName": "PipelineStack/PreProd" - } - }, - "PipelineStack.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStack.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStack.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e7f81f8bda67ff3e586b06697af53694f5743a8e161a832b871afb6b753f90a9.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStack.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStack.assets" - ], - "metadata": { - "/PipelineStack/SourceBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketDDD2130A" - } - ], - "/PipelineStack/SourceBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketPolicy703DFBF9" - } - ], - "/PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketAutoDeleteObjectsCustomResourceC68FC040" - } - ], - "/PipelineStack/LatestNodeRuntimeMap": [ - { - "type": "aws:cdk:logicalId", - "data": "LatestNodeRuntimeMap" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" - } - ], - "/PipelineStack/Pipeline/Pipeline": [ - { - "type": "aws:cdk:warning", - "data": "V1 pipeline type is implicitly selected when `pipelineType` is not set. If you want to use V2 type, set `PipelineType.V2`. [ack: @aws-cdk/aws-codepipeline:unspecifiedPipelineType]" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyF5BF0670" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyAlias94A07392" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketAEA9A052" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketPolicyF53CCC52" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleB27FAA37" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleDefaultPolicy7BDC1ABB" - } - ], - "/PipelineStack/Pipeline/Pipeline/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Pipeline9850B417" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProject2E711EB4" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ], - "/PipelineStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack" - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "metadata": { - "/PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStackTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json deleted file mode 100644 index ffb2d51e18c94..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json +++ /dev/null @@ -1,2564 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "PipelineStack": { - "id": "PipelineStack", - "path": "PipelineStack", - "children": { - "SourceBucket": { - "id": "SourceBucket", - "path": "PipelineStack/SourceBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "aws-cdk:auto-delete-objects", - "value": "true" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/SourceBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - }, - "AutoDeleteObjectsCustomResource": { - "id": "AutoDeleteObjectsCustomResource", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "LatestNodeRuntimeMap": { - "id": "LatestNodeRuntimeMap", - "path": "PipelineStack/LatestNodeRuntimeMap", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" - } - }, - "Custom::S3AutoDeleteObjectsCustomResourceProvider": { - "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline", - "children": { - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline/Pipeline", - "children": { - "ArtifactsBucketEncryptionKey": { - "id": "ArtifactsBucketEncryptionKey", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Key", - "aws:cdk:cloudformation:props": { - "keyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" - } - }, - "ArtifactsBucketEncryptionKeyAlias": { - "id": "ArtifactsBucketEncryptionKeyAlias", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Alias", - "aws:cdk:cloudformation:props": { - "aliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "targetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnAlias", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Alias", - "version": "0.0.0" - } - }, - "ArtifactsBucket": { - "id": "ArtifactsBucket", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "bucketEncryption": { - "serverSideEncryptionConfiguration": [ - { - "serverSideEncryptionByDefault": { - "sseAlgorithm": "aws:kms", - "kmsMasterKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - } - ] - }, - "publicAccessBlockConfiguration": { - "blockPublicAcls": true, - "blockPublicPolicy": true, - "ignorePublicAcls": true, - "restrictPublicBuckets": true - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "policyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", - "aws:cdk:cloudformation:props": { - "artifactStore": { - "type": "S3", - "location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "encryptionKey": { - "type": "KMS", - "id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "restartExecutionOnUpdate": true, - "roleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "stages": [ - { - "name": "Source", - "actions": [ - { - "name": "S3", - "outputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Source", - "version": "1", - "owner": "AWS", - "provider": "S3" - }, - "configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - } - } - ] - }, - { - "name": "Build", - "actions": [ - { - "name": "Synth", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "outputArtifacts": [ - { - "name": "CloudAsm" - }, - { - "name": "IntegTests" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - } - ] - }, - { - "name": "UpdatePipeline", - "actions": [ - { - "name": "SelfMutate", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - } - ] - }, - { - "name": "PreProd", - "actions": [ - { - "name": "UseSource", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "runOrder": 100, - "roleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "name": "Stack.Prepare", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "runOrder": 1, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - { - "name": "Stack.Deploy", - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "runOrder": 2, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - } - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", - "version": "0.0.0" - } - }, - "Source": { - "id": "Source", - "path": "PipelineStack/Pipeline/Pipeline/Source", - "children": { - "S3": { - "id": "S3", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Build": { - "id": "Build", - "path": "PipelineStack/Pipeline/Pipeline/Build", - "children": { - "Synth": { - "id": "Synth", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "CdkBuildProject": { - "id": "CdkBuildProject", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL", - "environmentVariables": [ - { - "name": "NPM_CONFIG_UNSAFE_PERM", - "type": "PLAINTEXT", - "value": "true" - } - ] - }, - "name": "MyServicePipeline-synth", - "serviceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline", - "children": { - "SelfMutate": { - "id": "SelfMutate", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/Pipeline/PreProd", - "children": { - "UseSource": { - "id": "UseSource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Project": { - "id": "Project", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Deploy": { - "id": "Stack.Deploy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Deploy", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Prepare": { - "id": "Stack.Prepare", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Prepare", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", - "version": "0.0.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/UpdatePipeline", - "children": { - "SelfMutation": { - "id": "SelfMutation", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.UpdatePipelineAction", - "version": "0.0.0" - } - }, - "Assets": { - "id": "Assets", - "path": "PipelineStack/Pipeline/Assets", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/PreProd", - "children": { - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "children": { - "8389e75f-0810-4838-bf64-d6f85a95cf83": { - "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}/8389e75f-0810-4838-bf64-d6f85a95cf83", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkStage", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkPipeline", - "version": "0.0.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/PreProd", - "children": { - "Stack": { - "id": "Stack", - "path": "PipelineStack/PreProd/Stack", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/PreProd/Stack/Resource", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/PreProd/Stack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/PreProd/Stack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stage", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "PipelineStackTest": { - "id": "PipelineStackTest", - "path": "PipelineStackTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "PipelineStackTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStackTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "PipelineStackTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts deleted file mode 100644 index b8afeedfc285d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts +++ /dev/null @@ -1,97 +0,0 @@ -/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import * as codepipeline from 'aws-cdk-lib/aws-codepipeline'; -import * as codepipeline_actions from 'aws-cdk-lib/aws-codepipeline-actions'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import { App, CfnResource, DefaultStackSynthesizer, RemovalPolicy, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; -import { Construct } from 'constructs'; -import * as cdkp from 'aws-cdk-lib/pipelines'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -class MyStage extends Stage { - constructor(scope: Construct, id: string, props?: StageProps) { - super(scope, id, props); - - const stack = new Stack(this, 'Stack', { - ...props, - synthesizer: new DefaultStackSynthesizer(), - }); - new CfnResource(stack, 'Resource', { - type: 'AWS::Test::SomeResource', - }); - } -} - -/** - * The stack that defines the application pipeline - */ -class CdkpipelinesDemoPipelineStack extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - - const sourceBucket = new s3.Bucket(this, 'SourceBucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { - crossAccountKeys: true, - cloudAssemblyArtifact, - - // Where the source can be found - sourceAction: new codepipeline_actions.S3SourceAction({ - bucket: sourceBucket, - output: sourceArtifact, - bucketKey: 'key', - actionName: 'S3', - }), - - // How it will be built - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - projectName: 'MyServicePipeline-synth', - additionalArtifacts: [ - { - directory: 'test', - artifact: integTestArtifact, - }, - ], - }), - }); - - // This is where we add the application stages - // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); - stage.addActions( - new cdkp.ShellScriptAction({ - actionName: 'UseSource', - commands: [ - // Comes from source - 'cat README.md', - ], - additionalArtifacts: [sourceArtifact], - }), - ); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); - -const stack = new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new IntegTest(app, 'PipelineStackTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk/aws-amplify-alpha/README.md b/packages/@aws-cdk/aws-amplify-alpha/README.md index 0aa1e72e37726..d543b4090faff 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/README.md +++ b/packages/@aws-cdk/aws-amplify-alpha/README.md @@ -138,6 +138,17 @@ domain.mapSubDomain(main, 'www'); domain.mapSubDomain(dev); // sub domain prefix defaults to branch name ``` +To specify a custom certificate for your custom domain use the `customCertificate` property: + +```ts +declare const customCertificate: acm.Certificate; +declare const amplifyApp: amplify.App; + +const domain = amplifyApp.addDomain('example.com', { + customCertificate, // set your custom certificate +}); +``` + ## Restricting access Password protect the app with basic auth by specifying the `basicAuth` prop. diff --git a/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts b/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts index 6075d2b2a1a52..c90d2ed78a46b 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts +++ b/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts @@ -1,3 +1,4 @@ +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; import * as iam from 'aws-cdk-lib/aws-iam'; import { Lazy, Resource, IResolvable } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; @@ -36,6 +37,13 @@ export interface DomainOptions { * @default - all repository branches ['*', 'pr*'] */ readonly autoSubdomainCreationPatterns?: string[]; + + /** + * The type of SSL/TLS certificate to use for your custom domain + * + * @default - Amplify uses the default certificate that it provisions and manages for you + */ + readonly customCertificate?: acm.ICertificate; } /** @@ -130,6 +138,10 @@ export class Domain extends Resource { enableAutoSubDomain: !!props.enableAutoSubdomain, autoSubDomainCreationPatterns: props.autoSubdomainCreationPatterns || ['*', 'pr*'], autoSubDomainIamRole: props.autoSubDomainIamRole?.roleArn, + certificateSettings: props.customCertificate ? { + certificateType: 'CUSTOM', + customCertificateArn: props.customCertificate.certificateArn, + } : undefined, }); this.arn = domain.attrArn; diff --git a/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture index dd27e406b3985..85e3aab9ce9f6 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture +++ b/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture @@ -2,6 +2,7 @@ import { SecretValue, Stack } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as amplify from '@aws-cdk/aws-amplify-alpha'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; class Fixture extends Stack { constructor(scope: Construct, id: string) { diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts b/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts index 4ed31051277e6..cbf8d9d9a42d2 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts +++ b/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts @@ -1,4 +1,5 @@ import { Template } from 'aws-cdk-lib/assertions'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; import * as iam from 'aws-cdk-lib/aws-iam'; import { App, SecretValue, Stack } from 'aws-cdk-lib'; import * as amplify from '../lib'; @@ -64,6 +65,78 @@ test('create a domain', () => { }); }); +test('create a domain with custom certificate', () => { + // GIVEN + const stack = new Stack(); + const app = new amplify.App(stack, 'App', { + sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ + owner: 'aws', + repository: 'aws-cdk', + oauthToken: SecretValue.unsafePlainText('secret'), + }), + }); + const prodBranch = app.addBranch('main'); + const devBranch = app.addBranch('dev'); + + const customCertificate = new acm.Certificate(stack, 'Cert', { + domainName: '*.example.com', + }); + + // WHEN + const domain = app.addDomain('example.com', { + subDomains: [ + { + branch: prodBranch, + prefix: 'prod', + }, + ], + customCertificate, + }); + domain.mapSubDomain(devBranch); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Amplify::Domain', { + AppId: { + 'Fn::GetAtt': [ + 'AppF1B96344', + 'AppId', + ], + }, + DomainName: 'example.com', + CertificateSettings: { + CertificateType: 'CUSTOM', + CustomCertificateArn: { + Ref: 'Cert5C9FAEC1', + }, + }, + SubDomainSettings: [ + { + BranchName: { + 'Fn::GetAtt': [ + 'AppmainF505BAED', + 'BranchName', + ], + }, + Prefix: 'prod', + }, + { + BranchName: { + 'Fn::GetAtt': [ + 'AppdevB328DAFC', + 'BranchName', + ], + }, + Prefix: { + 'Fn::GetAtt': [ + 'AppdevB328DAFC', + 'BranchName', + ], + }, + }, + ], + }); +}); + test('map a branch to the domain root', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json new file mode 100644 index 0000000000000..f02a474074771 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json similarity index 90% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json rename to packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json index 5f37c46ccf4b5..ad9d0fb73d1dd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json @@ -1,9 +1,4 @@ { - "Resources": { - "Resource": { - "Type": "AWS::Test::SomeResource" - } - }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json similarity index 63% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json rename to packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json index 8451cee8dc082..f1c3c1e152115 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json @@ -1,15 +1,15 @@ { "version": "36.0.0", "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { + "5314d52dac3409b06902f1cf40df3d58dceb16146ad8cf66843edee0096d1d87": { "source": { - "path": "PipelineSecurityStackSingleStageMyStack29962269.template.json", + "path": "cdk-amplify-app-custom-domain.template.json", "packaging": "file" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", + "objectKey": "5314d52dac3409b06902f1cf40df3d58dceb16146ad8cf66843edee0096d1d87.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json new file mode 100644 index 0000000000000..5909af114f54a --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json @@ -0,0 +1,210 @@ +{ + "Resources": { + "Repo02AC86CF": { + "Type": "AWS::CodeCommit::Repository", + "Properties": { + "RepositoryName": "integ-amplify-app" + } + }, + "AppRole1AF9B530": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "amplify.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppRoleDefaultPolicy9CADBAA1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "codecommit:GitPull", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppRoleDefaultPolicy9CADBAA1", + "Roles": [ + { + "Ref": "AppRole1AF9B530" + } + ] + } + }, + "AppF1B96344": { + "Type": "AWS::Amplify::App", + "Properties": { + "BasicAuthConfig": { + "EnableBasicAuth": false + }, + "IAMServiceRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "Name": "App", + "Platform": "WEB", + "Repository": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "CloneUrlHttp" + ] + } + } + }, + "AppmainF505BAED": { + "Type": "AWS::Amplify::Branch", + "Properties": { + "AppId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "BranchName": "main", + "EnableAutoBuild": true, + "EnablePullRequestPreview": true + } + }, + "AppdevB328DAFC": { + "Type": "AWS::Amplify::Branch", + "Properties": { + "AppId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "BranchName": "dev", + "EnableAutoBuild": true, + "EnablePullRequestPreview": true + } + }, + "Appexamplecom6AF1A3AD": { + "Type": "AWS::Amplify::Domain", + "Properties": { + "AppId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "AutoSubDomainCreationPatterns": [ + "*", + "pr*" + ], + "AutoSubDomainIAMRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "CertificateSettings": { + "CertificateType": "CUSTOM", + "CustomCertificateArn": { + "Ref": "Certificate4E7ABB08" + } + }, + "DomainName": "*.example.com", + "EnableAutoSubDomain": false, + "SubDomainSettings": [ + { + "BranchName": { + "Fn::GetAtt": [ + "AppmainF505BAED", + "BranchName" + ] + }, + "Prefix": "prod" + }, + { + "BranchName": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + }, + "Prefix": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + } + } + ] + } + }, + "Certificate4E7ABB08": { + "Type": "AWS::CertificateManager::Certificate", + "Properties": { + "DomainName": "*.*.example.com", + "DomainValidationOptions": [ + { + "DomainName": "*.*.example.com", + "HostedZoneId": "Z23ABC4XYZL05B" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "cdk-amplify-app-custom-domain/Certificate" + } + ], + "ValidationMethod": "DNS" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/cdk.out b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/cdk.out rename to packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk.out diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json new file mode 100644 index 0000000000000..b8c953f413ca9 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json @@ -0,0 +1,14 @@ +{ + "enableLookups": true, + "version": "36.0.0", + "testCases": { + "amplify-app-custom-domain-integ/DefaultTest": { + "stacks": [ + "cdk-amplify-app-custom-domain" + ], + "stackUpdateWorkflow": false, + "assertionStack": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert", + "assertionStackName": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json new file mode 100644 index 0000000000000..1586bbb9fed72 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json @@ -0,0 +1,158 @@ +{ + "version": "36.0.0", + "artifacts": { + "cdk-amplify-app-custom-domain.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdk-amplify-app-custom-domain.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdk-amplify-app-custom-domain": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdk-amplify-app-custom-domain.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5314d52dac3409b06902f1cf40df3d58dceb16146ad8cf66843edee0096d1d87.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdk-amplify-app-custom-domain.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdk-amplify-app-custom-domain.assets" + ], + "metadata": { + "/cdk-amplify-app-custom-domain/Repo/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Repo02AC86CF" + } + ], + "/cdk-amplify-app-custom-domain/App/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppRole1AF9B530" + } + ], + "/cdk-amplify-app-custom-domain/App/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppRoleDefaultPolicy9CADBAA1" + } + ], + "/cdk-amplify-app-custom-domain/App/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppF1B96344" + } + ], + "/cdk-amplify-app-custom-domain/App/main/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppmainF505BAED" + } + ], + "/cdk-amplify-app-custom-domain/App/dev/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppdevB328DAFC" + } + ], + "/cdk-amplify-app-custom-domain/App/*.example.com/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Appexamplecom6AF1A3AD" + } + ], + "/cdk-amplify-app-custom-domain/Certificate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Certificate4E7ABB08", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/cdk-amplify-app-custom-domain/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-amplify-app-custom-domain/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-amplify-app-custom-domain" + }, + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets" + ], + "metadata": { + "/amplify-app-custom-domain-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/amplify-app-custom-domain-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json new file mode 100644 index 0000000000000..d91f03344d460 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json @@ -0,0 +1,433 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "cdk-amplify-app-custom-domain": { + "id": "cdk-amplify-app-custom-domain", + "path": "cdk-amplify-app-custom-domain", + "children": { + "Repo": { + "id": "Repo", + "path": "cdk-amplify-app-custom-domain/Repo", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/Repo/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeCommit::Repository", + "aws:cdk:cloudformation:props": { + "repositoryName": "integ-amplify-app" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codecommit.CfnRepository", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codecommit.Repository", + "version": "0.0.0" + } + }, + "App": { + "id": "App", + "path": "cdk-amplify-app-custom-domain/App", + "children": { + "Role": { + "id": "Role", + "path": "cdk-amplify-app-custom-domain/App/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "cdk-amplify-app-custom-domain/App/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "amplify.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "cdk-amplify-app-custom-domain/App/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "codecommit:GitPull", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppRoleDefaultPolicy9CADBAA1", + "roles": [ + { + "Ref": "AppRole1AF9B530" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::App", + "aws:cdk:cloudformation:props": { + "basicAuthConfig": { + "enableBasicAuth": false + }, + "iamServiceRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "name": "App", + "platform": "WEB", + "repository": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "CloneUrlHttp" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnApp", + "version": "0.0.0" + } + }, + "main": { + "id": "main", + "path": "cdk-amplify-app-custom-domain/App/main", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/main/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::Branch", + "aws:cdk:cloudformation:props": { + "appId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "branchName": "main", + "enableAutoBuild": true, + "enablePullRequestPreview": true + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnBranch", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "dev": { + "id": "dev", + "path": "cdk-amplify-app-custom-domain/App/dev", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/dev/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::Branch", + "aws:cdk:cloudformation:props": { + "appId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "branchName": "dev", + "enableAutoBuild": true, + "enablePullRequestPreview": true + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnBranch", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "*.example.com": { + "id": "*.example.com", + "path": "cdk-amplify-app-custom-domain/App/*.example.com", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/*.example.com/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::Domain", + "aws:cdk:cloudformation:props": { + "appId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "autoSubDomainCreationPatterns": [ + "*", + "pr*" + ], + "autoSubDomainIamRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "certificateSettings": { + "certificateType": "CUSTOM", + "customCertificateArn": { + "Ref": "Certificate4E7ABB08" + } + }, + "domainName": "*.example.com", + "enableAutoSubDomain": false, + "subDomainSettings": [ + { + "branchName": { + "Fn::GetAtt": [ + "AppmainF505BAED", + "BranchName" + ] + }, + "prefix": "prod" + }, + { + "branchName": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + }, + "prefix": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + } + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnDomain", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "HostedZone": { + "id": "HostedZone", + "path": "cdk-amplify-app-custom-domain/HostedZone", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Certificate": { + "id": "Certificate", + "path": "cdk-amplify-app-custom-domain/Certificate", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/Certificate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CertificateManager::Certificate", + "aws:cdk:cloudformation:props": { + "domainName": "*.*.example.com", + "domainValidationOptions": [ + { + "domainName": "*.*.example.com", + "hostedZoneId": "Z23ABC4XYZL05B" + } + ], + "tags": [ + { + "key": "Name", + "value": "cdk-amplify-app-custom-domain/Certificate" + } + ], + "validationMethod": "DNS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.CfnCertificate", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.Certificate", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-amplify-app-custom-domain/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-amplify-app-custom-domain/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "amplify-app-custom-domain-integ": { + "id": "amplify-app-custom-domain-integ", + "path": "amplify-app-custom-domain-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "amplify-app-custom-domain-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "amplify-app-custom-domain-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts new file mode 100644 index 0000000000000..2d38147cb0475 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts @@ -0,0 +1,75 @@ +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; +import * as codecommit from 'aws-cdk-lib/aws-codecommit'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import { App, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as amplify from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +interface TestStackProps extends StackProps { + hostedZoneId: string; + hostedZoneName: string; + domainName: string; +} + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props: TestStackProps) { + super(scope, id, props); + + const repository = new codecommit.Repository(this, 'Repo', { + repositoryName: 'integ-amplify-app', + }); + + const app = new amplify.App(this, 'App', { + sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository }), + }); + + const prodBranch = app.addBranch('main'); + const devBranch = app.addBranch('dev'); + + const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', { + hostedZoneId: props.hostedZoneId, + zoneName: props.hostedZoneName, + }); + + const customCertificate = new acm.Certificate(this, 'Certificate', { + domainName: `*.${props.domainName}`, + validation: acm.CertificateValidation.fromDns(hostedZone), + }); + + const domain = app.addDomain(props.domainName, { + subDomains: [ + { + branch: prodBranch, + prefix: 'prod', + }, + ], + customCertificate, + }); + domain.mapSubDomain(devBranch); + } +} + +/** + * In order to test this you need to have a valid public hosted zone that you can use + * to request certificates for. +*/ +const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID; +if (!hostedZoneId) throw new Error('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.'); +const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME; +if (!hostedZoneName) throw new Error('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.'); +const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME; +if (!domainName) throw new Error('For this test you must provide your own DomainName as an env var "DOMAIN_NAME". See framework-integ/README.md for details.'); + +const app = new App(); +const stack = new TestStack(app, 'cdk-amplify-app-custom-domain', { + hostedZoneId, + hostedZoneName, + domainName, +}); + +new IntegTest(app, 'amplify-app-custom-domain-integ', { + testCases: [stack], + enableLookups: true, + stackUpdateWorkflow: false, +}); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 9e65131f5cae8..1277bd682013f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -16,6 +16,7 @@ import { Stack, ArnFormat, Lazy, + Token, } from 'aws-cdk-lib/core'; import { Construct, @@ -329,9 +330,15 @@ export class IdentityPool extends Resource implements IIdentityPool { if (!res) { throw new Error('Invalid Identity Pool ARN'); } - const idParts = res.split(':'); - if (!(idParts.length === 2)) throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); - if (idParts[0] !== pool.region) throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + if (!Token.isUnresolved(res)) { + const idParts = res.split(':'); + if (!(idParts.length === 2)) { + throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); + } + if (!Token.isUnresolved(pool.region) && idParts[0] !== pool.region) { + throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + } + } class ImportedIdentityPool extends Resource implements IIdentityPool { public readonly identityPoolId = res; public readonly identityPoolArn = identityPoolArn; diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 3bacbeeb104ea..417c848c4407f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -19,6 +19,7 @@ import { } from 'aws-cdk-lib/aws-iam'; import { Fn, + Lazy, Stack, } from 'aws-cdk-lib'; import { @@ -203,14 +204,28 @@ describe('identity pool', () => { account: '1234567891011', }, }); - expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrowError('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); - expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrowError('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrow('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdRegionError', 'your-region:idPool')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); const idPool = IdentityPool.fromIdentityPoolId(stack, 'staticIdPool', 'my-region:idPool'); expect(idPool.identityPoolId).toEqual('my-region:idPool'); expect(idPool.identityPoolArn).toMatch(/cognito-identity:my-region:1234567891011:identitypool\/my-region:idPool/); }); + test('fromIdentityPoolId accept token', () => { + const stack = new Stack(); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-id' }))).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool2', 'id-region:pool-id')).not.toThrow(); + }); + + test('fromIdentityPoolArn accepts token', () => { + const stack = new Stack(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-arn' }))).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool2', `arn:aws:cognito-identity:${stack.region}:${stack.account}:identitypool/id-region:pool-id`)).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool3', `arn:aws:cognito-identity:arn-region:${stack.account}:identitypool/${Lazy.string({ produce: () => 'lazy-region' })}:pool-id`)).not.toThrow(); + }); + test('user pools are properly configured', () => { const stack = new Stack(); const poolProvider = UserPoolIdentityProvider.fromProviderName(stack, 'poolProvider', 'poolProvider'); diff --git a/packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js b/packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js new file mode 100644 index 0000000000000..73d2505a85a7f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js @@ -0,0 +1,4 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; +baseConfig.rules['import/order'] = 'off'; +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-ec2-alpha/.gitignore b/packages/@aws-cdk/aws-ec2-alpha/.gitignore new file mode 100644 index 0000000000000..3e895fc51317c --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/.gitignore @@ -0,0 +1,23 @@ +*.js +*.js.map +*.d.ts +tsconfig.json +node_modules +*.generated.ts +dist +.jsii + +.LAST_BUILD +.nyc_output +coverage +nyc.config.js +.LAST_PACKAGE +*.snk +!.eslintrc.js +!jest.config.js + +junit.xml +!**/*.snapshot/**/asset.*/*.js +!**/*.snapshot/**/asset.*/*.d.ts + +!**/*.snapshot/**/asset.*/** diff --git a/packages/@aws-cdk/cloud-assembly-schema/.npmignore b/packages/@aws-cdk/aws-ec2-alpha/.npmignore similarity index 98% rename from packages/@aws-cdk/cloud-assembly-schema/.npmignore rename to packages/@aws-cdk/aws-ec2-alpha/.npmignore index 2f484b8db6b88..b94897de6fcce 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/.npmignore +++ b/packages/@aws-cdk/aws-ec2-alpha/.npmignore @@ -24,6 +24,5 @@ jest.config.js # exclude cdk artifacts **/cdk.out junit.xml -test/ !*.lit.ts **/*.snapshot diff --git a/packages/@aws-cdk/cloud-assembly-schema/LICENSE b/packages/@aws-cdk/aws-ec2-alpha/LICENSE similarity index 100% rename from packages/@aws-cdk/cloud-assembly-schema/LICENSE rename to packages/@aws-cdk/aws-ec2-alpha/LICENSE diff --git a/packages/@aws-cdk/aws-ec2-alpha/NOTICE b/packages/@aws-cdk/aws-ec2-alpha/NOTICE new file mode 100644 index 0000000000000..c0b1f046c881a --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md new file mode 100644 index 0000000000000..0de7e39d27d35 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -0,0 +1,199 @@ +# Amazon VpcV2 Construct Library + + + +--- + +![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) + +> The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package. + +--- + + + +## VpcV2 + +`VpcV2` is a re-write of the [`ec2.Vpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html) construct. This new construct enables higher level of customization +on the VPC being created. `VpcV2` implements the existing [`IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html), therefore, +`VpcV2` is compatible with other constructs that accepts `IVpc` (e.g. [`ApplicationLoadBalancer`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer.html#construct-props)). + +To create a VPC with both IPv4 and IPv6 support: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2'); +new vpc_v2.VpcV2(stack, 'Vpc', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/24'), + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.amazonProvidedIpv6({cidrBlockName: 'AmazonProvidedIpv6'}), + ], +}); +``` + +`VpcV2` does not automatically create subnets or allocate IP addresses, which is different from the `Vpc` construct. + +Importing existing VPC in an account into CDK as a `VpcV2` is not yet supported. + +## SubnetV2 + +`SubnetV2` is a re-write of the [`ec2.Subnet`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Subnet.html) construct. +This new construct can be used to add subnets to a `VpcV2` instance: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2'); +const vpc = new vpc_v2.VpcV2(stack, 'Vpc', { + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonProvidedIp'}), + ], +}); +const vpcFirstIpV6Cidr = Fn.select(0, vpc.ipv6CidrBlocks); +const subCidrs = Fn.cidr(vpcFirstIpV6Cidr, 3, 32); +new vpc_v2.SubnetV2(stack, 'subnetA', { + vpc, + availabilityZone: 'us-east-1a', + cidrBlock: new vpc_v2.IpCidr('10.0.0.0/24'), + ipv6CidrBlock: new vpc_v2.IpCidr(Fn.select(0, subCidrs)), + subnetType: ec2.SubnetType.PRIVATE_ISOLATED, +}) +``` + +Same as `VpcV2`, importing existing subnets is not yet supported. + +## IP Addresses Management + +By default `VpcV2` uses `10.0.0.0/16` as the primary CIDR if none is defined. +Additional CIDRs can be adding to the VPC via the `secondaryAddressBlocks` prop. +The following example illustrates the different options of defining the address blocks: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2'); +const ipam = new Ipam(stack, 'Ipam', { + operatingRegion: ['us-west-1'] +}); +const ipamPublicPool = ipam.publicScope.addPool('PublicPoolA', { + addressFamily: vpc_v2.AddressFamily.IP_V6, + awsService: 'ec2', + locale: 'us-west-1', + publicIpSource: vpc_v2.IpamPoolPublicIpSource.AMAZON, +}); +ipamPublicPool.provisionCidr('PublicPoolACidrA', { netmaskLength: 52 } ); + +const ipamPrivatePool = ipam.privateScope.addPool('PrivatePoolA', { + addressFamily: vpc_v2.AddressFamily.IP_V4, +}); +ipamPrivatePool.provisionCidr('PrivatePoolACidrA', { netmaskLength: 8 } ); + +new vpc_v2.VpcV2(stack, 'Vpc', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/24'), + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonIpv6' }), + vpc_v2.IpAddresses.ipv6Ipam({ + ipv6IpamPool: ipamPublicPool, + ipv6NetmaskLength: 52, + cidrBlockName: 'ipv6Ipam', + }), + vpc_v2.IpAddresses.ipv4Ipam({ + ipv6IpamPool: ipamPrivatePool, + ipv6NetmaskLength: 8, + cidrBlockName: 'ipv4Ipam', + }), + ], +}); +``` + +Since `VpcV2` does not create subnets automatically, users have full control over IP addresses allocation across subnets. + + +## Routing + +`RouteTable` is a new construct that allows for route tables to be customized in a variety of ways. For instance, the following example shows how a custom route table can be created and appended to a subnet: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpc: myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', { + vpc, + routeTable, + ..., +}); +``` + +`Route`s can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the `Route` construct. An example using the `InternetGateway` construct can be seen below: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpc: vpc.myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', {...}); + +const igw = new vpc_v2.InternetGateway(stack, 'IGW', { + vpcId: vpc.myVpc, +}); +new vpc_v2.Route(stack, 'IgwRoute', { + routeTable, + destination: vpc_v2.IpAddresses.ipv4('0.0.0.0/0'), + target: igw, +}); +``` + +Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a `NatGateway`: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpcId: vpc.myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', {...}); + +const natgw = new vpc_v2.NatGateway(stack, 'NatGW', { + subnet: subnet, + vpcId: vpc.myVpc, + connectivityType: 'private', + privateIpAddress: '10.0.0.42', +}); +new vpc_v2.Route(stack, 'NatGwRoute', { + routeTable, + destination: vpc_v2.IpAddresses.ipv4('0.0.0.0/0'), + target: natgw, +}); +``` + +It is also possible to set up endpoints connecting other AWS services. For instance, the example below illustrates the linking of a Dynamo DB endpoint via the existing `ec2.GatewayVpcEndpoint` construct as a route target: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpcId: vpc.myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', {...}); + +const dynamoEndpoint = new GatewayVpcEndpoint(stack, 'DynamoEndpoint', { + service: ec2.GatewayVpcEndpointAwsService.DYNAMODB, + vpc: vpc, + subnets: [subnet], +}); +new vpc_v2.Route(stack, 'DynamoDBRoute', { + routeTable, + destination: vpc_v2.IpAddresses.ipv4('0.0.0.0/0'), + target: dynamoEndpoint, +}); +``` diff --git a/packages/@aws-cdk/aws-ec2-alpha/awslint.json b/packages/@aws-cdk/aws-ec2-alpha/awslint.json new file mode 100644 index 0000000000000..35de7712d8ef5 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/awslint.json @@ -0,0 +1,7 @@ +{ + "exclude": [ + "from-method:@aws-cdk/aws-ec2-alpha.VpcV2", + "attribute-tag:@aws-cdk/aws-ec2-alpha.RouteTable.routeTableId", + "from-method:@aws-cdk/aws-ec2-alpha.SubnetV2" + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/jest.config.js b/packages/@aws-cdk/aws-ec2-alpha/jest.config.js new file mode 100644 index 0000000000000..4995208baf512 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/jest.config.js @@ -0,0 +1,10 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); +module.exports = { + ...baseConfig, + coverageThreshold: { + global: { + statements: 75, + branches: 63, + }, + }, +};; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/index.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/index.ts new file mode 100644 index 0000000000000..26f148f30b2aa --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/index.ts @@ -0,0 +1,10 @@ +// The index.ts files contains a list of files we want to +// include as part of the public API of this module. +// In general, all files including L2 classes will be listed here, +// while all files including only utility functions will be omitted from here. + +export * from './vpc-v2'; +export * from './ipam'; +export * from './vpc-v2-base'; +export * from './subnet-v2'; +export * from './route'; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts new file mode 100644 index 0000000000000..c6600d43315f0 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts @@ -0,0 +1,547 @@ +import { CfnIPAM, CfnIPAMPool, CfnIPAMPoolCidr, CfnIPAMScope } from 'aws-cdk-lib/aws-ec2'; +import { Construct } from 'constructs'; +import { Lazy, Names, Resource, Stack } from 'aws-cdk-lib'; + +/** + * Represents the address family for IP addresses in an IPAM pool. + * IP_V4 - Represents the IPv4 address family. + * IP_V6 - Represents the IPv6 address family. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-addressfamily + */ +export enum AddressFamily { + /** + * Represents the IPv4 address family. + * Allowed under public and private pool. + */ + IP_V4 = 'ipv4', + + /** + * Represents the IPv6 address family. + * Only allowed under public pool. + */ + IP_V6 = 'ipv6', +} + +/** + * The IP address source for pools in the public scope. + * Only used for provisioning IP address CIDRs to pools in the public scope. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-publicipsource + */ +export enum IpamPoolPublicIpSource { + /** + * BYOIP Ipv6 to be registered under IPAM + */ + BYOIP = 'byoip', + + /** + * Amazon Provided Ipv6 range + */ + AMAZON = 'amazon', +} + +/** + * Limits which service in AWS that the pool can be used in + */ +export enum AwsServiceName { + /** + * Allows users to use space for Elastic IP addresses and VPCs + */ + EC2 = 'ec2', +} + +/** + * Options to create a new Ipam in the account + */ +export interface IpamProps{ + + /** + * The operating Regions for an IPAM. + * Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs + * For more information about operating Regions, see [Create an IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html) in the *Amazon VPC IPAM User Guide* . + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-operatingregions + * @default Stack.region if defined else [] + */ + readonly operatingRegion?: string[]; + + /** + * Name of IPAM that can be used for tagging resource + * @default none + */ + readonly ipamName?: string; +} + +/** + * Refers to two possible scope types under IPAM + */ +export enum IpamScopeType { + /** + * Default scopes created by IPAM + */ + DEFAULT = 'default', + + /** + * Custom scope created using method + */ + CUSTOM = 'custom', +} + +/** + * Options for configuring an IPAM pool. + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html + */ +export interface PoolOptions{ + + /** + * addressFamily - The address family of the pool (ipv4 or ipv6). + */ + readonly addressFamily: AddressFamily; + + /** + * Information about the CIDRs provisioned to the pool. + * @default - No CIDRs are provisioned + */ + readonly ipv4ProvisionedCidrs?: string[]; + + /** + * The locale (AWS Region) of the pool. Should be one of the IPAM operating region. + * Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. + * You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. + * Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-locale + * @default - Current operating region + */ + readonly locale?: string; + + /** + * The IP address source for pools in the public scope. + * Only used for IPv6 address + * Only allowed values to this are 'byoip' or 'amazon' + * @default amazon + */ + readonly publicIpSource?: IpamPoolPublicIpSource; + + /** + * Limits which service in AWS that the pool can be used in. + * + * "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-awsservice + * + * @default - No service + */ + readonly awsService?: AwsServiceName; +} + +/** + * Properties for creating an IPAM pool. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html + */ +interface IpamPoolProps extends PoolOptions { + /** + * Scope id where pool needs to be created + */ + readonly ipamScopeId: string; + + /** + * IPAM resource name + * @default autogenerated by CDK + */ + readonly ipamPoolName?: string; +} + +/** + * Options to provision CIDRs to an IPAM pool. + * Used to create a new IpamPoolCidr + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampoolcidr.html + */ +export interface IpamPoolCidrProvisioningOptions { + /** + * Ipv6 Netmask length for the CIDR + * @default none + */ + readonly netmaskLength?: number; + + /** + * Ipv6 CIDR block for the IPAM pool + * @default none + */ + readonly cidr?: string; +} + +/** + * Definition used to add or create a new IPAM pool + */ +export interface IIpamPool{ + /** + * Pool ID to be passed to the VPC construct + * @attribute IpamPoolId + */ + readonly ipamPoolId: string; + + /** + * Pool CIDR for IPv6 to be provisioned with Public IP source set to 'Amazon' + */ + readonly ipamCidrs: CfnIPAMPoolCidr[]; + + /** + * Function to associate a IPv6 address with IPAM pool + */ + provisionCidr(id: string, options: IpamPoolCidrProvisioningOptions): CfnIPAMPoolCidr; + +} + +/** + * IPAM scope is the highest-level container within IPAM. An IPAM contains two default scopes. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + */ +interface IpamScopeProps extends IpamScopeOptions{ + /** + * IPAM id to which scope needs to be added + */ + readonly ipamId: string; + + /** + * Operating regions for the Ipam + * Required in order to validate the locale being set on pool + */ + readonly ipamOperatingRegions: string[]; + + /** + * Custom ipam scope id to add a pool in order to support default scopes + * @default none + */ + readonly ipamScopeId?: string; + +} + +/** + * Being used in IPAM class to add pools to default scope created by IPAM. + */ +export interface IpamScopeOptions { + + /** + * IPAM scope name that will be used for tagging + * @default none + */ + readonly ipamScopeName?: string; +} + +/** + * Options for configuring an IP Address Manager (IPAM). + * + * For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html}. + */ +export interface IpamOptions { + + /** + * CIDR Mask for Vpc + * Only required when using AWS Ipam + * + * @default - None + */ + readonly netmaskLength?: number; + + /** + * Ipv4 or an Ipv6 IPAM pool + * Only required when using AWS Ipam + * + * @default - None + */ + readonly ipamPool?: IIpamPool; + + /** + * Required to set Secondary cidr block resource name + * in order to generate unique logical id for the resource. + */ + readonly cidrBlockName: string; +} + +/** + * Interface for IpamScope Class + */ +export interface IIpamScopeBase{ + + /** + * Reference to the current scope of stack to be passed in order to create + * a new IPAM pool + */ + readonly scope: Construct; + + /** + * Default Scope ids created by the IPAM or a new Resource id + */ + readonly scopeId: string; + + /** + * Defines scope type can be either default or custom + */ + readonly scopeType?: IpamScopeType; + + /** + * Function to add a new pool to an IPAM scope + */ + addPool(id: string, options: PoolOptions): IIpamPool; + +} + +/** + * Creates new IPAM Pool + * Pools enable you to organize your IP addresses according to your routing and security needs + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html + * @resource AWS::EC2::IPAMPool + * @internal + */ +class IpamPool extends Resource implements IIpamPool { + + /** + * Pool ID to be passed to the VPC construct + * @attribute IpamPoolId + */ + public readonly ipamPoolId: string; + + /** + * Pool CIDR for IPv6 to be provisioned with Public IP source set to 'Amazon' + */ + public readonly ipamCidrs: CfnIPAMPoolCidr[] = [] + + /** + * Reference to ipamPool resource created in this class + */ + private readonly _ipamPool: CfnIPAMPool; + + constructor(scope: Construct, id: string, props: IpamPoolProps) { + super(scope, id, { + physicalName: props.ipamPoolName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 128, allowedSpecialCharacters: '_' }), + }), + }); + + if (props.addressFamily === AddressFamily.IP_V6 && !props.awsService) { + throw new Error('awsService is required when addressFamily is set to ipv6'); + } + + this._ipamPool = new CfnIPAMPool(this, id, { + addressFamily: props.addressFamily, + provisionedCidrs: props.ipv4ProvisionedCidrs?.map(cidr => ({ cidr })), + locale: props.locale, + ipamScopeId: props.ipamScopeId, + publicIpSource: props.publicIpSource, + awsService: props.awsService, + }); + this.ipamPoolId = this._ipamPool.attrIpamPoolId; + this.node.defaultChild = this._ipamPool; + } + + /** + * A CIDR provisioned to an IPAM pool. + * @param id Name of Resource + * @param options Either a CIDR or netmask length must be provided + * @returns AWS::EC2::IPAMPoolCidr + */ + public provisionCidr(id: string, options: IpamPoolCidrProvisioningOptions): CfnIPAMPoolCidr { + const cidr = new CfnIPAMPoolCidr(this, id, { + ...options, + ipamPoolId: this.ipamPoolId, + }); + this.ipamCidrs.push(cidr); + return cidr; + } +} + +/** + * Creates custom Ipam Scope, custom IPAM scopes can only be private + * (can be used for adding custom scopes to an existing IPAM) + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + * @resource AWS::EC2::IPAMScope + */ +class IpamScope extends Resource implements IIpamScopeBase { + + /** + * Stores the reference to newly created Resource + */ + private readonly _ipamScope: CfnIPAMScope; + + /** + * ID for Resource IpamScope + * @attribute IpamScopeId + */ + public readonly scopeId: string; + + /** + * Properties to configure ipam scope + */ + private readonly props: IpamScopeProps; + + /** + * Reference to stack scope to be passed through addPool method inorder to create a new IpamPool + */ + public readonly scope: Construct; + + /** + * Defines scope type can be either default or custom + */ + public readonly scopeType: IpamScopeType; + + constructor(scope: Construct, id: string, props: IpamScopeProps) { + super(scope, id); + this._ipamScope = new CfnIPAMScope(scope, 'IpamScope', { + ipamId: props.ipamId, + }); + this.scopeId = this._ipamScope.attrIpamScopeId; + this.scopeType = IpamScopeType.CUSTOM; + this.scope = scope; + this.props = props; + } + + /** + * Adds a pool to the IPAM scope. + * @external + */ + addPool(id: string, options: PoolOptions): IIpamPool { + return createIpamPool(this.scope, id, this.props, options, this.scopeId); + } + +} + +/** + * Base class for IPAM default scopes. + */ +class IpamScopeBase implements IIpamScopeBase { + constructor( + readonly scope: Construct, + readonly scopeId: string, + private readonly props: IpamScopeProps, + readonly scopeType?: IpamScopeType, + ) { + this.scopeType = IpamScopeType.DEFAULT; + if (!props.ipamScopeId) { + throw new Error('ipamScopeId is required'); + } else { + this.scopeId = props.ipamScopeId; + } + } + + /** + * Adds a pool to the IPAM scope. + * @external + */ + addPool(id: string, options: PoolOptions): IIpamPool { + return createIpamPool(this.scope, id, this.props, options, this.scopeId); + } +} + +/** + * Creates new IPAM with default public and private scope + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + * @resource AWS::EC2::IPAM + */ +export class Ipam extends Resource { + /** + * Provides access to default public IPAM scope through add pool method. + * Usage: To add an Ipam Pool to a default public scope + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + */ + public readonly publicScope: IIpamScopeBase; + + /** + * Provides access to default private IPAM scope through add pool method. + * Usage: To add an Ipam Pool to a default private scope + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + * */ + public readonly privateScope: IIpamScopeBase; + + // Resource IPAM + private readonly _ipam: CfnIPAM; + /** + * Access to Ipam resource id that can be used later to add a custom private scope to this IPAM + * @attribute IpamId + */ + public readonly ipamId: string; + + /** + * List of operating regions for IPAM + */ + public readonly operatingRegions: string[]; + + /** + * List of scopes created under this IPAM + */ + public readonly scopes: IIpamScopeBase[] = []; + + constructor(scope: Construct, id: string, props?: IpamProps) { + super(scope, id); + + if (!props?.operatingRegion && !Stack.of(this).region) { + throw new Error('Please provide at least one operating region'); + } + + this.operatingRegions = props?.operatingRegion ?? [Stack.of(this).region]; + + this._ipam = new CfnIPAM(this, 'Ipam', { + operatingRegions: this.operatingRegions ? this.operatingRegions.map(region => ({ regionName: region })) : [], + }); + this.node.defaultChild = this._ipam; + + this.ipamId = this._ipam.attrIpamId; + this.publicScope = new IpamScopeBase(this, 'DefaultPublicScope', { + ipamOperatingRegions: this.operatingRegions, + ipamId: this._ipam.attrIpamId, + ipamScopeId: this._ipam.attrPublicDefaultScopeId, + }); + this.privateScope = new IpamScopeBase(this, 'DefaultPrivateScope', { + ipamOperatingRegions: this.operatingRegions, + ipamId: this._ipam.attrIpamId, + ipamScopeId: this._ipam.attrPrivateDefaultScopeId, + }); + + this.scopes.push(this.publicScope, this.privateScope); + + } + + /** + * Function to add custom scope to an existing IPAM + * Custom scopes can only be private + */ + public addScope(scope: Construct, id: string, options: IpamScopeOptions): IIpamScopeBase { + const ipamScope = new IpamScope(scope, id, { + ...options, + ipamId: this.ipamId, + ipamOperatingRegions: this.operatingRegions, + }); + this.scopes.push(ipamScope); + return ipamScope; + } +} + +/** + * Function to create IpamPool under scope + * @internal + */ +function createIpamPool( + scope: Construct, + id: string, + scopeOptions: IpamScopeProps, + poolOptions: PoolOptions, + scopeId: string, +): IpamPool { + const isLocaleInOperatingRegions = scopeOptions.ipamOperatingRegions + ? scopeOptions.ipamOperatingRegions.map(region => ({ regionName: region })) + .some(region => region.regionName === poolOptions.locale) + : false; + + if (!isLocaleInOperatingRegions) { + throw new Error(`The provided locale '${poolOptions.locale}' is not in the operating regions.`); + } + + return new IpamPool(scope, id, { + ipamPoolName: id, + addressFamily: poolOptions.addressFamily, + ipv4ProvisionedCidrs: poolOptions.ipv4ProvisionedCidrs, + ipamScopeId: scopeId, + locale: poolOptions.locale, + publicIpSource: poolOptions.publicIpSource, + awsService: poolOptions.awsService, + }); +} + diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts new file mode 100644 index 0000000000000..3a6a0ea5cd717 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts @@ -0,0 +1,587 @@ +import { CfnEIP, CfnEgressOnlyInternetGateway, CfnInternetGateway, CfnNatGateway, CfnRoute, CfnRouteTable, CfnVPCGatewayAttachment, CfnVPNGateway, GatewayVpcEndpoint, IRouteTable, ISubnet, IVpcEndpoint, RouterType, VpnConnectionType } from 'aws-cdk-lib/aws-ec2'; +import { Construct, IDependable } from 'constructs'; +import { Duration, Resource } from 'aws-cdk-lib/core'; +import { IVpcV2 } from './vpc-v2-base'; + +/** + * Indicates whether the NAT gateway supports public or private connectivity. + * The default is public connectivity. + * See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html#cfn-ec2-natgateway-connectivitytype + */ +export enum NatConnectivityType { + /** + * Sets Connectivity type to PUBLIC + */ + PUBLIC = 'public', + /** + * Sets Connectivity type to PRIVATE + */ + PRIVATE = 'private', +} + +/** + * Interface to define a routing target, such as an + * egress-only internet gateway or VPC endpoint. + */ +export interface IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; +} + +/** + * Properties to define an egress-only internet gateway. + */ +export interface EgressOnlyInternetGatewayProps { + /** + * The ID of the VPC for which to create the egress-only internet gateway. + */ + readonly vpc: IVpcV2; + + /** + * The resource name of the egress-only internet gateway. + * @default none + */ + readonly egressOnlyInternetGatewayName?: string; +} + +/** + * Properties to define an internet gateway. + */ +export interface InternetGatewayProps { + /** + * The ID of the VPC for which to create the internet gateway. + */ + readonly vpc: IVpcV2; + + /** + * The resource name of the internet gateway. + * @default none + */ + readonly internetGatewayName?: string; + +} + +/** + * Properties to define a VPN gateway. + */ +export interface VPNGatewayProps { + /** + * The type of VPN connection the virtual private gateway supports. + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type + */ + readonly type: VpnConnectionType; + + /** + * The ID of the VPC for which to create the VPN gateway. + */ + readonly vpc: IVpcV2; + + /** + * The private Autonomous System Number (ASN) for the Amazon side of a BGP session. + * @default none + */ + readonly amazonSideAsn?: number; + + /** + * The resource name of the VPN gateway. + * @default none + */ + readonly vpnGatewayName?: string; +} + +/** + * Properties to define a NAT gateway. + */ +export interface NatGatewayProps { + /** + * The subnet in which the NAT gateway is located. + */ + readonly subnet: ISubnet; + + /** + * The ID of the VPC in which the NAT gateway is located. + * @default none + */ + readonly vpc?: IVpcV2; + + /** + * AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT + * gateway and cannot be specified with a private NAT gateway. + * @default attr.allocationID of a new Elastic IP created by default + * //TODO: ADD L2 for elastic ip + */ + readonly allocationId?: string; + + /** + * Indicates whether the NAT gateway supports public or private connectivity. + * @default public + */ + readonly connectivityType?: NatConnectivityType; + + /** + * The maximum amount of time to wait before forcibly releasing the + * IP addresses if connections are still in progress. + * @default 350 seconds + */ + readonly maxDrainDuration?: Duration; + + /** + * The private IPv4 address to assign to the NAT gateway. If you don't provide an + * address, a private IPv4 address will be automatically assigned. + * @default none + */ + readonly privateIpAddress?: string; + + /** + * Secondary EIP allocation IDs. + * @default none + * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating + */ + readonly secondaryAllocationIds?: string[]; + + /** + * The number of secondary private IPv4 addresses you + * want to assign to the NAT gateway. + * + * `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be + * set at the same time. + * + * @default none + * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating + */ + readonly secondaryPrivateIpAddressCount?: number; + + /** + * Secondary private IPv4 addresses. + * + * `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be + * set at the same time. + * + * @default none + * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating + */ + readonly secondaryPrivateIpAddresses?: string[]; + + /** + * The resource name of the NAT gateway. + * @default none + */ + readonly natGatewayName?: string; + +} + +/** + * Creates an egress-only internet gateway + * @resource AWS::EC2::EgressOnlyInternetGateway + */ +export class EgressOnlyInternetGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * The egress-only internet gateway CFN resource. + */ + public readonly resource: CfnEgressOnlyInternetGateway; + + constructor(scope: Construct, id: string, props: EgressOnlyInternetGatewayProps) { + super(scope, id); + + this.routerType = RouterType.EGRESS_ONLY_INTERNET_GATEWAY; + + this.resource = new CfnEgressOnlyInternetGateway(this, 'EIGW', { + vpcId: props.vpc.vpcId, + }); + this.node.defaultChild = this.resource; + + this.routerTargetId = this.resource.attrId; + } +} + +/** + * Creates an internet gateway + * @resource AWS::EC2::InternetGateway + */ +export class InternetGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * The ID of the VPC for which to create the internet gateway. + */ + public readonly vpcId: string; + + /** + * The internet gateway CFN resource. + */ + public readonly resource: CfnInternetGateway; + + constructor(scope: Construct, id: string, props: InternetGatewayProps) { + super(scope, id); + + this.routerType = RouterType.GATEWAY; + + this.resource = new CfnInternetGateway(this, 'IGW', {}); + this.node.defaultChild = this.resource; + + this.routerTargetId = this.resource.attrInternetGatewayId; + this.vpcId = props.vpc.vpcId; + } +} + +/** + * Creates a virtual private gateway + * @resource AWS::EC2::VPNGateway + */ +export class VPNGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * The ID of the VPC for which to create the VPN gateway. + */ + public readonly vpcId: string; + + /** + * The VPN gateway CFN resource. + */ + public readonly resource: CfnVPNGateway; + + constructor(scope: Construct, id: string, props: VPNGatewayProps) { + super(scope, id); + + this.routerType = RouterType.GATEWAY; + + this.resource = new CfnVPNGateway(this, 'IGW', { + type: props.type, + amazonSideAsn: props.amazonSideAsn, + }); + this.node.defaultChild = this.resource; + + this.routerTargetId = this.resource.attrVpnGatewayId; + this.vpcId = props.vpc.vpcId; + } +} + +/** + * Creates a network address translation (NAT) gateway + * @resource AWS::EC2::NatGateway + */ +export class NatGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * Indicates whether the NAT gateway supports public or private connectivity. + * @default public + */ + public readonly connectivityType?: string; + + /** + * The maximum amount of time to wait before forcibly releasing the + * IP addresses if connections are still in progress. + * @default 350 seconds + */ + public readonly maxDrainDuration?: Duration; + + /** + * The NAT gateway CFN resource. + */ + public readonly resource: CfnNatGateway; + + constructor(scope: Construct, id: string, props: NatGatewayProps) { + super(scope, id); + + this.routerType = RouterType.NAT_GATEWAY; + + this.connectivityType = props.connectivityType || NatConnectivityType.PUBLIC; + this.maxDrainDuration = props.maxDrainDuration || Duration.seconds(350); + + // If user does not provide EIP, generate one for them + var aId: string | undefined; + if (this.connectivityType == 'public') { + if (!props.allocationId) { + let eip = new CfnEIP(this, 'EIP', { + domain: props.vpc?.vpcId, + }); + aId = eip.attrAllocationId; + } else { + aId = props.allocationId; + } + } + + this.resource = new CfnNatGateway(this, 'NATGateway', { + subnetId: props.subnet.subnetId, + allocationId: aId, + maxDrainDurationSeconds: props.maxDrainDuration?.toSeconds(), + secondaryAllocationIds: props.secondaryAllocationIds, + ...props, + }); + + this.routerTargetId = this.resource.attrNatGatewayId; + this.node.defaultChild = this.resource; + this.node.addDependency(props.subnet.internetConnectivityEstablished); + } +} + +/** + * The type of endpoint or gateway being targeted by the route. + */ +export interface RouteTargetProps { + /** + * The gateway route target. This is used for targets such as + * egress-only internet gateway or VPC peering connection. + * @default none + */ + readonly gateway?: IRouteTarget; + + /** + * The endpoint route target. This is used for targets such as + * VPC endpoints. + * @default none + */ + readonly endpoint?: IVpcEndpoint; +} + +/** + * The gateway or endpoint targeted by the route. + */ +export class RouteTargetType { + /** + * The gateway route target. This is used for targets such as + * egress-only internet gateway or VPC peering connection. + * @default none + */ + readonly gateway?: IRouteTarget; + + /** + * The endpoint route target. This is used for targets such as + * VPC endpoints. + * @default none + */ + readonly endpoint?: IVpcEndpoint; + + constructor(props: RouteTargetProps) { + if (props.gateway && props.endpoint) { + throw new Error('Cannot specify both gateway and endpoint'); + } else { + this.gateway = props.gateway; + this.endpoint = props.endpoint; + } + } +} + +/** + * Interface to define a route. + */ +export interface IRouteV2 { + /** + * The ID of the route table for the route. + * @attribute routeTable + */ + readonly routeTable: IRouteTable; + + /** + * The IPv4 or IPv6 CIDR block used for the destination match. + * + * Routing decisions are based on the most specific match. + * TODO: Look for strong IP type implementation here. + */ + readonly destination: string; + + /** + * The gateway or endpoint targeted by the route. + */ + readonly target: RouteTargetType; +} + +/** + * Properties to define a route. + */ +export interface RouteProps { + /** + * The ID of the route table for the route. + * @attribute routeTable + */ + readonly routeTable: IRouteTable; + + /** + * The IPv4 or IPv6 CIDR block used for the destination match. + * + * Routing decisions are based on the most specific match. + */ + readonly destination: string; + + /** + * The gateway or endpoint targeted by the route. + */ + readonly target: RouteTargetType; + + /** + * The resource name of the route. + * @default none + */ + readonly routeName?: string; +} + +/** + * Creates a new route with added functionality. + * @resource AWS::EC2::Route + */ +export class Route extends Resource implements IRouteV2 { + /** + * The IPv4 or IPv6 CIDR block used for the destination match. + * + * Routing decisions are based on the most specific match. + */ + public readonly destination: string; + + /** + * The gateway or endpoint targeted by the route. + */ + public readonly target: RouteTargetType; + + /** + * The route table for the route. + * @attribute routeTable + */ + public readonly routeTable: IRouteTable; + + /** + * The type of router the route is targetting + */ + public readonly targetRouterType: RouterType + + /** + * The route CFN resource. + */ + public readonly resource?: CfnRoute; + + constructor(scope: Construct, id: string, props: RouteProps) { + super(scope, id); + + this.destination = props.destination; + this.target = props.target; + this.routeTable = props.routeTable; + + this.targetRouterType = this.target.gateway ? this.target.gateway.routerType : RouterType.VPC_ENDPOINT; + + // Gateway generates route automatically via its RouteTable, thus we don't need to generate the resource for it + if (!(this.target.endpoint instanceof GatewayVpcEndpoint)) { + this.resource = new CfnRoute(this, 'Route', { + routeTableId: this.routeTable.routeTableId, + destinationCidrBlock: this.destination, + destinationIpv6CidrBlock: this.destination, + [routerTypeToPropName(this.targetRouterType)]: this.target.gateway ? this.target.gateway.routerTargetId : + this.target.endpoint ? this.target.endpoint.vpcEndpointId : null, + }); + } + this.node.defaultChild = this.resource; + + if (this.targetRouterType == RouterType.GATEWAY) { + if (this.target.gateway instanceof InternetGateway) { + new CfnVPCGatewayAttachment(this, 'GWAttachment', { + vpcId: this.target.gateway.vpcId, + internetGatewayId: this.target.gateway.routerTargetId, + }); + } else if (this.target.gateway instanceof VPNGateway) { + new CfnVPCGatewayAttachment(this, 'GWAttachment', { + vpcId: this.target.gateway.vpcId, + vpnGatewayId: this.target.gateway.routerTargetId, + }); + } + } + } +} + +/** + * Properties to define a route table. + */ +export interface RouteTableProps { + /** + * The ID of the VPC. + */ + readonly vpc: IVpcV2; + + /** + * The resource name of the route table. + * @default none + */ + readonly routeTableName?: string; +} + +/** + * Creates a route table for the specified VPC + * @resource AWS::EC2::RouteTable + */ +export class RouteTable extends Resource implements IRouteTable, IDependable { + /** + * The ID of the route table. + */ + public readonly routeTableId: string; + + /** + * The route table CFN resource. + */ + public readonly resource: CfnRouteTable; + + constructor(scope: Construct, id: string, props: RouteTableProps) { + super(scope, id); + + this.resource = new CfnRouteTable(this, 'RouteTable', { + vpcId: props.vpc.vpcId, + }); + this.node.defaultChild = this.resource; + + this.routeTableId = this.resource.attrRouteTableId; + } +} + +function routerTypeToPropName(routerType: RouterType) { + return ({ + [RouterType.CARRIER_GATEWAY]: 'carrierGatewayId', + [RouterType.EGRESS_ONLY_INTERNET_GATEWAY]: 'egressOnlyInternetGatewayId', + [RouterType.GATEWAY]: 'gatewayId', + [RouterType.INSTANCE]: 'instanceId', + [RouterType.LOCAL_GATEWAY]: 'localGatewayId', + [RouterType.NAT_GATEWAY]: 'natGatewayId', + [RouterType.NETWORK_INTERFACE]: 'networkInterfaceId', + [RouterType.TRANSIT_GATEWAY]: 'transitGatewayId', + [RouterType.VPC_PEERING_CONNECTION]: 'vpcPeeringConnectionId', + [RouterType.VPC_ENDPOINT]: 'vpcEndpointId', + })[routerType]; +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts new file mode 100644 index 0000000000000..a71277d441cbc --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -0,0 +1,416 @@ +import { Resource, Names, Lazy } from 'aws-cdk-lib'; +import { CfnRouteTable, CfnSubnet, CfnSubnetRouteTableAssociation, INetworkAcl, IRouteTable, ISubnet, NetworkAcl, SubnetNetworkAclAssociation, SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { Construct, DependencyGroup, IDependable } from 'constructs'; +import { IVpcV2 } from './vpc-v2-base'; +import { CidrBlock, CidrBlockIpv6 } from './util'; + +/** + * Interface to define subnet CIDR + */ +interface ICidr { + readonly cidr: string; +} + +/** + * IPv4 or IPv6 CIDR range for the subnet + */ +export class IpCidr implements ICidr { + + /** + * IPv6 CIDR range for the subnet + * Allowed only if IPv6 is enabled on VPc + */ + public readonly cidr: string; + constructor(props: string ) { + this.cidr = props; + } +} + +/** + * Properties to define subnet for VPC. + */ +export interface SubnetV2Props { +/** + * VPC Prop + */ + readonly vpc: IVpcV2; + + /** + * ipv4 cidr to assign to this subnet. + * See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html#cfn-ec2-subnet-cidrblock + */ + readonly ipv4CidrBlock: IpCidr; + + /** + * Ipv6 CIDR Range for subnet + * @default No Ipv6 address + */ + readonly ipv6CidrBlock?: IpCidr; + + /** + * Custom AZ for the subnet + */ + readonly availabilityZone: string; + + /** + * Custom Route for subnet + * @default Default route table + */ + readonly routeTable?: IRouteTable; + + /** + * The type of Subnet to configure. + * + * The Subnet type will control the ability to route and connect to the + * Internet. + * + * TODO: Add validation check `subnetType` when adding resources (e.g. cannot add NatGateway to private) + */ + readonly subnetType: SubnetType; + + /** + * Subnet name + * @default none + */ + readonly subnetName?: string; + + /** + * Indicates whether a network interface created in this subnet receives an IPv6 address. + * + * If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock. + * + * @default false + */ + readonly assignIpv6AddressOnCreation?: boolean; + +} + +/** + * Interface with additional properties for SubnetV2 + */ +export interface ISubnetV2 extends ISubnet { + + /** + * The IPv6 CIDR block for this subnet + */ + readonly ipv6CidrBlock?: string; + +} + +/** + * The SubnetV2 class represents a subnet within a VPC (Virtual Private Cloud) in AWS. + * It extends the Resource class and implements the ISubnet interface. + * + * Instances of this class can be used to create and manage subnets within a VpcV2 instance. + * Subnets can be configured with specific IP address ranges (IPv4 and IPv6), availability zones, + * and subnet types (e.g., public, private, isolated). + * + * @resource AWS::EC2::Subnet + * + */ +export class SubnetV2 extends Resource implements ISubnetV2 { + + /** + * The Availability Zone the subnet is located in + */ + public readonly availabilityZone: string; + + /** + * The subnetId for this particular subnet + * @attribute + */ + public readonly subnetId: string; + + /** + * Dependencies for internet connectivity + * This Property exposes the RouteTable-Subnet association so that other resources can depend on it. + */ + public readonly internetConnectivityEstablished: IDependable; + + /** + * The variable name `internetConnectivityEstablished` does not reflect what it actually is. + * The naming is enforced by ISubnet. We need to keep it to maintain compatibility. + * It exposes the RouteTable-Subnet association so that other resources can depend on it. + * E.g. Resources in a subnet, when being deleted, may need the RouteTable to exist in order to delete properly + */ + private readonly _internetConnectivityEstablished = new DependencyGroup(); + + /** + * The IPv4 CIDR block for this subnet + */ + public readonly ipv4CidrBlock: string; + + /** + * The IPv6 CIDR Block for this subnet + */ + public readonly ipv6CidrBlock?: string; + + /** + * The route table for this subnet + */ + public readonly routeTable: IRouteTable; + + /** + * The type of subnet (public or private) that this subnet represents. + * @attribute SubnetType + */ + public readonly subnetType: SubnetType; + + private _networkAcl: INetworkAcl; + + /** + * Constructs a new SubnetV2 instance. + * @param scope The parent Construct that this resource will be part of. + * @param id The unique identifier for this resource. + * @param props The configuration properties for the subnet. + */ + constructor(scope: Construct, id: string, props: SubnetV2Props) { + super(scope, id, { + physicalName: props.subnetName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 128, allowedSpecialCharacters: '_' }), + }), + }); + + const ipv4CidrBlock = props.ipv4CidrBlock.cidr; + const ipv6CidrBlock = props.ipv6CidrBlock?.cidr; + + if (!checkCidrRanges(props.vpc, props.ipv4CidrBlock.cidr)) { + throw new Error('CIDR block should be within the range of VPC'); + }; + + let overlap: boolean = false; + let overlapIpv6: boolean = false; + + overlap = validateOverlappingCidrRanges(props.vpc, props.ipv4CidrBlock.cidr); + + //check whether VPC supports ipv6 + if (props.ipv6CidrBlock?.cidr) { + validateSupportIpv6(props.vpc); + overlapIpv6 = validateOverlappingCidrRangesipv6(props.vpc, props.ipv6CidrBlock?.cidr); + } + + if (overlap || overlapIpv6) { + throw new Error('CIDR block should not overlap with existing subnet blocks'); + } + + if (props.assignIpv6AddressOnCreation && !props.ipv6CidrBlock) { + throw new Error('IPv6 CIDR block is required when assigning IPv6 address on creation'); + } + + const subnet = new CfnSubnet(this, 'Subnet', { + vpcId: props.vpc.vpcId, + cidrBlock: ipv4CidrBlock, + ipv6CidrBlock: ipv6CidrBlock, + availabilityZone: props.availabilityZone, + assignIpv6AddressOnCreation: props.assignIpv6AddressOnCreation ?? false, + }); + + this.node.defaultChild = subnet; + this.ipv4CidrBlock = props.ipv4CidrBlock.cidr; + this.ipv6CidrBlock = props.ipv6CidrBlock?.cidr; + this.subnetId = subnet.ref; + this.availabilityZone = props.availabilityZone; + + this._networkAcl = NetworkAcl.fromNetworkAclId(this, 'Acl', subnet.attrNetworkAclAssociationId); + + if (props.routeTable) { + this.routeTable = props.routeTable; + } else { + const defaultTable = new CfnRouteTable(this, 'RouteTable', { + vpcId: props.vpc.vpcId, + }); + this.routeTable = { routeTableId: defaultTable.ref }; + } + + const routeAssoc = new CfnSubnetRouteTableAssociation(this, 'RouteTableAssociation', { + subnetId: this.subnetId, + routeTableId: this.routeTable.routeTableId, + }); + this._internetConnectivityEstablished.add(routeAssoc); + this.internetConnectivityEstablished = this._internetConnectivityEstablished; + + this.subnetType = props.subnetType; + storeSubnetToVpcByType(props.vpc, this, props.subnetType); + } + + /** + * Associate a Network ACL with this subnet + * + * @param id The unique identifier for this association. + * @param networkAcl The Network ACL to associate with this subnet. + * This allows controlling inbound and outbound traffic for instances in this subnet. + */ + public associateNetworkAcl(id: string, networkAcl: INetworkAcl) { + this._networkAcl = networkAcl; + + const scope = networkAcl instanceof Construct ? networkAcl : this; + const other = networkAcl instanceof Construct ? this : networkAcl; + new SubnetNetworkAclAssociation(scope, id + Names.nodeUniqueId(other.node), { + networkAcl, + subnet: this, + }); + } + /** + * Returns the Network ACL associated with this subnet. + */ + + public get networkAcl(): INetworkAcl { + return this._networkAcl; + } +} + +const subnetTypeMap = { + [SubnetType.PRIVATE_ISOLATED]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.isolatedSubnets.push(subnet), + [SubnetType.PUBLIC]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.publicSubnets.push(subnet), + [SubnetType.PRIVATE_WITH_EGRESS]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.privateSubnets.push(subnet), + [SubnetType.ISOLATED]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.isolatedSubnets.push(subnet), + [SubnetType.PRIVATE]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.privateSubnets.push(subnet), + [SubnetType.PRIVATE_WITH_NAT]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.privateSubnets.push(subnet), +}; + +/** + * Stores the provided subnet in the VPC's collection of subnets based on the specified subnet type. + * + * @param vpc The VPC instance to which the subnet belongs. + * @param subnet The subnet instance to be stored. + * @param type The type of the subnet (e.g., public, private, isolated). + * @internal + */ +function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType) { + const findFunctionType = subnetTypeMap[type]; + if (findFunctionType) { + findFunctionType(vpc, subnet); + } else { + throw new Error(`Unsupported subnet type: ${type}`); + } + + /** + * Need to set explicit dependency as during stack deletion, + * the cidr blocks may get deleted first and will fail as the subnets are still using the cidr blocks + */ + for (const cidr of vpc.secondaryCidrBlock) { + subnet.node.addDependency(cidr); + } +} + +/** + * Validates whether the provided VPC supports IPv6 addresses. + * + * @param vpc The VPC instance to be validated. + * @throws Error if the VPC does not support IPv6 addresses. + * @returns True if the VPC supports IPv6 addresses, false otherwise. + * @internal + */ +function validateSupportIpv6(vpc: IVpcV2) { + if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || + secondaryAddress.ipv6IpamPoolId != undefined)) { + return true; + } else { + throw new Error('To use IPv6, the VPC must enable IPv6 support.'); + } +} + +/** + * Checks if the provided CIDR range falls within the IP address ranges of the given VPC. + * + * @param vpc The VPC instance to check against. + * @param cidrRange The CIDR range to be checked. + * @returns True if the CIDR range falls within the VPC's IP address ranges, false otherwise. + * @internal + */ +function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { + + const vpcCidrBlock = [vpc.ipv4CidrBlock]; + + for (const ipAddress of vpc.secondaryCidrBlock) { + if (ipAddress.cidrBlock) { + vpcCidrBlock.push(ipAddress.cidrBlock); + } + } + const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); + + const subnetCidrBlock = new CidrBlock(cidrRange); + + return cidrs.some(c => c.containsCidr(subnetCidrBlock)); + +} + +/** + * Validates if the provided IPv4 CIDR block overlaps with existing subnet CIDR blocks within the given VPC. + * + * @param vpc The VPC instance to check against. + * @param ipv4CidrBlock The IPv4 CIDR block to be validated. + * @returns True if the IPv4 CIDR block overlaps with existing subnet CIDR blocks, false otherwise. + * @internal + */ + +function validateOverlappingCidrRanges(vpc: IVpcV2, ipv4CidrBlock: string): boolean { + + let allSubnets: ISubnetV2[]; + try { + allSubnets = vpc.selectSubnets().subnets; + } catch (e) { + 'No subnets in VPC'; + return false; + } + + const ipMap: [string, string][] = new Array(); + + const inputRange = new CidrBlock(ipv4CidrBlock); + + const inputIpMap: [string, string] = [inputRange.minIp(), inputRange.maxIp()]; + + for (const subnet of allSubnets) { + const cidrBlock = new CidrBlock(subnet.ipv4CidrBlock); + ipMap.push([cidrBlock.minIp(), cidrBlock.maxIp()]); + } + + for (const range of ipMap) { + if (inputRange.rangesOverlap(range, inputIpMap)) { + return true; + } + } + + return false; +} + +/** + * Validates if the provided IPv6 CIDR block overlaps with existing subnet CIDR blocks within the given VPC. + * + * @param vpc The VPC instance to check against. + * @param ipv6CidrBlock The IPv6 CIDR block to be validated. + * @returns True if the IPv6 CIDR block overlaps with existing subnet CIDR blocks, false otherwise. + * @throws Error if no subnets are found in the VPC. + * @internal + */ +function validateOverlappingCidrRangesipv6(vpc: IVpcV2, ipv6CidrBlock: string): boolean { + + let allSubnets: ISubnetV2[]; + try { + allSubnets = vpc.selectSubnets().subnets; + } catch (e) { + 'No subnets in VPC'; + return false; + } + + const ipv6Map: string[]= []; + + const inputRange = new CidrBlockIpv6(ipv6CidrBlock); + + let result : boolean = false; + + for (const subnet of allSubnets) { + if (subnet.ipv6CidrBlock) { + const cidrBlock = new CidrBlockIpv6(subnet.ipv6CidrBlock); + ipv6Map.push(cidrBlock.cidr); + } + } + + for (const range of ipv6Map) { + if (inputRange.rangesOverlap(range, inputRange.cidr)) { + result = true; + } + } + + return result; +} diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts new file mode 100644 index 0000000000000..ed8ae62342ded --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts @@ -0,0 +1,382 @@ +/*eslint no-bitwise: ["error", { "allow": ["~", "|", "<<", "&"] }] */ + +import { ISubnet } from 'aws-cdk-lib/aws-ec2'; + +/** + * Return a subnet name from its construct ID + * + * All subnet names look like NAME <> "Subnet" <> INDEX + */ +export function subnetGroupNameFromConstructId(subnet: ISubnet) { + return subnet.node.id.replace(/Subnet\d+$/, ''); +} + +/** + * Make the subnet construct ID from a name and number + */ +export function subnetId(name: string, i: number) { + return `${name}Subnet${i + 1}`; +} + +/** + * Return the union of table IDs from all selected subnets + */ +export function allRouteTableIds(subnets: ISubnet[]): string[] { + const ret = new Set(); + for (const subnet of subnets) { + if (subnet.routeTable && subnet.routeTable.routeTableId) { + ret.add(subnet.routeTable.routeTableId); + } + } + return Array.from(ret); +} + +export function flatten(xs: A[][]): A[] { + return Array.prototype.concat.apply([], xs); +} + +/** + * NetworkUtils contains helpers to work with network constructs (subnets/ranges) + */ +export class NetworkUtils { + + /** + * Validates an IPv4 address string. + * + * @param ipAddress The IPv4 address string to be validated. + * @returns True if the string is a valid IPv4 address, false otherwise. + * Validates an IPv4 string + * + * returns true of the string contains 4 numbers between 0-255 delimited by + * a `.` character + */ + public static validIp(ipAddress: string): boolean { + const octets = ipAddress.split('.'); + if (octets.length !== 4) { + return false; + } + return octets.map((octet: string) => parseInt(octet, 10)). + every((octet: number) => octet >= 0 && octet <= 255); + } + + /** + * Converts a string representation of an IPv4 address to its corresponding numerical value. + * + * Uses the formula: + * (first octet * 256³) + (second octet * 256²) + (third octet * 256) + + * (fourth octet) + * + * @param ipAddress the IP address (e.g. 174.66.173.168) + * @returns the integer value of the IP address (e.g 2923605416) + */ + public static ipToNum(ipAddress: string): number { + if (!this.validIp(ipAddress)) { + throw new Error(`${ipAddress} is not valid`); + } + + return ipAddress + .split('.') + .reduce( + (p: number, c: string, i: number) => p + parseInt(c, 10) * 256 ** (3 - i), + 0, + ); + } + + /** + * Takes number and converts it to IPv4 address string + * + * Takes a number (e.g 2923605416) and converts it to an IPv4 address string + * currently only supports IPv4 + * + * @param ipNum integer value of the IP address (e.g 2923605416) + * @returns IPv4 address (e.g. 174.66.173.168) + */ + public static numToIp(ipNum: number): string { + // this all because bitwise math is signed + let remaining = ipNum; + const address = new Array(); + for (let i = 0; i < 4; i++) { + if (remaining !== 0) { + address.push(Math.floor(remaining / 256 ** (3 - i))); + remaining = remaining % 256 ** (3 - i); + } else { + address.push(0); + } + } + const ipAddress: string = address.join('.'); + if ( !this.validIp(ipAddress) ) { + throw new Error(`${ipAddress} is not a valid IP Address`); + } + return ipAddress; + } +} + +/** + * Exported class from VPC to support subnet filtering + * and CIDR validation + */ +export class CidrBlock { + + /** + * Calculates the netmask for a given CIDR mask + * + * The netmask is a 32-bit binary value used to separate the network portion from the host portion of an IPv4 address. + * It is calculated based on the CIDR prefix length (the number of bits used to represent the network portion). + * + * For example: + * CidrBlock.calculateNetmask(24) returns '255.255.255.0' + * + * @param mask The CIDR prefix length (between 0 and 32) for which to calculate the netmask. + // Calculate the netmask by performing a bitwise NOT on the result of (2^32 - 2^(32 - mask)) + * @returns The netmask string in IPv4 address format. + */ + public static calculateNetmask(mask: number): string { + return NetworkUtils.numToIp(2 ** 32 - 2 ** (32 - mask)); + } + + /** + * Calculates the number IP addresses in a CIDR Mask + * + * For example: + * CidrBlock.calculateNetsize(16) returns 65536 + * + * @param mask The CIDR prefix length (between 0 and 32) for which to calculate the network size. + * CidrBlock.calculateNetsize(24) returns 256 + */ + public static calculateNetsize(mask: number): number { + return 2 ** (32 - mask); + } + + /** + * IP address in the CIDR block. + */ + public readonly cidr: string; + + /* + * The CIDR mask e.g. for CIDR '10.0.0.0/21' returns 21 + */ + public readonly mask: number; + + /* + * The total number of IP addresses in the CIDR + */ + public readonly networkSize: number; + + /* + * The network address provided in CIDR creation offset by the Netsize -1 + */ + private readonly networkAddress: number; + + /* + * Parses either CIDR notation String or two numbers representing the IP + * space + * + * cidr expects a string '10.0.0.0/16' + * ipAddress expects a number + * mask expects a number + * + * If the given `cidr` or `ipAddress` is not the beginning of the block, + * then the next available block will be returned. For example, if + * `10.0.3.1/28` is given the returned block will represent `10.0.3.16/28`. + */ + constructor(cidr: string) + constructor(ipAddress: number, mask: number) + constructor(ipAddressOrCidr: string | number, mask?: number) { + if (typeof ipAddressOrCidr === 'string') { + this.mask = parseInt(ipAddressOrCidr.split('/')[1], 10); + this.networkAddress = NetworkUtils.ipToNum(ipAddressOrCidr.split('/')[0]) + + CidrBlock.calculateNetsize(this.mask) - 1; + } else { + if (typeof mask === 'number') { + this.mask = mask; + } else { + // this should be impossible + this.mask = 16; + } + this.networkAddress = ipAddressOrCidr + CidrBlock.calculateNetsize(this.mask) - 1; + this.networkSize = 2 ** (32 - this.mask); + } + this.networkSize = 2 ** (32 - this.mask); + this.cidr = `${this.minIp()}/${this.mask}`; + } + + /* + * The maximum IP in the CIDR Block e.g. '10.0.8.255' + */ + public maxIp(): string { + // min + (2^(32-mask)) - 1 [zero needs to count] + return NetworkUtils.numToIp(this.maxAddress()); + } + + /* + * Checks if this CIDR block fully contains the provided CIDR block. + * + * @param other The CIDR block to check for containment. + * @returns True if this CIDR block fully contains the provided CIDR block, false otherwise. + * + * The minimum IP in the CIDR Block e.g. '10.0.0.0' + */ + public minIp(): string { + return NetworkUtils.numToIp(this.minAddress()); + } + + /* + * Returns the number representation for the minimum IPv4 address + */ + public minAddress(): number { + const div = this.networkAddress % this.networkSize; + return this.networkAddress - div; + } + + /* + * Returns the number representation for the maximum IPv4 address + */ + public maxAddress(): number { + /** + * The maximum IP address in the CIDR block is calculated as the minimum address + (2^(32-mask)) - 1. + * This is because the minimum address represents the network address, and the maximum address is the broadcast address. + */ + // min + (2^(32-mask)) - 1 [zero needs to count] + return this.minAddress() + this.networkSize - 1; + } + + /* + * Returns the next consecutive CIDR block of the same mask size following this CIDR block. + * + * For example, if this CIDR block is '10.0.0.0/24', the next block would be '10.0.1.0/24'. + * + * Returns the next CIDR Block of the same mask size + */ + public nextBlock(): CidrBlock { + return new CidrBlock(this.maxAddress() + 1, this.mask); + } + + /* + * Returns true if this CidrBlock fully contains the provided CidrBlock + */ + public containsCidr(other: CidrBlock): boolean { + return (this.maxAddress() >= other.maxAddress()) && + (this.minAddress() <= other.minAddress()); + } + + /** + * Checks if two IP address ranges overlap. + * + * @param range1 The first IP address range represented as an array [start, end]. + * @param range2 The second IP address range represented as an array [start, end]. + * @returns True if the two IP address ranges overlap, false otherwise. + * + * Note: This method assumes that the start and end addresses are valid IPv4 addresses. + */ + public rangesOverlap(range1: [string, string], range2: [string, string]): boolean { + const [start1, end1] = range1; + const [start2, end2] = range2; + + // Check if ranges overlap + return start1 <= end2 && start2 <= end1; + } + +} + +/** + * Class with helper functions to support + * Subnet Ipv6 Address Validation + * + * This class provides methods for working with IPv6 CIDR blocks, including calculating the minimum and maximum + * IP addresses in a CIDR block, and checking if two CIDR blocks overlap. + */ +export class CidrBlockIpv6 { + + /** + * Ipv6 CIDR range + */ + public cidr: string; + /** + * The CIDR prefix length (number of bits used for the network portion of the address). + */ + public cidrPrefix: number; + private ipParts: bigint[]; + private networkBits: number; + private networkPart: bigint[]; + + constructor(cidr: string) { + this.cidr = cidr; + const [ipAddress, prefix] = cidr.split('/'); + this.cidrPrefix = parseInt(prefix, 10); + this.ipParts = this.parseBigIntParts(ipAddress); + this.networkBits = this.cidrPrefix; + this.networkPart = this.ipParts.slice(0, Math.ceil(this.networkBits / 16)); + } + + private parseBigIntParts(ipAddress: string): bigint[] { + return ipAddress.split(':').map((part) => BigInt(`0x${part.padStart(4, '0')}` || '0')); + } + + /** + * @returns Minimum IPv6 address for a provided CIDR + */ + public minIp(): string { + const startIP = [...this.networkPart]; + for (let i = this.networkPart.length; i < 8; i++) { + startIP.push(BigInt(0)); + } + return startIP.map(this.formatIPv6Part).join(':'); + } + + /** + * @returns Maximum IPv6 address for a provided CIDR + */ + public maxIp(): string { + const endIP = [...this.networkPart]; + const hostPart = Array(8 - this.networkPart.length).fill(BigInt(0xffff)); + endIP.push(...hostPart); + + return endIP.map(this.formatIPv6Part).join(':'); + } + + private formatIPv6Part = (part: bigint) => part.toString(16).padStart(4, '0'); + + /** + * + * @param range1 Ipv6 CIDR range to compare + * @param range2 Ipv6 CIDR range to compare + * @returns true if two ranges overlap, false otherwise + */ + public rangesOverlap(range1: string, range2: string): boolean { + const [start1, end1] = this.getIPv6Range(range1); + const [start2, end2] = this.getIPv6Range(range2); + + return (start1 <= end2) && (start2 <= end1); + } + + /** + * + * @param cidr + * @returns Range in the from of big int number [start, end] + */ + private getIPv6Range(cidr: string): [bigint, bigint] { + const [ipv6Address, prefixLength] = cidr.split('/'); + const ipv6Number = this.ipv6ToNumber(ipv6Address); + const mask = (BigInt(1) << BigInt(128 - Number(prefixLength))) - BigInt(1); + const networkPrefix = ipv6Number & ~mask; + const start = networkPrefix; + const end = networkPrefix | mask; + + return [start, end]; + } + + /** + * @param ipv6Address + * @returns Converts given ipv6 address range to big int number + */ + private ipv6ToNumber(ipv6Address: string): bigint { + const blocks = this.parseBigIntParts(ipv6Address); + let ipv6Number = BigInt(0); + for (const block of blocks) { + /* tslint:disable:no-bitwise */ + ipv6Number = (ipv6Number << BigInt(16)) + block; + } + return ipv6Number; + } +} + diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts new file mode 100644 index 0000000000000..1be8c35744356 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -0,0 +1,368 @@ +import { Resource, Annotations } from 'aws-cdk-lib'; +import { IVpc, ISubnet, SubnetSelection, SelectedSubnets, EnableVpnGatewayOptions, VpnGateway, VpnConnectionType, CfnVPCGatewayAttachment, CfnVPNGatewayRoutePropagation, VpnConnectionOptions, VpnConnection, ClientVpnEndpointOptions, ClientVpnEndpoint, InterfaceVpcEndpointOptions, InterfaceVpcEndpoint, GatewayVpcEndpointOptions, GatewayVpcEndpoint, FlowLogOptions, FlowLog, FlowLogResourceType, SubnetType, SubnetFilter, CfnVPCCidrBlock } from 'aws-cdk-lib/aws-ec2'; +import { allRouteTableIds, flatten, subnetGroupNameFromConstructId } from './util'; +import { IDependable, Dependable, IConstruct } from 'constructs'; + +/** + * Placeholder to see what extra props we might need, + * will be added to original IVPC + */ +export interface IVpcV2 extends IVpc { + /** + * The secondary CIDR blocks associated with the VPC. + * + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. + */ + readonly secondaryCidrBlock: CfnVPCCidrBlock[]; + + /** + * The primary IPv4 CIDR block associated with the VPC. + * Needed in order to validate the vpc range of subnet + * current prop vpcCidrBlock refers to the token value + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}. + */ + readonly ipv4CidrBlock: string; + +} + +/** + * Base class for creating a VPC (Virtual Private Cloud) in AWS. + * + * For more information, see the {@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html|AWS CDK Documentation on VPCs}. + */ +export abstract class VpcV2Base extends Resource implements IVpcV2 { + + /** + * Identifier for this VPC + */ + public abstract readonly vpcId: string; + + /** + * Arn of this VPC + */ + public abstract readonly vpcArn: string; + + /** + * CIDR range for this VPC + */ + public abstract readonly vpcCidrBlock: string; + + /** + * List of public subnets in this VPC + */ + public readonly publicSubnets: ISubnet[] = []; + + /** + * List of private subnets in this VPC + */ + public readonly privateSubnets: ISubnet[] = []; + + /** + * List of isolated subnets in this VPC + */ + public abstract readonly isolatedSubnets: ISubnet[]; + + /** + * AZs for this VPC + */ + public readonly availabilityZones: string[] = []; + + /** + * Dependable that can be depended upon to force internet connectivity established on the VPC + */ + public abstract readonly internetConnectivityEstablished: IDependable; + + /** + * Secondary IPs for the VPC, can be multiple Ipv4 or Ipv6 + * Ipv4 should be within RFC#1918 range + */ + public abstract readonly secondaryCidrBlock: CfnVPCCidrBlock[]; + + /** + * The primary IPv4 CIDR block associated with the VPC. + * Needed in order to validate the vpc range of subnet + * current prop vpcCidrBlock refers to the token value + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}. + */ + public abstract readonly ipv4CidrBlock: string; + + /** + * If this is set to true, don't error out on trying to select subnets + */ + protected incompleteSubnetDefinition: boolean = false; + + /** + * Mutable private field for the vpnGatewayId + * + * @internal + */ + protected _vpnGatewayId?: string; + + /** + * Return information on the subnets appropriate for the given selection strategy + * + * Requires that at least one subnet is matched, throws a descriptive + * error message otherwise. + */ + public selectSubnets(selection: SubnetSelection = {}): SelectedSubnets { + const subnets = this.selectSubnetObjects(selection); + const pubs = new Set(this.publicSubnets); + + return { + subnetIds: subnets.map(s => s.subnetId), + get availabilityZones(): string[] { return subnets.map(s => s.availabilityZone); }, + internetConnectivityEstablished: tap(new CompositeDependable(), d => subnets.forEach(s => d.add(s.internetConnectivityEstablished))), + subnets, + hasPublic: subnets.some(s => pubs.has(s)), + isPendingLookup: this.incompleteSubnetDefinition, + }; + } + + /** + * Adds a VPN Gateway to this VPC + */ + public enableVpnGateway(options: EnableVpnGatewayOptions): void { + if (this.vpnGatewayId) { + throw new Error('The VPN Gateway has already been enabled.'); + } + + const vpnGateway = new VpnGateway(this, 'VpnGateway', { + amazonSideAsn: options.amazonSideAsn, + type: VpnConnectionType.IPSEC_1, + }); + + this._vpnGatewayId = vpnGateway.gatewayId; + + const attachment = new CfnVPCGatewayAttachment(this, 'VPCVPNGW', { + vpcId: this.vpcId, + vpnGatewayId: this._vpnGatewayId, + }); + + // Propagate routes on route tables associated with the right subnets + const vpnRoutePropagation = options.vpnRoutePropagation ?? [{}]; + const routeTableIds = allRouteTableIds(flatten(vpnRoutePropagation.map(s => this.selectSubnets(s).subnets))); + + if (routeTableIds.length === 0) { + Annotations.of(this).addError(`enableVpnGateway: no subnets matching selection: '${JSON.stringify(vpnRoutePropagation)}'. Select other subnets to add routes to.`); + } + + const routePropagation = new CfnVPNGatewayRoutePropagation(this, 'RoutePropagation', { + routeTableIds, + vpnGatewayId: this._vpnGatewayId, + }); + // The AWS::EC2::VPNGatewayRoutePropagation resource cannot use the VPN gateway + // until it has successfully attached to the VPC. + // See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-gatewayrouteprop.html + routePropagation.node.addDependency(attachment); + } + + /** + * Adds a new VPN connection to this VPC + */ + public addVpnConnection(id: string, options: VpnConnectionOptions): VpnConnection { + return new VpnConnection(this, id, { + vpc: this, + ...options, + }); + } + + /** + * Adds a new client VPN endpoint to this VPC + */ + public addClientVpnEndpoint(id: string, options: ClientVpnEndpointOptions): ClientVpnEndpoint { + return new ClientVpnEndpoint(this, id, { + ...options, + vpc: this, + }); + } + + /** + * Adds a new interface endpoint to this VPC + */ + public addInterfaceEndpoint(id: string, options: InterfaceVpcEndpointOptions): InterfaceVpcEndpoint { + return new InterfaceVpcEndpoint(this, id, { + vpc: this, + ...options, + }); + } + + /** + * Adds a new gateway endpoint to this VPC + */ + public addGatewayEndpoint(id: string, options: GatewayVpcEndpointOptions): GatewayVpcEndpoint { + return new GatewayVpcEndpoint(this, id, { + vpc: this, + ...options, + }); + } + + /** + * Adds a new flow log to this VPC + */ + public addFlowLog(id: string, options?: FlowLogOptions): FlowLog { + return new FlowLog(this, id, { + resourceType: FlowLogResourceType.fromVpc(this), + ...options, + }); + } + + /** + * Returns the id of the VPN Gateway (if enabled) + */ + public get vpnGatewayId(): string | undefined { + return this._vpnGatewayId; + } + + /** + * Return the subnets appropriate for the placement strategy + */ + protected selectSubnetObjects(selection: SubnetSelection = {}): ISubnet[] { + selection = this.reifySelectionDefaults(selection); + + if (selection.subnets !== undefined) { + return selection.subnets; + } + + let subnets; + + if (selection.subnetGroupName !== undefined) { // Select by name + subnets = this.selectSubnetObjectsByName(selection.subnetGroupName); + + } else { // Or specify by type + const type = selection.subnetType || SubnetType.PRIVATE_WITH_EGRESS; + subnets = this.selectSubnetObjectsByType(type); + } + + // Apply all the filters + subnets = this.applySubnetFilters(subnets, selection.subnetFilters ?? []); + + return subnets; + } + + private applySubnetFilters(subnets: ISubnet[], filters: SubnetFilter[]): ISubnet[] { + let filtered = subnets; + // Apply each filter in sequence + for (const filter of filters) { + filtered = filter.selectSubnets(filtered); + } + return filtered; + } + + private selectSubnetObjectsByName(groupName: string) { + const allSubnets = [...this.publicSubnets, ...this.privateSubnets, ...this.isolatedSubnets]; + const subnets = allSubnets.filter(s => subnetGroupNameFromConstructId(s) === groupName); + + if (subnets.length === 0 && !this.incompleteSubnetDefinition) { + const names = Array.from(new Set(allSubnets.map(subnetGroupNameFromConstructId))); + throw new Error(`There are no subnet groups with name '${groupName}' in this VPC. Available names: ${names}`); + } + + return subnets; + } + + private selectSubnetObjectsByType(subnetType: SubnetType) { + const allSubnets = { + [SubnetType.PRIVATE_ISOLATED]: this.isolatedSubnets, + [SubnetType.ISOLATED]: this.isolatedSubnets, + [SubnetType.PRIVATE_WITH_NAT]: this.privateSubnets, + [SubnetType.PRIVATE_WITH_EGRESS]: this.privateSubnets, + [SubnetType.PRIVATE]: this.privateSubnets, + [SubnetType.PUBLIC]: this.publicSubnets, + }; + + const subnets = allSubnets[subnetType]; + + // Force merge conflict here with https://github.com/aws/aws-cdk/pull/4089 + // see ImportedVpc + + if (subnets.length === 0 && !this.incompleteSubnetDefinition) { + const availableTypes = Object.entries(allSubnets).filter(([_, subs]) => subs.length > 0).map(([typeName, _]) => typeName); + throw new Error(`There are no '${subnetType}' subnet groups in this VPC. Available types: ${availableTypes}`); + } + + return subnets; + } + + /** + * Validate the fields in a SubnetSelection object, and reify defaults if necessary + * + * In case of default selection, select the first type of PRIVATE, ISOLATED, + * PUBLIC (in that order) that has any subnets. + */ + private reifySelectionDefaults(placement: SubnetSelection): SubnetSelection { + + // TODO: throw error as new VpcV2 cannot support subnetName or subnetGroupName anymore + if (placement.subnetName !== undefined) { + if (placement.subnetGroupName !== undefined) { + throw new Error('Please use only \'subnetGroupName\' (\'subnetName\' is deprecated and has the same behavior)'); + } else { + Annotations.of(this).addWarningV2('@aws-cdk/aws-ec2:subnetNameDeprecated', 'Usage of \'subnetName\' in SubnetSelection is deprecated, use \'subnetGroupName\' instead'); + } + placement = { ...placement, subnetGroupName: placement.subnetName }; + } + + const exclusiveSelections: Array = ['subnets', 'subnetType', 'subnetGroupName']; + const providedSelections = exclusiveSelections.filter(key => placement[key] !== undefined); + if (providedSelections.length > 1) { + throw new Error(`Only one of '${providedSelections}' can be supplied to subnet selection.`); + } + + if (placement.subnetType === undefined && placement.subnetGroupName === undefined && placement.subnets === undefined) { + // Return default subnet type based on subnets that actually exist + let subnetType = this.privateSubnets.length + ? SubnetType.PRIVATE_WITH_EGRESS : this.isolatedSubnets.length ? SubnetType.PRIVATE_ISOLATED : SubnetType.PUBLIC; + placement = { ...placement, subnetType: subnetType }; + } + + // Establish which subnet filters are going to be used + let subnetFilters = placement.subnetFilters ?? []; + + // Backwards compatibility with existing `availabilityZones` and `onePerAz` functionality + if (placement.availabilityZones !== undefined) { // Filter by AZs, if specified + subnetFilters.push(SubnetFilter.availabilityZones(placement.availabilityZones)); + } + if (!!placement.onePerAz) { // Ensure one per AZ if specified + subnetFilters.push(SubnetFilter.onePerAz()); + } + + // Overwrite the provided placement filters and remove the availabilityZones and onePerAz properties + placement = { ...placement, subnetFilters: subnetFilters, availabilityZones: undefined, onePerAz: undefined }; + const { availabilityZones, onePerAz, ...rest } = placement; + + return rest; + } + +} + +class CompositeDependable implements IDependable { + private readonly dependables = new Array(); + + constructor() { + const self = this; + Dependable.implement(this, { + get dependencyRoots() { + const ret = new Array(); + for (const dep of self.dependables) { + ret.push(...Dependable.of(dep).dependencyRoots); + } + return ret; + }, + }); + } + + /** + * Add a construct to the dependency roots + */ + public add(dep: IDependable) { + this.dependables.push(dep); + } +} + +/** +* Invoke a function on a value (for its side effect) and return the value +*/ +function tap(x: T, fn: (x: T) => void): T { + fn(x); + return x; + +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts new file mode 100644 index 0000000000000..76fc7c654921b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -0,0 +1,487 @@ +import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet } from 'aws-cdk-lib/aws-ec2'; +import { Arn, CfnResource, Lazy, Names } from 'aws-cdk-lib/core'; +import { Construct, DependencyGroup, IDependable } from 'constructs'; +import { IpamOptions, IIpamPool } from './ipam'; +import { VpcV2Base } from './vpc-v2-base'; + +/** + * Additional props needed for secondary Address + */ +export interface SecondaryAddressProps { + /** + * Required to set Secondary cidr block resource name + * in order to generate unique logical id for the resource. + */ + readonly cidrBlockName: string; +} + +/** + * IpAddress options to define VPC V2 + */ +export class IpAddresses { + + /** + * An IPv4 CIDR Range + */ + public static ipv4(ipv4Cidr: string, props?: SecondaryAddressProps): IIpAddresses { + return new ipv4CidrAllocation(ipv4Cidr, props); + } + + /** + * An Ipv4 Ipam Pool + */ + public static ipv4Ipam(ipv4IpamOptions: IpamOptions): IIpAddresses { + return new IpamIpv4(ipv4IpamOptions); + } + + /** + * An Ipv6 Ipam Pool + */ + public static ipv6Ipam(ipv6IpamOptions: IpamOptions): IIpAddresses { + return new IpamIpv6(ipv6IpamOptions); + } + + /** + * Amazon Provided Ipv6 range + */ + public static amazonProvidedIpv6(props: SecondaryAddressProps) : IIpAddresses { + return new AmazonProvided(props); + } +} + +/** + * Consolidated return parameters to pass to VPC construct + */ +export interface VpcCidrOptions { + + /** + * IPv4 CIDR Block + * @default - '10.0.0.0/16' + */ + readonly ipv4CidrBlock?: string; + + /** + * CIDR Mask for Vpc + * + * @default - Only required when using IPAM Ipv4 + */ + readonly ipv4NetmaskLength?: number; + + /** + * Ipv4 IPAM Pool + * + * @default - Only required when using IPAM Ipv4 + */ + readonly ipv4IpamPool?: IIpamPool; + + /** + * Implementing Ipv6 + * @default - No ipv6 address + */ + readonly ipv6CidrBlock?: string; + + /** + * CIDR Mask for Vpc + * + * @default - Only required when using AWS Ipam + */ + readonly ipv6NetmaskLength?: number; + + /** + * Ipv6 IPAM pool id for VPC range, can only be defined + * under public scope + * + * @default - no pool id + */ + readonly ipv6IpamPool?: IIpamPool; + + /** + * Use amazon provided IP range + * @default false + */ + readonly amazonProvided?: boolean; + + /** + * Dependency to associate Ipv6 CIDR block + * @default - No dependency + */ + readonly dependencies?: CfnResource[]; + + /** + * Required to set Secondary cidr block resource name + * in order to generate unique logical id for the resource. + * @default : no name for primary addresses + */ + readonly cidrBlockName?: string; +} + +/** + * Implements ip address allocation according to the IPAdress type + */ +export interface IIpAddresses { + + /** + * Method to define the implementation logic of + * IP address allocation + */ + allocateVpcCidr() : VpcCidrOptions; + +} + +/** + * Properties to define VPC + * [disable-awslint:from-method] + */ +export interface VpcV2Props { + + /** A must IPv4 CIDR block for the VPC + * https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html + * @default - Ipv4 CIDR Block ('10.0.0.0/16') + */ + readonly primaryAddressBlock?: IIpAddresses; + + /** + * The secondary CIDR blocks associated with the VPC. + * Can be IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. + * @default - No secondary IP address + */ + readonly secondaryAddressBlocks?: IIpAddresses[]; + + /** + * Indicates whether the instances launched in the VPC get DNS hostnames + * @default true + */ + readonly enableDnsHostnames?: boolean; + + /** + * Indicates whether the DNS resolution is supported for the VPC. + * @default true + */ + readonly enableDnsSupport?: boolean; + + /** + * The default tenancy of instances launched into the VPC. + * + * By setting this to dedicated tenancy, instances will be launched on + * hardware dedicated to a single AWS customer, unless specifically specified + * at instance launch time. Please note, not all instance types are usable + * with Dedicated tenancy. + * + * @default DefaultInstanceTenancy.Default (shared) tenancy + */ + readonly defaultInstanceTenancy?: DefaultInstanceTenancy; + + /** + * Physical name for the VPC + * @default: autogenerated by CDK + */ + readonly vpcName?: string; +} + +/** + * This class provides a foundation for creating and configuring a VPC with advanced features such as IPAM (IP Address Management) and IPv6 support. + * + * For more information, see the {@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html|AWS CDK Documentation on VPCs}. + * + * @resource AWS::EC2::VPC + */ +export class VpcV2 extends VpcV2Base { + + /** + * Identifier for this VPC + */ + public readonly vpcId: string; + + /** + * @attribute + */ + public readonly vpcArn: string; + + /** + * @attribute + */ + public readonly vpcCidrBlock: string; + /** + * The IPv6 CIDR blocks for the VPC. + * + * See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html#aws-resource-ec2-vpc-return-values + */ + public readonly ipv6CidrBlocks: string[]; + + /** + * The provider of ipv4 addresses + */ + public readonly ipAddresses: IIpAddresses; + + /** + * The AWS CloudFormation resource representing the VPC. + */ + public readonly resource: CfnVPC; + + /** + * Indicates if instances launched in this VPC will have public DNS hostnames. + */ + public readonly dnsHostnamesEnabled: boolean; + + /** + * Indicates if DNS support is enabled for this VPC. + */ + public readonly dnsSupportEnabled: boolean; + + /** + * Isolated Subnets that are part of this VPC. + */ + public readonly isolatedSubnets: ISubnet[]; + + /** + * Public Subnets that are part of this VPC. + */ + public readonly publicSubnets: ISubnet[]; + + /** + * Pbulic Subnets that are part of this VPC. + */ + public readonly privateSubnets: ISubnet[]; + + /** + * To define dependency on internet connectivity + */ + public readonly internetConnectivityEstablished: IDependable; + + /** + * To define dependency on internet connectivity + */ + private readonly _internetConnectivityEstablished = new DependencyGroup(); + + /** + * reference to all secondary blocks attached + */ + public readonly secondaryCidrBlock = new Array; + + /** + * For validation to define IPv6 subnets, set to true in case of + * Amazon Provided IPv6 cidr range + * IPv6 addresses can be attached to the subnets + * @default false + */ + public readonly useIpv6: boolean = false; + + public readonly ipv4CidrBlock: string = ''; + + constructor(scope: Construct, id: string, props: VpcV2Props = {}) { + super(scope, id, { + physicalName: props.vpcName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 128, allowedSpecialCharacters: '_' }), + }), + }); + + this.ipAddresses = props.primaryAddressBlock ?? IpAddresses.ipv4('10.0.0.0/16'); + const vpcOptions = this.ipAddresses.allocateVpcCidr(); + + this.dnsHostnamesEnabled = props.enableDnsHostnames == null ? true : props.enableDnsHostnames; + this.dnsSupportEnabled = props.enableDnsSupport == null ? true : props.enableDnsSupport; + const instanceTenancy = props.defaultInstanceTenancy || 'default'; + this.resource = new CfnVPC(this, 'Resource', { + cidrBlock: vpcOptions.ipv4CidrBlock, //for Ipv4 addresses CIDR block + enableDnsHostnames: this.dnsHostnamesEnabled, + enableDnsSupport: this.dnsSupportEnabled, + ipv4IpamPoolId: vpcOptions.ipv4IpamPool?.ipamPoolId, // for Ipv4 ipam option + ipv4NetmaskLength: vpcOptions.ipv4NetmaskLength, // for Ipv4 ipam option + instanceTenancy: instanceTenancy, + }); + + this.node.defaultChild = this.resource; + this.vpcCidrBlock = this.resource.attrCidrBlock; + if (vpcOptions.ipv4CidrBlock) { + this.ipv4CidrBlock = vpcOptions.ipv4CidrBlock; + } + this.ipv6CidrBlocks = this.resource.attrIpv6CidrBlocks; + this.vpcId = this.resource.attrVpcId; + this.vpcArn = Arn.format({ + service: 'ec2', + resource: 'vpc', + resourceName: this.vpcId, + }, this.stack); + + if (props.secondaryAddressBlocks) { + const secondaryAddressBlocks: IIpAddresses[] = props.secondaryAddressBlocks; + + for (const secondaryAddressBlock of secondaryAddressBlocks) { + + const secondaryVpcOptions: VpcCidrOptions = secondaryAddressBlock.allocateVpcCidr(); + if (!secondaryVpcOptions.cidrBlockName) { + throw new Error('Cidr Block Name is required to create secondary IP address'); + } + + if (secondaryVpcOptions.amazonProvided || secondaryVpcOptions.ipv6IpamPool) { + this.useIpv6 = true; + } + //validate CIDR ranges per RFC 1918 + if (secondaryVpcOptions.ipv4CidrBlock!) { + const ret = validateIpv4address(secondaryVpcOptions.ipv4CidrBlock, this.resource.cidrBlock); + if (ret === false) { + throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); + } + } + const cfnVpcCidrBlock = new CfnVPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { + vpcId: this.vpcId, + cidrBlock: secondaryVpcOptions.ipv4CidrBlock, + ipv4IpamPoolId: secondaryVpcOptions.ipv4IpamPool?.ipamPoolId, + ipv4NetmaskLength: secondaryVpcOptions.ipv4NetmaskLength, + ipv6NetmaskLength: secondaryVpcOptions.ipv6NetmaskLength, + ipv6IpamPoolId: secondaryVpcOptions.ipv6IpamPool?.ipamPoolId, + amazonProvidedIpv6CidrBlock: secondaryVpcOptions.amazonProvided, + }); + if (secondaryVpcOptions.dependencies) { + for (const dep of secondaryVpcOptions.dependencies) { + cfnVpcCidrBlock.addDependency(dep); + } + } + //Create secondary blocks for Ipv4 and Ipv6 + this.secondaryCidrBlock.push(cfnVpcCidrBlock); + } + } + + /** + * Empty array for isolated subnets + */ + this.isolatedSubnets = new Array; + + /** + * Empty array for public subnets + */ + this.publicSubnets = new Array; + + /** + * Empty array for private subnets + */ + this.privateSubnets = new Array; + + /** + * Dependable that can be depended upon to force internet connectivity established on the VPC + * Add igw to this if its a public subnet + */ + this.internetConnectivityEstablished = this._internetConnectivityEstablished; + } +} +/** + * Supports assigning IPv4 address to VPC + */ +class ipv4CidrAllocation implements IIpAddresses { + + constructor(private readonly cidrBlock: string, private readonly props?: { cidrBlockName: string}) { + } + + /** + * @returns CIDR block provided by the user to set IPv4 + */ + allocateVpcCidr(): VpcCidrOptions { + return { + ipv4CidrBlock: this.cidrBlock, + cidrBlockName: this.props?.cidrBlockName, + }; + } +} + +/** + * Supports Amazon Provided Ipv6 ranges + */ +class AmazonProvided implements IIpAddresses { + /** + * Represents an Amazon-provided IPv6 CIDR range for a VPC. + * + * This class implements the IIpAddresses interface and is used to allocate an Amazon-provided + * IPv6 CIDR range for a VPC. When an instance of this class is used to allocate the VPC CIDR, + * Amazon will automatically assign an IPv6 CIDR range from its pool of available addresses. + */ + + constructor(private readonly props: { cidrBlockName: string}) {}; + + allocateVpcCidr(): VpcCidrOptions { + return { + amazonProvided: true, + cidrBlockName: this.props.cidrBlockName, + }; + } + +} + +/** + * Represents an IPv4 address range managed by AWS IP Address Manager (IPAM). + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html + */ +class IpamIpv6 implements IIpAddresses { + + constructor(private readonly props: IpamOptions) { + } + + allocateVpcCidr(): VpcCidrOptions { + return { + ipv6NetmaskLength: this.props.netmaskLength, + ipv6IpamPool: this.props.ipamPool, + dependencies: this.props.ipamPool?.ipamCidrs.map(c => c as CfnResource), + cidrBlockName: this.props.cidrBlockName, + }; + } +} + +/** + * Represents an IPv4 address range managed by AWS IP Address Manager (IPAM). + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html + */ +class IpamIpv4 implements IIpAddresses { + + constructor(private readonly props: IpamOptions) { + } + allocateVpcCidr(): VpcCidrOptions { + + return { + ipv4NetmaskLength: this.props.netmaskLength, + ipv4IpamPool: this.props.ipamPool, + cidrBlockName: this.props?.cidrBlockName, + }; + } +} + +//@internal First two Octet to verify RFC 1918 +interface IPaddressConfig { + octet1: number; + octet2: number; +} + +/** + * Validates whether a secondary IPv4 address is within the same private IP address range as the primary IPv4 address. + * + * @param cidr1 The secondary IPv4 CIDR block to be validated. + * @param cidr2 The primary IPv4 CIDR block to validate against. + * @returns True if the secondary IPv4 CIDR block is within the same private IP address range as the primary IPv4 CIDR block, false otherwise. + * @internal + * The private IP address ranges are defined by RFC 1918 as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. + */ +function validateIpv4address(cidr1?: string, cidr2?: string): boolean { + if (!cidr1 || !cidr2) { + return false; // Handle cases where CIDR ranges are not provided + } + + const octetsCidr1: number[] = cidr1.split('.').map(octet => parseInt(octet, 10)); + const octetsCidr2: number[] = cidr2.split('.').map(octet => parseInt(octet, 10)); + + if (octetsCidr1.length !== 4 || octetsCidr2.length !== 4) { + return false; // Handle invalid CIDR ranges + } + + const ip1: IPaddressConfig = { + octet1: octetsCidr1[0], + octet2: octetsCidr1[1], + }; + + const ip2: IPaddressConfig = { + octet1: octetsCidr2[0], + octet2: octetsCidr2[1], + }; + + return (ip1.octet1 === 10 && ip2.octet1 === 10) || + (ip1.octet1 === 192 && ip1.octet2 === 168 && ip2.octet1 === 192 && ip2.octet2 === 168) || + (ip1.octet1 === 172 && ip1.octet2 === 16 && ip2.octet1 === 172 && ip2.octet2 === 16); // CIDR ranges belong to same private IP address ranges +} \ No newline at end of file diff --git a/packages/@aws-cdk/cloud-assembly-schema/package.json b/packages/@aws-cdk/aws-ec2-alpha/package.json similarity index 52% rename from packages/@aws-cdk/cloud-assembly-schema/package.json rename to packages/@aws-cdk/aws-ec2-alpha/package.json index 0a05241153b84..be679d1fa77c6 100644 --- a/packages/@aws-cdk/cloud-assembly-schema/package.json +++ b/packages/@aws-cdk/aws-ec2-alpha/package.json @@ -1,78 +1,75 @@ { - "name": "@aws-cdk/cloud-assembly-schema", + "name": "@aws-cdk/aws-ec2-alpha", + "private": true, "version": "0.0.0", - "description": "Cloud Assembly Schema", + "description": "The CDK construct library for VPC V2", "main": "lib/index.js", "types": "lib/index.d.ts", - "nx": { - "targets": { - "build": { - "outputs": [ - "{projectRoot}/**/*.js", - "{projectRoot}/**/*.d.ts", - "{projectRoot}/.jsii", - "{projectRoot}/.warnings.jsii.js", - "{projectRoot}/.gitignore", - "{projectRoot}/tsconfig.json", - "{projectRoot}/schema/**/*", - "{projectRoot}/README.md", - "{projectRoot}/rosetta", - "!{projectRoot}/node_modules/**/*" - ] - } - } - }, "jsii": { - "excludeTypescript": [ - "**/test/**/*.ts" - ], "outdir": "dist", "targets": { "java": { - "package": "software.amazon.awscdk.cloudassembly.schema", + "package": "software.amazon.awscdk.services.ec2.alpha", "maven": { "groupId": "software.amazon.awscdk", - "artifactId": "cdk-cloud-assembly-schema" + "artifactId": "ec2-alpha" } }, "dotnet": { - "namespace": "Amazon.CDK.CloudAssembly.Schema", - "packageId": "Amazon.CDK.CloudAssembly.Schema", + "namespace": "Amazon.CDK.AWS.ec2.Alpha", + "packageId": "Amazon.CDK.AWS.ec2.Alpha", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png" }, "python": { - "distName": "aws-cdk.cloud-assembly-schema", - "module": "aws_cdk.cloud_assembly_schema", + "distName": "aws-cdk.aws-ec2-alpha", + "module": "aws_cdk.aws_ec2_alpha", "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 2" ] + }, + "go": { + "moduleName": "github.com/aws/aws-cdk-go", + "packageName": "awsec2alpha" } }, "projectReferences": true, "metadata": { "jsii": { "rosetta": { - "strict": false + "strict": true } } } }, + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "packages/@aws-cdk/aws-ec2-alpha" + }, "scripts": { - "build": "cdk-build --skip-lint", - "gen": "cdk-copy cloud-assembly-schema", + "build": "cdk-build", "watch": "cdk-watch", + "lint": "cdk-lint", "test": "cdk-test", + "integ": "integ-runner --language javascript", "pkglint": "pkglint -f", - "package": "cdk-package", "awslint": "cdk-awslint", - "build+test+package": "yarn build+test && yarn package", + "package": "cdk-package", "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", "compat": "cdk-compat", "rosetta:extract": "yarn --silent jsii-rosetta extract", "build+extract": "yarn build && yarn rosetta:extract", "build+test+extract": "yarn build+test && yarn rosetta:extract" }, + "keywords": [ + "aws", + "cdk", + "example", + "construct", + "library" + ], "author": { "name": "Amazon Web Services", "url": "https://aws.amazon.com", @@ -81,42 +78,30 @@ "license": "Apache-2.0", "devDependencies": { "@aws-cdk/cdk-build-tools": "0.0.0", + "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests-alpha": "^0.0.0", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.12", - "@types/mock-fs": "^4.13.4", - "@types/semver": "^7.5.8", "aws-cdk-lib": "0.0.0", - "jest": "^29.7.0", - "mock-fs": "^4.14.0", - "typescript-json-schema": "^0.64.0" - }, - "repository": { - "url": "https://github.com/aws/aws-cdk.git", - "type": "git", - "directory": "packages/@aws-cdk/cloud-assembly-schema" + "jest": "^29.7.0" }, - "keywords": [ - "aws", - "cdk" - ], "homepage": "https://github.com/aws/aws-cdk", - "bundledDependencies": [ - "jsonschema", - "semver" - ], + "peerDependencies": { + "aws-cdk-lib": "^0.0.0", + "constructs": "^10.0.0" + }, + "separate-module": false, "engines": { "node": ">= 14.15.0" }, - "stability": "stable", - "dependencies": { - "jsonschema": "^1.4.1", - "semver": "^7.6.2" - }, + "stability": "experimental", + "maturity": "experimental", "awscdkio": { "announce": false }, - "maturity": "stable", - "publishConfig": { - "tag": "latest" + "cdk-build": { + "env": { + "AWSLINT_BASE_CONSTRUCT": true + } } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json new file mode 100644 index 0000000000000..f61a2717f93a6 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "b3d06cef480a17aaf78379d18a13893141f2d689a23bcbbcf34b284e77752b0f": { + "source": { + "path": "aws-cdk-routev2-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b3d06cef480a17aaf78379d18a13893141f2d689a23bcbbcf34b284e77752b0f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json new file mode 100644 index 0000000000000..140f9ebf102e0 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json @@ -0,0 +1,115 @@ +{ + "Resources": { + "defaultC974F9E3": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "defaultAmazonIpv6C7A4D665": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "defaultSubnetDFB3A3B6": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "defaultC974F9E3", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + }, + "DependsOn": [ + "defaultAmazonIpv6C7A4D665" + ] + }, + "defaultSubnetRouteTableAssociationF1D85D29": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "defaultSubnetDFB3A3B6" + } + }, + "DependsOn": [ + "defaultAmazonIpv6C7A4D665" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json new file mode 100644 index 0000000000000..b9734dc366438 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "7711ae87a96bcf4e738e5904b6071f21ac59ee14247c420b0bf33d20a87348a3": { + "source": { + "path": "aws-cdk-routev2-dynamodbendpoint-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7711ae87a96bcf4e738e5904b6071f21ac59ee14247c420b0bf33d20a87348a3.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json new file mode 100644 index 0000000000000..1fc8a4ff1bbe3 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json @@ -0,0 +1,147 @@ +{ + "Resources": { + "dynamodbC0A56799": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "dynamodbAmazonIpv6698EF571": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "dynamodbSubnet81957A26": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + }, + "DependsOn": [ + "dynamodbAmazonIpv6698EF571" + ] + }, + "dynamodbSubnetRouteTableAssociationC38B30F3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "dynamodbSubnet81957A26" + } + }, + "DependsOn": [ + "dynamodbAmazonIpv6698EF571" + ] + }, + "testDynamoEndpoint03D5BDE5": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "RouteTableIds": [ + { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + ], + "ServiceName": { + "Fn::Join": [ + "", + [ + "com.amazonaws.", + { + "Ref": "AWS::Region" + }, + ".dynamodb" + ] + ] + }, + "VpcEndpointType": "Gateway", + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json new file mode 100644 index 0000000000000..b27c0c57931d5 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "6cd56bb964ed1f90f0206d705f085aef381173834b50d5ba372fa2185156d51d": { + "source": { + "path": "aws-cdk-routev2-egressonlyigw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "6cd56bb964ed1f90f0206d705f085aef381173834b50d5ba372fa2185156d51d.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json new file mode 100644 index 0000000000000..1c4d9adad8e08 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json @@ -0,0 +1,134 @@ +{ + "Resources": { + "eigwC0F094EF": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "eigwAmazonIpv69E78211F": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "eigwSubnetCC28B9F9": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + }, + "DependsOn": [ + "eigwAmazonIpv69E78211F" + ] + }, + "eigwSubnetRouteTableAssociation887F4A97": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "eigwSubnetCC28B9F9" + } + }, + "DependsOn": [ + "eigwAmazonIpv69E78211F" + ] + }, + "testEOIGWEIGW54CCAD37": { + "Type": "AWS::EC2::EgressOnlyInternetGateway", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "testEIGWRouteEB4FE8D5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "EgressOnlyInternetGatewayId": { + "Fn::GetAtt": [ + "testEOIGWEIGW54CCAD37", + "Id" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json new file mode 100644 index 0000000000000..677f15417b1ed --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "44c69eec973961e184209d04e6e45c230320a2f7a110f0275431dc0587273038": { + "source": { + "path": "aws-cdk-routev2-igw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "44c69eec973961e184209d04e6e45c230320a2f7a110f0275431dc0587273038.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json new file mode 100644 index 0000000000000..1ddb6c3cc40d9 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json @@ -0,0 +1,154 @@ +{ + "Resources": { + "igw127F1970": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "igwAmazonIpv64026617C": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "igwSubnetF238E402": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "igw127F1970", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + }, + "DependsOn": [ + "igwAmazonIpv64026617C" + ] + }, + "igwSubnetRouteTableAssociationA48C27F3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "igwSubnetF238E402" + } + }, + "DependsOn": [ + "igwAmazonIpv64026617C" + ] + }, + "testIGW8D947AF2": { + "Type": "AWS::EC2::InternetGateway" + }, + "testIGWRoute7696715B": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "testIGWRouteGWAttachmentB0836D42": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json new file mode 100644 index 0000000000000..733952daae63f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "087e3b456bae228983dc7a31eea1570bfeccfd6b4f163b7e10a2af07dc31291f": { + "source": { + "path": "aws-cdk-routev2-networkif-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "087e3b456bae228983dc7a31eea1570bfeccfd6b4f163b7e10a2af07dc31291f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json new file mode 100644 index 0000000000000..d796497fc5388 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json @@ -0,0 +1,115 @@ +{ + "Resources": { + "nif44200315": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "nifAmazonIpv6CF4BF46B": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "nifSubnetAEB60456": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "nif44200315", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + }, + "DependsOn": [ + "nifAmazonIpv6CF4BF46B" + ] + }, + "nifSubnetRouteTableAssociationE4036B9F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "nifSubnetAEB60456" + } + }, + "DependsOn": [ + "nifAmazonIpv6CF4BF46B" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json new file mode 100644 index 0000000000000..591ec9e8d3066 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "89c945d2b4cb2aa79cca0e52ea8fa68849a586495b0a27b7de229ae44b3c5239": { + "source": { + "path": "aws-cdk-routev2-privatenatgw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "89c945d2b4cb2aa79cca0e52ea8fa68849a586495b0a27b7de229ae44b3c5239.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json new file mode 100644 index 0000000000000..f2ed7e0d44c03 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json @@ -0,0 +1,152 @@ +{ + "Resources": { + "natgwpriv081A7D93": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "natgwprivAmazonIpv6915E8E4F": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "natgwprivSubnetE547C5A0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + }, + "DependsOn": [ + "natgwprivAmazonIpv6915E8E4F" + ] + }, + "natgwprivSubnetRouteTableAssociation9E115869": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + }, + "DependsOn": [ + "natgwprivAmazonIpv6915E8E4F" + ] + }, + "testNATgwNATGateway1533420D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "ConnectivityType": "private", + "PrivateIpAddress": "10.0.0.42", + "SecondaryPrivateIpAddresses": [ + "10.0.0.43", + "10.0.0.44", + "10.0.0.45" + ], + "SubnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + }, + "DependsOn": [ + "natgwprivSubnetRouteTableAssociation9E115869" + ] + }, + "testNATGWRoute7A26EC80": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json similarity index 65% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json index f4cee0d9b9779..29398ffe76faa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json @@ -1,15 +1,15 @@ { "version": "36.0.0", "files": { - "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4": { + "6592172436ea6af85dd73663ffd81cc1342c29574aa00f4dacf5179cf3054441": { "source": { - "path": "PipelineStackPreProdStack65A0AD1F.template.json", + "path": "aws-cdk-routev2-publicnatgw-alpha.template.json", "packaging": "file" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", + "objectKey": "6592172436ea6af85dd73663ffd81cc1342c29574aa00f4dacf5179cf3054441.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json new file mode 100644 index 0000000000000..5f80cf56a0aa5 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json @@ -0,0 +1,204 @@ +{ + "Resources": { + "natgwpub2FB85986": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "natgwpubAmazonIpv625B947F8": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "natgwpubSubnet79D316E5": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + }, + "DependsOn": [ + "natgwpubAmazonIpv625B947F8" + ] + }, + "natgwpubSubnetRouteTableAssociation019CE26A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + }, + "DependsOn": [ + "natgwpubAmazonIpv625B947F8" + ] + }, + "testNATgwIGW6AC97E9A": { + "Type": "AWS::EC2::InternetGateway" + }, + "testnatgwigwRouteE8D2BF39": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "242.0.0.0/32", + "DestinationIpv6CidrBlock": "242.0.0.0/32", + "GatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "testnatgwigwRouteGWAttachmentB8E1033C": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "testNATgwEIP1C260FAD": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + }, + "DependsOn": [ + "natgwpubSubnetRouteTableAssociation019CE26A" + ] + }, + "testNATgwNATGateway1533420D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "testNATgwEIP1C260FAD", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + }, + "DependsOn": [ + "natgwpubSubnetRouteTableAssociation019CE26A" + ] + }, + "testNATGWRoute7A26EC80": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json new file mode 100644 index 0000000000000..601d17d534bb8 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "2318541485e9424ef1bba0f0bb0e0e91e2759dc53597436fb250a8605e5e0107": { + "source": { + "path": "aws-cdk-routev2-virtualprivategw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2318541485e9424ef1bba0f0bb0e0e91e2759dc53597436fb250a8605e5e0107.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json new file mode 100644 index 0000000000000..f96743310fabe --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json @@ -0,0 +1,157 @@ +{ + "Resources": { + "vpgw2AB64B6B": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "vpgwAmazonIpv6C872FF1E": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "vpgwSubnet5E7F36AD": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + }, + "DependsOn": [ + "vpgwAmazonIpv6C872FF1E" + ] + }, + "vpgwSubnetRouteTableAssociation49921F90": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "vpgwSubnet5E7F36AD" + } + }, + "DependsOn": [ + "vpgwAmazonIpv6C872FF1E" + ] + }, + "testVPGWIGW816C7C4F": { + "Type": "AWS::EC2::VPNGateway", + "Properties": { + "Type": "ipsec.1" + } + }, + "testVPGWRouteA169B1AA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "testVPGWRouteGWAttachment01E74575": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + }, + "VpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json new file mode 100644 index 0000000000000..fa96e660e9d19 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "7b04eb9c84a61a91a957fceb96a85b38336f8b5999d1c0b5b972cd191926c473": { + "source": { + "path": "aws-cdk-routev2-vpcpeerconnection-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7b04eb9c84a61a91a957fceb96a85b38336f8b5999d1c0b5b972cd191926c473.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json new file mode 100644 index 0000000000000..804f7b179ac91 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json @@ -0,0 +1,115 @@ +{ + "Resources": { + "vpcpc6CAE1A04": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "vpcpcAmazonIpv66504EEB2": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "vpcpcSubnet1DD6CE35": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + }, + "DependsOn": [ + "vpcpcAmazonIpv66504EEB2" + ] + }, + "vpcpcSubnetRouteTableAssociation8531BF5C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "vpcpcSubnet1DD6CE35" + } + }, + "DependsOn": [ + "vpcpcAmazonIpv66504EEB2" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/cdk.out rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json new file mode 100644 index 0000000000000..4ba304a14b0f1 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integtest-model-8/DefaultTest": { + "stacks": [ + "aws-cdk-routev2-dynamodbendpoint-alpha" + ], + "assertionStack": "integtest-model-8/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodel8DefaultTestDeployAssert77221752" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json similarity index 88% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json index 8f0029884a021..db0c4fcd06799 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json @@ -3,7 +3,7 @@ "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { - "path": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", + "path": "integtestmodel0DefaultTestDeployAssertA16689B0.template.json", "packaging": "file" }, "destinations": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json similarity index 90% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json index 5f37c46ccf4b5..ad9d0fb73d1dd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json @@ -1,9 +1,4 @@ { - "Resources": { - "Resource": { - "Type": "AWS::Test::SomeResource" - } - }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json similarity index 87% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json index 2e1ece3c7c7a2..494dbc93fd34d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json @@ -3,7 +3,7 @@ "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { - "path": "PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json", + "path": "integtestmodel1DefaultTestDeployAssert46FEDE40.template.json", "packaging": "file" }, "destinations": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json similarity index 90% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json index 25024d7cb74b1..ad9d0fb73d1dd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json @@ -1,9 +1,4 @@ { - "Resources": { - "MySafeTopicCC243D11": { - "Type": "AWS::SNS::Topic" - } - }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json new file mode 100644 index 0000000000000..063e77bfac0d8 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel2DefaultTestDeployAssert04E3783E.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json similarity index 90% rename from packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json index 25024d7cb74b1..ad9d0fb73d1dd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json @@ -1,9 +1,4 @@ { - "Resources": { - "MySafeTopicCC243D11": { - "Type": "AWS::SNS::Topic" - } - }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json new file mode 100644 index 0000000000000..3b7039646f51f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json new file mode 100644 index 0000000000000..a760a50f08dc1 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel4DefaultTestDeployAssert4B12233C.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json new file mode 100644 index 0000000000000..34f6c443f8be6 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel5DefaultTestDeployAssertC0DDB875.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json new file mode 100644 index 0000000000000..933d02b8072da --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel6DefaultTestDeployAssert90B004F4.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json new file mode 100644 index 0000000000000..57cecd7995331 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel7DefaultTestDeployAssert4C509DCE.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json new file mode 100644 index 0000000000000..c9d2f2fc69193 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel8DefaultTestDeployAssert77221752.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json new file mode 100644 index 0000000000000..2dec0815f28b0 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json @@ -0,0 +1,1265 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-routev2-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b3d06cef480a17aaf78379d18a13893141f2d689a23bcbbcf34b284e77752b0f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "DefaultVpcDeploy" + }, + "dependencies": [ + "aws-cdk-routev2-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-alpha/default/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultC974F9E3" + } + ], + "/aws-cdk-routev2-alpha/default/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultAmazonIpv6C7A4D665" + } + ], + "/aws-cdk-routev2-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-alpha/defaultSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultSubnetDFB3A3B6" + } + ], + "/aws-cdk-routev2-alpha/defaultSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultSubnetRouteTableAssociationF1D85D29" + } + ], + "/aws-cdk-routev2-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-alpha" + }, + "aws-cdk-routev2-egressonlyigw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-egressonlyigw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-egressonlyigw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-egressonlyigw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6cd56bb964ed1f90f0206d705f085aef381173834b50d5ba372fa2185156d51d.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-egressonlyigw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "EgressOnlyIgwVpc" + }, + "dependencies": [ + "aws-cdk-routev2-egressonlyigw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-egressonlyigw-alpha/eigw/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwC0F094EF" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwAmazonIpv69E78211F" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwSubnetCC28B9F9" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwSubnetRouteTableAssociation887F4A97" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/testEOIGW/EIGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testEOIGWEIGW54CCAD37" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/testEIGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testEIGWRouteEB4FE8D5" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-egressonlyigw-alpha" + }, + "aws-cdk-routev2-igw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-igw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-igw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-igw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/44c69eec973961e184209d04e6e45c230320a2f7a110f0275431dc0587273038.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-igw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "InternetGatewayVpc" + }, + "dependencies": [ + "aws-cdk-routev2-igw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-igw-alpha/igw/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "igw127F1970" + } + ], + "/aws-cdk-routev2-igw-alpha/igw/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "igwAmazonIpv64026617C" + } + ], + "/aws-cdk-routev2-igw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-igw-alpha/igwSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "igwSubnetF238E402" + } + ], + "/aws-cdk-routev2-igw-alpha/igwSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "igwSubnetRouteTableAssociationA48C27F3" + } + ], + "/aws-cdk-routev2-igw-alpha/testIGW/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGW8D947AF2" + } + ], + "/aws-cdk-routev2-igw-alpha/testIGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGWRoute7696715B" + } + ], + "/aws-cdk-routev2-igw-alpha/testIGWRoute/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGWRouteGWAttachmentB0836D42" + } + ], + "/aws-cdk-routev2-igw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-igw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-igw-alpha" + }, + "aws-cdk-routev2-virtualprivategw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-virtualprivategw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-virtualprivategw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-virtualprivategw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2318541485e9424ef1bba0f0bb0e0e91e2759dc53597436fb250a8605e5e0107.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-virtualprivategw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "VirtualPrivateGwVpc" + }, + "dependencies": [ + "aws-cdk-routev2-virtualprivategw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-virtualprivategw-alpha/vpgw/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgw2AB64B6B" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgwAmazonIpv6C872FF1E" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgwSubnet5E7F36AD" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgwSubnetRouteTableAssociation49921F90" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGW/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWIGW816C7C4F" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWRouteA169B1AA" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWRouteGWAttachment01E74575" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-virtualprivategw-alpha" + }, + "aws-cdk-routev2-publicnatgw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-publicnatgw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-publicnatgw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-publicnatgw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6592172436ea6af85dd73663ffd81cc1342c29574aa00f4dacf5179cf3054441.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-publicnatgw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "NatGwPubVpc" + }, + "dependencies": [ + "aws-cdk-routev2-publicnatgw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pub/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpub2FB85986" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpubAmazonIpv625B947F8" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpubSubnet79D316E5" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpubSubnetRouteTableAssociation019CE26A" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwIGW6AC97E9A" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testnatgwigwRouteE8D2BF39" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testnatgwigwRouteGWAttachmentB8E1033C" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgw/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwEIP1C260FAD" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgw/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwNATGateway1533420D" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATGWRoute7A26EC80" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-publicnatgw-alpha" + }, + "aws-cdk-routev2-privatenatgw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-privatenatgw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-privatenatgw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-privatenatgw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/89c945d2b4cb2aa79cca0e52ea8fa68849a586495b0a27b7de229ae44b3c5239.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-privatenatgw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "NatGwPrivVpc" + }, + "dependencies": [ + "aws-cdk-routev2-privatenatgw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-privatenatgw-alpha/natgw_priv/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpriv081A7D93" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwprivAmazonIpv6915E8E4F" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwprivSubnetE547C5A0" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwprivSubnetRouteTableAssociation9E115869" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/testNATgw/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwNATGateway1533420D" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/testNATGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATGWRoute7A26EC80" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-privatenatgw-alpha" + }, + "aws-cdk-routev2-networkif-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-networkif-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-networkif-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-networkif-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/087e3b456bae228983dc7a31eea1570bfeccfd6b4f163b7e10a2af07dc31291f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-networkif-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "NetworkInterfaceVpc" + }, + "dependencies": [ + "aws-cdk-routev2-networkif-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-networkif-alpha/nif/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "nif44200315" + } + ], + "/aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "nifAmazonIpv6CF4BF46B" + } + ], + "/aws-cdk-routev2-networkif-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-networkif-alpha/nifSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "nifSubnetAEB60456" + } + ], + "/aws-cdk-routev2-networkif-alpha/nifSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "nifSubnetRouteTableAssociationE4036B9F" + } + ], + "/aws-cdk-routev2-networkif-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-networkif-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-networkif-alpha" + }, + "aws-cdk-routev2-vpcpeerconnection-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-vpcpeerconnection-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-vpcpeerconnection-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-vpcpeerconnection-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7b04eb9c84a61a91a957fceb96a85b38336f8b5999d1c0b5b972cd191926c473.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-vpcpeerconnection-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "VpcPeerConnection" + }, + "dependencies": [ + "aws-cdk-routev2-vpcpeerconnection-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpc6CAE1A04" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpcAmazonIpv66504EEB2" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpcSubnet1DD6CE35" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpcSubnetRouteTableAssociation8531BF5C" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-vpcpeerconnection-alpha" + }, + "aws-cdk-routev2-dynamodbendpoint-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-dynamodbendpoint-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-dynamodbendpoint-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-dynamodbendpoint-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7711ae87a96bcf4e738e5904b6071f21ac59ee14247c420b0bf33d20a87348a3.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-dynamodbendpoint-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "DynamodbEndpointVpc" + }, + "dependencies": [ + "aws-cdk-routev2-dynamodbendpoint-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbC0A56799" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbAmazonIpv6698EF571" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbSubnet81957A26" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbSubnetRouteTableAssociationC38B30F3" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoEndpoint/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testDynamoEndpoint03D5BDE5" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "dynamodbSecondaryIp4EEF58BFBEFB": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbSecondaryIp4EEF58BFBEFB", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ] + }, + "displayName": "aws-cdk-routev2-dynamodbendpoint-alpha" + }, + "integtestmodel0DefaultTestDeployAssertA16689B0.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel0DefaultTestDeployAssertA16689B0.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel0DefaultTestDeployAssertA16689B0": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel0DefaultTestDeployAssertA16689B0.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel0DefaultTestDeployAssertA16689B0.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel0DefaultTestDeployAssertA16689B0.assets" + ], + "metadata": { + "/integtest-model-0/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-0/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-0/DefaultTest/DeployAssert" + }, + "integtestmodel1DefaultTestDeployAssert46FEDE40.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel1DefaultTestDeployAssert46FEDE40": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel1DefaultTestDeployAssert46FEDE40.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel1DefaultTestDeployAssert46FEDE40.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel1DefaultTestDeployAssert46FEDE40.assets" + ], + "metadata": { + "/integtest-model-1/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-1/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-1/DefaultTest/DeployAssert" + }, + "integtestmodel2DefaultTestDeployAssert04E3783E.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel2DefaultTestDeployAssert04E3783E.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel2DefaultTestDeployAssert04E3783E": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel2DefaultTestDeployAssert04E3783E.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel2DefaultTestDeployAssert04E3783E.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel2DefaultTestDeployAssert04E3783E.assets" + ], + "metadata": { + "/integtest-model-2/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-2/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-2/DefaultTest/DeployAssert" + }, + "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel3DefaultTestDeployAssertF3FA2F74": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets" + ], + "metadata": { + "/integtest-model-3/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-3/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-3/DefaultTest/DeployAssert" + }, + "integtestmodel4DefaultTestDeployAssert4B12233C.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel4DefaultTestDeployAssert4B12233C.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel4DefaultTestDeployAssert4B12233C": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel4DefaultTestDeployAssert4B12233C.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel4DefaultTestDeployAssert4B12233C.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel4DefaultTestDeployAssert4B12233C.assets" + ], + "metadata": { + "/integtest-model-4/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-4/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-4/DefaultTest/DeployAssert" + }, + "integtestmodel5DefaultTestDeployAssertC0DDB875.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel5DefaultTestDeployAssertC0DDB875": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel5DefaultTestDeployAssertC0DDB875.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel5DefaultTestDeployAssertC0DDB875.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel5DefaultTestDeployAssertC0DDB875.assets" + ], + "metadata": { + "/integtest-model-5/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-5/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-5/DefaultTest/DeployAssert" + }, + "integtestmodel6DefaultTestDeployAssert90B004F4.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel6DefaultTestDeployAssert90B004F4.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel6DefaultTestDeployAssert90B004F4": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel6DefaultTestDeployAssert90B004F4.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel6DefaultTestDeployAssert90B004F4.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel6DefaultTestDeployAssert90B004F4.assets" + ], + "metadata": { + "/integtest-model-6/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-6/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-6/DefaultTest/DeployAssert" + }, + "integtestmodel7DefaultTestDeployAssert4C509DCE.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel7DefaultTestDeployAssert4C509DCE": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel7DefaultTestDeployAssert4C509DCE.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel7DefaultTestDeployAssert4C509DCE.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel7DefaultTestDeployAssert4C509DCE.assets" + ], + "metadata": { + "/integtest-model-7/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-7/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-7/DefaultTest/DeployAssert" + }, + "integtestmodel8DefaultTestDeployAssert77221752.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel8DefaultTestDeployAssert77221752.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel8DefaultTestDeployAssert77221752": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel8DefaultTestDeployAssert77221752.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel8DefaultTestDeployAssert77221752.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel8DefaultTestDeployAssert77221752.assets" + ], + "metadata": { + "/integtest-model-8/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-8/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-8/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json new file mode 100644 index 0000000000000..7adf7f1621505 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json @@ -0,0 +1,2607 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-routev2-alpha": { + "id": "aws-cdk-routev2-alpha", + "path": "aws-cdk-routev2-alpha", + "children": { + "default": { + "id": "default", + "path": "aws-cdk-routev2-alpha/default", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-alpha/default/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-alpha/default/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "defaultSubnet": { + "id": "defaultSubnet", + "path": "aws-cdk-routev2-alpha/defaultSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-alpha/defaultSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "defaultC974F9E3", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-alpha/defaultSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-alpha/defaultSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "defaultSubnetDFB3A3B6" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-egressonlyigw-alpha": { + "id": "aws-cdk-routev2-egressonlyigw-alpha", + "path": "aws-cdk-routev2-egressonlyigw-alpha", + "children": { + "eigw": { + "id": "eigw", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-egressonlyigw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-egressonlyigw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "eigwSubnet": { + "id": "eigwSubnet", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "eigwSubnetCC28B9F9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testEOIGW": { + "id": "testEOIGW", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEOIGW", + "children": { + "EIGW": { + "id": "EIGW", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEOIGW/EIGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EgressOnlyInternetGateway", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEgressOnlyInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.EgressOnlyInternetGateway", + "version": "0.0.0" + } + }, + "testEIGWRoute": { + "id": "testEIGWRoute", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEIGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEIGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "egressOnlyInternetGatewayId": { + "Fn::GetAtt": [ + "testEOIGWEIGW54CCAD37", + "Id" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-egressonlyigw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-egressonlyigw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-igw-alpha": { + "id": "aws-cdk-routev2-igw-alpha", + "path": "aws-cdk-routev2-igw-alpha", + "children": { + "igw": { + "id": "igw", + "path": "aws-cdk-routev2-igw-alpha/igw", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-igw-alpha/igw/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-igw-alpha/igw/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-igw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-igw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "igwSubnet": { + "id": "igwSubnet", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "igw127F1970", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "igwSubnetF238E402" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testIGW": { + "id": "testIGW", + "path": "aws-cdk-routev2-igw-alpha/testIGW", + "children": { + "IGW": { + "id": "IGW", + "path": "aws-cdk-routev2-igw-alpha/testIGW/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.InternetGateway", + "version": "0.0.0" + } + }, + "testIGWRoute": { + "id": "testIGWRoute", + "path": "aws-cdk-routev2-igw-alpha/testIGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-igw-alpha/testIGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-igw-alpha/testIGWRoute/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-igw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-igw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-virtualprivategw-alpha": { + "id": "aws-cdk-routev2-virtualprivategw-alpha", + "path": "aws-cdk-routev2-virtualprivategw-alpha", + "children": { + "vpgw": { + "id": "vpgw", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-virtualprivategw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "vpgwSubnet": { + "id": "vpgwSubnet", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "vpgwSubnet5E7F36AD" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testVPGW": { + "id": "testVPGW", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGW", + "children": { + "IGW": { + "id": "IGW", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGW/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGateway", + "aws:cdk:cloudformation:props": { + "type": "ipsec.1" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VPNGateway", + "version": "0.0.0" + } + }, + "testVPGWRoute": { + "id": "testVPGWRoute", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + }, + "vpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-virtualprivategw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-virtualprivategw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-publicnatgw-alpha": { + "id": "aws-cdk-routev2-publicnatgw-alpha", + "path": "aws-cdk-routev2-publicnatgw-alpha", + "children": { + "natgw_pub": { + "id": "natgw_pub", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-publicnatgw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-publicnatgw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "natgw_pubSubnet": { + "id": "natgw_pubSubnet", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testNATgwIGW": { + "id": "testNATgwIGW", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW", + "children": { + "IGW": { + "id": "IGW", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.InternetGateway", + "version": "0.0.0" + } + }, + "testnatgwigwRoute": { + "id": "testnatgwigwRoute", + "path": "aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "242.0.0.0/32", + "destinationIpv6CidrBlock": "242.0.0.0/32", + "gatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "testNATgw": { + "id": "testNATgw", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgw", + "children": { + "EIP": { + "id": "EIP", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgw/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgw/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "testNATgwEIP1C260FAD", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.NatGateway", + "version": "0.0.0" + } + }, + "testNATGWRoute": { + "id": "testNATGWRoute", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-publicnatgw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-publicnatgw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-privatenatgw-alpha": { + "id": "aws-cdk-routev2-privatenatgw-alpha", + "path": "aws-cdk-routev2-privatenatgw-alpha", + "children": { + "natgw_priv": { + "id": "natgw_priv", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-privatenatgw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-privatenatgw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "natgw_privSubnet": { + "id": "natgw_privSubnet", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testNATgw": { + "id": "testNATgw", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATgw", + "children": { + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATgw/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "connectivityType": "private", + "privateIpAddress": "10.0.0.42", + "secondaryPrivateIpAddresses": [ + "10.0.0.43", + "10.0.0.44", + "10.0.0.45" + ], + "subnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.NatGateway", + "version": "0.0.0" + } + }, + "testNATGWRoute": { + "id": "testNATGWRoute", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-privatenatgw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-privatenatgw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-networkif-alpha": { + "id": "aws-cdk-routev2-networkif-alpha", + "path": "aws-cdk-routev2-networkif-alpha", + "children": { + "nif": { + "id": "nif", + "path": "aws-cdk-routev2-networkif-alpha/nif", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-networkif-alpha/nif/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-networkif-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-networkif-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "nifSubnet": { + "id": "nifSubnet", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "nif44200315", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "nifSubnetAEB60456" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-networkif-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-networkif-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-vpcpeerconnection-alpha": { + "id": "aws-cdk-routev2-vpcpeerconnection-alpha", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha", + "children": { + "vpcpc": { + "id": "vpcpc", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "vpcpcSubnet": { + "id": "vpcpcSubnet", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "vpcpcSubnet1DD6CE35" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-dynamodbendpoint-alpha": { + "id": "aws-cdk-routev2-dynamodbendpoint-alpha", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha", + "children": { + "dynamodb": { + "id": "dynamodb", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "dynamodbSubnet": { + "id": "dynamodbSubnet", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "dynamodbSubnet81957A26" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testDynamoEndpoint": { + "id": "testDynamoEndpoint", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoEndpoint", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoEndpoint/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpoint", + "aws:cdk:cloudformation:props": { + "routeTableIds": [ + { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + ], + "serviceName": { + "Fn::Join": [ + "", + [ + "com.amazonaws.", + { + "Ref": "AWS::Region" + }, + ".dynamodb" + ] + ] + }, + "vpcEndpointType": "Gateway", + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpoint", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.GatewayVpcEndpoint", + "version": "0.0.0" + } + }, + "testDynamoRoute": { + "id": "testDynamoRoute", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoRoute", + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model-0": { + "id": "integtest-model-0", + "path": "integtest-model-0", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-0/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-0/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-0/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-0/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-0/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-1": { + "id": "integtest-model-1", + "path": "integtest-model-1", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-1/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-1/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-1/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-1/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-1/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-2": { + "id": "integtest-model-2", + "path": "integtest-model-2", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-2/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-2/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-2/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-2/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-2/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-3": { + "id": "integtest-model-3", + "path": "integtest-model-3", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-3/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-3/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-3/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-3/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-3/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-4": { + "id": "integtest-model-4", + "path": "integtest-model-4", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-4/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-4/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-4/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-4/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-4/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-5": { + "id": "integtest-model-5", + "path": "integtest-model-5", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-5/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-5/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-5/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-5/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-5/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-6": { + "id": "integtest-model-6", + "path": "integtest-model-6", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-6/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-6/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-6/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-6/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-6/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-7": { + "id": "integtest-model-7", + "path": "integtest-model-7", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-7/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-7/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-7/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-7/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-7/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-8": { + "id": "integtest-model-8", + "path": "integtest-model-8", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-8/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-8/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-8/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-8/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-8/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts new file mode 100644 index 0000000000000..579800e7dfcb3 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts @@ -0,0 +1,160 @@ +// /* +// * Our integration tests act as snapshot tests to make sure the rendered template is stable. +// * If any changes to the result are required, +// * you need to perform an actual CloudFormation deployment of this application, +// * and, if it is successful, a new snapshot will be written out. +// * +// * For more information on CDK integ tests, +// * see the main CONTRIBUTING.md file. +// */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { IpCidr, SubnetV2 } from '../lib/subnet-v2'; +// import { CarrierGateway, TransitGateway } from '../lib/route'; +import { EgressOnlyInternetGateway, InternetGateway, NatConnectivityType, NatGateway, Route, RouteTable, VPNGateway } from '../lib/route'; +import { GatewayVpcEndpoint, GatewayVpcEndpointAwsService, SubnetType, VpnConnectionType } from 'aws-cdk-lib/aws-ec2'; +import { Fn } from 'aws-cdk-lib'; +//import { log } from 'console'; + +// as in unit tests, we use a qualified import, +// not bring in individual classes +//import * as er from '../lib'; + +const app = new cdk.App(); + +const stacks: {[id: string] : cdk.Stack} = { + default: new cdk.Stack(app, 'aws-cdk-routev2-alpha', { stackName: 'DefaultVpcDeploy' }), + // 'cgw': new cdk.Stack(app, 'aws-cdk-routev2-carriergw-alpha', {stackName: 'CarrierGatewayVpc'}), + eigw: new cdk.Stack(app, 'aws-cdk-routev2-egressonlyigw-alpha', { stackName: 'EgressOnlyIgwVpc' }), + igw: new cdk.Stack(app, 'aws-cdk-routev2-igw-alpha', { stackName: 'InternetGatewayVpc' }), + vpgw: new cdk.Stack(app, 'aws-cdk-routev2-virtualprivategw-alpha', { stackName: 'VirtualPrivateGwVpc' }), + natgw_pub: new cdk.Stack(app, 'aws-cdk-routev2-publicnatgw-alpha', { stackName: 'NatGwPubVpc' }), + natgw_priv: new cdk.Stack(app, 'aws-cdk-routev2-privatenatgw-alpha', { stackName: 'NatGwPrivVpc' }), + nif: new cdk.Stack(app, 'aws-cdk-routev2-networkif-alpha', { stackName: 'NetworkInterfaceVpc' }), + // 'tgw': new cdk.Stack(app, 'aws-cdk-routev2-transitgw-alpha', {stackName: 'TransitGwVpc'}), + vpcpc: new cdk.Stack(app, 'aws-cdk-routev2-vpcpeerconnection-alpha', { stackName: 'VpcPeerConnection' }), + dynamodb: new cdk.Stack(app, 'aws-cdk-routev2-dynamodbendpoint-alpha', { stackName: 'DynamodbEndpointVpc' }), +}; + +var vpcs: {[id: string] : vpc_v2.VpcV2} = {}; +var subnets: {[id: string]: SubnetV2} = {}; +var routeTables: {[id: string]: RouteTable} = {}; + +for (const stackName in stacks) { + const vpc = new vpc_v2.VpcV2(stacks[stackName], stackName, { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [vpc_v2.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }); + vpcs[stackName] = vpc; + const routeTable = new RouteTable(stacks[stackName], 'TestRoottable', { + vpc: vpcs[stackName], + }); + routeTables[stackName] = routeTable; + if (stackName == 'eigw') { + const subnet = new SubnetV2(stacks[stackName], stackName + 'Subnet', { + vpc: vpc, + availabilityZone: 'us-west-1a', + ipv4CidrBlock: new IpCidr('10.0.0.0/24'), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + routeTable: routeTables[stackName], + }); + subnets[stackName] = subnet; + } else { + // use empty ipv6 that doesn't overlap + const subnet = new SubnetV2(stacks[stackName], stackName + 'Subnet', { + vpc: vpc, + availabilityZone: 'us-west-1a', + ipv4CidrBlock: new IpCidr('10.0.0.0/24'), + ipv6CidrBlock: new IpCidr(Fn.select(0, vpc.ipv6CidrBlocks)), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + routeTable: routeTables[stackName], + }); + subnets[stackName] = subnet; + } +} + +const eigw = new EgressOnlyInternetGateway(stacks.eigw, 'testEOIGW', { + vpc: vpcs.eigw, +}); +new Route(stacks.eigw, 'testEIGWRoute', { + routeTable: routeTables.eigw, + destination: '0.0.0.0/0', + target: { gateway: eigw }, +}); + +const igw = new InternetGateway(stacks.igw, 'testIGW', { + vpc: vpcs.igw, +}); +new Route(stacks.igw, 'testIGWRoute', { + routeTable: routeTables.igw, + destination: '0.0.0.0/0', + target: { gateway: igw }, +}); + +const vpgw = new VPNGateway(stacks.vpgw, 'testVPGW', { + type: VpnConnectionType.IPSEC_1, + vpc: vpcs.vpgw, +}); +new Route(stacks.vpgw, 'testVPGWRoute', { + routeTable: routeTables.vpgw, + destination: '0.0.0.0/0', + target: { gateway: vpgw }, +}); + +const natGwIgw = new InternetGateway(stacks.natgw_pub, 'testNATgwIGW', { + vpc: vpcs.natgw_pub, +}); +new Route(stacks.natgw_pub, 'testnatgwigwRoute', { + routeTable: routeTables.natgw_pub, + destination: '242.0.0.0/32', + target: { gateway: natGwIgw }, +}); +const natGwPub = new NatGateway(stacks.natgw_pub, 'testNATgw', { + subnet: subnets.natgw_pub, + vpc: vpcs.natgw_pub, +}); +new Route(stacks.natgw_pub, 'testNATGWRoute', { + routeTable: routeTables.natgw_pub, + destination: '0.0.0.0/0', + target: { gateway: natGwPub }, +}); + +const natGwPriv = new NatGateway(stacks.natgw_priv, 'testNATgw', { + subnet: subnets.natgw_priv, + vpc: vpcs.natgw_priv, + connectivityType: NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + secondaryPrivateIpAddresses: [ + '10.0.0.43', '10.0.0.44', '10.0.0.45', + ], +}); +new Route(stacks.natgw_priv, 'testNATGWRoute', { + routeTable: routeTables.natgw_priv, + destination: '0.0.0.0/0', + target: { gateway: natGwPriv }, +}); + +const dynamoEndpoint = new GatewayVpcEndpoint(stacks.dynamodb, 'testDynamoEndpoint', { + service: GatewayVpcEndpointAwsService.DYNAMODB, + vpc: vpcs.dynamodb, + subnets: [subnets.dynamodb], +}); +new Route(stacks.dynamodb, 'testDynamoRoute', { + routeTable: routeTables.dynamodb, + destination: '0.0.0.0/0', + target: { endpoint: dynamoEndpoint }, +}); + +var i = 0; +for (const stackName in stacks) { + new IntegTest(app, 'integtest-model-' + i, { + testCases: [stacks[stackName]], + }); + i++; +} diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json new file mode 100644 index 0000000000000..8fa7b0508afb2 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "936d55c8ae74b8dbe0de8c85d4bec3718ce3f73a71342f5852a5a5586485c23c": { + "source": { + "path": "aws-cdk-vpcv2-alpha-new.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "936d55c8ae74b8dbe0de8c85d4bec3718ce3f73a71342f5852a5a5586485c23c.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json new file mode 100644 index 0000000000000..f6cffbdb23c5d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json @@ -0,0 +1,284 @@ +{ + "Resources": { + "Ipam50346F82": { + "Type": "AWS::EC2::IPAM", + "Properties": { + "OperatingRegions": [ + { + "RegionName": "eu-west-2" + } + ] + } + }, + "IpamPublicPool050D6AA6C": { + "Type": "AWS::EC2::IPAMPool", + "Properties": { + "AddressFamily": "ipv6", + "AwsService": "ec2", + "IpamScopeId": { + "Fn::GetAtt": [ + "Ipam50346F82", + "PublicDefaultScopeId" + ] + }, + "Locale": "eu-west-2", + "PublicIpSource": "amazon" + } + }, + "IpamPublicPool0PublicPool0CidrAC7F711E": { + "Type": "AWS::EC2::IPAMPoolCidr", + "Properties": { + "IpamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "NetmaskLength": 52 + } + }, + "VPCTestFB735C86": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "VPCTestIpv6IpamCidrD5C271DD": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "Ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "Ipv6NetmaskLength": 56, + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + }, + "DependsOn": [ + "IpamPublicPool0PublicPool0CidrAC7F711E" + ] + }, + "VPCTestVpnGateway51EEED38": { + "Type": "AWS::EC2::VPNGateway", + "Properties": { + "Type": "ipsec.1" + } + }, + "VPCTestVPCVPNGW0A869280": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + }, + "VpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + } + }, + "VPCTestRoutePropagationFEA3011A": { + "Type": "AWS::EC2::VPNGatewayRoutePropagation", + "Properties": { + "RouteTableIds": [ + { + "Ref": "testsbubnetRouteTableF40F025B" + } + ], + "VpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + }, + "DependsOn": [ + "VPCTestVPCVPNGW0A869280" + ] + }, + "testsbubnetSubnet77337845": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-west-2a", + "CidrBlock": "10.0.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + }, + "DependsOn": [ + "VPCTestIpv6IpamCidrD5C271DD" + ] + }, + "testsbubnetRouteTableF40F025B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + }, + "DependsOn": [ + "VPCTestIpv6IpamCidrD5C271DD" + ] + }, + "testsbubnetRouteTableAssociationD6D083FA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "SubnetId": { + "Ref": "testsbubnetSubnet77337845" + } + }, + "DependsOn": [ + "VPCTestIpv6IpamCidrD5C271DD" + ] + }, + "InstanceInstanceSecurityGroupF0E2D5BE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "InstanceInstanceRoleE9785DE5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ] + } + }, + "InstanceInstanceProfileAB5AEF02": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "InstanceC1063A87": { + "Type": "AWS::EC2::Instance", + "Properties": { + "AvailabilityZone": "eu-west-2a", + "IamInstanceProfile": { + "Ref": "InstanceInstanceProfileAB5AEF02" + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.micro", + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "InstanceInstanceSecurityGroupF0E2D5BE", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "testsbubnetSubnet77337845" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash" + } + }, + "DependsOn": [ + "InstanceInstanceRoleE9785DE5" + ] + } + }, + "Parameters": { + "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json new file mode 100644 index 0000000000000..50d9ec54ae49a --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "integtest-model/DefaultTest": { + "stacks": [ + "aws-cdk-vpcv2-alpha-new" + ], + "assertionStack": "integtest-model/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodelDefaultTestDeployAssertCF40BD53" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json new file mode 100644 index 0000000000000..e93a555169b11 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f6b54e8178156 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json @@ -0,0 +1,203 @@ +{ + "version": "36.0.5", + "artifacts": { + "aws-cdk-vpcv2-alpha-new.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-vpcv2-alpha-new.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-vpcv2-alpha-new": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-vpcv2-alpha-new.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/936d55c8ae74b8dbe0de8c85d4bec3718ce3f73a71342f5852a5a5586485c23c.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-vpcv2-alpha-new.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-vpcv2-alpha-new.assets" + ], + "metadata": { + "/aws-cdk-vpcv2-alpha-new/Ipam/Ipam": [ + { + "type": "aws:cdk:logicalId", + "data": "Ipam50346F82" + } + ], + "/aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamPublicPool050D6AA6C" + } + ], + "/aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0Cidr": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamPublicPool0PublicPool0CidrAC7F711E" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestFB735C86" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/Ipv6IpamCidr": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestIpv6IpamCidrD5C271DD" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/VpnGateway/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestVpnGateway51EEED38" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/VPCVPNGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestVPCVPNGW0A869280" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/RoutePropagation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestRoutePropagationFEA3011A" + } + ], + "/aws-cdk-vpcv2-alpha-new/testsbubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetSubnet77337845" + } + ], + "/aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableF40F025B" + } + ], + "/aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableAssociationD6D083FA" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceSecurityGroupF0E2D5BE" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceRoleE9785DE5" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceProfileAB5AEF02" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceC1063A87" + } + ], + "/aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/aws-cdk-vpcv2-alpha-new/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-vpcv2-alpha-new/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-vpcv2-alpha-new" + }, + "integtestmodelDefaultTestDeployAssertCF40BD53.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodelDefaultTestDeployAssertCF40BD53.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodelDefaultTestDeployAssertCF40BD53": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "metadata": { + "/integtest-model/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json new file mode 100644 index 0000000000000..f1f62b0a8a30e --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json @@ -0,0 +1,557 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-vpcv2-alpha-new": { + "id": "aws-cdk-vpcv2-alpha-new", + "path": "aws-cdk-vpcv2-alpha-new", + "children": { + "Ipam": { + "id": "Ipam", + "path": "aws-cdk-vpcv2-alpha-new/Ipam", + "children": { + "Ipam": { + "id": "Ipam", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/Ipam", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAM", + "aws:cdk:cloudformation:props": { + "operatingRegions": [ + { + "regionName": "eu-west-2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAM", + "version": "0.0.0" + } + }, + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0", + "children": { + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", + "aws:cdk:cloudformation:props": { + "addressFamily": "ipv6", + "awsService": "ec2", + "ipamScopeId": { + "Fn::GetAtt": [ + "Ipam50346F82", + "PublicDefaultScopeId" + ] + }, + "locale": "eu-west-2", + "publicIpSource": "amazon" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPool", + "version": "0.0.0" + } + }, + "PublicPool0Cidr": { + "id": "PublicPool0Cidr", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0Cidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPoolCidr", + "aws:cdk:cloudformation:props": { + "ipamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "netmaskLength": 52 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPoolCidr", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Ipam", + "version": "0.0.0" + } + }, + "VPCTest": { + "id": "VPCTest", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "Ipv6IpamCidr": { + "id": "Ipv6IpamCidr", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/Ipv6IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "ipv6NetmaskLength": 56, + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "VpnGateway": { + "id": "VpnGateway", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/VpnGateway", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/VpnGateway/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGateway", + "aws:cdk:cloudformation:props": { + "type": "ipsec.1" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.VpnGateway", + "version": "0.0.0" + } + }, + "VPCVPNGW": { + "id": "VPCVPNGW", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/VPCVPNGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + }, + "vpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RoutePropagation": { + "id": "RoutePropagation", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/RoutePropagation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGatewayRoutePropagation", + "aws:cdk:cloudformation:props": { + "routeTableIds": [ + { + "Ref": "testsbubnetRouteTableF40F025B" + } + ], + "vpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGatewayRoutePropagation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "testsbubnet": { + "id": "testsbubnet", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-west-2a", + "cidrBlock": "10.0.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "subnetId": { + "Ref": "testsbubnetSubnet77337845" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "Instance": { + "id": "Instance", + "path": "aws-cdk-vpcv2-alpha-new/Instance", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Instance", + "aws:cdk:cloudformation:props": { + "availabilityZone": "eu-west-2a", + "iamInstanceProfile": { + "Ref": "InstanceInstanceProfileAB5AEF02" + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t3.micro", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "InstanceInstanceSecurityGroupF0E2D5BE", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "testsbubnetSubnet77337845" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "userData": { + "Fn::Base64": "#!/bin/bash" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Instance", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-vpcv2-alpha-new/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-vpcv2-alpha-new/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model": { + "id": "integtest-model", + "path": "integtest-model", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts new file mode 100644 index 0000000000000..529b1cdcc5f40 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts @@ -0,0 +1,79 @@ +/* + * Our integration tests act as snapshot tests to make sure the rendered template is stable. + * If any changes to the result are required, + * you need to perform an actual CloudFormation deployment of this application, + * and, if it is successful, a new snapshot will be written out. + * + * For more information on CDK integ tests, + * see the main CONTRIBUTING.md file. + */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import { AddressFamily, AwsServiceName, IpCidr, Ipam, IpamPoolPublicIpSource, SubnetV2 } from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2-alpha-new'); + +const ipam = new Ipam(stack, 'Ipam', { + operatingRegion: ['eu-west-2'], //set to the region stack is being deployed to +}); + +/** + * Integ test for VPC with IPAM pool to be run with --no-clean + */ +const pool2 = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + locale: 'eu-west-2', //set to the region stack is being deployed to + publicIpSource: IpamPoolPublicIpSource.AMAZON, +}); + +pool2.provisionCidr('PublicPool0Cidr', { netmaskLength: 52 } ); + +const vpc = new vpc_v2.VpcV2(stack, 'VPCTest', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [vpc_v2.IpAddresses.ipv6Ipam({ + ipamPool: pool2, + netmaskLength: 56, + cidrBlockName: 'Ipv6IpamCidr', + })], + enableDnsHostnames: true, + enableDnsSupport: true, +}); + +/** + * Since source for IPAM IPv6 is set to amazonProvided, + * can assign IPv6 address only after the allocation + * uncomment ipv6CidrBlock and provide valid IPv6 range + */ +new SubnetV2(stack, 'testsbubnet', { + vpc, + availabilityZone: 'eu-west-2a', + ipv4CidrBlock: new IpCidr('10.0.0.0/24'), + //defined on the basis of allocation done in IPAM console + //ipv6CidrBlock: new Ipv6Cidr('2a05:d02c:25:4000::/60'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +vpc.enableVpnGateway({ + vpnRoutePropagation: [{ + subnetType: SubnetType.PRIVATE_ISOLATED, // optional, defaults to "PUBLIC" + }], + type: 'ipsec.1', +}); + +new ec2.Instance(stack, 'Instance', { + vpc, + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO), + machineImage: new ec2.AmazonLinuxImage(), +}); + +new IntegTest(app, 'integtest-model', { + testCases: [stack], +}); + diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json new file mode 100644 index 0000000000000..edea907079f09 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "a7489230071452bf2d95e6aff482ada8c6c5139402293c5aadfaa9821bd931a0": { + "source": { + "path": "aws-cdk-vpcv2-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a7489230071452bf2d95e6aff482ada8c6c5139402293c5aadfaa9821bd931a0.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json new file mode 100644 index 0000000000000..69b67454af10b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json @@ -0,0 +1,339 @@ +{ + "Resources": { + "IpamTestIpam6C9298EF": { + "Type": "AWS::EC2::IPAM", + "Properties": { + "OperatingRegions": [ + { + "RegionName": "eu-central-1" + } + ] + } + }, + "IpamTestPrivatePool039C763DC": { + "Type": "AWS::EC2::IPAMPool", + "Properties": { + "AddressFamily": "ipv4", + "IpamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PrivateDefaultScopeId" + ] + }, + "Locale": "eu-central-1", + "ProvisionedCidrs": [ + { + "Cidr": "10.2.0.0/16" + } + ] + } + }, + "IpamTestPublicPool0C44B7C49": { + "Type": "AWS::EC2::IPAMPool", + "Properties": { + "AddressFamily": "ipv6", + "AwsService": "ec2", + "IpamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PublicDefaultScopeId" + ] + }, + "Locale": "eu-central-1", + "PublicIpSource": "amazon" + } + }, + "IpamTestPublicPool0PublicPool0CidrC57CE00C": { + "Type": "AWS::EC2::IPAMPoolCidr", + "Properties": { + "IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "NetmaskLength": 52 + } + }, + "VPCintegtest1EBA1CB75": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "VPCintegtest1ipv4IpamCidr8105B4E4": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "Ipv4IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPrivatePool039C763DC", + "IpamPoolId" + ] + }, + "Ipv4NetmaskLength": 20, + "VpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "VPCintegtest1AmazonProvidedE0445E5C": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "Vpcintegtest20DAD8F9D": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.1.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "Vpcintegtest2Ipv6IpamCidrFF84EC2B": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "Ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "Ipv6NetmaskLength": 60, + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "IpamTestPublicPool0PublicPool0CidrC57CE00C" + ] + }, + "Vpcintegtest2SecondaryAddress2A96C0AF8": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "CidrBlock": "10.2.0.0/16", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "Vpcintegtest2SecondaryAddress36FC60BBC": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "CidrBlock": "10.3.0.0/16", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "testsbubnetSubnet77337845": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-central-1a", + "CidrBlock": "10.1.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsbubnetRouteTableF40F025B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsbubnetRouteTableAssociationD6D083FA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "SubnetId": { + "Ref": "testsbubnetSubnet77337845" + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsubnetSubnetDD417829": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-central-1b", + "CidrBlock": "10.2.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsubnetRouteTable55223C61": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsubnetRouteTableAssociationC106676D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "testsubnetRouteTable55223C61" + }, + "SubnetId": { + "Ref": "testsubnetSubnetDD417829" + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "validateIpv6Subnet07BD40AE": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-central-1b", + "CidrBlock": "10.3.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "validateIpv6RouteTable10861B00": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "validateIpv6RouteTableAssociationD6330457": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "validateIpv6RouteTable10861B00" + }, + "SubnetId": { + "Ref": "validateIpv6Subnet07BD40AE" + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json new file mode 100644 index 0000000000000..b73b42e18e04e --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "integtest-model/DefaultTest": { + "stacks": [ + "aws-cdk-vpcv2-alpha" + ], + "assertionStack": "integtest-model/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodelDefaultTestDeployAssertCF40BD53" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json new file mode 100644 index 0000000000000..e93a555169b11 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json new file mode 100644 index 0000000000000..07729bcb92768 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json @@ -0,0 +1,227 @@ +{ + "version": "36.0.5", + "artifacts": { + "aws-cdk-vpcv2-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-vpcv2-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-vpcv2-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-vpcv2-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a7489230071452bf2d95e6aff482ada8c6c5139402293c5aadfaa9821bd931a0.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-vpcv2-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-vpcv2-alpha.assets" + ], + "metadata": { + "/aws-cdk-vpcv2-alpha/IpamTest/Ipam": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestIpam6C9298EF" + } + ], + "/aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0/PrivatePool0": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestPrivatePool039C763DC" + } + ], + "/aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestPublicPool0C44B7C49" + } + ], + "/aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0Cidr": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestPublicPool0PublicPool0CidrC57CE00C" + } + ], + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1EBA1CB75" + } + ], + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/ipv4IpamCidr": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1ipv4IpamCidr8105B4E4" + } + ], + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1AmazonProvidedE0445E5C" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest20DAD8F9D" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Ipv6IpamCidr": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2Ipv6IpamCidrFF84EC2B" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress2": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryAddress2A96C0AF8" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress3": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryAddress36FC60BBC" + } + ], + "/aws-cdk-vpcv2-alpha/testsbubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetSubnet77337845" + } + ], + "/aws-cdk-vpcv2-alpha/testsbubnet/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableF40F025B" + } + ], + "/aws-cdk-vpcv2-alpha/testsbubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableAssociationD6D083FA" + } + ], + "/aws-cdk-vpcv2-alpha/testsubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "testsubnetSubnetDD417829" + } + ], + "/aws-cdk-vpcv2-alpha/testsubnet/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "testsubnetRouteTable55223C61" + } + ], + "/aws-cdk-vpcv2-alpha/testsubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "testsubnetRouteTableAssociationC106676D" + } + ], + "/aws-cdk-vpcv2-alpha/validateIpv6/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "validateIpv6Subnet07BD40AE" + } + ], + "/aws-cdk-vpcv2-alpha/validateIpv6/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "validateIpv6RouteTable10861B00" + } + ], + "/aws-cdk-vpcv2-alpha/validateIpv6/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "validateIpv6RouteTableAssociationD6330457" + } + ], + "/aws-cdk-vpcv2-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-vpcv2-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-vpcv2-alpha" + }, + "integtestmodelDefaultTestDeployAssertCF40BD53.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodelDefaultTestDeployAssertCF40BD53.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodelDefaultTestDeployAssertCF40BD53": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "metadata": { + "/integtest-model/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json new file mode 100644 index 0000000000000..4ef8722255a1d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json @@ -0,0 +1,618 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-vpcv2-alpha": { + "id": "aws-cdk-vpcv2-alpha", + "path": "aws-cdk-vpcv2-alpha", + "children": { + "IpamTest": { + "id": "IpamTest", + "path": "aws-cdk-vpcv2-alpha/IpamTest", + "children": { + "Ipam": { + "id": "Ipam", + "path": "aws-cdk-vpcv2-alpha/IpamTest/Ipam", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAM", + "aws:cdk:cloudformation:props": { + "operatingRegions": [ + { + "regionName": "eu-central-1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAM", + "version": "0.0.0" + } + }, + "PrivatePool0": { + "id": "PrivatePool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0", + "children": { + "PrivatePool0": { + "id": "PrivatePool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0/PrivatePool0", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", + "aws:cdk:cloudformation:props": { + "addressFamily": "ipv4", + "ipamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PrivateDefaultScopeId" + ] + }, + "locale": "eu-central-1", + "provisionedCidrs": [ + { + "cidr": "10.2.0.0/16" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPool", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0", + "children": { + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", + "aws:cdk:cloudformation:props": { + "addressFamily": "ipv6", + "awsService": "ec2", + "ipamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PublicDefaultScopeId" + ] + }, + "locale": "eu-central-1", + "publicIpSource": "amazon" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPool", + "version": "0.0.0" + } + }, + "PublicPool0Cidr": { + "id": "PublicPool0Cidr", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0Cidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPoolCidr", + "aws:cdk:cloudformation:props": { + "ipamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "netmaskLength": 52 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPoolCidr", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Ipam", + "version": "0.0.0" + } + }, + "VPC-integ-test-1": { + "id": "VPC-integ-test-1", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "ipv4IpamCidr": { + "id": "ipv4IpamCidr", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/ipv4IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv4IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPrivatePool039C763DC", + "IpamPoolId" + ] + }, + "ipv4NetmaskLength": 20, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "AmazonProvided": { + "id": "AmazonProvided", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "Vpc-integ-test-2": { + "id": "Vpc-integ-test-2", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.1.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "Ipv6IpamCidr": { + "id": "Ipv6IpamCidr", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Ipv6IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "ipv6NetmaskLength": 60, + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "SecondaryAddress2": { + "id": "SecondaryAddress2", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.2.0.0/16", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "SecondaryAddress3": { + "id": "SecondaryAddress3", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress3", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.3.0.0/16", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "testsbubnet": { + "id": "testsbubnet", + "path": "aws-cdk-vpcv2-alpha/testsbubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-central-1a", + "cidrBlock": "10.1.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "subnetId": { + "Ref": "testsbubnetSubnet77337845" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testsubnet": { + "id": "testsubnet", + "path": "aws-cdk-vpcv2-alpha/testsubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha/testsubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-central-1b", + "cidrBlock": "10.2.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha/testsubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha/testsubnet/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha/testsubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "testsubnetRouteTable55223C61" + }, + "subnetId": { + "Ref": "testsubnetSubnetDD417829" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "validateIpv6": { + "id": "validateIpv6", + "path": "aws-cdk-vpcv2-alpha/validateIpv6", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-central-1b", + "cidrBlock": "10.3.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "validateIpv6RouteTable10861B00" + }, + "subnetId": { + "Ref": "validateIpv6Subnet07BD40AE" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-vpcv2-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-vpcv2-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model": { + "id": "integtest-model", + "path": "integtest-model", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts new file mode 100644 index 0000000000000..b4174e8e3d2aa --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts @@ -0,0 +1,108 @@ +// /* +// * Our integration tests act as snapshot tests to make sure the rendered template is stable. +// * If any changes to the result are required, +// * you need to perform an actual CloudFormation deployment of this application, +// * and, if it is successful, a new snapshot will be written out. +// * +// * For more information on CDK integ tests, +// * see the main CONTRIBUTING.md file. +// */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import { AddressFamily, AwsServiceName, Ipam, IpamPoolPublicIpSource } from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { SubnetV2, IpCidr } from '../lib/subnet-v2'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2-alpha'); + +const ipam = new Ipam(stack, 'IpamTest', { + operatingRegion: ['eu-central-1'], +}); + +/**Test Ipam Pool Ipv4 */ + +const pool1 = ipam.privateScope.addPool('PrivatePool0', { + addressFamily: AddressFamily.IP_V4, + ipv4ProvisionedCidrs: ['10.2.0.0/16'], + locale: 'eu-central-1', +}); + +const pool2 = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + locale: 'eu-central-1', + publicIpSource: IpamPoolPublicIpSource.AMAZON, +}); +pool2.provisionCidr('PublicPool0Cidr', { netmaskLength: 52 } ); + +/** Test Ipv4 Primary and Secondary address */ +new vpc_v2.VpcV2(stack, 'VPC-integ-test-1', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.ipv4Ipam({ + ipamPool: pool1, + netmaskLength: 20, + cidrBlockName: 'ipv4IpamCidr', + }), + //Test secondary ipv6 address + vpc_v2.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonProvided', + }), + ], + enableDnsHostnames: true, + enableDnsSupport: true, +}); + +/** + * Integ test for VPC with IPAM pool to be run with --no-clean + */ +const vpc = new vpc_v2.VpcV2(stack, 'Vpc-integ-test-2', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc_v2.IpAddresses.ipv6Ipam({ + ipamPool: pool2, + netmaskLength: 60, + cidrBlockName: 'Ipv6IpamCidr', + }), + vpc_v2.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'SecondaryAddress2', + }), + vpc_v2.IpAddresses.ipv4('10.3.0.0/16', { + cidrBlockName: 'SecondaryAddress3', + }, + )], +}); + +new SubnetV2(stack, 'testsbubnet', { + vpc, + availabilityZone: 'eu-central-1a', + ipv4CidrBlock: new IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +new SubnetV2(stack, 'testsubnet', { + vpc, + availabilityZone: 'eu-central-1b', + ipv4CidrBlock: new IpCidr('10.2.0.0/24'), + //Test secondary ipv6 address after IPAM pool creation + //ipv6CidrBlock: new Ipv6Cidr('2001:db8:1::/64'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +//Validate ipv6 IPAM +new SubnetV2(stack, 'validateIpv6', { + vpc, + ipv4CidrBlock: new IpCidr('10.3.0.0/24'), + availabilityZone: 'eu-central-1b', + //Test secondary ipv6 address after IPAM pool creation + //ipv6CidrBlock: new Ipv6Cidr('2001:db8::/48'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +new IntegTest(app, 'integtest-model', { + testCases: [stack], +}); + diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts new file mode 100644 index 0000000000000..aa3fd7884bccd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts @@ -0,0 +1,158 @@ +import { Template } from 'aws-cdk-lib/assertions'; +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib'; +import { AddressFamily, Ipam, IpamPoolPublicIpSource } from '../lib'; + +describe('IPAM Test', () => { + let stack: cdk.Stack; + let ipam: Ipam; + + beforeEach(() => { + const envUSA = { region: 'us-west-2' }; + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app, 'IPAMTestStack', { + env: envUSA, + }); + ipam = new Ipam(stack, 'Ipam', { + operatingRegion: ['us-west-2'], + }); + }); + + test('Creates IP Pool under Public Scope', () => { + + const pool = ipam.publicScope.addPool('Public', { + addressFamily: AddressFamily.IP_V6, + awsService: vpc.AwsServiceName.EC2, + locale: 'us-west-2', + publicIpSource: IpamPoolPublicIpSource.AMAZON, + }); + + new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.2.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 52, + cidrBlockName: 'Ipv6Ipam', + })], + }); + Template.fromStack(stack).hasResourceProperties( + 'AWS::EC2::IPAMPool', + { + AddressFamily: 'ipv6', + IpamScopeId: { + 'Fn::GetAtt': ['Ipam50346F82', 'PublicDefaultScopeId'], + }, + Locale: 'us-west-2', + }, + ); //End Template + }); // End Test + + test('Creates IP Pool under Private Scope', () => { + + const pool = ipam.privateScope.addPool('Private', { + addressFamily: vpc.AddressFamily.IP_V4, + ipv4ProvisionedCidrs: ['10.2.0.0/16'], + locale: 'us-west-2', + }); + + new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.2.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4Ipam({ + ipamPool: pool, + netmaskLength: 20, + cidrBlockName: 'SecondaryIpv4', + })], + }); + Template.fromStack(stack).hasResourceProperties( + 'AWS::EC2::IPAMPool', + { + AddressFamily: 'ipv4', + IpamScopeId: { + 'Fn::GetAtt': ['Ipam50346F82', 'PrivateDefaultScopeId'], + }, + Locale: 'us-west-2', + }, + ); //End Template + }); + + test('Creates IPAM CIDR pool under public scope for IPv6', () => { + // Create IPAM resources + const ipamIpv6 = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-2'], + }); + const poolOptions: vpc.PoolOptions = { + addressFamily: AddressFamily.IP_V6, + awsService: vpc.AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-2', + }; + ipamIpv6.publicScope.addPool('TestPool', poolOptions); + + // Define the expected CloudFormation template + const expectedTemplate = { + Resources: { + Ipam50346F82: { Type: 'AWS::EC2::IPAM' }, + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamTestPool5D90F91B: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv6', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, + Locale: 'us-west-2', + }, + }, + }, + }; + // // Assert that the generated template matches the expected template + Template.fromStack(stack).templateMatches(expectedTemplate); + }); + + test('Get region from stack env', () => { + // Create IPAM resources + const ipamRegion = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-2'], + }); + const poolOptions: vpc.PoolOptions = { + addressFamily: AddressFamily.IP_V6, + awsService: vpc.AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-2', + }; + ipamRegion.publicScope.addPool('TestPool', poolOptions); + + // Define the expected CloudFormation template + const expectedTemplate = { + Resources: { + Ipam50346F82: { Type: 'AWS::EC2::IPAM' }, + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamTestPool5D90F91B: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv6', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, + Locale: 'us-west-2', + }, + }, + }, + }; + // // Assert that the generated template matches the expected template + Template.fromStack(stack).templateMatches(expectedTemplate); + }); + + test('Creates IPAM with default scopes', () => { + new Ipam(stack, 'TestIpam', { + }); + Template.fromStack(stack).hasResource( + 'AWS::EC2::IPAM', {}, + ); + }); + +});// End Test \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts new file mode 100644 index 0000000000000..e5dc355fc1aea --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts @@ -0,0 +1,674 @@ +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import * as subnet from '../lib/subnet-v2'; +import { CfnEIP, GatewayVpcEndpoint, GatewayVpcEndpointAwsService, SubnetType, VpnConnectionType } from 'aws-cdk-lib/aws-ec2'; +import * as route from '../lib/route'; +import { Template } from 'aws-cdk-lib/assertions'; + +describe('EC2 Routing', () => { + let stack: cdk.Stack; + let myVpc: vpc.VpcV2; + let mySubnet: subnet.SubnetV2; + let routeTable: route.RouteTable; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + myVpc = new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }); + routeTable = new route.RouteTable(stack, 'TestRouteTable', { + vpc: myVpc, + }); + mySubnet = new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: myVpc, + availabilityZone: 'us-east-1a', + ipv4CidrBlock: new subnet.IpCidr('10.0.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr(cdk.Fn.select(0, myVpc.ipv6CidrBlocks)), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + routeTable: routeTable, + }); + }); + + test('Route to EIGW', () => { + const eigw = new route.EgressOnlyInternetGateway(stack, 'TestEIGW', { + vpc: myVpc, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: eigw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // EIGW should be in stack + TestEIGW4E4CDA8D: { + Type: 'AWS::EC2::EgressOnlyInternetGateway', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', 'VpcId', + ], + }, + }, + }, + // Route linking IP to EIGW should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + EgressOnlyInternetGatewayId: { + 'Fn::GetAtt': [ + 'TestEIGW4E4CDA8D', 'Id', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', 'RouteTableId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to VPN Gateway', () => { + const vpngw = new route.VPNGateway(stack, 'TestVpnGw', { + type: VpnConnectionType.IPSEC_1, + vpc: myVpc, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: vpngw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // VPN Gateway should be in stack + TestVpnGwIGW11AF5344: { + Type: 'AWS::EC2::VPNGateway', + Properties: { + Type: 'ipsec.1', + }, + }, + // Route linking IP to VPN GW should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + GatewayId: { + 'Fn::GetAtt': [ + 'TestVpnGwIGW11AF5344', 'VPNGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', 'RouteTableId', + ], + }, + }, + }, + // Route Gateway attachment should be in stack + TestRouteGWAttachmentDD69361B: { + Type: 'AWS::EC2::VPCGatewayAttachment', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', 'VpcId', + ], + }, + VpnGatewayId: { + 'Fn::GetAtt': [ + 'TestVpnGwIGW11AF5344', 'VPNGatewayId', + ], + }, + }, + }, + }, + }); + }), + + test('Route to VPN Gateway with optional properties', () => { + new route.VPNGateway(stack, 'TestVpnGw', { + type: VpnConnectionType.IPSEC_1, + vpc: myVpc, + amazonSideAsn: 12345678, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // VPN Gateway should be in stack + TestVpnGwIGW11AF5344: { + Type: 'AWS::EC2::VPNGateway', + Properties: { + AmazonSideAsn: 12345678, + Type: 'ipsec.1', + }, + }, + }, + }); + }), + + test('Route to Internet Gateway', () => { + const igw = new route.InternetGateway(stack, 'TestIGW', { + vpc: myVpc, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: igw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // Internet Gateway should be in stack + TestIGW1B4DB37D: { + Type: 'AWS::EC2::InternetGateway', + }, + // Route linking IP to IGW should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + GatewayId: { + 'Fn::GetAtt': [ + 'TestIGW1B4DB37D', 'InternetGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', 'RouteTableId', + ], + }, + }, + }, + // Route Gateway attachment should be in stack + TestRouteGWAttachmentDD69361B: { + Type: 'AWS::EC2::VPCGatewayAttachment', + Properties: { + InternetGatewayId: { + 'Fn::GetAtt': [ + 'TestIGW1B4DB37D', 'InternetGatewayId', + ], + }, + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to private NAT Gateway', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + ConnectivityType: 'private', + PrivateIpAddress: '10.0.0.42', + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to private NAT Gateway with secondary IP addresses', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + secondaryPrivateIpAddresses: [ + '10.0.1.0/28', + '10.0.2.0/28', + ], + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + ConnectivityType: 'private', + PrivateIpAddress: '10.0.0.42', + SecondaryPrivateIpAddresses: [ + '10.0.1.0/28', + '10.0.2.0/28', + ], + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + + }, + }); + }); + + test('Route to private NAT Gateway with secondary IP count', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + secondaryPrivateIpAddressCount: 2, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + ConnectivityType: 'private', + PrivateIpAddress: '10.0.0.42', + SecondaryPrivateIpAddressCount: 2, + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to public NAT Gateway', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + // EIP should be created when not provided + TestNATGWEIP0A279819: { + Type: 'AWS::EC2::EIP', + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + }, + }); + }); + + test('Route to public NAT Gateway with provided EIP', () => { + const eip = new CfnEIP(stack, 'MyEIP', { + domain: myVpc.vpcId, + }); + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + allocationId: eip.attrAllocationId, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + // EIP should be in stack + MyEIP: { + Type: 'AWS::EC2::EIP', + Properties: { + Domain: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to public NAT Gateway with many parameters', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PUBLIC, + maxDrainDuration: cdk.Duration.seconds(2001), + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + AllocationId: { + 'Fn::GetAtt': [ + 'TestNATGWEIP0A279819', + 'AllocationId', + ], + }, + ConnectivityType: 'public', + MaxDrainDurationSeconds: 2001, + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + // EIP should be created when not provided + TestNATGWEIP0A279819: { + Type: 'AWS::EC2::EIP', + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + }, + }); + }); + + test('Route to DynamoDB Endpoint', () => { + const dynamodb = new GatewayVpcEndpoint(stack, 'TestDB', { + vpc: myVpc, + service: GatewayVpcEndpointAwsService.DYNAMODB, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { endpoint: dynamodb }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // DynamoDB endpoint should be in stack + TestDB27CDA92F: { + Type: 'AWS::EC2::VPCEndpoint', + Properties: { + RouteTableIds: [ + { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + ], + ServiceName: { + 'Fn::Join': [ + '', + [ + 'com.amazonaws.', + { Ref: 'AWS::Region' }, + '.dynamodb', + ], + ], + }, + VpcEndpointType: 'Gateway', + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to S3 Endpoint', () => { + const dynamodb = new GatewayVpcEndpoint(stack, 'TestS3', { + vpc: myVpc, + service: GatewayVpcEndpointAwsService.S3, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { endpoint: dynamodb }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // S3 endpoint should be in stack + TestS38FCC715C: { + Type: 'AWS::EC2::VPCEndpoint', + Properties: { + RouteTableIds: [ + { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + ], + ServiceName: { + 'Fn::Join': [ + '', + [ + 'com.amazonaws.', + { Ref: 'AWS::Region' }, + '.s3', + ], + ], + }, + VpcEndpointType: 'Gateway', + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to S3 Express Endpoint', () => { + const dynamodb = new GatewayVpcEndpoint(stack, 'TestS3E', { + vpc: myVpc, + service: GatewayVpcEndpointAwsService.S3_EXPRESS, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { endpoint: dynamodb }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // S3 endpoint should be in stack + TestS3E055E5994: { + Type: 'AWS::EC2::VPCEndpoint', + Properties: { + RouteTableIds: [ + { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + ], + ServiceName: { + 'Fn::Join': [ + '', + [ + 'com.amazonaws.', + { Ref: 'AWS::Region' }, + '.s3express', + ], + ], + }, + VpcEndpointType: 'Gateway', + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + +}); diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts new file mode 100644 index 0000000000000..bf1c3209dacce --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts @@ -0,0 +1,305 @@ +import { Template } from 'aws-cdk-lib/assertions'; +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import * as subnet from '../lib/subnet-v2'; +import { NetworkAcl, SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { AddressFamily, AwsServiceName, Ipam, IpamPoolPublicIpSource } from '../lib/ipam'; +import { createTestSubnet } from './util'; + +/** + * Test suite for the SubnetV2 class. + * Verifies the correct behavior and functionality of creating and managing subnets within a VpcV2 instance. + */ +describe('Subnet V2 with custom IP and routing', () => { + let stack: cdk.Stack; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + + }); + + test('should create a subnet with valid input parameters', () => { + + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + + const subnetConfig = { + vpcV2: testVpc, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + + createTestSubnet(stack, subnetConfig); + + Template.fromStack(stack).templateMatches({ + Resources: { + TestVPCD26570D8: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + }, + }, + TestSubnet2A4BE4CA: { + Type: 'AWS::EC2::Subnet', + Properties: { + CidrBlock: '10.1.0.0/24', + AvailabilityZone: 'us-east-1a', + VpcId: { + 'Fn::GetAtt': [ + 'TestVPCD26570D8', + 'VpcId', + ], + }, + }, + }, + }, + }); + + }); + + test('Should throw error if overlapping CIDR block(IPv4) for the subnet', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + + createTestSubnet(stack, subnetConfig); + + // Define a second subnet with an overlapping CIDR range + expect(() => new subnet.SubnetV2(stack, 'InvalidSubnet', { + vpc: testVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('CIDR block should not overlap with existing subnet blocks'); + }); + + test('Should throw error if invalid CIDR block', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + + expect(() => new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVPC, + ipv4CidrBlock: new subnet.IpCidr('10.3.0.0/23'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('CIDR block should be within the range of VPC'); + }); + + test('Should throw error if VPC does not support IPv6', () => { + const TestVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + expect(() => new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: TestVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('To use IPv6, the VPC must enable IPv6 support.'); + }); + + test('Create Subnet with IPv6 if it is Amazon Provided Ipv6 is enabled on VPC', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6Cidr: new subnet.IpCidr('2001:db8:1::/64'), + subnetType: SubnetType.PUBLIC, + }; + createTestSubnet(stack, subnetConfig); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVPCD26570D8: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + }, + }, + TestSubnet2A4BE4CA: { + Type: 'AWS::EC2::Subnet', + Properties: { + CidrBlock: '10.1.0.0/24', + AvailabilityZone: 'us-east-1a', + VpcId: { + 'Fn::GetAtt': [ + 'TestVPCD26570D8', + 'VpcId', + ], + }, + Ipv6CidrBlock: '2001:db8:1::/64', + }, + }, + }, + }); + }); + + test('Create Subnet with IPv6 if it is Ipam Ipv6 is enabled on VPC', () => { + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + const pool = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-1', + }); + const TestVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 60, + cidrBlockName: 'ipv6Ipam', + })], + }); + + new subnet.SubnetV2(stack, 'IpamSubnet', { + vpc: TestVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamPublicPool0588A338B: { + Type: 'AWS::EC2::IPAMPool', + Properties: + { + AddressFamily: 'ipv6', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, + }, + }, + TestVPCD26570D8: { Type: 'AWS::EC2::VPC' }, + TestVPCipv6Ipam6024F9EC: { Type: 'AWS::EC2::VPCCidrBlock' }, + IpamSubnet78671F8A: { + Type: 'AWS::EC2::Subnet', + Properties: { + CidrBlock: '10.1.0.0/24', + AvailabilityZone: 'us-east-1a', + VpcId: { 'Fn::GetAtt': ['TestVPCD26570D8', 'VpcId'] }, + Ipv6CidrBlock: '2001:db8:1::/64', + }, + }, + }, + }); + }); + + test('Should throw error if overlapping CIDR block(IPv6) for the subnet', () => { + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + const pool = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-1', + }); + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 60, + cidrBlockName: 'ipv6Ipam', + })], + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + subnetType: SubnetType.PUBLIC, + }; + createTestSubnet(stack, subnetConfig); + + // Define a second subnet with an overlapping CIDR range + expect(() => new subnet.SubnetV2(stack, 'OverlappingSubnet', { + vpc: testVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1:1::/64'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('CIDR block should not overlap with existing subnet blocks'); + }); + + test('should store the subnet to VPC by subnet type', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + const testsubnet = createTestSubnet(stack, subnetConfig); + + /** + * Test case: Verify that the subnet is correctly stored in the VPC's collection of public subnets. + * Expected outcome: The testsubnet should be the only public subnet in the VPC. + */ + expect(testVPC.publicSubnets.length).toEqual(1); + expect(testVPC.publicSubnets[0]).toEqual(testsubnet); + }); + + test('should associate a NetworkAcl with the subnet', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + const subnetConfig = { + vpcV2: testVpc, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + const testsubnet = createTestSubnet(stack, subnetConfig); + + const networkAcl = new NetworkAcl(stack, 'TestNetworkAcl', { + vpc: testVpc, + }); + + testsubnet.associateNetworkAcl('TestAssociation', networkAcl); + + expect(Template.fromStack(stack).hasResource('AWS::EC2::SubnetNetworkAclAssociation', {})); + }); + +}); diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/util.ts b/packages/@aws-cdk/aws-ec2-alpha/test/util.ts new file mode 100644 index 0000000000000..89fb42c30861b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/util.ts @@ -0,0 +1,27 @@ +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import * as subnet from '../lib/subnet-v2'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { AddressFamily } from '../lib'; + +export function createTestSubnet( + stack: cdk.Stack, + config: { + vpcV2: vpc.VpcV2; + availabilityZone: string; + cidrBlock: subnet.IpCidr; + subnetType: SubnetType; + addressFamily?: AddressFamily; + ipv6Cidr?: subnet.IpCidr; + }, +): subnet.SubnetV2 { + const { vpcV2, availabilityZone, cidrBlock, subnetType, ipv6Cidr } = config; + + return new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: vpcV2, + availabilityZone, + ipv4CidrBlock: cidrBlock, + subnetType, + ipv6CidrBlock: ipv6Cidr, + }); +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts new file mode 100644 index 0000000000000..5b2167ae3007b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts @@ -0,0 +1,260 @@ +import { Template } from 'aws-cdk-lib/assertions'; +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import { AddressFamily, AwsServiceName, Ipam, IpamPoolPublicIpSource } from '../lib'; + +describe('Vpc V2 with full control', () => { + let stack: cdk.Stack; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + }); + + test('VPC with primary address', () => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + }, + }); + }); + + test('VPC with secondary IPv4 address', () => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'SecondaryAddress', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + TestVpcSecondaryAddressD76FCD9C: { + Type: 'AWS::EC2::VPCCidrBlock', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + + }); + + test('VPC throws error with incorrect cidr range (IPv4)', () => { + expect(() => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('192.168.0.0/16', { + cidrBlockName: 'SecondaryIpv4', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + }).toThrow('CIDR block should be in the same RFC 1918 range in the VPC'); + }); + + test('VPC supports secondary Amazon Provided IPv6 address', () => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonProvided' })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + TestVpcAmazonProvided569F7097: { + Type: 'AWS::EC2::VPCCidrBlock', + Properties: { + AmazonProvidedIpv6CidrBlock: true, //Amazon Provided IPv6 address + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + + }); + + test('VPC Primary IP from Ipv4 Ipam', () => { + + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + + const pool = ipam.privateScope.addPool('PrivatePool0', { + addressFamily: AddressFamily.IP_V4, + ipv4ProvisionedCidrs: ['10.1.0.1/24'], + locale: 'us-west-1', + }); + + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4Ipam({ + ipamPool: pool, + netmaskLength: 28, + cidrBlockName: 'IPv4Ipam', + }), + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamPrivatePool0E8589980: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv4', + IpamScopeId: { 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PrivateDefaultScopeId'] }, + Locale: 'us-west-1', + ProvisionedCidrs: [ + { + Cidr: '10.1.0.1/24', + }, + ], + }, + }, + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + Ipv4IpamPoolId: { + 'Fn::GetAtt': [ + 'TestIpamPrivatePool0E8589980', + 'IpamPoolId', + ], + }, + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + }, + }); + }); + + test('VPC Secondary IP from Ipv6 Ipam', () => { + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + + const pool = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-1', + }); + pool.provisionCidr('PublicPoolCidr', { + netmaskLength: 60, + }); + + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 64, + cidrBlockName: 'IPv6Ipam', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamPublicPool0588A338B: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv6', + AwsService: 'ec2', + IpamScopeId: { 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'] }, + PublicIpSource: 'amazon', + }, + }, + // Test Amazon Provided IPAM IPv6 + TestIpamPublicPool0PublicPoolCidrB0FF20F7: { + Type: 'AWS::EC2::IPAMPoolCidr', + Properties: { + IpamPoolId: { + 'Fn::GetAtt': [ + 'TestIpamPublicPool0588A338B', + 'IpamPoolId', + ], + }, + NetmaskLength: 60, + }, + }, + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + TestVpcIPv6Ipam178145A5: { + Type: 'AWS::EC2::VPCCidrBlock', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + Ipv6IpamPoolId: { + 'Fn::GetAtt': [ + 'TestIpamPublicPool0588A338B', + 'IpamPoolId', + ], + }, + Ipv6NetmaskLength: 64, + }, + }, + }, + }); + }); +}); + diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock index 76849b1bba333..56c424a77a645 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock @@ -16,11 +16,12 @@ "default": { "certifi": { "hashes": [ - "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082", - "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9" + "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", + "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90" ], + "index": "pypi", "markers": "python_version >= '3.6'", - "version": "==2023.7.22" + "version": "==2024.7.4" }, "charset-normalizer": { "hashes": [ diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt index b1fe59f163280..e57512c4102d5 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt @@ -1,5 +1,5 @@ # Lock versions of pip packages -certifi==2023.7.22 +certifi==2024.7.4 chardet==3.0.4 idna==3.7 urllib3==1.26.18 diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt index 404d7b7716fe8..dedc6c4f75539 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt @@ -1,5 +1,5 @@ # Lock versions of pip packages -certifi==2023.7.22 +certifi==2024.7.4 chardet==3.0.4 idna==3.7 urllib3==1.26.18 diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/README.md b/packages/@aws-cdk/aws-sagemaker-alpha/README.md index cdddec2ec8103..f4798faf19036 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/README.md +++ b/packages/@aws-cdk/aws-sagemaker-alpha/README.md @@ -78,6 +78,31 @@ const model = new sagemaker.Model(this, 'InferencePipelineModel', { }); ``` +### Model Properties + +#### Network Isolation + +If you enable [network isolation](https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html), the containers can't make any outbound network calls, even to other AWS services such as Amazon S3. Additionally, no AWS credentials are made available to the container runtime environment. + +To enable network isolation, set the `networkIsolation` property to `true`: + +```typescript +import * as sagemaker from '@aws-cdk/aws-sagemaker-alpha'; + +declare const image: sagemaker.ContainerImage; +declare const modelData: sagemaker.ModelData; + +const model = new sagemaker.Model(this, 'ContainerModel', { + containers: [ + { + image, + modelData, + } + ], + networkIsolation: true, +}); +``` + ### Container Images Inference code can be stored in the Amazon EC2 Container Registry (Amazon ECR), which is specified diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts b/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts index 589caed2e9556..28f88d4934b1d 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts +++ b/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts @@ -206,6 +206,17 @@ export interface ModelProps { * @default true */ readonly allowAllOutbound?: boolean; + + /** + * Whether to enable network isolation for the model container. + * + * When enabled, no inbound or outbound network calls can be made to or from the model container. + * + * @see https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html + * + * @default false + */ + readonly networkIsolation?: boolean; } /** @@ -312,6 +323,7 @@ export class Model extends ModelBase { primaryContainer: cdk.Lazy.any({ produce: () => this.renderPrimaryContainer() }), vpcConfig: cdk.Lazy.any({ produce: () => this.renderVpcConfig() }), containers: cdk.Lazy.any({ produce: () => this.renderContainers() }), + enableNetworkIsolation: props.networkIsolation, }); this.modelName = this.getResourceNameAttribute(model.attrModelName); this.modelArn = this.getResourceArnAttribute(model.ref, { diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json index d350b0f8b2887..b325edd0bba0b 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json @@ -14,7 +14,7 @@ } } }, - "3091b68a4482354b22fb86be9dfa04e7f07fd597c15825ad5b16b32f8fdaaf6a": { + "2bf7be4479c7f2590f4e7436df08e6f6516adf0e7234bfcfd7ea7115c7e6dfb6": { "source": { "path": "aws-cdk-sagemaker-model.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3091b68a4482354b22fb86be9dfa04e7f07fd597c15825ad5b16b32f8fdaaf6a.json", + "objectKey": "2bf7be4479c7f2590f4e7436df08e6f6516adf0e7234bfcfd7ea7115c7e6dfb6.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json index 51f06e115d3f8..1a783d4262dce 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json @@ -898,6 +898,169 @@ "HuggingFaceModelRoleDefaultPolicy50587D35", "HuggingFaceModelRoleDA17DA00" ] + }, + "NetworkIsolationModelRole562D6C7F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sagemaker.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSageMakerFullAccess" + ] + ] + } + ] + } + }, + "NetworkIsolationModelRoleDefaultPolicy84ACFE88": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "NetworkIsolationModelRoleDefaultPolicy84ACFE88", + "Roles": [ + { + "Ref": "NetworkIsolationModelRole562D6C7F" + } + ] + } + }, + "NetworkIsolationModel29FE9107": { + "Type": "AWS::SageMaker::Model", + "Properties": { + "Containers": [ + { + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + } + }, + { + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "ModelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + }, + { + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "ModelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + } + ], + "EnableNetworkIsolation": true, + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "NetworkIsolationModelRole562D6C7F", + "Arn" + ] + } + }, + "DependsOn": [ + "NetworkIsolationModelRoleDefaultPolicy84ACFE88", + "NetworkIsolationModelRole562D6C7F" + ] } }, "Mappings": { diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json index 0991dc132bb8b..9411f22bfb458 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3091b68a4482354b22fb86be9dfa04e7f07fd597c15825ad5b16b32f8fdaaf6a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2bf7be4479c7f2590f4e7436df08e6f6516adf0e7234bfcfd7ea7115c7e6dfb6.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -238,6 +238,24 @@ "data": "DlcRepositoryAccountMap" } ], + "/aws-cdk-sagemaker-model/NetworkIsolationModel/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NetworkIsolationModelRole562D6C7F" + } + ], + "/aws-cdk-sagemaker-model/NetworkIsolationModel/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NetworkIsolationModelRoleDefaultPolicy84ACFE88" + } + ], + "/aws-cdk-sagemaker-model/NetworkIsolationModel/Model": [ + { + "type": "aws:cdk:logicalId", + "data": "NetworkIsolationModel29FE9107" + } + ], "/aws-cdk-sagemaker-model/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json index 660e3efff302b..60a1416e86bb8 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json @@ -1169,13 +1169,13 @@ "version": "0.0.0" } }, - "ModelImage4351027d8888cb0133eeba7ae4ab91c5": { - "id": "ModelImage4351027d8888cb0133eeba7ae4ab91c5", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage4351027d8888cb0133eeba7ae4ab91c5", + "ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62": { + "id": "ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62", "children": { "Staging": { "id": "Staging", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage4351027d8888cb0133eeba7ae4ab91c5/Staging", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62/Staging", "constructInfo": { "fqn": "aws-cdk-lib.AssetStaging", "version": "0.0.0" @@ -1183,7 +1183,7 @@ }, "Repository": { "id": "Repository", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage4351027d8888cb0133eeba7ae4ab91c5/Repository", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62/Repository", "constructInfo": { "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", "version": "0.0.0" @@ -1195,13 +1195,13 @@ "version": "0.0.0" } }, - "ModelDatab93b3e254f66541093e95be708719bbd": { - "id": "ModelDatab93b3e254f66541093e95be708719bbd", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDatab93b3e254f66541093e95be708719bbd", + "ModelDataac735c034334b02fb2f240145313a846": { + "id": "ModelDataac735c034334b02fb2f240145313a846", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDataac735c034334b02fb2f240145313a846", "children": { "Stage": { "id": "Stage", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDatab93b3e254f66541093e95be708719bbd/Stage", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDataac735c034334b02fb2f240145313a846/Stage", "constructInfo": { "fqn": "aws-cdk-lib.AssetStaging", "version": "0.0.0" @@ -1209,7 +1209,7 @@ }, "AssetBucket": { "id": "AssetBucket", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDatab93b3e254f66541093e95be708719bbd/AssetBucket", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDataac735c034334b02fb2f240145313a846/AssetBucket", "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketBase", "version": "0.0.0" @@ -1471,6 +1471,227 @@ "version": "0.0.0" } }, + "NetworkIsolationModel": { + "id": "NetworkIsolationModel", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel", + "children": { + "Role": { + "id": "Role", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sagemaker.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSageMakerFullAccess" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "NetworkIsolationModelRoleDefaultPolicy84ACFE88", + "roles": [ + { + "Ref": "NetworkIsolationModelRole562D6C7F" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Model": { + "id": "Model", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Model", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SageMaker::Model", + "aws:cdk:cloudformation:props": { + "containers": [ + { + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + } + }, + { + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "modelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + }, + { + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "modelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + } + ], + "enableNetworkIsolation": true, + "executionRoleArn": { + "Fn::GetAtt": [ + "NetworkIsolationModelRole562D6C7F", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sagemaker.CfnModel", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-sagemaker-alpha.Model", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-sagemaker-model/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts index 4de64b4b6dafe..e52785a2b35a0 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts @@ -131,6 +131,15 @@ new sagemaker.Model(stack, 'HuggingFaceModel', { ], }); +new sagemaker.Model(stack, 'NetworkIsolationModel', { + containers: [ + { image: localImage }, + { image: localImage, modelData: localModelData }, + { image: localImage, modelData: localModelData }, + ], + networkIsolation: true, +}); + new IntegTest(app, 'integtest-model', { testCases: [stack], }); diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts b/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts index f4e64ec6131fc..d08ac389ed5e4 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts @@ -98,6 +98,22 @@ describe('When instantiating SageMaker Model', () => { expect(Object.entries(manifest.dockerImages)).toHaveLength(1); }); + test('set network isolation', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new sagemaker.Model(stack, 'Model', { + containers: [{ image: sagemaker.ContainerImage.fromEcrRepository(new ecr.Repository(stack, 'Repo')) }], + networkIsolation: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::SageMaker::Model', { + EnableNetworkIsolation: true, + }); + }); + describe('with a VPC', () => { test('and security groups, no security group is created', () => { // GIVEN diff --git a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES index 2c9a5a75dad60..1fb7f7fdfaabf 100644 --- a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES +++ b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES @@ -207,7 +207,7 @@ The @aws-cdk/cli-lib-alpha package includes the following third-party software/l ---------------- -** @jsii/check-node@1.97.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.97.0 | Apache-2.0 +** @jsii/check-node@1.102.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.102.0 | Apache-2.0 jsii Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -266,7 +266,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** ajv@8.12.0 - https://www.npmjs.com/package/ajv/v/8.12.0 | MIT +** ajv@8.16.0 - https://www.npmjs.com/package/ajv/v/8.16.0 | MIT The MIT License (MIT) Copyright (c) 2015-2021 Evgeny Poberezkin @@ -493,7 +493,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE ---------------- -** aws-sdk@2.1596.0 - https://www.npmjs.com/package/aws-sdk/v/2.1596.0 | Apache-2.0 +** aws-sdk@2.1653.0 - https://www.npmjs.com/package/aws-sdk/v/2.1653.0 | Apache-2.0 AWS SDK for JavaScript Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -601,10 +601,10 @@ SOFTWARE. ---------------- -** braces@3.0.2 - https://www.npmjs.com/package/braces/v/3.0.2 | MIT +** braces@3.0.3 - https://www.npmjs.com/package/braces/v/3.0.3 | MIT The MIT License (MIT) -Copyright (c) 2014-2018, Jon Schlinkert. +Copyright (c) 2014-present, Jon Schlinkert. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -691,7 +691,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI ---------------- -** cdk-from-cfn@0.156.0 - https://www.npmjs.com/package/cdk-from-cfn/v/0.156.0 | MIT OR Apache-2.0 +** cdk-from-cfn@0.162.0 - https://www.npmjs.com/package/cdk-from-cfn/v/0.162.0 | MIT OR Apache-2.0 ---------------- @@ -1123,7 +1123,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** debug@4.3.4 - https://www.npmjs.com/package/debug/v/4.3.4 | MIT +** debug@4.3.5 - https://www.npmjs.com/package/debug/v/4.3.5 | MIT (The MIT License) Copyright (c) 2014-2017 TJ Holowaychuk @@ -1390,7 +1390,7 @@ SOFTWARE. ---------------- -** fill-range@7.0.1 - https://www.npmjs.com/package/fill-range/v/7.0.1 | MIT +** fill-range@7.1.1 - https://www.npmjs.com/package/fill-range/v/7.1.1 | MIT The MIT License (MIT) Copyright (c) 2014-present, Jon Schlinkert. @@ -1667,7 +1667,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** https-proxy-agent@7.0.4 - https://www.npmjs.com/package/https-proxy-agent/v/7.0.4 | MIT +** https-proxy-agent@7.0.5 - https://www.npmjs.com/package/https-proxy-agent/v/7.0.5 | MIT (The MIT License) Copyright (c) 2013 Nathan Rajlich @@ -2315,26 +2315,6 @@ licenses; we recommend you read them, as their terms may differ from the terms above. ----------------- - -** lru-cache@6.0.0 - https://www.npmjs.com/package/lru-cache/v/6.0.0 | ISC -The ISC License - -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - ---------------- ** lru-cache@7.18.3 - https://www.npmjs.com/package/lru-cache/v/7.18.3 | ISC @@ -2497,7 +2477,30 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---------------- -** pac-proxy-agent@7.0.1 - https://www.npmjs.com/package/pac-proxy-agent/v/7.0.1 | MIT +** pac-proxy-agent@7.0.2 - https://www.npmjs.com/package/pac-proxy-agent/v/7.0.2 | MIT +(The MIT License) + +Copyright (c) 2014 Nathan Rajlich + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + ---------------- @@ -3094,10 +3097,10 @@ THE SOFTWARE. ---------------- -** sax@1.3.0 - https://www.npmjs.com/package/sax/v/1.3.0 | ISC +** sax@1.4.1 - https://www.npmjs.com/package/sax/v/1.4.1 | ISC The ISC License -Copyright (c) 2010-2022 Isaac Z. Schlueter and Contributors +Copyright (c) 2010-2024 Isaac Z. Schlueter and Contributors Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -3116,7 +3119,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. `String.fromCodePoint` by Mathias Bynens used according to terms of MIT License, as follows: -Copyright (c) 2010-2022 Mathias Bynens +Copyright (c) 2010-2024 Mathias Bynens Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the @@ -3140,7 +3143,27 @@ Copyright (c) 2010-2022 Mathias Bynens ---------------- -** semver@7.6.0 - https://www.npmjs.com/package/semver/v/7.6.0 | ISC +** semver@7.6.2 - https://www.npmjs.com/package/semver/v/7.6.2 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** semver@7.6.3 - https://www.npmjs.com/package/semver/v/7.6.3 | ISC The ISC License Copyright (c) Isaac Z. Schlueter and Contributors @@ -3200,7 +3223,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** socks-proxy-agent@8.0.3 - https://www.npmjs.com/package/socks-proxy-agent/v/8.0.3 | MIT +** socks-proxy-agent@8.0.4 - https://www.npmjs.com/package/socks-proxy-agent/v/8.0.4 | MIT (The MIT License) Copyright (c) 2013 Nathan Rajlich @@ -3545,7 +3568,7 @@ THE SOFTWARE. ---------------- -** tslib@2.6.2 - https://www.npmjs.com/package/tslib/v/2.6.2 | 0BSD +** tslib@2.6.3 - https://www.npmjs.com/package/tslib/v/2.6.3 | 0BSD Copyright (c) Microsoft Corporation. Permission to use, copy, modify, and/or distribute this software for any @@ -3723,26 +3746,6 @@ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------- - -** yallist@4.0.0 - https://www.npmjs.com/package/yallist/v/4.0.0 | ISC -The ISC License - -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - ---------------- ** yaml@1.10.2 - https://www.npmjs.com/package/yaml/v/1.10.2 | ISC diff --git a/packages/@aws-cdk/cloud-assembly-schema/.gitignore b/packages/@aws-cdk/cloud-assembly-schema/.gitignore deleted file mode 100644 index 6b8649e2756f5..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -# This package is copied from aws-cdk-lib/cloud-assembly-schema, ignore everything -# except package.json -* -!package.json -!.npmignore -!jest.config.js -!LICENSE -!NOTICE -!CONTRIBUTING.md diff --git a/packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md b/packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md deleted file mode 100644 index 0a96c52f7ca1a..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md +++ /dev/null @@ -1,67 +0,0 @@ -## Cloud Assembly Schema - -Making changes to this module should only happen when you introduce new cloud assembly capabilities. - -> For example: supporting the `--target` option when building docker containers. - -If you decided these changes are necessary, simply go ahead and make the necessary modifications to -the interfaces that describe the schema. Our tests and validation mechanisms will ensure you make those -changes correctly. - -### Module Structure - -There are two main things to understand about the files in this module: - -- [`lib/manifest.ts`](./lib/manifest.ts) - - This is the typescript code that defines our schema. It is solely comprised of structs (property only interfaces). - It directly maps to the way we want manifest files to be stored on disk. When you want to make changes to the schema, - this is the file you should be editing. - -- [`lib/schema`](./schema/) - - This directory contains the generated json [schema](./schema/cloud-assembly.schema.json) from the aforementioned - typescript code. It also contains a [version](./schema/cloud-assembly.version.json) file that holds the current version - of the schema. These files are **not** intended for manual editing. Keep reading to understand how they change and when. - -### Schema Generation - -The schema can be generated by running `yarn update-schema`. It reads the [`manifest.ts`](./lib/manifest.ts) file and writes -an updated json schema to [`cloud-assembly.schema.json`](./schema/cloud-assembly.schema.json). -In addition, this command also performs a `major` version bump on the [version](./schema/cloud-assembly.version.json) file. - -Note that it is not generated as part of the build, this is to ensure developers will be intentional when making -changes to the schema. If changes to the code are performed, without generating a new schema, the tests will fail: - -```console -$ yarn test -FAIL test/schema.test.js (5.902s) - ✓ manifest save (7ms) - ✕ cloud-assembly.json.schema is correct (5304ms) - ✓ manifest load (4ms) - ✓ manifest load fails for invalid nested property (5ms) - ✓ manifest load fails for invalid artifact type (1ms) - ✓ stack-tags are deserialized properly (1ms) - ✓ can access random metadata (1ms) - - ● cloud-assembly.json.schema is correct - - Whoops, Looks like the schema has changed. Did you forget to run 'yarn update-schema'? -``` - -### Schema Validation - -Being a **stable** `jsii` module, it undergoes strict API compatibility checks with the help -of [`jsii-diff`](https://github.com/aws/jsii/tree/master/packages/jsii-diff). -This means that breaking changes will be rejected. These include: - -- Adding a required property. (same as changing from *optional* to *required*) -- Changing the type of the property. - -In addition, the interfaces defined here are programmatically exposed to users, via the `manifest` -property of the [`CloudAssembly`](../cx-api/lib/cloud-assembly.ts) class. This means that the following are -also considered breaking changes: - -- Changing a property from *required* to *optional*. -- Removing an optional property. -- Removing a required property. diff --git a/packages/@aws-cdk/cloud-assembly-schema/NOTICE b/packages/@aws-cdk/cloud-assembly-schema/NOTICE deleted file mode 100644 index 14e30418ed7dc..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/NOTICE +++ /dev/null @@ -1,46 +0,0 @@ -AWS Cloud Development Kit (AWS CDK) -Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. - -------------------------------------------------------------------------------- - -The AWS CDK includes the following third-party software/licensing: - -** jsonschema - https://www.npmjs.com/package/jsonschema -Copyright (C) 2012-2015 Tom de Grunt - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - ----------------- - -** semver - https://www.npmjs.com/package/semver -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - ----------------- diff --git a/packages/@aws-cdk/cloud-assembly-schema/jest.config.js b/packages/@aws-cdk/cloud-assembly-schema/jest.config.js deleted file mode 100644 index b128c97cea054..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/jest.config.js +++ /dev/null @@ -1,13 +0,0 @@ -const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); -module.exports = { - ...baseConfig, - testMatch: [ - '/**/test/**/?(*.)+(test).ts', - ], - coverageThreshold: { - global: { - branches: 70, - statements: 75, - }, - }, -}; diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index f3da670dd7c2a..2ec6a62fd0000 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.13", - "@aws-cdk/service-spec-types": "^0.0.81", + "@aws-cdk/aws-service-spec": "^0.1.16", + "@aws-cdk/service-spec-types": "^0.0.84", "chalk": "^4", "diff": "^5.2.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index be8cfb6c4d69c..9e980cc71faae 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -71,7 +71,6 @@ Flags come in three types: | [@aws-cdk/pipelines:reduceAssetRoleTrustScope](#aws-cdkpipelinesreduceassetroletrustscope) | Remove the root account principal from PipelineAssetsFileRole trust policy | 2.141.0 | (default) | | [@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm](#aws-cdkaws-ecsremovedefaultdeploymentalarm) | When enabled, remove default deployment alarm settings | 2.143.0 | (default) | | [@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault](#aws-cdkcustom-resourceslogapiresponsedatapropertytruedefault) | When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default | 2.145.0 | (fix) | -| [@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions](#aws-cdkaws-stepfunctions-tasksecsreduceruntaskpermissions) | When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. | 2.148.0 | (fix) | @@ -132,8 +131,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-eks:nodegroupNameAttribute": true, "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true, - "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false, - "@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions": true + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false } } ``` @@ -1340,19 +1338,4 @@ property from the event object. | 2.145.0 | `false` | `false` | -### @aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions - -*When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.* (fix) - -When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. -The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html -for more details. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| 2.148.0 | `false` | `true` | - - diff --git a/packages/@aws-cdk/cx-api/package.json b/packages/@aws-cdk/cx-api/package.json index 9f6ae2cf09c03..934dc131399b4 100644 --- a/packages/@aws-cdk/cx-api/package.json +++ b/packages/@aws-cdk/cx-api/package.json @@ -82,12 +82,12 @@ "semver": "^7.6.2" }, "peerDependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0" + "@aws-cdk/cloud-assembly-schema": "^36.0.5" }, "license": "Apache-2.0", "devDependencies": { "@aws-cdk/cdk-build-tools": "0.0.0", - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.12", "@types/mock-fs": "^4.13.4", @@ -120,4 +120,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES b/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES index 893b93cf2cd93..4467ac778b87e 100644 --- a/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES +++ b/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES @@ -750,7 +750,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** semver@7.6.2 - https://www.npmjs.com/package/semver/v/7.6.2 | ISC +** semver@7.6.3 - https://www.npmjs.com/package/semver/v/7.6.3 | ISC The ISC License Copyright (c) Isaac Z. Schlueter and Contributors diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 5ae178aea5333..d73be4ecb3111 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -71,10 +71,10 @@ }, "dependencies": { "chokidar": "^3.6.0", - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.1.13", + "@aws-cdk/aws-service-spec": "^0.1.16", "cdk-assets": "0.0.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", @@ -108,4 +108,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-batch/README.md b/packages/aws-cdk-lib/aws-batch/README.md index 6b7e3eeb89a99..7528e426bb45b 100644 --- a/packages/aws-cdk-lib/aws-batch/README.md +++ b/packages/aws-cdk-lib/aws-batch/README.md @@ -111,6 +111,23 @@ computeEnv.addInstanceClass(ec2.InstanceClass.M4); computeEnv.addInstanceClass(ec2.InstanceClass.R4); ``` +#### Configure AMIs + +You can configure Amazon Machine Images (AMIs). This example configures your `ComputeEnvironment` to use Amazon Linux 2023. + +```ts +declare const vpc: ec2.IVpc; + +new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', { + vpc, + images: [ + { + imageType: batch.EcsMachineImageType.ECS_AL2023, + }, + ], +}); +``` + #### Allocation Strategies | Allocation Strategy | Optimized for | Downsides | diff --git a/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts b/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts index 64746104333ce..c9f03e9f0dd73 100644 --- a/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts +++ b/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts @@ -395,10 +395,16 @@ export interface EksMachineImage extends MachineImage{ */ export enum EcsMachineImageType { /** - * Tells Batch that this machine image runs on non-GPU instances + * Tells Batch that this machine image runs on non-GPU AL2 instances */ ECS_AL2 = 'ECS_AL2', + /** + * Tells Batch that this machine image runs on non-GPU AL2023 instances. + * Amazon Linux 2023 does not support A1 instances. + */ + ECS_AL2023 = 'ECS_AL2023', + /** * Tells Batch that this machine image runs on GPU instances */ @@ -652,6 +658,12 @@ export class ManagedEc2EcsComputeEnvironment extends ManagedComputeEnvironmentBa this.instanceTypes = props.instanceTypes ?? []; this.instanceClasses = props.instanceClasses ?? []; + if (this.images?.find(image => image.imageType === EcsMachineImageType.ECS_AL2023) && + (this.instanceClasses.includes(ec2.InstanceClass.A1) || + this.instanceTypes.find(instanceType => instanceType.sameInstanceClassAs(ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.LARGE)))) + ) { + throw new Error('Amazon Linux 2023 does not support A1 instances.'); + } const { instanceRole, instanceProfile } = createInstanceRoleAndProfile(this, props.instanceRole); this.instanceRole = instanceRole; diff --git a/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts b/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts index d20c9677d97c3..b2d572fd8de37 100644 --- a/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts +++ b/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts @@ -794,6 +794,52 @@ describe('ManagedEc2EcsComputeEnvironment', () => { }); }); + test('Amazon Linux 2023 does not support A1 instances.', () => { + expect(() => new ManagedEc2EcsComputeEnvironment(stack, 'Al2023A1InstanceClass', { + ...defaultEcsProps, + instanceClasses: [ec2.InstanceClass.A1], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2023, + }, + ], + })).toThrow('Amazon Linux 2023 does not support A1 instances.'); + + expect(() => new ManagedEc2EcsComputeEnvironment(stack, 'Al2023A1XlargeInstance', { + ...defaultEcsProps, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.XLARGE2)], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2023, + }, + ], + })).toThrow('Amazon Linux 2023 does not support A1 instances.'); + + new ManagedEc2EcsComputeEnvironment(stack, 'Al2A1InstanceClass', { + ...defaultEcsProps, + instanceClasses: [ec2.InstanceClass.A1], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2, + }, + ], + }); + + new ManagedEc2EcsComputeEnvironment(stack, 'Al2A1XlargeInstance', { + ...defaultEcsProps, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.XLARGE2)], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2, + }, + ], + }); + }); + test('can use non-default allocation strategy', () => { // WHEN new ManagedEc2EcsComputeEnvironment(stack, 'MyCE', { diff --git a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts index daacd34ef584d..fd1881119b336 100644 --- a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts +++ b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts @@ -50,6 +50,9 @@ export class FoundationModelIdentifier { /** Base model "amazon.titan-image-generator-v1:0". */ public static readonly AMAZON_TITAN_IMAGE_GENERATOR_V1_0 = new FoundationModelIdentifier('amazon.titan-image-generator-v1:0'); + /** Base model "amazon.titan-image-generator-v2:0". */ + public static readonly AMAZON_TITAN_IMAGE_GENERATOR_V2_0 = new FoundationModelIdentifier('amazon.titan-image-generator-v2:0'); + /** Base model "amazon.titan-embed-image-v1:0". */ public static readonly AMAZON_TITAN_EMBED_IMAGE_V1_0 = new FoundationModelIdentifier('amazon.titan-embed-image-v1:0'); diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts index c0fd28b157416..50f2d304b3aee 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts @@ -129,7 +129,7 @@ interface SourceConfigurationRender { /** * A source configuration is a wrapper for CloudFront origins and behaviors. - * An origin is what CloudFront will "be in front of" - that is, CloudFront will pull it's assets from an origin. + * An origin is what CloudFront will "be in front of" - that is, CloudFront will pull its assets from an origin. * * If you're using s3 as a source - pass the `s3Origin` property, otherwise, pass the `customOriginSource` property. * @@ -479,7 +479,7 @@ export interface LambdaFunctionAssociation { /** * Allows a Lambda function to have read access to the body content. * Only valid for "request" event types (`ORIGIN_REQUEST` or `VIEWER_REQUEST`). - * See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html + * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html * * @default false */ @@ -736,7 +736,7 @@ export interface CloudFrontWebDistributionAttributes { * }); * ``` * - * This will create a CloudFront distribution that uses your S3Bucket as it's origin. + * This will create a CloudFront distribution that uses your S3Bucket as its origin. * * You can customize the distribution using additional properties from the CloudFrontWebDistributionProps interface. * diff --git a/packages/aws-cdk-lib/aws-dynamodb/README.md b/packages/aws-cdk-lib/aws-dynamodb/README.md index 83d3e35c7d2f2..24e09c418b6ae 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/README.md +++ b/packages/aws-cdk-lib/aws-dynamodb/README.md @@ -148,6 +148,7 @@ Note: You can create an instance of the `TableV2` construct with as many `replic The `TableV2` construct can be configured with on-demand or provisioned billing: * On-demand - The default option. This is a flexible billing option capable of serving requests without capacity planning. The billing mode will be `PAY_PER_REQUEST`. +* You can optionally specify the `maxReadRequestUnits` or `maxWriteRequestUnits` on individual tables and associated global secondary indexes (GSIs). When you configure maximum throughput for an on-demand table, throughput requests that exceed the maximum amount specified will be throttled. * Provisioned - Specify the `readCapacity` and `writeCapacity` that you need for your application. The billing mode will be `PROVISIONED`. Capacity can be configured using one of the following modes: * Fixed - provisioned throughput capacity is configured with a fixed number of I/O operations per second. * Autoscaled - provisioned throughput capacity is dynamically adjusted on your behalf in response to actual traffic patterns. @@ -163,6 +164,18 @@ const table = new dynamodb.TableV2(this, 'Table', { }) ``` +The following example shows how to configure `TableV2` with on-demand billing with optional maximum throughput configured: + +```ts +const table = new dynamodb.TableV2(this, 'Table', { + partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING }, + billing: dynamodb.Billing.onDemand({ + maxReadRequestUnits: 100, + maxWriteRequestUnits: 115, + }), +}) +``` + When using provisioned billing, you must also specify `readCapacity` and `writeCapacity`. You can choose to configure `readCapacity` with fixed capacity or autoscaled capacity, but `writeCapacity` can only be configured with autoscaled capacity. The following example shows how to configure `TableV2` with provisioned billing: ```ts diff --git a/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md b/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md index ae5049af56cd8..34cf25434d6b2 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md +++ b/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md @@ -46,6 +46,17 @@ const table = new dynamodb.Table(this, 'Table', { }); ``` +You can specify a maximum read or write request units when using PAY_PER_REQUEST billing mode: + +```ts +const table = new dynamodb.Table(this, 'Table', { + partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }, + billingMode: dynamodb.BillingMode.PAY_PER_REQUEST, + maxReadRequestUnits: 100, + maxWriteRequestUnits: 200, +}); +``` + Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode. diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts index c319a7023f709..bc05c312226fa 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts @@ -16,6 +16,27 @@ export interface ThroughputProps { readonly writeCapacity: Capacity; } +/** + * Properties used to configure maximum throughput for an on-demand table. + */ +export interface MaxThroughputProps { + /** + * The max read request units. + * @default - if table mode is on-demand and this property is undefined, + * no maximum throughput limit will be put in place for read requests. + * This property is only applicable for tables using on-demand mode. + */ + readonly maxReadRequestUnits?: number; + + /** + * The max write request units. + * @default - if table mode is on-demand and this property is undefined, + * no maximum throughput limit will be put in place for write requests. + * This property is only applicable for tables using on-demand mode. + */ + readonly maxWriteRequestUnits?: number; +} + /** * Represents how capacity is managed and how you are charged for read and write throughput * for a DynamoDB table. @@ -26,14 +47,14 @@ export abstract class Billing { * * Note: Billing mode will be PAY_PER_REQUEST. */ - public static onDemand(): Billing { + public static onDemand(props?: MaxThroughputProps): Billing { return new (class extends Billing { public _renderReadCapacity() { - return undefined; + return props?.maxReadRequestUnits; } public _renderWriteCapacity() { - return undefined; + return props?.maxWriteRequestUnits; } }) (BillingMode.PAY_PER_REQUEST); } diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts index a309c994d33ad..65e3c588968e5 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts @@ -40,6 +40,15 @@ export interface ReplicaGlobalSecondaryIndexOptions { * @default - inherited from the primary table */ readonly readCapacity?: Capacity; + + /** + * The maximum read request units for a specific global secondary index on a replica table. + * + * Note: This can only be configured if primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table + */ + readonly maxReadRequestUnits?: number; } /** @@ -75,6 +84,24 @@ export interface GlobalSecondaryIndexPropsV2 extends SecondaryIndexProps { * @default - inherited from the primary table. */ readonly writeCapacity?: Capacity; + + /** + * The maximum read request units. + * + * Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table. + */ + readonly maxReadRequestUnits?: number; + + /** + * The maximum write request units. + * + * Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table. + */ + readonly maxWriteRequestUnits?: number; } /** @@ -149,6 +176,15 @@ export interface ReplicaTableProps extends TableOptionsV2 { */ readonly readCapacity?: Capacity; + /** + * The maxium read request units. + * + * Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table + */ + readonly maxReadRequestUnits?: number; + /** * Options used to configure global secondary index properties. * @@ -459,6 +495,9 @@ export class TableV2 extends TableBaseV2 { private readonly readProvisioning?: CfnGlobalTable.ReadProvisionedThroughputSettingsProperty; private readonly writeProvisioning?: CfnGlobalTable.WriteProvisionedThroughputSettingsProperty; + private readonly maxReadRequestUnits?: number; + private readonly maxWriteRequestUnits?: number; + private readonly replicaTables = new Map(); private readonly replicaKeys: { [region: string]: IKey } = {}; private readonly replicaTableArns: string[] = []; @@ -467,6 +506,7 @@ export class TableV2 extends TableBaseV2 { private readonly globalSecondaryIndexes = new Map(); private readonly localSecondaryIndexes = new Map(); private readonly globalSecondaryIndexReadCapacitys = new Map(); + private readonly globalSecondaryIndexMaxReadUnits = new Map(); public constructor(scope: Construct, id: string, props: TablePropsV2) { super(scope, id, { physicalName: props.tableName ?? PhysicalName.GENERATE_IF_NEEDED }); @@ -485,9 +525,15 @@ export class TableV2 extends TableBaseV2 { this.addKey(props.sortKey, RANGE_KEY_TYPE); } - this.billingMode = props.billing?.mode ?? BillingMode.PAY_PER_REQUEST; - this.readProvisioning = props.billing?._renderReadCapacity(); - this.writeProvisioning = props.billing?._renderWriteCapacity(); + if (props.billing?.mode === BillingMode.PAY_PER_REQUEST || props.billing?.mode === undefined) { + this.maxReadRequestUnits = props.billing?._renderReadCapacity(); + this.maxWriteRequestUnits = props.billing?._renderWriteCapacity(); + this.billingMode = BillingMode.PAY_PER_REQUEST; + } else { + this.readProvisioning = props.billing?._renderReadCapacity(); + this.writeProvisioning = props.billing?._renderWriteCapacity(); + this.billingMode = props.billing.mode; + } props.globalSecondaryIndexes?.forEach(gsi => this.addGlobalSecondaryIndex(gsi)); props.localSecondaryIndexes?.forEach(lsi => this.addLocalSecondaryIndex(lsi)); @@ -501,6 +547,9 @@ export class TableV2 extends TableBaseV2 { localSecondaryIndexes: Lazy.any({ produce: () => this.renderLocalIndexes() }, { omitEmptyArray: true }), billingMode: this.billingMode, writeProvisionedThroughputSettings: this.writeProvisioning, + writeOnDemandThroughputSettings: this.maxWriteRequestUnits + ? { maxWriteRequestUnits: this.maxWriteRequestUnits } + : undefined, streamSpecification: Lazy.any( { produce: () => props.dynamoStream ? { streamViewType: props.dynamoStream } : this.renderStreamSpecification() }, ), @@ -636,6 +685,11 @@ export class TableV2 extends TableBaseV2 { ? props.readCapacity._renderReadCapacity() : this.readProvisioning, tags: props.tags, + readOnDemandThroughputSettings: props.maxReadRequestUnits + ? { maxReadRequestUnits: props.maxReadRequestUnits } + : this.maxReadRequestUnits + ? { maxReadRequestUnits: this.maxReadRequestUnits } + : undefined, resourcePolicy: resourcePolicy ? { policyDocument: resourcePolicy } : undefined, @@ -649,11 +703,18 @@ export class TableV2 extends TableBaseV2 { props.readCapacity && this.globalSecondaryIndexReadCapacitys.set(props.indexName, props.readCapacity); const writeProvisionedThroughputSettings = props.writeCapacity ? props.writeCapacity._renderWriteCapacity() : this.writeProvisioning; + props.maxReadRequestUnits && this.globalSecondaryIndexMaxReadUnits.set(props.indexName, props.maxReadRequestUnits); + + const writeOnDemandThroughputSettings: CfnGlobalTable.WriteOnDemandThroughputSettingsProperty | undefined = props.maxWriteRequestUnits + ? { maxWriteRequestUnits: props.maxWriteRequestUnits } + : undefined; + return { indexName: props.indexName, keySchema, projection, writeProvisionedThroughputSettings, + writeOnDemandThroughputSettings, }; } @@ -678,18 +739,24 @@ export class TableV2 extends TableBaseV2 { const indexName = gsi.indexName; let contributorInsights = this.tableOptions.contributorInsights; let readCapacity = this.globalSecondaryIndexReadCapacitys.get(indexName); - + let maxReadRequestUnits = this.globalSecondaryIndexMaxReadUnits.get(indexName); if (indexNamesFromOptions.includes(indexName)) { const indexOptions = options[indexName]; contributorInsights = indexOptions.contributorInsights; readCapacity = indexOptions.readCapacity; + maxReadRequestUnits = indexOptions.maxReadRequestUnits; } const readProvisionedThroughputSettings = readCapacity?._renderReadCapacity() ?? this.readProvisioning; + const readOnDemandThroughputSettings: CfnGlobalTable.ReadOnDemandThroughputSettingsProperty | undefined = maxReadRequestUnits + ? { maxReadRequestUnits: maxReadRequestUnits } + : undefined; + replicaGlobalSecondaryIndexes.push({ indexName, readProvisionedThroughputSettings, + readOnDemandThroughputSettings, contributorInsightsSpecification: contributorInsights !== undefined ? { enabled: contributorInsights } : undefined, diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts index a9127cabf957a..33bd67411b000 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts @@ -233,6 +233,25 @@ export interface TableOptions extends SchemaOptions { */ readonly writeCapacity?: number; + /** + * The maximum read request units for the table. Careful if you add Global Secondary Indexes, as + * those will share the table's maximum on-demand throughput. + * + * Can only be provided if billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxReadRequestUnits?: number; + /** + * The write request units for the table. Careful if you add Global Secondary Indexes, as + * those will share the table's maximum on-demand throughput. + * + * Can only be provided if billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxWriteRequestUnits?: number; + /** * Specify how you are charged for read and write throughput and how you manage capacity. * @@ -418,6 +437,24 @@ export interface GlobalSecondaryIndexProps extends SecondaryIndexProps, SchemaOp * @default 5 */ readonly writeCapacity?: number; + + /** + * The maximum read request units for the global secondary index. + * + * Can only be provided if table billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxReadRequestUnits?: number; + + /** + * The maximum write request units for the global secondary index. + * + * Can only be provided if table billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxWriteRequestUnits?: number; } /** @@ -1124,6 +1161,13 @@ export class Table extends TableBase { readCapacityUnits: props.readCapacity || 5, writeCapacityUnits: props.writeCapacity || 5, }, + ...(props.maxReadRequestUnits || props.maxWriteRequestUnits ? + { + onDemandThroughput: this.billingMode === BillingMode.PROVISIONED ? undefined : { + maxReadRequestUnits: props.maxReadRequestUnits || undefined, + maxWriteRequestUnits: props.maxWriteRequestUnits || undefined, + }, + } : undefined), sseSpecification, streamSpecification, tableClass: props.tableClass, @@ -1189,6 +1233,13 @@ export class Table extends TableBase { readCapacityUnits: props.readCapacity || 5, writeCapacityUnits: props.writeCapacity || 5, }, + ...(props.maxReadRequestUnits || props.maxWriteRequestUnits ? + { + onDemandThroughput: this.billingMode === BillingMode.PROVISIONED ? undefined : { + maxReadRequestUnits: props.maxReadRequestUnits || undefined, + maxWriteRequestUnits: props.maxWriteRequestUnits || undefined, + }, + } : undefined), }); this.secondaryIndexSchemas.set(props.indexName, { diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts index e62cb924ab282..adda6cb779a97 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts @@ -48,3 +48,29 @@ describe('provisioned billing', () => { expect(billing.mode).toEqual(BillingMode.PROVISIONED); }); }); + +describe('max throughput on-demand billing', () => { + // GIVEN + let billing: Billing; + beforeEach(() => { + billing = Billing.onDemand({ + maxReadRequestUnits: 10, + maxWriteRequestUnits: 100, + }); + }); + + test('render read capacity', () => { + // WHEN / THEN + expect(billing._renderReadCapacity()).toBe(10); + }); + + test('render write capacity', () => { + // WHEN / THEN + expect(billing._renderWriteCapacity()).toBe(100); + }); + + test('billing mode is PAY_PER_REQUEST', () => { + // WHEN / THEN + expect(billing.mode).toEqual(BillingMode.PAY_PER_REQUEST); + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts index 39598ee4f588a..4be16524b2ca3 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts @@ -762,6 +762,75 @@ describe('when billing mode is PAY_PER_REQUEST', () => { writeCapacity: 1, })).toThrow(/PAY_PER_REQUEST/); }); + + test('when specifying maximum throughput for on-demand', () => { + stack = new Stack(); + new Table(stack, CONSTRUCT_NAME, { + tableName: TABLE_NAME, + billingMode: BillingMode.PAY_PER_REQUEST, + partitionKey: TABLE_PARTITION_KEY, + maxReadRequestUnits: 10, + maxWriteRequestUnits: 5, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::Table', + { + KeySchema: [ + { AttributeName: 'hashKey', KeyType: 'HASH' }, + ], + BillingMode: 'PAY_PER_REQUEST', + AttributeDefinitions: [ + { AttributeName: 'hashKey', AttributeType: 'S' }, + ], + TableName: 'MyTable', + OnDemandThroughput: { + MaxReadRequestUnits: 10, + MaxWriteRequestUnits: 5, + }, + }, + ); + }); + + test('when specifying maximum throughput for on-demand-indexes', () => { + stack = new Stack(); + const table = new Table(stack, CONSTRUCT_NAME, { + tableName: TABLE_NAME, + billingMode: BillingMode.PAY_PER_REQUEST, + partitionKey: TABLE_PARTITION_KEY, + maxReadRequestUnits: 10, + maxWriteRequestUnits: 5, + }); + table.addGlobalSecondaryIndex({ + maxReadRequestUnits: 10, + maxWriteRequestUnits: 20, + indexName: 'gsi1', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::Table', + { + KeySchema: [{ AttributeName: 'hashKey', KeyType: 'HASH' }], + BillingMode: 'PAY_PER_REQUEST', + AttributeDefinitions: [ + { AttributeName: 'hashKey', AttributeType: 'S' }, + { AttributeName: 'pk', AttributeType: 'S' }, + ], + TableName: 'MyTable', + OnDemandThroughput: { + MaxReadRequestUnits: 10, + MaxWriteRequestUnits: 5, + }, + GlobalSecondaryIndexes: [{ + IndexName: 'gsi1', + KeySchema: [{ AttributeName: 'pk', KeyType: 'HASH' }], + OnDemandThroughput: { + MaxReadRequestUnits: 10, + MaxWriteRequestUnits: 20, + }, + }], + }, + ); + }); }); describe('schema details', () => { diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts index 81e9205211a0b..63bbf3319b73e 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts @@ -1029,6 +1029,161 @@ describe('table', () => { table.replica('us-west-2'); }).toThrow('Replica tables are not supported in a region agnostic stack'); }); + + test('with on-demand maximum throughput', () => { + // GIVEN + const stack = new Stack(undefined, 'Stack'); + + // WHEN + new TableV2(stack, 'Table', { + partitionKey: { name: 'pk', type: AttributeType.STRING }, + billing: Billing.onDemand({ + maxReadRequestUnits: 10, + maxWriteRequestUnits: 10, + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::GlobalTable', { + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + AttributeDefinitions: [ + { AttributeName: 'pk', AttributeType: 'S' }, + ], + WriteOnDemandThroughputSettings: { + MaxWriteRequestUnits: 10, + }, + BillingMode: 'PAY_PER_REQUEST', + StreamSpecification: Match.absent(), + Replicas: [ + { + Region: { + Ref: 'AWS::Region', + }, + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 10, + }, + }, + ], + }); + Template.fromStack(stack).hasResource('AWS::DynamoDB::GlobalTable', { DeletionPolicy: CfnDeletionPolicy.RETAIN }); + }); + + test('with on-demand maximum throughput - read only', () => { + // GIVEN + const stack = new Stack(undefined, 'Stack'); + + // WHEN + new TableV2(stack, 'Table', { + partitionKey: { name: 'pk', type: AttributeType.STRING }, + billing: Billing.onDemand({ + maxReadRequestUnits: 10, + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::GlobalTable', { + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + AttributeDefinitions: [ + { AttributeName: 'pk', AttributeType: 'S' }, + ], + BillingMode: 'PAY_PER_REQUEST', + StreamSpecification: Match.absent(), + Replicas: [ + { + Region: { + Ref: 'AWS::Region', + }, + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 10, + }, + }, + ], + }); + Template.fromStack(stack).hasResource('AWS::DynamoDB::GlobalTable', { DeletionPolicy: CfnDeletionPolicy.RETAIN }); + }); + + test('with on-demand maximum throughput - index', () => { + // GIVEN + const stack = new Stack(undefined, 'Stack'); + + // WHEN + new TableV2(stack, 'Table', { + partitionKey: { name: 'pk', type: AttributeType.STRING }, + globalSecondaryIndexes: [ + { + indexName: 'gsi1', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 100, + }, + { + indexName: 'gsi2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 1, + maxWriteRequestUnits: 1, + }, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::GlobalTable', { + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + AttributeDefinitions: [ + { AttributeName: 'pk', AttributeType: 'S' }, + ], + GlobalSecondaryIndexes: [ + { + IndexName: 'gsi1', + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + Projection: { + ProjectionType: 'ALL', + }, + }, + { + IndexName: 'gsi2', + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + Projection: { + ProjectionType: 'ALL', + }, + WriteOnDemandThroughputSettings: { + MaxWriteRequestUnits: 1, + }, + }, + ], + BillingMode: 'PAY_PER_REQUEST', + StreamSpecification: Match.absent(), + Replicas: [ + { + Region: { + Ref: 'AWS::Region', + }, + GlobalSecondaryIndexes: [{ + IndexName: 'gsi1', + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 100, + }, + }, + { + IndexName: 'gsi2', + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 1, + }, + }], + }, + ], + }); + Template.fromStack(stack).hasResource('AWS::DynamoDB::GlobalTable', { DeletionPolicy: CfnDeletionPolicy.RETAIN }); + }); + }); describe('replica tables', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts b/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts index bf055b4b27a41..e97992612b233 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts @@ -311,10 +311,17 @@ function deepMerge(target?: Record, src?: Record) { if (target[key] && !Array.isArray(target[key])) { throw new Error(`Trying to merge array [${value}] into a non-array '${target[key]}'`); } - target[key] = Array.from(new Set([ - ...target[key] ?? [], - ...value, - ])); + if (key === 'command') { // don't deduplicate command arguments + target[key] = new Array( + ...target[key] ?? [], + ...value, + ); + } else { + target[key] = Array.from(new Set([ + ...target[key] ?? [], + ...value, + ])); + } continue; } if (typeof value === 'object' && value) { diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts index 4a09f956145f7..f5fa84835d910 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts @@ -1170,6 +1170,16 @@ export enum InstanceClass { */ MAC2_M2PRO = 'mac2-m2pro', + /** + * Macintosh instances built on 2022 Mac Studio hardware powered by Apple silicon M1 Ultra processors + */ + MACINTOSH2_M1_ULTRA = 'macintosh2-m1-ultra', + + /** + * Macintosh instances built on 2022 Mac Studio hardware powered by Apple silicon M1 Ultra processors + */ + MAC2_M1ULTRA = 'mac2-m1ultra', + /** * Multi-stream video transcoding instances for resolutions up to 4K UHD, 1st generation */ @@ -1632,6 +1642,8 @@ export class InstanceType { [InstanceClass.MAC2_M2]: 'mac2-m2', [InstanceClass.MACINTOSH2_M2_PRO]: 'mac2-m2pro', [InstanceClass.MAC2_M2PRO]: 'mac2-m2pro', + [InstanceClass.MACINTOSH2_M1_ULTRA]: 'mac2-m1ultra', + [InstanceClass.MAC2_M1ULTRA]: 'mac2-m1ultra', [InstanceClass.VIDEO_TRANSCODING1]: 'vt1', [InstanceClass.VT1]: 'vt1', [InstanceClass.HIGH_PERFORMANCE_COMPUTING6_AMD]: 'hpc6a', diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index dbd4fae1752b1..ad76046aba257 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -303,9 +303,12 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly BEDROCK_AGENT = new InterfaceVpcEndpointAwsService('bedrock-agent'); public static readonly BEDROCK_AGENT_RUNTIME = new InterfaceVpcEndpointAwsService('bedrock-agent-runtime'); public static readonly BEDROCK_RUNTIME = new InterfaceVpcEndpointAwsService('bedrock-runtime'); + public static readonly BILLING_AND_COST_MANAGEMENT_FREETIER = new InterfaceVpcEndpointAwsService('freetier'); + public static readonly BILLING_AND_COST_MANAGEMENT_TAX = new InterfaceVpcEndpointAwsService('tax'); public static readonly BILLING_CONDUCTOR = new InterfaceVpcEndpointAwsService('billingconductor'); public static readonly BRAKET = new InterfaceVpcEndpointAwsService('braket'); public static readonly CLEAN_ROOMS = new InterfaceVpcEndpointAwsService('cleanrooms'); + public static readonly CLEAN_ROOMS_ML = new InterfaceVpcEndpointAwsService('cleanrooms-ml'); public static readonly CLOUD_CONTROL_API = new InterfaceVpcEndpointAwsService('cloudcontrolapi'); public static readonly CLOUD_CONTROL_API_FIPS = new InterfaceVpcEndpointAwsService('cloudcontrolapi-fips'); public static readonly CLOUD_DIRECTORY = new InterfaceVpcEndpointAwsService('clouddirectory'); @@ -316,9 +319,11 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CLOUDFORMATION = new InterfaceVpcEndpointAwsService('cloudformation'); public static readonly CLOUDHSM = new InterfaceVpcEndpointAwsService('cloudhsmv2'); public static readonly CLOUDTRAIL = new InterfaceVpcEndpointAwsService('cloudtrail'); + /** @deprecated Use InterfaceVpcEndpointAwsService.Q_DEVELOPER_CODE_WHISPERER instead.*/ public static readonly CODEWHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); /** @deprecated - Use InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING instead. */ public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring'); + public static readonly CLOUDWATCH_APPLICATION_SIGNALS = new InterfaceVpcEndpointAwsService('application-signals'); /** @deprecated - Use InterfaceVpcEndpointAwsService.EVENTBRIDGE instead. */ public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events'); public static readonly CLOUDWATCH_EVIDENTLY = new InterfaceVpcEndpointAwsService('evidently'); @@ -344,6 +349,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CODEGURU_REVIEWER = new InterfaceVpcEndpointAwsService('codeguru-reviewer'); public static readonly CODEPIPELINE = new InterfaceVpcEndpointAwsService('codepipeline'); public static readonly CODESTAR_CONNECTIONS = new InterfaceVpcEndpointAwsService('codestar-connections.api'); + public static readonly CODE_CONNECTIONS = new InterfaceVpcEndpointAwsService('codeconnections.api'); public static readonly COMPREHEND = new InterfaceVpcEndpointAwsService('comprehend'); public static readonly COMPREHEND_MEDICAL = new InterfaceVpcEndpointAwsService('comprehendmedical'); public static readonly CONFIG = new InterfaceVpcEndpointAwsService('config'); @@ -353,11 +359,16 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CONNECT_PROFILE = new InterfaceVpcEndpointAwsService('profile'); public static readonly CONNECT_VOICEID = new InterfaceVpcEndpointAwsService('voiceid'); public static readonly CONNECT_WISDOM = new InterfaceVpcEndpointAwsService('wisdom'); + public static readonly CONTROL_CATALOG = new InterfaceVpcEndpointAwsService('controlcatalog'); + public static readonly COST_EXPLORER = new InterfaceVpcEndpointAwsService('ce'); public static readonly DATA_EXCHANGE = new InterfaceVpcEndpointAwsService('dataexchange'); + public static readonly DATA_EXPORTS = new InterfaceVpcEndpointAwsService('bcm-data-exports'); public static readonly DATASYNC = new InterfaceVpcEndpointAwsService('datasync'); public static readonly DATAZONE = new InterfaceVpcEndpointAwsService('datazone'); public static readonly DATABASE_MIGRATION_SERVICE = new InterfaceVpcEndpointAwsService('dms'); public static readonly DATABASE_MIGRATION_SERVICE_FIPS = new InterfaceVpcEndpointAwsService('dms-fips'); + public static readonly DEADLINE_CLOUD_MANAGEMENT = new InterfaceVpcEndpointAwsService('deadline.management'); + public static readonly DEADLINE_CLOUD_SCHEDULING = new InterfaceVpcEndpointAwsService('deadline.scheduling'); public static readonly DEVOPS_GURU = new InterfaceVpcEndpointAwsService('devops-guru'); public static readonly DIRECTORY_SERVICE = new InterfaceVpcEndpointAwsService('ds'); public static readonly EBS_DIRECT = new InterfaceVpcEndpointAwsService('ebs'); @@ -387,6 +398,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly EMR_WAL = new InterfaceVpcEndpointAwsService('emrwal.prod'); public static readonly ENTITY_RESOLUTION = new InterfaceVpcEndpointAwsService('entityresolution'); public static readonly EVENTBRIDGE = new InterfaceVpcEndpointAwsService('events'); + public static readonly EVENTBRIDGE_SCHEMA_REGISTRY = new InterfaceVpcEndpointAwsService('schemas'); public static readonly FAULT_INJECTION_SIMULATOR = new InterfaceVpcEndpointAwsService('fis'); public static readonly FINSPACE = new InterfaceVpcEndpointAwsService('finspace'); public static readonly FINSPACE_API = new InterfaceVpcEndpointAwsService('finspace-api'); @@ -408,6 +420,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly GUARDDUTY_DATA_FIPS = new InterfaceVpcEndpointAwsService('guardduty-data-fips'); public static readonly HEALTH_IMAGING = new InterfaceVpcEndpointAwsService('medical-imaging'); public static readonly HEALTH_IMAGING_RUNTIME = new InterfaceVpcEndpointAwsService('runtime-medical-imaging'); + public static readonly HEALTH_IMAGING_DICOM = new InterfaceVpcEndpointAwsService('dicom-medical-imaging'); public static readonly HEALTHLAKE = new InterfaceVpcEndpointAwsService('healthlake'); public static readonly IAM_IDENTITY_CENTER = new InterfaceVpcEndpointAwsService('identitystore'); public static readonly IAM_ROLES_ANYWHERE = new InterfaceVpcEndpointAwsService('rolesanywhere'); @@ -442,11 +455,14 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly LEX_RUNTIME = new InterfaceVpcEndpointAwsService('runtime-v2-lex'); public static readonly LICENSE_MANAGER = new InterfaceVpcEndpointAwsService('license-manager'); public static readonly LICENSE_MANAGER_FIPS = new InterfaceVpcEndpointAwsService('license-manager-fips'); + public static readonly LICENSE_MANAGER_LINUX_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('license-manager-linux-subscriptions'); + public static readonly LICENSE_MANAGER_LINUX_SUBSCRIPTIONS_FIPS = new InterfaceVpcEndpointAwsService('license-manager-linux-subscriptions-fips'); public static readonly LICENSE_MANAGER_USER_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('license-manager-user-subscriptions'); public static readonly LOOKOUT_EQUIPMENT = new InterfaceVpcEndpointAwsService('lookoutequipment'); public static readonly LOOKOUT_METRICS = new InterfaceVpcEndpointAwsService('lookoutmetrics'); public static readonly LOOKOUT_VISION = new InterfaceVpcEndpointAwsService('lookoutvision'); public static readonly MAINFRAME_MODERNIZATION = new InterfaceVpcEndpointAwsService('m2'); + public static readonly MAINFRAME_MODERNIZATION_APP_TEST = new InterfaceVpcEndpointAwsService('apptest'); public static readonly MACIE = new InterfaceVpcEndpointAwsService('macie2'); public static readonly MANAGEMENT_CONSOLE = new InterfaceVpcEndpointAwsService('console'); public static readonly MANAGEMENT_CONSOLE_SIGNIN = new InterfaceVpcEndpointAwsService('signin'); @@ -460,6 +476,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly MIGRATIONHUB_STRATEGY = new InterfaceVpcEndpointAwsService('migrationhub-strategy'); public static readonly NEPTUNE_ANALYTICS = new InterfaceVpcEndpointAwsService('neptune-graph'); public static readonly NIMBLE_STUDIO = new InterfaceVpcEndpointAwsService('nimble'); + public static readonly OUTPOSTS = new InterfaceVpcEndpointAwsService('outposts'); public static readonly ORGANIZATIONS = new InterfaceVpcEndpointAwsService('organizations'); public static readonly ORGANIZATIONS_FIPS = new InterfaceVpcEndpointAwsService('organizations-fips'); public static readonly OMICS_ANALYTICS = new InterfaceVpcEndpointAwsService('analytics-omics'); @@ -477,7 +494,9 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ /** @deprecated - Use InterfaceVpcEndpointAwsService.PINPOINT_SMS_VOICE_V2 instead. */ public static readonly PINPOINT = new InterfaceVpcEndpointAwsService('pinpoint-sms-voice-v2'); public static readonly PINPOINT_SMS_VOICE_V2 = new InterfaceVpcEndpointAwsService('pinpoint-sms-voice-v2'); + public static readonly PIPES = new InterfaceVpcEndpointAwsService('pipes'); public static readonly PIPES_DATA = new InterfaceVpcEndpointAwsService('pipes-data'); + public static readonly PIPES_FIPS = new InterfaceVpcEndpointAwsService('pipes-fips'); public static readonly POLLY = new InterfaceVpcEndpointAwsService('polly'); public static readonly PRIVATE_5G = new InterfaceVpcEndpointAwsService('private-networks'); public static readonly PRIVATE_CERTIFICATE_AUTHORITY = new InterfaceVpcEndpointAwsService('acm-pca'); @@ -485,12 +504,17 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly PROMETHEUS = new InterfaceVpcEndpointAwsService('aps'); public static readonly PROMETHEUS_WORKSPACES = new InterfaceVpcEndpointAwsService('aps-workspaces'); public static readonly PROTON = new InterfaceVpcEndpointAwsService('proton'); + public static readonly Q_BUSSINESS = new InterfaceVpcEndpointAwsService('qbusiness', 'aws.api'); + public static readonly Q_DEVELOPER_CODE_WHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); + public static readonly Q_DEVELOPER_QAPPS = new InterfaceVpcEndpointAwsService('qapps'); public static readonly QLDB = new InterfaceVpcEndpointAwsService('qldb.session'); + public static readonly QUICKSIGHT_WEBSITE = new InterfaceVpcEndpointAwsService('quicksight-website'); public static readonly RDS = new InterfaceVpcEndpointAwsService('rds'); public static readonly RDS_DATA = new InterfaceVpcEndpointAwsService('rds-data'); public static readonly REDSHIFT = new InterfaceVpcEndpointAwsService('redshift'); public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips'); public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data'); + public static readonly REDSHIFT_DATA_FIPS = new InterfaceVpcEndpointAwsService('redshift-data-fips'); public static readonly REKOGNITION = new InterfaceVpcEndpointAwsService('rekognition'); public static readonly REKOGNITION_FIPS = new InterfaceVpcEndpointAwsService('rekognition-fips'); public static readonly REKOGNITION_STREAMING = new InterfaceVpcEndpointAwsService('streaming-rekognition'); diff --git a/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts b/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts index bf6823a598988..0a7f5f3a7181b 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts @@ -136,6 +136,68 @@ test('empty configs are not rendered', () => { }); }); +test('duplicate config arguments not deduplicated', () => { + //GIVEN + const config = new ec2.InitConfig([ + ec2.InitCommand.argvCommand([ + 'useradd', '-u', '1001', '-g', '1001', 'eguser', + ]), + ec2.InitCommand.argvCommand([ + 'useradd', '-a', '-u', '1001', '-g', '1001', 'eguser', + ]), + ]); + + // WHEN + const init = ec2.CloudFormationInit.fromConfigSets({ + configSets: { default: ['config'] }, + configs: { config }, + }); + init.attach(resource, linuxOptions()); + + // THEN + expectMetadataLike({ + 'AWS::CloudFormation::Init': { + configSets: { + default: ['config'], + }, + config: { + commands: { + '000': { + command: ['useradd', '-u', '1001', '-g', '1001', 'eguser'], + }, + '001': { + command: ['useradd', '-a', '-u', '1001', '-g', '1001', 'eguser'], + }, + }, + }, + }, + }); +}); + +test('deepMerge properly deduplicates non-command arguments', () => { + // WHEN + const config = new ec2.InitConfig([ + ec2.InitSource.fromUrl('/tmp/blinky', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/blinky', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/pinky', 'https://amazon.com/pinky.zip'), + ec2.InitSource.fromUrl('/tmp/pinky', 'https://amazon.com/pinky.zip'), + ec2.InitSource.fromUrl('/tmp/inky', 'https://amazon.com/inky.zip'), + ec2.InitSource.fromUrl('/tmp/clyde', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/clyde', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/clyde', 'https://amazon.com/blinky.zip'), + ]); + + // THEN + expect(config._bind(stack, linuxOptions()).config).toEqual(expect.objectContaining({ + sources: { + '/tmp/blinky': 'https://amazon.com/blinky.zip', + '/tmp/pinky': 'https://amazon.com/pinky.zip', + '/tmp/inky': 'https://amazon.com/inky.zip', + '/tmp/clyde': 'https://amazon.com/blinky.zip', + }, + })); +}); + describe('userdata', () => { let simpleInit: ec2.CloudFormationInit; beforeEach(() => { diff --git a/packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts b/packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts new file mode 100644 index 0000000000000..97dee37418cc2 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts @@ -0,0 +1,8 @@ +import { InstanceClass, InstanceSize, InstanceType } from '../lib'; + +describe('InstanceType', () => { + test('mac2 m1 ultra', () => { + const instanceType = InstanceType.of(InstanceClass.MAC2_M1ULTRA, InstanceSize.METAL); + expect(instanceType.toString()).toEqual('mac2-m1ultra.metal'); + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md index 6803aff67073b..3fbbce053d021 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md @@ -267,6 +267,22 @@ lb.logAccessLogs(bucket); ``` +### Setting up Connection Log Bucket on Application Load Balancer + +Like access log bucket, the only server-side encryption option that's supported is Amazon S3-managed keys (SSE-S3). For more information +Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html + +```ts +declare const vpc: ec2.Vpc; + +const bucket = new s3.Bucket(this, 'ALBConnectionLogsBucket',{ + encryption: s3.BucketEncryption.S3_MANAGED, +}); + +const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', { vpc }); +lb.logConnectionLogs(bucket); +``` + ## Defining a Network Load Balancer Network Load Balancers are defined in a similar way to Application Load @@ -798,3 +814,56 @@ then you will need to enable the `removeRuleSuffixFromLogicalId: true` property `ListenerRule`s have a unique `priority` for a given `Listener`. Because the `priority` must be unique, CloudFormation will always fail when creating a new `ListenerRule` to replace the existing one, unless you change the `priority` as well as the logicalId. + +## Configuring Mutual authentication with TLS in Application Load Balancer + +You can configure Mutual authentication with TLS (mTLS) for Application Load Balancer. + +To set mTLS, you must create an instance of `TrustStore` and set it to `ApplicationListener`. + +For more information, see [Mutual authentication with TLS in Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html) + +```ts +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; + +declare const certificate: acm.Certificate; +declare const lb: elbv2.ApplicationLoadBalancer; +declare const bucket: s3.Bucket; + +const trustStore = new elbv2.TrustStore(this, 'Store', { + bucket, + key: 'rootCA_cert.pem', +}); + +lb.addListener('Listener', { + port: 443, + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [certificate], + // mTLS settings + mutualAuthentication: { + ignoreClientCertificateExpiry: false, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), +}); +``` + +Optionally, you can create a certificate revocation list for a trust store by creating an instance of `TrustStoreRevocation`. + +```ts +declare const trustStore: elbv2.TrustStore; +declare const bucket: s3.Bucket; + +new elbv2.TrustStoreRevocation(this, 'Revocation', { + trustStore, + revocationContents: [ + { + revocationType: elbv2.RevocationType.CRL, + bucket, + key: 'crl.pem', + }, + ], +}); +``` diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index e01dd5b83f29e..c4c75ea0c8fda 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -5,6 +5,7 @@ import { ApplicationListenerRule, FixedResponse, RedirectResponse } from './appl import { IApplicationLoadBalancer } from './application-load-balancer'; import { ApplicationTargetGroup, IApplicationLoadBalancerTarget, IApplicationTargetGroup } from './application-target-group'; import { ListenerCondition } from './conditions'; +import { ITrustStore } from './trust-store'; import * as ec2 from '../../../aws-ec2'; import * as cxschema from '../../../cloud-assembly-schema'; import { Duration, Lazy, Resource, Token } from '../../../core'; @@ -96,6 +97,66 @@ export interface BaseApplicationListenerProps { * @default true */ readonly open?: boolean; + + /** + * The mutual authentication configuration information + * + * @default - No mutual authentication configuration + * + * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html + */ + readonly mutualAuthentication?: MutualAuthentication; +} + +/** + * The mutual authentication configuration information + * + */ +export interface MutualAuthentication { + /** + * The client certificate handling method + * + * @default MutualAuthenticationMode.OFF + */ + readonly mutualAuthenticationMode?: MutualAuthenticationMode; + + /** + * The trust store + * + * Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH + * + * @default - no trust store + */ + readonly trustStore?: ITrustStore; + + /** + * Indicates whether expired client certificates are ignored + * + * Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH + * + * @default false + */ + readonly ignoreClientCertificateExpiry?: boolean; +} + +/** + * The client certificate handling method + */ +export enum MutualAuthenticationMode { + /** + * Off + */ + OFF = 'off', + + /** + * Application Load Balancer sends the whole client certificate chain to the target using HTTP headers + */ + PASS_THROUGH = 'passthrough', + + /** + * Application Load Balancer performs X.509 client certificate authentication for clients when a load balancer negotiates TLS connections + */ + VERIFY = 'verify', } /** @@ -188,12 +249,19 @@ export class ApplicationListener extends BaseListener implements IApplicationLis throw new Error('At least one of \'port\' or \'protocol\' is required'); } + validateMutualAuthentication(props.mutualAuthentication); + super(scope, id, { loadBalancerArn: props.loadBalancer.loadBalancerArn, certificates: Lazy.any({ produce: () => this.certificateArns.map(certificateArn => ({ certificateArn })) }, { omitEmptyArray: true }), protocol, port, sslPolicy: props.sslPolicy, + mutualAuthentication: props.mutualAuthentication ? { + ignoreClientCertificateExpiry: props.mutualAuthentication?.ignoreClientCertificateExpiry, + mode: props.mutualAuthentication?.mutualAuthenticationMode, + trustStoreArn: props.mutualAuthentication?.trustStore?.trustStoreArn, + } : undefined, }); this.loadBalancer = props.loadBalancer; @@ -969,3 +1037,27 @@ function checkAddRuleProps(props: AddRuleProps) { throw new Error('Setting \'conditions\', \'pathPattern\' or \'hostHeader\' also requires \'priority\', and vice versa'); } } + +function validateMutualAuthentication(mutualAuthentication?: MutualAuthentication): void { + if (!mutualAuthentication) { + return; + } + + const currentMode = mutualAuthentication.mutualAuthenticationMode; + + if (currentMode === MutualAuthenticationMode.VERIFY) { + if (!mutualAuthentication.trustStore) { + throw new Error(`You must set 'trustStore' when 'mode' is '${MutualAuthenticationMode.VERIFY}'`); + } + } + + if (currentMode === MutualAuthenticationMode.OFF || currentMode === MutualAuthenticationMode.PASS_THROUGH) { + if (mutualAuthentication.trustStore) { + throw new Error(`You cannot set 'trustStore' when 'mode' is '${MutualAuthenticationMode.OFF}' or '${MutualAuthenticationMode.PASS_THROUGH}'`); + } + + if (mutualAuthentication.ignoreClientCertificateExpiry !== undefined) { + throw new Error(`You cannot set 'ignoreClientCertificateExpiry' when 'mode' is '${MutualAuthenticationMode.OFF}' or '${MutualAuthenticationMode.PASS_THROUGH}'`); + } + } +} diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts index 0ec173c7b77df..2636e26abbdd5 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts @@ -312,6 +312,68 @@ export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic } } + /** + * Enable connection logging for this load balancer. + * + * A region must be specified on the stack containing the load balancer; you cannot enable logging on + * environment-agnostic stacks. + * + * @see https://docs.aws.amazon.com/cdk/latest/guide/environments.html + */ + public logConnectionLogs(bucket: s3.IBucket, prefix?: string) { + /** + * KMS key encryption is not supported on Connection Log bucket for ALB, the bucket must use Amazon S3-managed keys (SSE-S3). + * See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html#bucket-permissions-troubleshooting-connection + */ + if (bucket.encryptionKey) { + throw new Error('Encryption key detected. Bucket encryption using KMS keys is unsupported'); + } + + prefix = prefix || ''; + this.setAttribute('connection_logs.s3.enabled', 'true'); + this.setAttribute('connection_logs.s3.bucket', bucket.bucketName.toString()); + this.setAttribute('connection_logs.s3.prefix', prefix); + + // https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html + const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com'); + bucket.addToResourcePolicy(new PolicyStatement({ + actions: ['s3:PutObject'], + principals: [this.resourcePolicyPrincipal()], + resources: [ + bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${Stack.of(this).account}/*`), + ], + })); + // We still need this policy for the bucket using the ACL + bucket.addToResourcePolicy( + new PolicyStatement({ + actions: ['s3:PutObject'], + principals: [logsDeliveryServicePrincipal], + resources: [ + bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${Stack.of(this).account}/*`), + ], + conditions: { + StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' }, + }, + }), + ); + bucket.addToResourcePolicy( + new PolicyStatement({ + actions: ['s3:GetBucketAcl'], + principals: [logsDeliveryServicePrincipal], + resources: [bucket.bucketArn], + }), + ); + + // make sure the bucket's policy is created before the ALB (see https://github.com/aws/aws-cdk/issues/1633) + // at the L1 level to avoid creating a circular dependency (see https://github.com/aws/aws-cdk/issues/27528 + // and https://github.com/aws/aws-cdk/issues/27928) + const lb = this.node.defaultChild; + const bucketPolicy = bucket.policy?.node.defaultChild; + if (lb && bucketPolicy && CfnResource.isCfnResource(lb) && CfnResource.isCfnResource(bucketPolicy)) { + lb.addDependency(bucketPolicy); + } + } + /** * Add a security group to this load balancer */ diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts new file mode 100644 index 0000000000000..67cd5f7eda79d --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts @@ -0,0 +1,80 @@ +import { Construct } from 'constructs'; +import { ITrustStore } from './trust-store'; +import { IBucket } from '../../../aws-s3'; +import { Resource } from '../../../core'; +import { CfnTrustStoreRevocation } from '../elasticloadbalancingv2.generated'; + +/** + * Properties for the trust store revocation + */ +export interface TrustStoreRevocationProps { + + /** + * The trust store + */ + readonly trustStore: ITrustStore; + + /** + * The revocation file to add + */ + readonly revocationContents: RevocationContent[]; +} + +/** + * Information about a revocation file + */ +export interface RevocationContent { + /** + * The type of revocation file + * + * @default RevocationType.CRL + */ + readonly revocationType?: RevocationType; + + /** + * The Amazon S3 bucket for the revocation file + */ + readonly bucket: IBucket; + + /** + * The Amazon S3 path for the revocation file + */ + readonly key: string; + + /** + * The Amazon S3 object version of the revocation file + * + * @default - latest version + */ + readonly version?: string; +} + +/** + * The type of revocation file + */ +export enum RevocationType { + /** + * A signed list of revoked certificates + */ + CRL = 'CRL', +} + +/** + * A new Trust Store Revocation + */ +export class TrustStoreRevocation extends Resource { + + constructor(scope: Construct, id: string, props: TrustStoreRevocationProps) { + super(scope, id); + + new CfnTrustStoreRevocation(this, 'Resource', { + trustStoreArn: props.trustStore.trustStoreArn, + revocationContents: props.revocationContents?.map(content => ({ + revocationType: content.revocationType, + s3Bucket: content.bucket.bucketName, + s3Key: content.key, + s3ObjectVersion: content.version, + })), + }); + } +} diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts new file mode 100644 index 0000000000000..75a0841f1b45e --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts @@ -0,0 +1,132 @@ +import { Construct } from 'constructs'; +import { IBucket } from '../../../aws-s3'; +import { IResource, Resource, Fn, Names, Lazy, Token } from '../../../core'; +import { CfnTrustStore } from '../elasticloadbalancingv2.generated'; + +/** + * Represents a Trust Store + */ +export interface ITrustStore extends IResource { + /** + * The name of the trust store + * @attribute + */ + readonly trustStoreName: string; + + /** + * The ARN of the trust store + * @attribute + */ + readonly trustStoreArn: string; +} + +/** + * Properties used for the Trust Store + */ +export interface TrustStoreProps { + + /** + * The name of the trust store + * + * @default - Auto generated + */ + readonly trustStoreName?: string; + + /** + * The bucket that the trust store is hosted in + */ + readonly bucket: IBucket; + + /** + * The key in S3 to look at for the trust store + */ + readonly key: string; + + /** + * The version of the S3 object that contains your truststore. + * To specify a version, you must have versioning enabled for the S3 bucket. + * + * @default - latest version + */ + readonly version?: string; +} + +/** + * A new Trust Store + */ +export class TrustStore extends Resource implements ITrustStore { + /** + * Import from ARN + */ + public static fromTrustStoreArn(scope: Construct, id: string, trustStoreArn: string): ITrustStore { + const resourceParts = Fn.split('/', trustStoreArn); + + const trustStoreName = Fn.select(0, resourceParts); + + class Import extends Resource implements ITrustStore { + public readonly trustStoreArn = trustStoreArn; + public readonly trustStoreName = trustStoreName; + } + return new Import(scope, id); + } + + /** + * The name of the trust store + * + * @attribute + */ + public readonly trustStoreName: string; + + /** + * The number of CA certificates in the trust store + * + * @attribute + */ + public readonly numberOfCaCertificates: number; + + /** + * The status of the trust store + * + * @attribute + */ + public readonly status: string; + + /** + * The ARN of the trust store + * + * @attribute + */ + public readonly trustStoreArn: string; + + constructor(scope: Construct, id: string, props: TrustStoreProps) { + super(scope, id, { + physicalName: props.trustStoreName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 32 }), + }), + }); + + if (props.trustStoreName !== undefined && !Token.isUnresolved(props.trustStoreName)) { + + if (props.trustStoreName.length < 1 || props.trustStoreName.length > 32) { + throw new Error(`trustStoreName '${props.trustStoreName}' must be 1-32 characters long.`); + } + const validNameRegex = /^([a-zA-Z0-9]+-)*[a-zA-Z0-9]+$/; + if (!validNameRegex.test(props.trustStoreName)) { + throw new Error(`trustStoreName '${props.trustStoreName}' must contain only alphanumeric characters and hyphens, and cannot begin or end with a hyphen.`); + } + + } + + const resource = new CfnTrustStore(this, 'Resource', { + name: this.physicalName, + caCertificatesBundleS3Bucket: props.bucket.bucketName, + caCertificatesBundleS3Key: props.key, + caCertificatesBundleS3ObjectVersion: props.version, + }); + + this.trustStoreName = resource.ref; + this.numberOfCaCertificates = resource.attrNumberOfCaCertificates; + this.status = resource.attrStatus; + this.trustStoreArn = resource.attrTrustStoreArn; + } +} diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts index 9f8833b15bfda..575c30b5dfe9d 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts @@ -8,6 +8,8 @@ export * from './alb/application-load-balancer'; export * from './alb/application-target-group'; export * from './alb/application-listener-action'; export * from './alb/conditions'; +export * from './alb/trust-store'; +export * from './alb/trust-store-revocation'; export * from './nlb/network-listener'; export * from './nlb/network-load-balancer'; diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts index 4c59f89c674d5..4399b50a4ec72 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts @@ -4,6 +4,7 @@ import { Match, Template } from '../../../assertions'; import * as acm from '../../../aws-certificatemanager'; import { Metric } from '../../../aws-cloudwatch'; import * as ec2 from '../../../aws-ec2'; +import * as s3 from '../../../aws-s3'; import * as cdk from '../../../core'; import { SecretValue } from '../../../core'; import * as elbv2 from '../../lib'; @@ -1933,6 +1934,164 @@ describe('tests', () => { }); }); + + describe('Mutual Authentication', () => { + test('Mutual Authentication settings with all properties when mutualAuthenticationMode is verify', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + ignoreClientCertificateExpiry: true, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + MutualAuthentication: { + IgnoreClientCertificateExpiry: true, + Mode: 'verify', + TrustStoreArn: stack.resolve(trustStore.trustStoreArn), + }, + }); + }); + + test.each([elbv2.MutualAuthenticationMode.OFF, elbv2.MutualAuthenticationMode.PASS_THROUGH])('Mutual Authentication settings with all properties when mutualAuthenticationMode is %s', (mutualAuthenticationMode) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + mutualAuthenticationMode, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + MutualAuthentication: { + Mode: mutualAuthenticationMode, + }, + }); + }); + + test('Mutual Authentication settings without all properties', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + MutualAuthentication: { + IgnoreClientCertificateExpiry: Match.absent(), + Mode: Match.absent(), + TrustStoreArn: Match.absent(), + }, + }); + }); + + test('Throw an error when mode is verify without TrustStore', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + expect(() => { + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + ignoreClientCertificateExpiry: true, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + }).toThrow('You must set \'trustStore\' when \'mode\' is \'verify\''); + }); + + test.each([elbv2.MutualAuthenticationMode.OFF, elbv2.MutualAuthenticationMode.PASS_THROUGH])('Throw an error when mode is %s with trustStore', (mutualAuthenticationMode) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + expect(() => { + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + mutualAuthenticationMode, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + }).toThrow('You cannot set \'trustStore\' when \'mode\' is \'off\' or \'passthrough\''); + }); + + test.each([elbv2.MutualAuthenticationMode.OFF, elbv2.MutualAuthenticationMode.PASS_THROUGH])('Throw an error when mode is %s with ignoreClientCertificateExpiry', (mutualAuthenticationMode) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + expect(() => { + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + mutualAuthenticationMode, + ignoreClientCertificateExpiry: true, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + }).toThrow('You cannot set \'ignoreClientCertificateExpiry\' when \'mode\' is \'off\' or \'passthrough\''); + }); + }); + }); class ResourceWithLBDependency extends cdk.CfnResource { diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index 958a881846fab..6838181872275 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -645,6 +645,345 @@ describe('tests', () => { }); }); + describe('logConnectionLogs', () => { + + class ExtendedLB extends elbv2.ApplicationLoadBalancer { + constructor(scope: Construct, id: string, vpc: ec2.IVpc) { + super(scope, id, { vpc }); + + const connectionLogsBucket = new s3.Bucket(this, 'ALBConnectionLogsBucket', { + blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, + encryption: s3.BucketEncryption.S3_MANAGED, + versioned: true, + serverAccessLogsPrefix: 'selflog/', + enforceSSL: true, + }); + + this.logConnectionLogs(connectionLogsBucket); + } + } + + function loggingSetup(withEncryption: boolean = false ): { stack: cdk.Stack; bucket: s3.Bucket; lb: elbv2.ApplicationLoadBalancer } { + const app = new cdk.App(); + const stack = new cdk.Stack(app, undefined, { env: { region: 'us-east-1' } }); + const vpc = new ec2.Vpc(stack, 'Stack'); + let bucketProps = {}; + if (withEncryption) { + const kmsKey = new Key(stack, 'TestKMSKey'); + bucketProps = { ...bucketProps, encryption: s3.BucketEncryption.KMS, encyptionKey: kmsKey }; + } + const bucket = new s3.Bucket(stack, 'ConnectionLogBucket', { ...bucketProps }); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + return { stack, bucket, lb }; + } + + test('sets load balancer attributes', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket); + + //THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + LoadBalancerAttributes: Match.arrayWith([ + { + Key: 'connection_logs.s3.enabled', + Value: 'true', + }, + { + Key: 'connection_logs.s3.bucket', + Value: { Ref: 'ConnectionLogBucketFDE8490A' }, + }, + { + Key: 'connection_logs.s3.prefix', + Value: '', + }, + ]), + }); + }); + + test('adds a dependency on the bucket', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket); + + // THEN + // verify the ALB depends on the bucket policy + Template.fromStack(stack).hasResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + DependsOn: ['ConnectionLogBucketPolicyF17C8635'], + }); + }); + + test('logging bucket permissions', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket); + + // THEN + // verify the bucket policy allows the ALB to put objects in the bucket + Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::127311923021:root']] } }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + Condition: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' } }, + }, + { + Action: 's3:GetBucketAcl', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'], + }, + }, + ], + }, + }); + }); + + test('connection logging with prefix', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket, 'prefix-of-connection-logs'); + + // THEN + // verify that the LB attributes reference the bucket + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + LoadBalancerAttributes: Match.arrayWith([ + { + Key: 'connection_logs.s3.enabled', + Value: 'true', + }, + { + Key: 'connection_logs.s3.bucket', + Value: { Ref: 'ConnectionLogBucketFDE8490A' }, + }, + { + Key: 'connection_logs.s3.prefix', + Value: 'prefix-of-connection-logs', + }, + ]), + }); + + // verify the bucket policy allows the ALB to put objects in the bucket + Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::127311923021:root']] } }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/prefix-of-connection-logs/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/prefix-of-connection-logs/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + Condition: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' } }, + }, + { + Action: 's3:GetBucketAcl', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'], + }, + }, + ], + }, + }); + }); + + test('bucket with KMS throws validation error', () => { + //GIVEN + const { stack, bucket, lb } = loggingSetup(true); + + // WHEN + const logConnectionLogFunctionTest = () => lb.logConnectionLogs(bucket); + + // THEN + // verify failure in case the connection log bucket is encrypted with KMS + expect(logConnectionLogFunctionTest).toThrow('Encryption key detected. Bucket encryption using KMS keys is unsupported'); + + }); + + test('connection logging on imported bucket', () => { + // GIVEN + const { stack, lb } = loggingSetup(); + + const bucket = s3.Bucket.fromBucketName(stack, 'ImportedConnectionLoggingBucket', 'imported-bucket'); + // Imported buckets have `autoCreatePolicy` disabled by default + bucket.policy = new s3.BucketPolicy(stack, 'ImportedConnectionLoggingBucketPolicy', { + bucket, + }); + + // WHEN + lb.logConnectionLogs(bucket); + + // THEN + // verify that the LB attributes reference the bucket + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + LoadBalancerAttributes: Match.arrayWith([ + { + Key: 'connection_logs.s3.enabled', + Value: 'true', + }, + { + Key: 'connection_logs.s3.bucket', + Value: 'imported-bucket', + }, + { + Key: 'connection_logs.s3.prefix', + Value: '', + }, + ]), + }); + + // verify the bucket policy allows the ALB to put objects in the bucket + Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::127311923021:root']] } }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':s3:::imported-bucket/AWSLogs/', + { Ref: 'AWS::AccountId' }, + '/*', + ], + ], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':s3:::imported-bucket/AWSLogs/', + { Ref: 'AWS::AccountId' }, + '/*', + ], + ], + }, + Condition: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' } }, + }, + { + Action: 's3:GetBucketAcl', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':s3:::imported-bucket', + ], + ], + }, + }, + ], + }, + }); + + // verify the ALB depends on the bucket policy + Template.fromStack(stack).hasResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + DependsOn: ['ImportedConnectionLoggingBucketPolicy548EEC12'], + }); + }); + + test('does not add circular dependency on bucket with extended load balancer', () => { + // GIVEN + const { stack } = loggingSetup(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + + // WHEN + new ExtendedLB(stack, 'ExtendedLB', vpc); + + // THEN + Template.fromStack(stack).hasResource('AWS::S3::Bucket', { + Type: 'AWS::S3::Bucket', + Properties: { + AccessControl: 'LogDeliveryWrite', + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + LoggingConfiguration: { + LogFilePrefix: 'selflog/', + }, + OwnershipControls: { + Rules: [ + { + ObjectOwnership: 'ObjectWriter', + }, + ], + }, + PublicAccessBlockConfiguration: { + BlockPublicAcls: true, + BlockPublicPolicy: true, + IgnorePublicAcls: true, + RestrictPublicBuckets: true, + }, + VersioningConfiguration: { + Status: 'Enabled', + }, + }, + UpdateReplacePolicy: 'Retain', + DeletionPolicy: 'Retain', + DependsOn: Match.absent(), + }); + }); + }); + test('Exercise metrics', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts new file mode 100644 index 0000000000000..0fc003de5b1ed --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts @@ -0,0 +1,79 @@ +import { Match, Template } from '../../../assertions'; +import * as s3 from '../../../aws-s3'; +import * as cdk from '../../../core'; +import * as elbv2 from '../../lib'; + +let stack: cdk.Stack; +beforeEach(() => { + stack = new cdk.Stack(); +}); + +test('Trust Store Revocation with all properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + new elbv2.TrustStoreRevocation(stack, 'Revocation', { + trustStore, + revocationContents: [ + { + revocationType: elbv2.RevocationType.CRL, + bucket, + key: 'crl.pem', + version: 'test-version', + }, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStoreRevocation', { + TrustStoreArn: stack.resolve(trustStore.trustStoreArn), + RevocationContents: [ + { + RevocationType: 'CRL', + S3Bucket: stack.resolve(bucket.bucketName), + S3Key: 'crl.pem', + S3ObjectVersion: 'test-version', + }, + ], + }); +}); + +test('Trust Store Revocation with required properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + new elbv2.TrustStoreRevocation(stack, 'Revocation', { + trustStore, + revocationContents: [ + { + bucket, + key: 'crl.pem', + }, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStoreRevocation', { + TrustStoreArn: stack.resolve(trustStore.trustStoreArn), + RevocationContents: [ + { + RevocationType: Match.absent(), + S3Bucket: stack.resolve(bucket.bucketName), + S3Key: 'crl.pem', + S3ObjectVersion: Match.absent(), + }, + ], + }); +}); diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts new file mode 100644 index 0000000000000..52649f273ca81 --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts @@ -0,0 +1,77 @@ +import { Match, Template } from '../../../assertions'; +import * as s3 from '../../../aws-s3'; +import * as cdk from '../../../core'; +import * as elbv2 from '../../lib'; + +let stack: cdk.Stack; +beforeEach(() => { + stack = new cdk.Stack(); +}); + +test('Trust Store with all properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + new elbv2.TrustStore(stack, 'TrustStore', { + trustStoreName: 'MyTrustStore', + bucket, + key: 'dummy.pem', + version: 'test-version', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStore', { + CaCertificatesBundleS3Bucket: stack.resolve(bucket.bucketName), + CaCertificatesBundleS3Key: 'dummy.pem', + CaCertificatesBundleS3ObjectVersion: 'test-version', + Name: 'MyTrustStore', + }); +}); + +test('Trust Store with required properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStore', { + CaCertificatesBundleS3Bucket: stack.resolve(bucket.bucketName), + CaCertificatesBundleS3Key: 'dummy.pem', + CaCertificatesBundleS3ObjectVersion: Match.absent(), + Name: 'TrustStore', + }); +}); + +test.each(['', 'a'.repeat(33)])('Throw an error when trustStoreName length is invalid, trustStoreName: %s', (trustStoreName) => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + expect(() => { + new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + trustStoreName, + }); + }).toThrow(`trustStoreName '${trustStoreName}' must be 1-32 characters long.`); +}); + +test.each(['-test', 'test-', '$test'])('Throw an error when trustStoreName has invalid patten, trustStoreName: %s', (trustStoreName) => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + expect(() => { + new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + trustStoreName, + }); + }).toThrow(`trustStoreName '${trustStoreName}' must contain only alphanumeric characters and hyphens, and cannot begin or end with a hyphen.`); +}); diff --git a/packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json b/packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json new file mode 100644 index 0000000000000..1d6677d65b503 --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.launchwizard" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.LaunchWizard" + }, + "python": { + "module": "aws_cdk.aws_launchwizard" + } + } +} diff --git a/packages/aws-cdk-lib/aws-launchwizard/README.md b/packages/aws-cdk-lib/aws-launchwizard/README.md new file mode 100644 index 0000000000000..155cd2b2ac970 --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/README.md @@ -0,0 +1,39 @@ +# AWS::LaunchWizard Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as launchwizard from 'aws-cdk-lib/aws-launchwizard'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for LaunchWizard construct libraries](https://constructs.dev/search?q=launchwizard) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::LaunchWizard resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_LaunchWizard.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::LaunchWizard](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_LaunchWizard.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-launchwizard/index.ts b/packages/aws-cdk-lib/aws-launchwizard/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-launchwizard/lib/index.ts b/packages/aws-cdk-lib/aws-launchwizard/lib/index.ts new file mode 100644 index 0000000000000..d3242316c0ad0 --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::LaunchWizard Cloudformation Resources +export * from './launchwizard.generated'; diff --git a/packages/aws-cdk-lib/aws-opensearchservice/README.md b/packages/aws-cdk-lib/aws-opensearchservice/README.md index e24f2df325e25..dcff581a78857 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/README.md +++ b/packages/aws-cdk-lib/aws-opensearchservice/README.md @@ -464,7 +464,7 @@ const domain = new Domain(this, 'Domain', { }); ``` -## Enable support for Multi-AZ with Standby deployment +## Enable support for Multi-AZ with Standby deployment The domain can be configured to use [multi-AZ with standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby). diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts index 54c13c31df6cb..ae281e741a27c 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts @@ -613,6 +613,8 @@ export class AuroraMysqlEngineVersion { public static readonly VER_3_06_1 = AuroraMysqlEngineVersion.builtIn_8_0('3.06.1'); /** Version "8.0.mysql_aurora.3.07.0". */ public static readonly VER_3_07_0 = AuroraMysqlEngineVersion.builtIn_8_0('3.07.0'); + /** Version "8.0.mysql_aurora.3.07.1". */ + public static readonly VER_3_07_1 = AuroraMysqlEngineVersion.builtIn_8_0('3.07.1'); /** * Create a new AuroraMysqlEngineVersion with an arbitrary version. @@ -944,6 +946,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_12_17 = AuroraPostgresEngineVersion.of('12.17', '12', { s3Import: true, s3Export: true }); /** Version "12.18". */ public static readonly VER_12_18 = AuroraPostgresEngineVersion.of('12.18', '12', { s3Import: true, s3Export: true }); + /** Version "12.19". */ + public static readonly VER_12_19 = AuroraPostgresEngineVersion.of('12.19', '12', { s3Import: true, s3Export: true }); /** * Version "13.3". * @deprecated Version 13.3 is no longer supported by Amazon RDS. @@ -980,6 +984,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_13_13 = AuroraPostgresEngineVersion.of('13.13', '13', { s3Import: true, s3Export: true }); /** Version "13.14". */ public static readonly VER_13_14 = AuroraPostgresEngineVersion.of('13.14', '13', { s3Import: true, s3Export: true }); + /** Version "13.15". */ + public static readonly VER_13_15 = AuroraPostgresEngineVersion.of('13.15', '13', { s3Import: true, s3Export: true }); /** Version "14.3". */ public static readonly VER_14_3 = AuroraPostgresEngineVersion.of('14.3', '14', { s3Import: true, s3Export: true }); /** Version "14.4". */ @@ -998,6 +1004,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_14_10 = AuroraPostgresEngineVersion.of('14.10', '14', { s3Import: true, s3Export: true }); /** Version "14.11". */ public static readonly VER_14_11 = AuroraPostgresEngineVersion.of('14.11', '14', { s3Import: true, s3Export: true }); + /** Version "14.12". */ + public static readonly VER_14_12 = AuroraPostgresEngineVersion.of('14.12', '14', { s3Import: true, s3Export: true }); /** Version "15.2". */ public static readonly VER_15_2 = AuroraPostgresEngineVersion.of('15.2', '15', { s3Import: true, s3Export: true }); /** Version "15.3". */ @@ -1008,6 +1016,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_15_5 = AuroraPostgresEngineVersion.of('15.5', '15', { s3Import: true, s3Export: true }); /** Version "15.6". */ public static readonly VER_15_6 = AuroraPostgresEngineVersion.of('15.6', '15', { s3Import: true, s3Export: true }); + /** Version "15.7". */ + public static readonly VER_15_7 = AuroraPostgresEngineVersion.of('15.7', '15', { s3Import: true, s3Export: true }); /** * Version "16.0" * @deprecated Version 16.0 is no longer supported by Amazon RDS. @@ -1017,6 +1027,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_16_1 = AuroraPostgresEngineVersion.of('16.1', '16', { s3Import: true, s3Export: true }); /** Version "16.2". */ public static readonly VER_16_2 = AuroraPostgresEngineVersion.of('16.2', '16', { s3Import: true, s3Export: true }); + /** Version "16.3". */ + public static readonly VER_16_3 = AuroraPostgresEngineVersion.of('16.3', '16', { s3Import: true, s3Export: true }); /** * Create a new AuroraPostgresEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index 9ed03ee7da226..3c0b256f6e687 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -936,6 +936,8 @@ export class MysqlEngineVersion { public static readonly VER_8_0_36 = MysqlEngineVersion.of('8.0.36', '8.0'); /** Version "8.0.37". */ public static readonly VER_8_0_37 = MysqlEngineVersion.of('8.0.37', '8.0'); + /** Version "8.0.39". */ + public static readonly VER_8_0_39 = MysqlEngineVersion.of('8.0.39', '8.0'); /** * Create a new MysqlEngineVersion with an arbitrary version. @@ -1525,6 +1527,8 @@ export class PostgresEngineVersion { public static readonly VER_12_18 = PostgresEngineVersion.of('12.18', '12', { s3Import: true, s3Export: true }); /** Version "12.19". */ public static readonly VER_12_19 = PostgresEngineVersion.of('12.19', '12', { s3Import: true, s3Export: true }); + /** Version "12.20". */ + public static readonly VER_12_20 = PostgresEngineVersion.of('12.20', '12', { s3Import: true, s3Export: true }); /** Version "13" (only a major version, without a specific minor version). */ public static readonly VER_13 = PostgresEngineVersion.of('13', '13', { s3Import: true, s3Export: true }); @@ -1588,6 +1592,8 @@ export class PostgresEngineVersion { public static readonly VER_13_14 = PostgresEngineVersion.of('13.14', '13', { s3Import: true, s3Export: true }); /** Version "13.15". */ public static readonly VER_13_15 = PostgresEngineVersion.of('13.15', '13', { s3Import: true, s3Export: true }); + /** Version "13.16". */ + public static readonly VER_13_16 = PostgresEngineVersion.of('13.16', '13', { s3Import: true, s3Export: true }); /** Version "14" (only a major version, without a specific minor version). */ public static readonly VER_14 = PostgresEngineVersion.of('14', '14', { s3Import: true, s3Export: true }); @@ -1639,6 +1645,8 @@ export class PostgresEngineVersion { public static readonly VER_14_11 = PostgresEngineVersion.of('14.11', '14', { s3Import: true, s3Export: true }); /** Version "14.12". */ public static readonly VER_14_12 = PostgresEngineVersion.of('14.12', '14', { s3Import: true, s3Export: true }); + /** Version "14.13". */ + public static readonly VER_14_13 = PostgresEngineVersion.of('14.13', '14', { s3Import: true, s3Export: true }); /** Version "15" (only a major version, without a specific minor version). */ public static readonly VER_15 = PostgresEngineVersion.of('15', '15', { s3Import: true, s3Export: true }); @@ -1660,6 +1668,8 @@ export class PostgresEngineVersion { public static readonly VER_15_6 = PostgresEngineVersion.of('15.6', '15', { s3Import: true, s3Export: true }); /** Version "15.7". */ public static readonly VER_15_7 = PostgresEngineVersion.of('15.7', '15', { s3Import: true, s3Export: true }); + /** Version "15.8". */ + public static readonly VER_15_8 = PostgresEngineVersion.of('15.8', '15', { s3Import: true, s3Export: true }); /** Version "16" (only a major version, without a specific minor version). */ public static readonly VER_16 = PostgresEngineVersion.of('16', '16', { s3Import: true, s3Export: true }); @@ -1669,6 +1679,8 @@ export class PostgresEngineVersion { public static readonly VER_16_2 = PostgresEngineVersion.of('16.2', '16', { s3Import: true, s3Export: true }); /** Version "16.3". */ public static readonly VER_16_3 = PostgresEngineVersion.of('16.3', '16', { s3Import: true, s3Export: true }); + /** Version "16.4". */ + public static readonly VER_16_4 = PostgresEngineVersion.of('16.4', '16', { s3Import: true, s3Export: true }); /** * Create a new PostgresEngineVersion with an arbitrary version. @@ -2547,6 +2559,8 @@ export class SqlServerEngineVersion { public static readonly VER_13_00_6430_49_V1 = SqlServerEngineVersion.of('13.00.6430.49.v1', '13.00'); /** Version "13.00.6435.1.v1". */ public static readonly VER_13_00_6435_1_V1 = SqlServerEngineVersion.of('13.00.6435.1.v1', '13.00'); + /** Version "13.00.6441.1.v1". */ + public static readonly VER_13_00_6441_1_V1 = SqlServerEngineVersion.of('13.00.6441.1.v1', '13.00'); /** Version "14.00" (only a major version, without a specific minor version). */ public static readonly VER_14 = SqlServerEngineVersion.of('14.00', '14.00'); @@ -2598,6 +2612,8 @@ export class SqlServerEngineVersion { public static readonly VER_14_00_3460_9_V1 = SqlServerEngineVersion.of('14.00.3460.9.v1', '14.00'); /** Version "14.00.3465.1.v1". */ public static readonly VER_14_00_3465_1_V1 = SqlServerEngineVersion.of('14.00.3465.1.v1', '14.00'); + /** Version "14.00.3471.2.v1 ". */ + public static readonly VER_14_00_3471_2_V1 = SqlServerEngineVersion.of('14.00.3471.2.v1 ', '14.00'); /** Version "15.00" (only a major version, without a specific minor version). */ public static readonly VER_15 = SqlServerEngineVersion.of('15.00', '15.00'); @@ -2630,6 +2646,10 @@ export class SqlServerEngineVersion { public static readonly VER_15_00_4345_5_V1 = SqlServerEngineVersion.of('15.00.4345.5.v1', '15.00'); /** Version "15.00.4365.2.v1". */ public static readonly VER_15_00_4365_2_V1 = SqlServerEngineVersion.of('15.00.4365.2.v1', '15.00'); + /** Version "15.00.4375.4.v1". */ + public static readonly VER_15_00_4375_4_V1 = SqlServerEngineVersion.of('15.00.4375.4.v1', '15.00'); + /** Version "15.00.4382.1.v1". */ + public static readonly VER_15_00_4382_1_V1 = SqlServerEngineVersion.of('15.00.4382.1.v1', '15.00'); /** Version "16.00" (only a major version, without a specific minor version). */ public static readonly VER_16 = SqlServerEngineVersion.of('16.00', '16.00'); @@ -2645,6 +2665,8 @@ export class SqlServerEngineVersion { public static readonly VER_16_00_4120_1_V1 = SqlServerEngineVersion.of('16.00.4120.1.v1', '16.00'); /** Version "16.00.4125.3.v1". */ public static readonly VER_16_00_4125_3_V1 = SqlServerEngineVersion.of('16.00.4125.3.v1', '16.00'); + /** Version "16.00.4131.2.v1". */ + public static readonly VER_16_00_4131_2_V1 = SqlServerEngineVersion.of('16.00.4131.2.v1', '16.00'); /** * Create a new SqlServerEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts index d74cd935d85fe..cee26e65dfbcf 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts @@ -106,6 +106,10 @@ describe('cluster engine', () => { 'aurora-postgresql10'); expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('14.3', '14') }).parameterGroupFamily).toEqual( 'aurora-postgresql14'); + expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('15.7', '15') }).parameterGroupFamily).toEqual( + 'aurora-postgresql15'); + expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('16.3', '16') }).parameterGroupFamily).toEqual( + 'aurora-postgresql16'); }); test('supported log types', () => { @@ -156,6 +160,9 @@ describe('cluster engine', () => { const engine_ver_2_11_3 = DatabaseClusterEngine.auroraMysql({ version: AuroraMysqlEngineVersion.VER_2_11_3, }); + const engine_ver_3_07_1 = DatabaseClusterEngine.auroraMysql({ + version: AuroraMysqlEngineVersion.VER_3_07_1, + }); // THEN expect(engine_VER_14_3.parameterGroupFamily).toEqual('aurora-postgresql14'); @@ -171,5 +178,6 @@ describe('cluster engine', () => { expect(engine_ver_2_8_3.parameterGroupFamily).toEqual('aurora-mysql5.7'); expect(engine_ver_2_8_4.parameterGroupFamily).toEqual('aurora-mysql5.7'); expect(engine_ver_2_11_3.parameterGroupFamily).toEqual('aurora-mysql5.7'); + expect(engine_ver_3_07_1.parameterGroupFamily).toEqual('aurora-mysql8.0'); }); }); diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index 8db48224a89b1..c90adb9837fe1 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -115,6 +115,7 @@ "props-physical-name:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancerProps", "props-physical-name:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListenerProps", "props-physical-name:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListenerProps", + "props-physical-name:aws-cdk-lib.aws_elasticloadbalancingv2.TrustStoreRevocationProps", "props-physical-name:aws-cdk-lib.aws_events.EventBusPolicyProps", "props-physical-name:aws-cdk-lib.aws_fsx.LustreFileSystemProps", "props-physical-name:aws-cdk-lib.aws_iam.AccessKeyProps", diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json b/packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json deleted file mode 100644 index 21db8e13672e1..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "targets": { - "java": { - "package": "software.amazon.awscdk.cloudassembly.schema" - }, - "dotnet": { - "namespace": "Amazon.CDK.CloudAssembly.Schema" - }, - "python": { - "module": "aws_cdk.cloud_assembly_schema" - } - } -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md b/packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md deleted file mode 100644 index 0a96c52f7ca1a..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md +++ /dev/null @@ -1,67 +0,0 @@ -## Cloud Assembly Schema - -Making changes to this module should only happen when you introduce new cloud assembly capabilities. - -> For example: supporting the `--target` option when building docker containers. - -If you decided these changes are necessary, simply go ahead and make the necessary modifications to -the interfaces that describe the schema. Our tests and validation mechanisms will ensure you make those -changes correctly. - -### Module Structure - -There are two main things to understand about the files in this module: - -- [`lib/manifest.ts`](./lib/manifest.ts) - - This is the typescript code that defines our schema. It is solely comprised of structs (property only interfaces). - It directly maps to the way we want manifest files to be stored on disk. When you want to make changes to the schema, - this is the file you should be editing. - -- [`lib/schema`](./schema/) - - This directory contains the generated json [schema](./schema/cloud-assembly.schema.json) from the aforementioned - typescript code. It also contains a [version](./schema/cloud-assembly.version.json) file that holds the current version - of the schema. These files are **not** intended for manual editing. Keep reading to understand how they change and when. - -### Schema Generation - -The schema can be generated by running `yarn update-schema`. It reads the [`manifest.ts`](./lib/manifest.ts) file and writes -an updated json schema to [`cloud-assembly.schema.json`](./schema/cloud-assembly.schema.json). -In addition, this command also performs a `major` version bump on the [version](./schema/cloud-assembly.version.json) file. - -Note that it is not generated as part of the build, this is to ensure developers will be intentional when making -changes to the schema. If changes to the code are performed, without generating a new schema, the tests will fail: - -```console -$ yarn test -FAIL test/schema.test.js (5.902s) - ✓ manifest save (7ms) - ✕ cloud-assembly.json.schema is correct (5304ms) - ✓ manifest load (4ms) - ✓ manifest load fails for invalid nested property (5ms) - ✓ manifest load fails for invalid artifact type (1ms) - ✓ stack-tags are deserialized properly (1ms) - ✓ can access random metadata (1ms) - - ● cloud-assembly.json.schema is correct - - Whoops, Looks like the schema has changed. Did you forget to run 'yarn update-schema'? -``` - -### Schema Validation - -Being a **stable** `jsii` module, it undergoes strict API compatibility checks with the help -of [`jsii-diff`](https://github.com/aws/jsii/tree/master/packages/jsii-diff). -This means that breaking changes will be rejected. These include: - -- Adding a required property. (same as changing from *optional* to *required*) -- Changing the type of the property. - -In addition, the interfaces defined here are programmatically exposed to users, via the `manifest` -property of the [`CloudAssembly`](../cx-api/lib/cloud-assembly.ts) class. This means that the following are -also considered breaking changes: - -- Changing a property from *required* to *optional*. -- Removing an optional property. -- Removing a required property. diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/README.md b/packages/aws-cdk-lib/cloud-assembly-schema/README.md deleted file mode 100644 index a102522dba4fd..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# Cloud Assembly Schema - - -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. - -## Cloud Assembly - -The *Cloud Assembly* is the output of the synthesis operation. It is produced as part of the -[`cdk synth`](https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk#cdk-synthesize) -command, or the [`app.synth()`](https://github.com/aws/aws-cdk/blob/main/packages/@aws-cdk/core/lib/app.ts#L135) method invocation. - -Its essentially a set of files and directories, one of which is the `manifest.json` file. It defines the set of instructions that are -needed in order to deploy the assembly directory. - -> For example, when `cdk deploy` is executed, the CLI reads this file and performs its instructions: -> -> - Build container images. -> - Upload assets. -> - Deploy CloudFormation templates. - -Therefore, the assembly is how the CDK class library and CDK CLI (or any other consumer) communicate. To ensure compatibility -between the assembly and its consumers, we treat the manifest file as a well defined, versioned schema. - -## Schema - -This module contains the typescript structs that comprise the `manifest.json` file, as well as the -generated [*json-schema*](./schema/cloud-assembly.schema.json). - -## Versioning - -The schema version is specified in the [`cloud-assembly.version.json`](./schema/cloud-assembly.schema.json) file, under the `version` property. -It follows semantic versioning, but with a small twist. - -When we add instructions to the assembly, they are reflected in the manifest file and the *json-schema* accordingly. -Every such instruction, is crucial for ensuring the correct deployment behavior. This means that to properly deploy a cloud assembly, -consumers must be aware of every such instruction modification. - -For this reason, every change to the schema, even though it might not strictly break validation of the *json-schema* format, -is considered `major` version bump. - -## How to consume - -If you'd like to consume the [schema file](./schema/cloud-assembly.schema.json) in order to do validations on `manifest.json` files, -simply download it from this repo and run it against standard *json-schema* validators, such as [jsonschema](https://www.npmjs.com/package/jsonschema). - -Consumers must take into account the `major` version of the schema they are consuming. They should reject cloud assemblies -with a `major` version that is higher than what they expect. While schema validation might pass on such assemblies, the deployment integrity -cannot be guaranteed because some instructions will be ignored. - -> For example, if your consumer was built when the schema version was 2.0.0, you should reject deploying cloud assemblies with a -> manifest version of 3.0.0. - -## Contributing - -See [Contribution Guide](./CONTRIBUTING.md) diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/index.ts index f41a696fd204d..88dd90ebb9af3 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/index.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/index.ts @@ -1 +1 @@ -export * from './lib'; +export * from '@aws-cdk/cloud-assembly-schema'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts deleted file mode 100644 index f419fde03c56d..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Destination for assets that need to be uploaded to AWS - */ -export interface AwsDestination { - /** - * The region where this asset will need to be published - * - * @default - Current region - */ - readonly region?: string; - - /** - * The role that needs to be assumed while publishing this asset - * - * @default - No role will be assumed - */ - readonly assumeRoleArn?: string; - - /** - * The ExternalId that needs to be supplied while assuming this role - * - * @default - No ExternalId will be supplied - */ - readonly assumeRoleExternalId?: string; -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts deleted file mode 100644 index 70c9761f47c70..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts +++ /dev/null @@ -1,175 +0,0 @@ -import { AwsDestination } from './aws-destination'; - -/** - * A file asset - */ -export interface DockerImageAsset { - /** - * Source description for file assets - */ - readonly source: DockerImageSource; - - /** - * Destinations for this file asset - */ - readonly destinations: { [id: string]: DockerImageDestination }; -} - -/** - * Properties for how to produce a Docker image from a source - */ -export interface DockerImageSource { - /** - * The directory containing the Docker image build instructions. - * - * This path is relative to the asset manifest location. - * - * @default - Exactly one of `directory` and `executable` is required - */ - readonly directory?: string; - - /** - * A command-line executable that returns the name of a local - * Docker image on stdout after being run. - * - * @default - Exactly one of `directory` and `executable` is required - */ - readonly executable?: string[]; - - /** - * The name of the file with build instructions - * - * Only allowed when `directory` is set. - * - * @default "Dockerfile" - */ - readonly dockerFile?: string; - - /** - * Target build stage in a Dockerfile with multiple build stages - * - * Only allowed when `directory` is set. - * - * @default - The last stage in the Dockerfile - */ - readonly dockerBuildTarget?: string; - - /** - * Additional build arguments - * - * Only allowed when `directory` is set. - * - * @default - No additional build arguments - */ - readonly dockerBuildArgs?: { [name: string]: string }; - - /** - * SSH agent socket or keys - * - * Requires building with docker buildkit. - * - * @default - No ssh flag is set - */ - readonly dockerBuildSsh?: string; - - /** - * Additional build secrets - * - * Only allowed when `directory` is set. - * - * @default - No additional build secrets - */ - readonly dockerBuildSecrets?: { [name: string]: string }; - - /** - * Networking mode for the RUN commands during build. _Requires Docker Engine API v1.25+_. - * - * Specify this property to build images on a specific networking mode. - * - * @default - no networking mode specified - */ - readonly networkMode?: string; - - /** - * Platform to build for. _Requires Docker Buildx_. - * - * Specify this property to build images on a specific platform/architecture. - * - * @default - current machine platform - */ - readonly platform?: string; - - /** - * Outputs - * - * @default - no outputs are passed to the build command (default outputs are used) - * @see https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs - */ - readonly dockerOutputs?: string[]; - - /** - * Cache from options to pass to the `docker build` command. - * - * @default - no cache from options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheFrom?: DockerCacheOption[]; - - /** - * Cache to options to pass to the `docker build` command. - * - * @default - no cache to options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheTo?: DockerCacheOption; - - /** - * Disable the cache and pass `--no-cache` to the `docker build` command. - * - * @default - cache is used - */ - readonly cacheDisabled?: boolean; -} - -/** - * Where to publish docker images - */ -export interface DockerImageDestination extends AwsDestination { - /** - * Name of the ECR repository to publish to - */ - readonly repositoryName: string; - - /** - * Tag of the image to publish - */ - readonly imageTag: string; -} - -/** - * Options for configuring the Docker cache backend - */ -export interface DockerCacheOption { - /** - * The type of cache to use. - * Refer to https://docs.docker.com/build/cache/backends/ for full list of backends. - * @default - unspecified - * - * @example 'registry' - */ - readonly type: string; - /** - * Any parameters to pass into the docker cache backend configuration. - * Refer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. - * @default {} No options provided - * - * @example - * declare const branch: string; - * - * const params = { - * ref: `12345678.dkr.ecr.us-west-2.amazonaws.com/cache:${branch}`, - * mode: "max", - * }; - */ - readonly params?: { [key: string]: string }; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts deleted file mode 100644 index 58c7e0cc93ebc..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts +++ /dev/null @@ -1,76 +0,0 @@ -import { AwsDestination } from './aws-destination'; - -/** - * A file asset - */ -export interface FileAsset { - /** - * Source description for file assets - */ - readonly source: FileSource; - - /** - * Destinations for this file asset - */ - readonly destinations: { [id: string]: FileDestination }; -} - -/** - * Packaging strategy for file assets - */ -export enum FileAssetPackaging { - /** - * Upload the given path as a file - */ - FILE = 'file', - - /** - * The given path is a directory, zip it and upload - */ - ZIP_DIRECTORY = 'zip', -} - -/** - * Describe the source of a file asset - */ -export interface FileSource { - /** - * External command which will produce the file asset to upload. - * - * @default - Exactly one of `executable` and `path` is required. - */ - readonly executable?: string[]; - - /** - * The filesystem object to upload - * - * This path is relative to the asset manifest location. - * - * @default - Exactly one of `executable` and `path` is required. - */ - readonly path?: string; - - /** - * Packaging method - * - * Only allowed when `path` is specified. - * - * @default FILE - */ - readonly packaging?: FileAssetPackaging; -} - -/** - * Where in S3 a file asset needs to be published - */ -export interface FileDestination extends AwsDestination { - /** - * The name of the bucket - */ - readonly bucketName: string; - - /** - * The destination object key - */ - readonly objectKey: string; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts deleted file mode 100644 index 49c126e3f2d9b..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './schema'; -export * from './docker-image-asset'; -export * from './file-asset'; -export * from './aws-destination'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts deleted file mode 100644 index 7f5b33da127cd..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { DockerImageAsset } from './docker-image-asset'; -import { FileAsset } from './file-asset'; - -/** - * Definitions for the asset manifest - */ -export interface AssetManifest { - /** - * Version of the manifest - */ - readonly version: string; - - /** - * The file assets in this manifest - * - * @default - No files - */ - readonly files?: { [id: string]: FileAsset }; - - /** - * The Docker image assets in this manifest - * - * @default - No Docker images - */ - readonly dockerImages?: { [id: string]: DockerImageAsset }; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts deleted file mode 100644 index 66872401251aa..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts +++ /dev/null @@ -1,204 +0,0 @@ - -/** - * Information needed to access an IAM role created - * as part of the bootstrap process - */ -export interface BootstrapRole { - /** - * The ARN of the IAM role created as part of bootrapping - * e.g. lookupRoleArn - */ - readonly arn: string; - - /** - * External ID to use when assuming the bootstrap role - * - * @default - No external ID - */ - readonly assumeRoleExternalId?: string; - - /** - * Version of bootstrap stack required to use this role - * - * @default - No bootstrap stack required - */ - readonly requiresBootstrapStackVersion?: number; - - /** - * Name of SSM parameter with bootstrap stack version - * - * @default - Discover SSM parameter by reading stack - */ - readonly bootstrapStackVersionSsmParameter?: string; -} - -/** - * Artifact properties for CloudFormation stacks. - */ -export interface AwsCloudFormationStackProperties { - /** - * A file relative to the assembly root which contains the CloudFormation template for this stack. - */ - readonly templateFile: string; - - /** - * Values for CloudFormation stack parameters that should be passed when the stack is deployed. - * - * @default - No parameters - */ - readonly parameters?: { [id: string]: string }; - - /** - * Values for CloudFormation stack tags that should be passed when the stack is deployed. - * - * @default - No tags - */ - readonly tags?: { [id: string]: string }; - - /** - * The name to use for the CloudFormation stack. - * @default - name derived from artifact ID - */ - readonly stackName?: string; - - /** - * Whether to enable termination protection for this stack. - * - * @default false - */ - readonly terminationProtection?: boolean; - - /** - * The role that needs to be assumed to deploy the stack - * - * @default - No role is assumed (current credentials are used) - */ - readonly assumeRoleArn?: string; - - /** - * External ID to use when assuming role for cloudformation deployments - * - * @default - No external ID - */ - readonly assumeRoleExternalId?: string; - - /** - * The role that is passed to CloudFormation to execute the change set - * - * @default - No role is passed (currently assumed role/credentials are used) - */ - readonly cloudFormationExecutionRoleArn?: string; - - /** - * The role to use to look up values from the target AWS account - * - * @default - No role is assumed (current credentials are used) - */ - readonly lookupRole?: BootstrapRole; - - /** - * If the stack template has already been included in the asset manifest, its asset URL - * - * @default - Not uploaded yet, upload just before deploying - */ - readonly stackTemplateAssetObjectUrl?: string; - - /** - * Version of bootstrap stack required to deploy this stack - * - * @default - No bootstrap stack required - */ - readonly requiresBootstrapStackVersion?: number; - - /** - * SSM parameter where the bootstrap stack version number can be found - * - * Only used if `requiresBootstrapStackVersion` is set. - * - * - If this value is not set, the bootstrap stack name must be known at - * deployment time so the stack version can be looked up from the stack - * outputs. - * - If this value is set, the bootstrap stack can have any name because - * we won't need to look it up. - * - * @default - Bootstrap stack version number looked up - */ - readonly bootstrapStackVersionSsmParameter?: string; - - /** - * Whether this stack should be validated by the CLI after synthesis - * - * @default - false - */ - readonly validateOnSynth?: boolean; -} - -/** - * Configuration options for the Asset Manifest - */ -export interface AssetManifestOptions { - /** - * Version of bootstrap stack required to deploy this stack - * - * @default - Version 1 (basic modern bootstrap stack) - */ - readonly requiresBootstrapStackVersion?: number; - - /** - * SSM parameter where the bootstrap stack version number can be found - * - * - If this value is not set, the bootstrap stack name must be known at - * deployment time so the stack version can be looked up from the stack - * outputs. - * - If this value is set, the bootstrap stack can have any name because - * we won't need to look it up. - * - * @default - Bootstrap stack version number looked up - */ - readonly bootstrapStackVersionSsmParameter?: string; -} - -/** - * Artifact properties for the Asset Manifest - */ -export interface AssetManifestProperties extends AssetManifestOptions { - /** - * Filename of the asset manifest - */ - readonly file: string; -} - -/** - * Artifact properties for the Construct Tree Artifact - */ -export interface TreeArtifactProperties { - /** - * Filename of the tree artifact - */ - readonly file: string; -} - -/** - * Artifact properties for nested cloud assemblies - */ -export interface NestedCloudAssemblyProperties { - /** - * Relative path to the nested cloud assembly - */ - readonly directoryName: string; - - /** - * Display name for the cloud assembly - * - * @default - The artifact ID - */ - readonly displayName?: string; -} - -/** - * Properties for manifest artifacts - */ -export type ArtifactProperties = AwsCloudFormationStackProperties -| AssetManifestProperties -| TreeArtifactProperties -| NestedCloudAssemblyProperties; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts deleted file mode 100644 index bd35d023dfe69..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts +++ /dev/null @@ -1,514 +0,0 @@ -import { Tag } from './metadata-schema'; - -/** - * Identifier for the context provider - */ -export enum ContextProvider { - /** - * AMI provider - */ - AMI_PROVIDER = 'ami', - - /** - * AZ provider - */ - AVAILABILITY_ZONE_PROVIDER = 'availability-zones', - - /** - * Route53 Hosted Zone provider - */ - HOSTED_ZONE_PROVIDER = 'hosted-zone', - - /** - * SSM Parameter Provider - */ - SSM_PARAMETER_PROVIDER = 'ssm', - - /** - * VPC Provider - */ - VPC_PROVIDER = 'vpc-provider', - - /** - * VPC Endpoint Service AZ Provider - */ - ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER = 'endpoint-service-availability-zones', - - /** - * Load balancer provider - */ - LOAD_BALANCER_PROVIDER = 'load-balancer', - - /** - * Load balancer listener provider - */ - LOAD_BALANCER_LISTENER_PROVIDER = 'load-balancer-listener', - - /** - * Security group provider - */ - SECURITY_GROUP_PROVIDER = 'security-group', - - /** - * KMS Key Provider - */ - KEY_PROVIDER = 'key-provider', - - /** - * A plugin provider (the actual plugin name will be in the properties) - */ - PLUGIN = 'plugin', -} - -/** - * Query to AMI context provider - */ -export interface AmiContextQuery { - /** - * Account to query - */ - readonly account: string; - - /** - * Region to query - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Owners to DescribeImages call - * - * @default - All owners - */ - readonly owners?: string[]; - - /** - * Filters to DescribeImages call - */ - readonly filters: {[key: string]: string[]}; -} - -/** - * Query to availability zone context provider - */ -export interface AvailabilityZonesContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - -} - -/** - * Query to hosted zone context provider - */ -export interface HostedZoneContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * The domain name e.g. example.com to lookup - */ - readonly domainName: string; - - /** - * True if the zone you want to find is a private hosted zone - * - * @default false - */ - readonly privateZone?: boolean; - - /** - * The VPC ID to that the private zone must be associated with - * - * If you provide VPC ID and privateZone is false, this will return no results - * and raise an error. - * - * @default - Required if privateZone=true - */ - readonly vpcId?: string; -} - -/** - * Query to SSM Parameter Context Provider - */ -export interface SSMParameterContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Parameter name to query - */ - readonly parameterName: string; -} - -/** - * Query input for looking up a VPC - */ -export interface VpcContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Filters to apply to the VPC - * - * Filter parameters are the same as passed to DescribeVpcs. - * - * @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html - */ - readonly filter: {[key: string]: string}; - - /** - * Whether to populate the subnetGroups field of the `VpcContextResponse`, - * which contains potentially asymmetric subnet groups. - * - * @default false - */ - readonly returnAsymmetricSubnets?: boolean; - - /** - * Optional tag for subnet group name. - * If not provided, we'll look at the aws-cdk:subnet-name tag. - * If the subnet does not have the specified tag, - * we'll use its type as the name. - * - * @default 'aws-cdk:subnet-name' - */ - readonly subnetGroupNameTag?: string; - - /** - * Whether to populate the `vpnGatewayId` field of the `VpcContextResponse`, - * which contains the VPN Gateway ID, if one exists. You can explicitly - * disable this in order to avoid the lookup if you know the VPC does not have - * a VPN Gatway attached. - * - * @default true - */ - readonly returnVpnGateways?: boolean; -} - -/** - * Query to endpoint service context provider - */ -export interface EndpointServiceAvailabilityZonesContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Query service name - */ - readonly serviceName: string; -} - -/** - * Type of load balancer - */ -export enum LoadBalancerType { - /** - * Network load balancer - */ - NETWORK = 'network', - - /** - * Application load balancer - */ - APPLICATION = 'application', -} - -/** - * Filters for selecting load balancers - */ -export interface LoadBalancerFilter { - /** - * Filter load balancers by their type - */ - readonly loadBalancerType: LoadBalancerType; - - /** - * Find by load balancer's ARN - * @default - does not search by load balancer arn - */ - readonly loadBalancerArn?: string; - - /** - * Match load balancer tags - * @default - does not match load balancers by tags - */ - readonly loadBalancerTags?: Tag[]; -} - -/** - * Query input for looking up a load balancer - */ -export interface LoadBalancerContextQuery extends LoadBalancerFilter { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; -} - -/** - * The protocol for connections from clients to the load balancer - */ -export enum LoadBalancerListenerProtocol { - /** - * HTTP protocol - */ - HTTP = 'HTTP', - - /** - * HTTPS protocol - */ - HTTPS = 'HTTPS', - - /** - * TCP protocol - */ - TCP = 'TCP', - - /** - * TLS protocol - */ - TLS = 'TLS', - - /** - * UDP protocol - * */ - UDP = 'UDP', - - /** - * TCP and UDP protocol - * */ - TCP_UDP = 'TCP_UDP', -} - -/** - * Query input for looking up a load balancer listener - */ -export interface LoadBalancerListenerContextQuery extends LoadBalancerFilter { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Find by listener's arn - * @default - does not find by listener arn - */ - readonly listenerArn?: string; - - /** - * Filter by listener protocol - * @default - does not filter by listener protocol - */ - readonly listenerProtocol?: LoadBalancerListenerProtocol; - - /** - * Filter listeners by listener port - * @default - does not filter by a listener port - */ - readonly listenerPort?: number; -} - -/** - * Query input for looking up a security group - */ -export interface SecurityGroupContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Security group id - * - * @default - None - */ - readonly securityGroupId?: string; - - /** - * Security group name - * - * @default - None - */ - readonly securityGroupName?: string; - - /** - * VPC ID - * - * @default - None - */ - readonly vpcId?: string; -} - -/** - * Query input for looking up a KMS Key - */ -export interface KeyContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Alias name used to search the Key - */ - readonly aliasName: string; -} - -/** - * Query input for plugins - * - * This alternate branch is necessary because it needs to be able to escape all type checking - * we do on on the cloud assembly -- we cannot know the properties that will be used a priori. - */ -export interface PluginContextQuery { - /** - * The name of the plugin - */ - readonly pluginName: string; - - /** - * Arbitrary other arguments for the plugin. - * - * This index signature is not usable in non-TypeScript/JavaScript languages. - * - * @jsii ignore - */ - [key: string]: any; -} - -export type ContextQueryProperties = AmiContextQuery -| AvailabilityZonesContextQuery -| HostedZoneContextQuery -| SSMParameterContextQuery -| VpcContextQuery -| EndpointServiceAvailabilityZonesContextQuery -| LoadBalancerContextQuery -| LoadBalancerListenerContextQuery -| SecurityGroupContextQuery -| KeyContextQuery -| PluginContextQuery; - diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts deleted file mode 100644 index 931538d80cf11..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './schema'; -export * from './metadata-schema'; -export * from './artifact-schema'; -export * from './context-queries'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts deleted file mode 100644 index a96df56d49b58..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts +++ /dev/null @@ -1,325 +0,0 @@ -/** - * Common properties for asset metadata. - */ -interface BaseAssetMetadataEntry { - /** - * Requested packaging style - */ - readonly packaging: string; - - /** - * Logical identifier for the asset - */ - readonly id: string; - - /** - * The hash of the asset source. - */ - readonly sourceHash: string; - - /** - * Path on disk to the asset - */ - readonly path: string; -} - -/** - * Metadata Entry spec for files. - * - * @example - * const entry = { - * packaging: 'file', - * s3BucketParameter: 'bucket-parameter', - * s3KeyParamenter: 'key-parameter', - * artifactHashParameter: 'hash-parameter', - * } - */ -export interface FileAssetMetadataEntry extends BaseAssetMetadataEntry { - /** - * Requested packaging style - */ - readonly packaging: 'zip' | 'file'; - - /** - * Name of parameter where S3 bucket should be passed in - */ - readonly s3BucketParameter: string; - - /** - * Name of parameter where S3 key should be passed in - */ - readonly s3KeyParameter: string; - - /** - * The name of the parameter where the hash of the bundled asset should be passed in. - */ - readonly artifactHashParameter: string; -} - -/** - * Metadata Entry spec for stack tag. - */ -export interface Tag { - /** - * Tag key. - * - * (In the actual file on disk this will be cased as "Key", and the structure is - * patched to match this structure upon loading: - * https://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137) - */ - readonly key: string; - - /** - * Tag value. - * - * (In the actual file on disk this will be cased as "Value", and the structure is - * patched to match this structure upon loading: - * https://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137) - */ - readonly value: string; -} - -/** - * Options for configuring the Docker cache backend - */ -export interface ContainerImageAssetCacheOption { - /** - * The type of cache to use. - * Refer to https://docs.docker.com/build/cache/backends/ for full list of backends. - * @default - unspecified - * - * @example 'registry' - */ - readonly type: string; - /** - * Any parameters to pass into the docker cache backend configuration. - * Refer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. - * @default {} No options provided - * - * @example - * declare const branch: string; - * - * const params = { - * ref: `12345678.dkr.ecr.us-west-2.amazonaws.com/cache:${branch}`, - * mode: "max", - * }; - */ - readonly params?: { [key: string]: string }; -} - -/** - * Metadata Entry spec for container images. - * - * @example - * const entry = { - * packaging: 'container-image', - * repositoryName: 'repository-name', - * imageTag: 'tag', - * } - */ -export interface ContainerImageAssetMetadataEntry extends BaseAssetMetadataEntry { - /** - * Type of asset - */ - readonly packaging: 'container-image'; - - /** - * ECR Repository name and repo digest (separated by "@sha256:") where this - * image is stored. - * - * @default undefined If not specified, `repositoryName` and `imageTag` are - * required because otherwise how will the stack know where to find the asset, - * ha? - * @deprecated specify `repositoryName` and `imageTag` instead, and then you - * know where the image will go. - */ - readonly imageNameParameter?: string; - - /** - * ECR repository name, if omitted a default name based on the asset's ID is - * used instead. Specify this property if you need to statically address the - * image, e.g. from a Kubernetes Pod. Note, this is only the repository name, - * without the registry and the tag parts. - * - * @default - this parameter is REQUIRED after 1.21.0 - */ - readonly repositoryName?: string; - - /** - * The docker image tag to use for tagging pushed images. This field is - * required if `imageParameterName` is ommited (otherwise, the app won't be - * able to find the image). - * - * @default - this parameter is REQUIRED after 1.21.0 - */ - readonly imageTag?: string; - - /** - * Build args to pass to the `docker build` command - * - * @default no build args are passed - */ - readonly buildArgs?: { [key: string]: string }; - - /** - * SSH agent socket or keys to pass to the `docker build` command - * - * @default no ssh arg is passed - */ - readonly buildSsh?: string; - - /** - * Build secrets to pass to the `docker build` command - * - * @default no build secrets are passed - */ - readonly buildSecrets?: { [key: string]: string }; - - /** - * Docker target to build to - * - * @default no build target - */ - readonly target?: string; - - /** - * Path to the Dockerfile (relative to the directory). - * - * @default - no file is passed - */ - readonly file?: string; - - /** - * Networking mode for the RUN commands during build. - * - * @default - no networking mode specified - */ - readonly networkMode?: string; - - /** - * Platform to build for. _Requires Docker Buildx_. - * - * @default - current machine platform - */ - readonly platform?: string; - - /** - * Outputs to pass to the `docker build` command. - * - * @default - no outputs are passed to the build command (default outputs are used) - * @see https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs - */ - readonly outputs?: string[]; - - /** - * Cache from options to pass to the `docker build` command. - * - * @default - no cache from options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheFrom?: ContainerImageAssetCacheOption[]; - - /** - * Cache to options to pass to the `docker build` command. - * - * @default - no cache to options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheTo?: ContainerImageAssetCacheOption; - - /** - * Disable the cache and pass `--no-cache` to the `docker build` command. - * - * @default - cache is used - */ - readonly cacheDisabled?: boolean; -} - -/** - * @see ArtifactMetadataEntryType.ASSET - */ -export type AssetMetadataEntry = FileAssetMetadataEntry | ContainerImageAssetMetadataEntry; - -// Type aliases for metadata entries. -// Used simply to assign names to data types for more clarity. - -/** - * @see ArtifactMetadataEntryType.INFO - * @see ArtifactMetadataEntryType.WARN - * @see ArtifactMetadataEntryType.ERROR - */ -export type LogMessageMetadataEntry = string; - -/** - * @see ArtifactMetadataEntryType.LOGICAL_ID - */ -export type LogicalIdMetadataEntry = string; - -/** - * @see ArtifactMetadataEntryType.STACK_TAGS - */ -export type StackTagsMetadataEntry = Tag[]; - -/** - * Union type for all metadata entries that might exist in the manifest. - */ -export type MetadataEntryData = AssetMetadataEntry | LogMessageMetadataEntry | LogicalIdMetadataEntry | StackTagsMetadataEntry; - -/** - * Type of artifact metadata entry. - */ -export enum ArtifactMetadataEntryType { - /** - * Asset in metadata. - */ - ASSET = 'aws:cdk:asset', - - /** - * Metadata key used to print INFO-level messages by the toolkit when an app is syntheized. - */ - INFO = 'aws:cdk:info', - - /** - * Metadata key used to print WARNING-level messages by the toolkit when an app is syntheized. - */ - WARN = 'aws:cdk:warning', - - /** - * Metadata key used to print ERROR-level messages by the toolkit when an app is syntheized. - */ - ERROR = 'aws:cdk:error', - - /** - * Represents the CloudFormation logical ID of a resource at a certain path. - */ - LOGICAL_ID = 'aws:cdk:logicalId', - - /** - * Represents tags of a stack. - */ - STACK_TAGS = 'aws:cdk:stack-tags', -} - -/** - * A metadata entry in a cloud assembly artifact. - */ -export interface MetadataEntry { - /** - * The type of the metadata entry. - */ - readonly type: string; - - /** - * The data. - * - * @default - no data. - */ - readonly data?: MetadataEntryData; - - /** - * A stack trace for when the entry was created. - * - * @default - no trace. - */ - readonly trace?: string[]; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts deleted file mode 100644 index b6c9ba4ba39cd..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts +++ /dev/null @@ -1,140 +0,0 @@ -import { ArtifactProperties } from './artifact-schema'; -import { ContextProvider, ContextQueryProperties } from './context-queries'; -import { MetadataEntry } from './metadata-schema'; - -/** - * Type of cloud artifact. - */ -export enum ArtifactType { - /** - * Stub required because of JSII. - */ - NONE = 'none', // required due to a jsii bug - - /** - * The artifact is an AWS CloudFormation stack. - */ - AWS_CLOUDFORMATION_STACK = 'aws:cloudformation:stack', - - /** - * The artifact contains the CDK application's construct tree. - */ - CDK_TREE = 'cdk:tree', - - /** - * Manifest for all assets in the Cloud Assembly - */ - ASSET_MANIFEST = 'cdk:asset-manifest', - - /** - * Nested Cloud Assembly - */ - NESTED_CLOUD_ASSEMBLY = 'cdk:cloud-assembly', -} - -/** - * Information about the application's runtime components. - */ -export interface RuntimeInfo { - /** - * The list of libraries loaded in the application, associated with their versions. - */ - readonly libraries: { [name: string]: string }; -} - -/** - * Represents a missing piece of context. - */ -export interface MissingContext { - /** - * The missing context key. - */ - readonly key: string; - - /** - * The provider from which we expect this context key to be obtained. - */ - readonly provider: ContextProvider; - - /** - * A set of provider-specific options. - */ - readonly props: ContextQueryProperties; -} - -/** - * A manifest for a single artifact within the cloud assembly. - */ -export interface ArtifactManifest { - /** - * The type of artifact. - */ - readonly type: ArtifactType; - - /** - * The environment into which this artifact is deployed. - * - * @default - no envrionment. - */ - readonly environment?: string; // format: aws://account/region - - /** - * Associated metadata. - * - * @default - no metadata. - */ - readonly metadata?: { [path: string]: MetadataEntry[] }; - - /** - * IDs of artifacts that must be deployed before this artifact. - * - * @default - no dependencies. - */ - readonly dependencies?: string[]; - - /** - * The set of properties for this artifact (depends on type) - * - * @default - no properties. - */ - readonly properties?: ArtifactProperties; - - /** - * A string that represents this artifact. Should only be used in user interfaces. - * - * @default - no display name - */ - readonly displayName?: string; -} - -/** - * A manifest which describes the cloud assembly. - */ -export interface AssemblyManifest { - /** - * Protocol version - */ - readonly version: string; - - /** - * The set of artifacts in this assembly. - * - * @default - no artifacts. - */ - readonly artifacts?: { [id: string]: ArtifactManifest }; - - /** - * Missing context information. If this field has values, it means that the - * cloud assembly is not complete and should not be deployed. - * - * @default - no missing context. - */ - readonly missing?: MissingContext[]; - - /** - * Runtime information. - * - * @default - no info. - */ - readonly runtime?: RuntimeInfo; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts deleted file mode 100644 index 5fd6eb6ceda07..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './cloud-assembly'; -export * from './assets'; -export * from './manifest'; -export * from './integ-tests'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts deleted file mode 100644 index 393307c260e5b..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts +++ /dev/null @@ -1,201 +0,0 @@ -/** - * In what scenarios should the CLI ask for approval - */ -export enum RequireApproval { - /** - * Never ask for approval - */ - NEVER = 'never', - - /** - * Prompt for approval for any type of change to the stack - */ - ANYCHANGE = 'any-change', - - /** - * Only prompt for approval if there are security related changes - */ - BROADENING = 'broadening', -} - -/** - * Default CDK CLI options that apply to all commands - */ -export interface DefaultCdkOptions { - /** - * List of stacks to deploy - * - * Requried if `all` is not set - * - * @default - [] - */ - readonly stacks?: string[]; - - /** - * Deploy all stacks - * - * Requried if `stacks` is not set - * - * @default - false - */ - readonly all?: boolean; - - /** - * command-line for executing your app or a cloud assembly directory - * e.g. "node bin/my-app.js" - * or - * "cdk.out" - * - * @default - read from cdk.json - */ - readonly app?: string; - - /** - * Role to pass to CloudFormation for deployment - * - * @default - use the bootstrap cfn-exec role - */ - readonly roleArn?: string; - - /** - * Additional context - * - * @default - no additional context - */ - readonly context?: { [name: string]: string }; - - /** - * Print trace for stack warnings - * - * @default false - */ - readonly trace?: boolean; - - /** - * Do not construct stacks with warnings - * - * @default false - */ - readonly strict?: boolean; - - /** - * Perform context lookups. - * - * Synthesis fails if this is disabled and context lookups need - * to be performed - * - * @default true - */ - readonly lookups?: boolean; - - /** - * Ignores synthesis errors, which will likely produce an invalid output - * - * @default false - */ - readonly ignoreErrors?: boolean; - - /** - * Use JSON output instead of YAML when templates are printed - * to STDOUT - * - * @default false - */ - readonly json?: boolean; - - /** - * show debug logs - * - * @default false - */ - readonly verbose?: boolean; - - /** - * enable emission of additional debugging information, such as creation stack - * traces of tokens - * - * @default false - */ - readonly debug?: boolean; - - /** - * Use the indicated AWS profile as the default environment - * - * @default - no profile is used - */ - readonly profile?: string; - - /** - * Use the indicated proxy. Will read from - * HTTPS_PROXY environment if specified - * - * @default - no proxy - */ - readonly proxy?: string; - - /** - * Path to CA certificate to use when validating HTTPS - * requests. - * - * @default - read from AWS_CA_BUNDLE environment variable - */ - readonly caBundlePath?: string; - - /** - * Force trying to fetch EC2 instance credentials - * - * @default - guess EC2 instance status - */ - readonly ec2Creds?: boolean; - - /** - * Include "AWS::CDK::Metadata" resource in synthesized templates - * - * @default true - */ - readonly versionReporting?: boolean; - - /** - * Include "aws:cdk:path" CloudFormation metadata for each resource - * - * @default true - */ - readonly pathMetadata?: boolean; - - /** - * Include "aws:asset:*" CloudFormation metadata for resources that use assets - * - * @default true - */ - readonly assetMetadata?: boolean; - - /** - * Copy assets to the output directory - * - * Needed for local debugging the source files with SAM CLI - * - * @default false - */ - readonly staging?: boolean; - - /** - * Emits the synthesized cloud assembly into a directory - * - * @default cdk.out - */ - readonly output?: string; - - /** - * Show relevant notices - * - * @default true - */ - readonly notices?: boolean; - - /** - * Show colors and other style from console output - * - * @default true - */ - readonly color?: boolean; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts deleted file mode 100644 index 8d63a7d9644f9..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts +++ /dev/null @@ -1,104 +0,0 @@ -import { DefaultCdkOptions, RequireApproval } from './common'; - -/** - * Options to use with cdk deploy - */ -export interface DeployOptions extends DefaultCdkOptions { - /** - * Only perform action on the given stack - * - * @default false - */ - readonly exclusively?: boolean; - - /** - * Name of the toolkit stack to use/deploy - * - * @default CDKToolkit - */ - readonly toolkitStackName?: string; - - /** - * Reuse the assets with the given asset IDs - * - * @default - do not reuse assets - */ - readonly reuseAssets?: string[]; - - /** - * Optional name to use for the CloudFormation change set. - * If not provided, a name will be generated automatically. - * - * @default - auto generate a name - */ - readonly changeSetName?: string; - - /** - * Always deploy, even if templates are identical. - * @default false - */ - readonly force?: boolean; - - /** - * Rollback failed deployments - * - * @default true - */ - readonly rollback?: boolean; - - /** - * ARNs of SNS topics that CloudFormation will notify with stack related events - * - * @default - no notifications - */ - readonly notificationArns?: string[]; - - /** - * What kind of security changes require approval - * - * @default RequireApproval.Never - */ - readonly requireApproval?: RequireApproval; - - /** - * Whether to execute the ChangeSet - * Not providing `execute` parameter will result in execution of ChangeSet - * @default true - */ - readonly execute?: boolean; - - /** - * Additional parameters for CloudFormation at deploy time - * @default {} - */ - readonly parameters?: { [name: string]: string }; - - /** - * Use previous values for unspecified parameters - * - * If not set, all parameters must be specified for every deployment. - * - * @default true - */ - readonly usePreviousParameters?: boolean; - - /** - * Path to file where stack outputs will be written after a successful deploy as JSON - * @default - Outputs are not written to any file - */ - readonly outputsFile?: string; - - /** - * Whether we are on a CI system - * - * @default false - */ - readonly ci?: boolean; - - /** - * Deploy multiple stacks in parallel - * - * @default 1 - */ - readonly concurrency?: number; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts deleted file mode 100644 index 9dfe8f267c6db..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { DefaultCdkOptions } from './common'; - -/** - * Options to use with cdk destroy - */ -export interface DestroyOptions extends DefaultCdkOptions { - /** - * Do not ask for permission before destroying stacks - * - * @default false - */ - readonly force?: boolean; - - /** - * Only destroy the given stack - * - * @default false - */ - readonly exclusively?: boolean; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts deleted file mode 100644 index 528980446938b..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './common'; -export * from './deploy'; -export * from './destroy'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts deleted file mode 100644 index 5a08e62a47958..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './schema'; -export * from './commands'; -export * from './test-case'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts deleted file mode 100644 index 1a617e23cf959..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts +++ /dev/null @@ -1,35 +0,0 @@ -import { TestCase } from './test-case'; -/** - * Definitions for the integration testing manifest - */ -export interface IntegManifest { - /** - * Version of the manifest - */ - readonly version: string; - - /** - * Enable lookups for this test. If lookups are enabled - * then `stackUpdateWorkflow` must be set to false. - * Lookups should only be enabled when you are explicitely testing - * lookups. - * - * @default false - */ - readonly enableLookups?: boolean; - - /** - * Additional context to use when performing - * a synth. Any context provided here will override - * any default context - * - * @default - no additional context - */ - readonly synthContext?: { [name: string]: string }; - - /** - * test cases - */ - readonly testCases: { [testName: string]: TestCase }; -} - diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts deleted file mode 100644 index 6878f9da2563c..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts +++ /dev/null @@ -1,206 +0,0 @@ -import { DeployOptions, DestroyOptions } from './commands'; - -/** - * The set of options to control the workflow of the test runner - */ -export interface TestOptions { - /** - * Run update workflow on this test case - * This should only be set to false to test scenarios - * that are not possible to test as part of the update workflow - * - * @default true - */ - readonly stackUpdateWorkflow?: boolean; - - /** - * Additional options to use for each CDK command - * - * @default - runner default options - */ - readonly cdkCommandOptions?: CdkCommands; - - /** - * Additional commands to run at predefined points in the test workflow - * - * e.g. { postDeploy: ['yarn', 'test'] } - * - * @default - no hooks - */ - readonly hooks?: Hooks; - - /** - * Whether or not to include asset hashes in the diff - * Asset hashes can introduces a lot of unneccessary noise into tests, - * but there are some cases where asset hashes _should_ be included. For example - * any tests involving custom resources or bundling - * - * @default false - */ - readonly diffAssets?: boolean; - - /** - * List of CloudFormation resource types in this stack that can - * be destroyed as part of an update without failing the test. - * - * This list should only include resources that for this specific - * integration test we are sure will not cause errors or an outage if - * destroyed. For example, maybe we know that a new resource will be created - * first before the old resource is destroyed which prevents any outage. - * - * e.g. ['AWS::IAM::Role'] - * - * @default - do not allow destruction of any resources on update - */ - readonly allowDestroy?: string[]; - - /** - * Limit deployment to these regions - * - * @default - can run in any region - */ - readonly regions?: string[]; -} - -/** - * Represents an integration test case - */ -export interface TestCase extends TestOptions { - /** - * Stacks that should be tested as part of this test case - * The stackNames will be passed as args to the cdk commands - * so dependent stacks will be automatically deployed unless - * `exclusively` is passed - */ - readonly stacks: string[]; - - /** - * The node id of the stack that contains assertions. - * This is the value that can be used to deploy the stack with the CDK CLI - * - * @default - no assertion stack - */ - readonly assertionStack?: string; - - /** - * The name of the stack that contains assertions - * - * @default - no assertion stack - */ - readonly assertionStackName?: string; -} - -/** - * Commands to run at predefined points during the - * integration test workflow - */ -export interface Hooks { - /** - * Commands to run prior to deploying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly preDeploy?: string[]; - - /** - * Commands to run prior after deploying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly postDeploy?: string[]; - - /** - * Commands to run prior to destroying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly preDestroy?: string[]; - - /** - * Commands to run after destroying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly postDestroy?: string[]; -} - -/** - * Represents a cdk command - * i.e. `synth`, `deploy`, & `destroy` - */ -export interface CdkCommand { - /** - * Whether or not to run this command as part of the workflow - * This can be used if you only want to test some of the workflow - * for example enable `synth` and disable `deploy` & `destroy` in order - * to limit the test to synthesis - * - * @default true - */ - readonly enabled?: boolean; - - /** - * If the runner should expect this command to fail - * - * @default false - */ - readonly expectError?: boolean; - - /** - * This can be used in combination with `expectedError` - * to validate that a specific message is returned. - * - * @default - do not validate message - */ - readonly expectedMessage?: string; -} - -/** - * Represents a cdk deploy command - */ -export interface DeployCommand extends CdkCommand { - /** - * Additional arguments to pass to the command - * This can be used to test specific CLI functionality - * - * @default - only default args are used - */ - readonly args?: DeployOptions; -} - -/** - * Represents a cdk destroy command - */ -export interface DestroyCommand extends CdkCommand { - /** - * Additional arguments to pass to the command - * This can be used to test specific CLI functionality - * - * @default - only default args are used - */ - readonly args?: DestroyOptions; -} - -/** - * Options for specific cdk commands that are run - * as part of the integration test workflow - */ -export interface CdkCommands { - /** - * Options to for the cdk deploy command - * - * @default - default deploy options - */ - readonly deploy?: DeployCommand; - - /** - * Options to for the cdk destroy command - * - * @default - default destroy options - */ - readonly destroy?: DestroyCommand; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts deleted file mode 100644 index 76069e0187d4c..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts +++ /dev/null @@ -1,292 +0,0 @@ -import * as fs from 'fs'; -import * as jsonschema from 'jsonschema'; -import * as semver from 'semver'; -import * as assets from './assets'; -import * as assembly from './cloud-assembly'; -import * as integ from './integ-tests'; - -/* eslint-disable @typescript-eslint/no-var-requires */ -/* eslint-disable @typescript-eslint/no-require-imports */ - -// this prefix is used by the CLI to identify this specific error. -// in which case we want to instruct the user to upgrade his CLI. -// see exec.ts#createAssembly -export const VERSION_MISMATCH: string = 'Cloud assembly schema version mismatch'; - -const ASSETS_SCHEMA = require('../schema/assets.schema.json'); - -const ASSEMBLY_SCHEMA = require('../schema/cloud-assembly.schema.json'); - -/** - * Version is shared for both manifests - */ -const SCHEMA_VERSION = require('../schema/cloud-assembly.version.json').version; - -const INTEG_SCHEMA = require('../schema/integ.schema.json'); - -/** - * Options for the loadManifest operation - */ -export interface LoadManifestOptions { - /** - * Skip the version check - * - * This means you may read a newer cloud assembly than the CX API is designed - * to support, and your application may not be aware of all features that in use - * in the Cloud Assembly. - * - * @default false - */ - readonly skipVersionCheck?: boolean; - - /** - * Skip enum checks - * - * This means you may read enum values you don't know about yet. Make sure to always - * check the values of enums you encounter in the manifest. - * - * @default false - */ - readonly skipEnumCheck?: boolean; - - /** - * Topologically sort all artifacts - * - * This parameter is only respected by the constructor of `CloudAssembly`. The - * property lives here for backwards compatibility reasons. - * - * @default true - */ - readonly topoSort?: boolean; -} - -/** - * Protocol utility class. - */ -export class Manifest { - /** - * Validates and saves the cloud assembly manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveAssemblyManifest(manifest: assembly.AssemblyManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, ASSEMBLY_SCHEMA, Manifest.patchStackTagsOnWrite); - } - - /** - * Load and validates the cloud assembly manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadAssemblyManifest(filePath: string, options?: LoadManifestOptions): assembly.AssemblyManifest { - return Manifest.loadManifest(filePath, ASSEMBLY_SCHEMA, Manifest.patchStackTagsOnRead, options); - } - - /** - * Validates and saves the asset manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveAssetManifest(manifest: assets.AssetManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, ASSETS_SCHEMA, Manifest.patchStackTagsOnRead); - } - - /** - * Load and validates the asset manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadAssetManifest(filePath: string): assets.AssetManifest { - return this.loadManifest(filePath, ASSETS_SCHEMA); - } - - /** - * Validates and saves the integ manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveIntegManifest(manifest: integ.IntegManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, INTEG_SCHEMA); - } - - /** - * Load and validates the integ manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadIntegManifest(filePath: string): integ.IntegManifest { - return this.loadManifest(filePath, INTEG_SCHEMA); - } - - /** - * Fetch the current schema version number. - */ - public static version(): string { - return SCHEMA_VERSION; - } - - /** - * Deprecated - * @deprecated use `saveAssemblyManifest()` - */ - public static save(manifest: assembly.AssemblyManifest, filePath: string) { return this.saveAssemblyManifest(manifest, filePath); } - - /** - * Deprecated - * @deprecated use `loadAssemblyManifest()` - */ - public static load(filePath: string): assembly.AssemblyManifest { return this.loadAssemblyManifest(filePath); } - - private static validate(manifest: { version: string }, schema: jsonschema.Schema, options?: LoadManifestOptions) { - function parseVersion(version: string) { - const ver = semver.valid(version); - if (!ver) { - throw new Error(`Invalid semver string: "${version}"`); - } - return ver; - } - - const maxSupported = parseVersion(Manifest.version()); - const actual = parseVersion(manifest.version); - - // first validate the version should be accepted. - if (semver.gt(actual, maxSupported) && !options?.skipVersionCheck) { - // we use a well known error prefix so that the CLI can identify this specific error - // and print some more context to the user. - throw new Error(`${VERSION_MISMATCH}: Maximum schema version supported is ${maxSupported}, but found ${actual}`); - } - - // now validate the format is good. - const validator = new jsonschema.Validator(); - const result = validator.validate(manifest, schema, { - - // does exist but is not in the TypeScript definitions - nestedErrors: true, - - allowUnknownAttributes: false, - - } as any); - - let errors = result.errors; - if (options?.skipEnumCheck) { - // Enum validations aren't useful when - errors = stripEnumErrors(errors); - } - - if (errors.length > 0) { - throw new Error(`Invalid assembly manifest:\n${errors.map(e => e.stack).join('\n')}`); - } - } - - private static saveManifest(manifest: any, filePath: string, schema: jsonschema.Schema, preprocess?: (obj: any) => any) { - let withVersion = { ...manifest, version: Manifest.version() }; - Manifest.validate(withVersion, schema); - if (preprocess) { - withVersion = preprocess(withVersion); - } - fs.writeFileSync(filePath, JSON.stringify(withVersion, undefined, 2)); - } - - private static loadManifest(filePath: string, schema: jsonschema.Schema, preprocess?: (obj: any) => any, options?: LoadManifestOptions) { - const contents = fs.readFileSync(filePath, { encoding: 'utf-8' }); - let obj; - try { - obj = JSON.parse(contents); - } catch (e: any) { - throw new Error(`${e.message}, while parsing ${JSON.stringify(contents)}`); - } - if (preprocess) { - obj = preprocess(obj); - } - Manifest.validate(obj, schema, options); - return obj; - } - - /** - * This requires some explaining... - * - * We previously used `{ Key, Value }` for the object that represents a stack tag. (Notice the casing) - * @link https://github.com/aws/aws-cdk/blob/v1.27.0/packages/aws-cdk/lib/api/cxapp/stacks.ts#L427. - * - * When that object moved to this package, it had to be JSII compliant, which meant the property - * names must be `camelCased`, and not `PascalCased`. This meant it no longer matches the structure in the `manifest.json` file. - * In order to support current manifest files, we have to translate the `PascalCased` representation to the new `camelCased` one. - * - * Note that the serialization itself still writes `PascalCased` because it relates to how CloudFormation expects it. - * - * Ideally, we would start writing the `camelCased` and translate to how CloudFormation expects it when needed. But this requires nasty - * backwards-compatibility code and it just doesn't seem to be worth the effort. - */ - private static patchStackTagsOnRead(manifest: assembly.AssemblyManifest) { - return Manifest.replaceStackTags(manifest, tags => tags.map((diskTag: any) => ({ - key: diskTag.Key, - value: diskTag.Value, - }))); - } - - /** - * See explanation on `patchStackTagsOnRead` - * - * Translate stack tags metadata if it has the "right" casing. - */ - private static patchStackTagsOnWrite(manifest: assembly.AssemblyManifest) { - return Manifest.replaceStackTags(manifest, tags => tags.map(memTag => - // Might already be uppercased (because stack synthesis generates it in final form yet) - ('Key' in memTag ? memTag : { Key: memTag.key, Value: memTag.value }) as any, - )); - } - - /** - * Recursively replace stack tags in the stack metadata - */ - private static replaceStackTags(manifest: assembly.AssemblyManifest, fn: Endofunctor): assembly.AssemblyManifest { - // Need to add in the `noUndefined`s because otherwise jest snapshot tests are going to freak out - // about the keys with values that are `undefined` (even though they would never be JSON.stringified) - return noUndefined({ - ...manifest, - artifacts: mapValues(manifest.artifacts, artifact => { - if (artifact.type !== assembly.ArtifactType.AWS_CLOUDFORMATION_STACK) { return artifact; } - return noUndefined({ - ...artifact, - metadata: mapValues(artifact.metadata, metadataEntries => metadataEntries.map(metadataEntry => { - if (metadataEntry.type !== assembly.ArtifactMetadataEntryType.STACK_TAGS || !metadataEntry.data) { return metadataEntry; } - return { - ...metadataEntry, - data: fn(metadataEntry.data as assembly.StackTagsMetadataEntry), - }; - })), - } as assembly.ArtifactManifest); - }), - }); - } - - private constructor() {} -} - -type Endofunctor = (x: A) => A; - -function mapValues(xs: Record | undefined, fn: (x: A) => B): Record | undefined { - if (!xs) { return undefined; } - const ret: Record | undefined = {}; - for (const [k, v] of Object.entries(xs)) { - ret[k] = fn(v); - } - return ret; -} - -function noUndefined(xs: A): A { - const ret: any = {}; - for (const [k, v] of Object.entries(xs)) { - if (v !== undefined) { - ret[k] = v; - } - } - return ret; -} - -function stripEnumErrors(errors: jsonschema.ValidationError[]) { - return errors.filter(e => typeof e.schema ==='string' || !('enum' in e.schema)); -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md b/packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md deleted file mode 100644 index ae58ce74ee4e8..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md +++ /dev/null @@ -1,5 +0,0 @@ -## Cloud Assembly JSON Schema - -**DO NOT MODIFY FILES IN THIS DIRECTORY BY HAND** - -To modify, run `yarn update-schema`. \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json deleted file mode 100644 index 980fbaf0d86de..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json +++ /dev/null @@ -1,253 +0,0 @@ -{ - "$ref": "#/definitions/AssetManifest", - "definitions": { - "AssetManifest": { - "description": "Definitions for the asset manifest", - "type": "object", - "properties": { - "version": { - "description": "Version of the manifest", - "type": "string" - }, - "files": { - "description": "The file assets in this manifest (Default - No files)", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/FileAsset" - } - }, - "dockerImages": { - "description": "The Docker image assets in this manifest (Default - No Docker images)", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/DockerImageAsset" - } - } - }, - "required": [ - "version" - ] - }, - "FileAsset": { - "description": "A file asset", - "type": "object", - "properties": { - "source": { - "$ref": "#/definitions/FileSource", - "description": "Source description for file assets" - }, - "destinations": { - "description": "Destinations for this file asset", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/FileDestination" - } - } - }, - "required": [ - "destinations", - "source" - ] - }, - "FileSource": { - "description": "Describe the source of a file asset", - "type": "object", - "properties": { - "executable": { - "description": "External command which will produce the file asset to upload. (Default - Exactly one of `executable` and `path` is required.)", - "type": "array", - "items": { - "type": "string" - } - }, - "path": { - "description": "The filesystem object to upload\n\nThis path is relative to the asset manifest location. (Default - Exactly one of `executable` and `path` is required.)", - "type": "string" - }, - "packaging": { - "description": "Packaging method\n\nOnly allowed when `path` is specified. (Default FILE)", - "enum": [ - "file", - "zip" - ], - "type": "string" - } - } - }, - "FileDestination": { - "description": "Where in S3 a file asset needs to be published", - "type": "object", - "properties": { - "bucketName": { - "description": "The name of the bucket", - "type": "string" - }, - "objectKey": { - "description": "The destination object key", - "type": "string" - }, - "region": { - "description": "The region where this asset will need to be published (Default - Current region)", - "type": "string" - }, - "assumeRoleArn": { - "description": "The role that needs to be assumed while publishing this asset (Default - No role will be assumed)", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "The ExternalId that needs to be supplied while assuming this role (Default - No ExternalId will be supplied)", - "type": "string" - } - }, - "required": [ - "bucketName", - "objectKey" - ] - }, - "DockerImageAsset": { - "description": "A file asset", - "type": "object", - "properties": { - "source": { - "$ref": "#/definitions/DockerImageSource", - "description": "Source description for file assets" - }, - "destinations": { - "description": "Destinations for this file asset", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/DockerImageDestination" - } - } - }, - "required": [ - "destinations", - "source" - ] - }, - "DockerImageSource": { - "description": "Properties for how to produce a Docker image from a source", - "type": "object", - "properties": { - "directory": { - "description": "The directory containing the Docker image build instructions.\n\nThis path is relative to the asset manifest location. (Default - Exactly one of `directory` and `executable` is required)", - "type": "string" - }, - "executable": { - "description": "A command-line executable that returns the name of a local\nDocker image on stdout after being run. (Default - Exactly one of `directory` and `executable` is required)", - "type": "array", - "items": { - "type": "string" - } - }, - "dockerFile": { - "description": "The name of the file with build instructions\n\nOnly allowed when `directory` is set. (Default Dockerfile)", - "type": "string" - }, - "dockerBuildTarget": { - "description": "Target build stage in a Dockerfile with multiple build stages\n\nOnly allowed when `directory` is set. (Default - The last stage in the Dockerfile)", - "type": "string" - }, - "dockerBuildArgs": { - "description": "Additional build arguments\n\nOnly allowed when `directory` is set. (Default - No additional build arguments)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "dockerBuildSsh": { - "description": "SSH agent socket or keys\n\nRequires building with docker buildkit. (Default - No ssh flag is set)", - "type": "string" - }, - "dockerBuildSecrets": { - "description": "Additional build secrets\n\nOnly allowed when `directory` is set. (Default - No additional build secrets)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "networkMode": { - "description": "Networking mode for the RUN commands during build. _Requires Docker Engine API v1.25+_.\n\nSpecify this property to build images on a specific networking mode. (Default - no networking mode specified)", - "type": "string" - }, - "platform": { - "description": "Platform to build for. _Requires Docker Buildx_.\n\nSpecify this property to build images on a specific platform/architecture. (Default - current machine platform)", - "type": "string" - }, - "dockerOutputs": { - "description": "Outputs (Default - no outputs are passed to the build command (default outputs are used))", - "type": "array", - "items": { - "type": "string" - } - }, - "cacheFrom": { - "description": "Cache from options to pass to the `docker build` command. (Default - no cache from options are passed to the build command)", - "type": "array", - "items": { - "$ref": "#/definitions/DockerCacheOption" - } - }, - "cacheTo": { - "description": "Cache to options to pass to the `docker build` command. (Default - no cache to options are passed to the build command)", - "$ref": "#/definitions/DockerCacheOption" - }, - "cacheDisabled": { - "description": "Disable the cache and pass `--no-cache` to the `docker build` command. (Default - cache is used)", - "type": "boolean" - } - } - }, - "DockerCacheOption": { - "description": "Options for configuring the Docker cache backend", - "type": "object", - "properties": { - "type": { - "description": "The type of cache to use.\nRefer to https://docs.docker.com/build/cache/backends/ for full list of backends. (Default - unspecified)", - "type": "string" - }, - "params": { - "description": "Any parameters to pass into the docker cache backend configuration.\nRefer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. (Default {} No options provided)", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "type" - ] - }, - "DockerImageDestination": { - "description": "Where to publish docker images", - "type": "object", - "properties": { - "repositoryName": { - "description": "Name of the ECR repository to publish to", - "type": "string" - }, - "imageTag": { - "description": "Tag of the image to publish", - "type": "string" - }, - "region": { - "description": "The region where this asset will need to be published (Default - Current region)", - "type": "string" - }, - "assumeRoleArn": { - "description": "The role that needs to be assumed while publishing this asset (Default - No role will be assumed)", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "The ExternalId that needs to be supplied while assuming this role (Default - No ExternalId will be supplied)", - "type": "string" - } - }, - "required": [ - "imageTag", - "repositoryName" - ] - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json deleted file mode 100644 index 279dfbe369073..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json +++ /dev/null @@ -1,939 +0,0 @@ -{ - "$ref": "#/definitions/AssemblyManifest", - "definitions": { - "AssemblyManifest": { - "description": "A manifest which describes the cloud assembly.", - "type": "object", - "properties": { - "version": { - "description": "Protocol version", - "type": "string" - }, - "artifacts": { - "description": "The set of artifacts in this assembly. (Default - no artifacts.)", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/ArtifactManifest" - } - }, - "missing": { - "description": "Missing context information. If this field has values, it means that the\ncloud assembly is not complete and should not be deployed. (Default - no missing context.)", - "type": "array", - "items": { - "$ref": "#/definitions/MissingContext" - } - }, - "runtime": { - "description": "Runtime information. (Default - no info.)", - "$ref": "#/definitions/RuntimeInfo" - } - }, - "required": [ - "version" - ] - }, - "ArtifactManifest": { - "description": "A manifest for a single artifact within the cloud assembly.", - "type": "object", - "properties": { - "type": { - "$ref": "#/definitions/ArtifactType", - "description": "The type of artifact." - }, - "environment": { - "description": "The environment into which this artifact is deployed. (Default - no envrionment.)", - "type": "string" - }, - "metadata": { - "description": "Associated metadata. (Default - no metadata.)", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "$ref": "#/definitions/MetadataEntry" - } - } - }, - "dependencies": { - "description": "IDs of artifacts that must be deployed before this artifact. (Default - no dependencies.)", - "type": "array", - "items": { - "type": "string" - } - }, - "properties": { - "description": "The set of properties for this artifact (depends on type) (Default - no properties.)", - "anyOf": [ - { - "$ref": "#/definitions/AwsCloudFormationStackProperties" - }, - { - "$ref": "#/definitions/AssetManifestProperties" - }, - { - "$ref": "#/definitions/TreeArtifactProperties" - }, - { - "$ref": "#/definitions/NestedCloudAssemblyProperties" - } - ] - }, - "displayName": { - "description": "A string that represents this artifact. Should only be used in user interfaces. (Default - no display name)", - "type": "string" - } - }, - "required": [ - "type" - ] - }, - "ArtifactType": { - "description": "Type of cloud artifact.", - "type": "string", - "enum": [ - "none", - "aws:cloudformation:stack", - "cdk:tree", - "cdk:asset-manifest", - "cdk:cloud-assembly" - ] - }, - "MetadataEntry": { - "description": "A metadata entry in a cloud assembly artifact.", - "type": "object", - "properties": { - "type": { - "description": "The type of the metadata entry.", - "type": "string" - }, - "data": { - "description": "The data. (Default - no data.)", - "anyOf": [ - { - "$ref": "#/definitions/FileAssetMetadataEntry" - }, - { - "$ref": "#/definitions/ContainerImageAssetMetadataEntry" - }, - { - "type": "array", - "items": { - "$ref": "#/definitions/Tag" - } - }, - { - "type": "string" - }, - { - "description": "Free form data." - } - ] - }, - "trace": { - "description": "A stack trace for when the entry was created. (Default - no trace.)", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "type" - ] - }, - "FileAssetMetadataEntry": { - "description": "Metadata Entry spec for files.", - "type": "object", - "properties": { - "packaging": { - "description": "Requested packaging style", - "enum": [ - "file", - "zip" - ], - "type": "string" - }, - "s3BucketParameter": { - "description": "Name of parameter where S3 bucket should be passed in", - "type": "string" - }, - "s3KeyParameter": { - "description": "Name of parameter where S3 key should be passed in", - "type": "string" - }, - "artifactHashParameter": { - "description": "The name of the parameter where the hash of the bundled asset should be passed in.", - "type": "string" - }, - "id": { - "description": "Logical identifier for the asset", - "type": "string" - }, - "sourceHash": { - "description": "The hash of the asset source.", - "type": "string" - }, - "path": { - "description": "Path on disk to the asset", - "type": "string" - } - }, - "required": [ - "artifactHashParameter", - "id", - "packaging", - "path", - "s3BucketParameter", - "s3KeyParameter", - "sourceHash" - ] - }, - "ContainerImageAssetMetadataEntry": { - "description": "Metadata Entry spec for container images.", - "type": "object", - "properties": { - "packaging": { - "description": "Type of asset", - "type": "string", - "const": "container-image" - }, - "imageNameParameter": { - "description": "ECR Repository name and repo digest (separated by \"@sha256:\") where this\nimage is stored. (Default undefined If not specified, `repositoryName` and `imageTag` are\nrequired because otherwise how will the stack know where to find the asset,\nha?)", - "type": "string" - }, - "repositoryName": { - "description": "ECR repository name, if omitted a default name based on the asset's ID is\nused instead. Specify this property if you need to statically address the\nimage, e.g. from a Kubernetes Pod. Note, this is only the repository name,\nwithout the registry and the tag parts. (Default - this parameter is REQUIRED after 1.21.0)", - "type": "string" - }, - "imageTag": { - "description": "The docker image tag to use for tagging pushed images. This field is\nrequired if `imageParameterName` is ommited (otherwise, the app won't be\nable to find the image). (Default - this parameter is REQUIRED after 1.21.0)", - "type": "string" - }, - "buildArgs": { - "description": "Build args to pass to the `docker build` command (Default no build args are passed)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "buildSsh": { - "description": "SSH agent socket or keys to pass to the `docker build` command (Default no ssh arg is passed)", - "type": "string" - }, - "buildSecrets": { - "description": "Build secrets to pass to the `docker build` command (Default no build secrets are passed)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "target": { - "description": "Docker target to build to (Default no build target)", - "type": "string" - }, - "file": { - "description": "Path to the Dockerfile (relative to the directory). (Default - no file is passed)", - "type": "string" - }, - "networkMode": { - "description": "Networking mode for the RUN commands during build. (Default - no networking mode specified)", - "type": "string" - }, - "platform": { - "description": "Platform to build for. _Requires Docker Buildx_. (Default - current machine platform)", - "type": "string" - }, - "outputs": { - "description": "Outputs to pass to the `docker build` command. (Default - no outputs are passed to the build command (default outputs are used))", - "type": "array", - "items": { - "type": "string" - } - }, - "cacheFrom": { - "description": "Cache from options to pass to the `docker build` command. (Default - no cache from options are passed to the build command)", - "type": "array", - "items": { - "$ref": "#/definitions/ContainerImageAssetCacheOption" - } - }, - "cacheTo": { - "description": "Cache to options to pass to the `docker build` command. (Default - no cache to options are passed to the build command)", - "$ref": "#/definitions/ContainerImageAssetCacheOption" - }, - "cacheDisabled": { - "description": "Disable the cache and pass `--no-cache` to the `docker build` command. (Default - cache is used)", - "type": "boolean" - }, - "id": { - "description": "Logical identifier for the asset", - "type": "string" - }, - "sourceHash": { - "description": "The hash of the asset source.", - "type": "string" - }, - "path": { - "description": "Path on disk to the asset", - "type": "string" - } - }, - "required": [ - "id", - "packaging", - "path", - "sourceHash" - ] - }, - "ContainerImageAssetCacheOption": { - "description": "Options for configuring the Docker cache backend", - "type": "object", - "properties": { - "type": { - "description": "The type of cache to use.\nRefer to https://docs.docker.com/build/cache/backends/ for full list of backends. (Default - unspecified)", - "type": "string" - }, - "params": { - "description": "Any parameters to pass into the docker cache backend configuration.\nRefer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. (Default {} No options provided)", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "type" - ] - }, - "Tag": { - "description": "Metadata Entry spec for stack tag.", - "type": "object", - "properties": { - "key": { - "description": "Tag key.\n\n(In the actual file on disk this will be cased as \"Key\", and the structure is\npatched to match this structure upon loading:\nhttps://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137)", - "type": "string" - }, - "value": { - "description": "Tag value.\n\n(In the actual file on disk this will be cased as \"Value\", and the structure is\npatched to match this structure upon loading:\nhttps://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137)", - "type": "string" - } - }, - "required": [ - "key", - "value" - ] - }, - "AwsCloudFormationStackProperties": { - "description": "Artifact properties for CloudFormation stacks.", - "type": "object", - "properties": { - "templateFile": { - "description": "A file relative to the assembly root which contains the CloudFormation template for this stack.", - "type": "string" - }, - "parameters": { - "description": "Values for CloudFormation stack parameters that should be passed when the stack is deployed. (Default - No parameters)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "tags": { - "description": "Values for CloudFormation stack tags that should be passed when the stack is deployed. (Default - No tags)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "stackName": { - "description": "The name to use for the CloudFormation stack. (Default - name derived from artifact ID)", - "type": "string" - }, - "terminationProtection": { - "description": "Whether to enable termination protection for this stack.", - "default": false, - "type": "boolean" - }, - "assumeRoleArn": { - "description": "The role that needs to be assumed to deploy the stack (Default - No role is assumed (current credentials are used))", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "External ID to use when assuming role for cloudformation deployments (Default - No external ID)", - "type": "string" - }, - "cloudFormationExecutionRoleArn": { - "description": "The role that is passed to CloudFormation to execute the change set (Default - No role is passed (currently assumed role/credentials are used))", - "type": "string" - }, - "lookupRole": { - "description": "The role to use to look up values from the target AWS account (Default - No role is assumed (current credentials are used))", - "$ref": "#/definitions/BootstrapRole" - }, - "stackTemplateAssetObjectUrl": { - "description": "If the stack template has already been included in the asset manifest, its asset URL (Default - Not uploaded yet, upload just before deploying)", - "type": "string" - }, - "requiresBootstrapStackVersion": { - "description": "Version of bootstrap stack required to deploy this stack (Default - No bootstrap stack required)", - "type": "number" - }, - "bootstrapStackVersionSsmParameter": { - "description": "SSM parameter where the bootstrap stack version number can be found\n\nOnly used if `requiresBootstrapStackVersion` is set.\n\n- If this value is not set, the bootstrap stack name must be known at\n deployment time so the stack version can be looked up from the stack\n outputs.\n- If this value is set, the bootstrap stack can have any name because\n we won't need to look it up. (Default - Bootstrap stack version number looked up)", - "type": "string" - }, - "validateOnSynth": { - "description": "Whether this stack should be validated by the CLI after synthesis (Default - false)", - "type": "boolean" - } - }, - "required": [ - "templateFile" - ] - }, - "BootstrapRole": { - "description": "Information needed to access an IAM role created\nas part of the bootstrap process", - "type": "object", - "properties": { - "arn": { - "description": "The ARN of the IAM role created as part of bootrapping\ne.g. lookupRoleArn", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "External ID to use when assuming the bootstrap role (Default - No external ID)", - "type": "string" - }, - "requiresBootstrapStackVersion": { - "description": "Version of bootstrap stack required to use this role (Default - No bootstrap stack required)", - "type": "number" - }, - "bootstrapStackVersionSsmParameter": { - "description": "Name of SSM parameter with bootstrap stack version (Default - Discover SSM parameter by reading stack)", - "type": "string" - } - }, - "required": [ - "arn" - ] - }, - "AssetManifestProperties": { - "description": "Artifact properties for the Asset Manifest", - "type": "object", - "properties": { - "file": { - "description": "Filename of the asset manifest", - "type": "string" - }, - "requiresBootstrapStackVersion": { - "description": "Version of bootstrap stack required to deploy this stack (Default - Version 1 (basic modern bootstrap stack))", - "type": "number" - }, - "bootstrapStackVersionSsmParameter": { - "description": "SSM parameter where the bootstrap stack version number can be found\n\n- If this value is not set, the bootstrap stack name must be known at\n deployment time so the stack version can be looked up from the stack\n outputs.\n- If this value is set, the bootstrap stack can have any name because\n we won't need to look it up. (Default - Bootstrap stack version number looked up)", - "type": "string" - } - }, - "required": [ - "file" - ] - }, - "TreeArtifactProperties": { - "description": "Artifact properties for the Construct Tree Artifact", - "type": "object", - "properties": { - "file": { - "description": "Filename of the tree artifact", - "type": "string" - } - }, - "required": [ - "file" - ] - }, - "NestedCloudAssemblyProperties": { - "description": "Artifact properties for nested cloud assemblies", - "type": "object", - "properties": { - "directoryName": { - "description": "Relative path to the nested cloud assembly", - "type": "string" - }, - "displayName": { - "description": "Display name for the cloud assembly (Default - The artifact ID)", - "type": "string" - } - }, - "required": [ - "directoryName" - ] - }, - "MissingContext": { - "description": "Represents a missing piece of context.", - "type": "object", - "properties": { - "key": { - "description": "The missing context key.", - "type": "string" - }, - "provider": { - "$ref": "#/definitions/ContextProvider", - "description": "The provider from which we expect this context key to be obtained." - }, - "props": { - "$ref": "#/definitions/ContextQueryProperties", - "description": "A set of provider-specific options." - } - }, - "required": [ - "key", - "props", - "provider" - ] - }, - "ContextProvider": { - "description": "Identifier for the context provider", - "type": "string", - "enum": [ - "ami", - "availability-zones", - "hosted-zone", - "ssm", - "vpc-provider", - "endpoint-service-availability-zones", - "load-balancer", - "load-balancer-listener", - "security-group", - "key-provider", - "plugin" - ] - }, - "ContextQueryProperties": { - "anyOf": [ - { - "$ref": "#/definitions/AmiContextQuery" - }, - { - "$ref": "#/definitions/AvailabilityZonesContextQuery" - }, - { - "$ref": "#/definitions/HostedZoneContextQuery" - }, - { - "$ref": "#/definitions/SSMParameterContextQuery" - }, - { - "$ref": "#/definitions/VpcContextQuery" - }, - { - "$ref": "#/definitions/EndpointServiceAvailabilityZonesContextQuery" - }, - { - "$ref": "#/definitions/LoadBalancerContextQuery" - }, - { - "$ref": "#/definitions/LoadBalancerListenerContextQuery" - }, - { - "$ref": "#/definitions/SecurityGroupContextQuery" - }, - { - "$ref": "#/definitions/KeyContextQuery" - }, - { - "$ref": "#/definitions/PluginContextQuery" - } - ] - }, - "AmiContextQuery": { - "description": "Query to AMI context provider", - "type": "object", - "properties": { - "account": { - "description": "Account to query", - "type": "string" - }, - "region": { - "description": "Region to query", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "owners": { - "description": "Owners to DescribeImages call (Default - All owners)", - "type": "array", - "items": { - "type": "string" - } - }, - "filters": { - "description": "Filters to DescribeImages call", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "required": [ - "account", - "filters", - "region" - ] - }, - "AvailabilityZonesContextQuery": { - "description": "Query to availability zone context provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - } - }, - "required": [ - "account", - "region" - ] - }, - "HostedZoneContextQuery": { - "description": "Query to hosted zone context provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "domainName": { - "description": "The domain name e.g. example.com to lookup", - "type": "string" - }, - "privateZone": { - "description": "True if the zone you want to find is a private hosted zone", - "default": false, - "type": "boolean" - }, - "vpcId": { - "description": "The VPC ID to that the private zone must be associated with\n\nIf you provide VPC ID and privateZone is false, this will return no results\nand raise an error. (Default - Required if privateZone=true)", - "type": "string" - } - }, - "required": [ - "account", - "domainName", - "region" - ] - }, - "SSMParameterContextQuery": { - "description": "Query to SSM Parameter Context Provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "parameterName": { - "description": "Parameter name to query", - "type": "string" - } - }, - "required": [ - "account", - "parameterName", - "region" - ] - }, - "VpcContextQuery": { - "description": "Query input for looking up a VPC", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "filter": { - "description": "Filters to apply to the VPC\n\nFilter parameters are the same as passed to DescribeVpcs.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "returnAsymmetricSubnets": { - "description": "Whether to populate the subnetGroups field of the `VpcContextResponse`,\nwhich contains potentially asymmetric subnet groups.", - "default": false, - "type": "boolean" - }, - "subnetGroupNameTag": { - "description": "Optional tag for subnet group name.\nIf not provided, we'll look at the aws-cdk:subnet-name tag.\nIf the subnet does not have the specified tag,\nwe'll use its type as the name. (Default 'aws-cdk:subnet-name')", - "type": "string" - }, - "returnVpnGateways": { - "description": "Whether to populate the `vpnGatewayId` field of the `VpcContextResponse`,\nwhich contains the VPN Gateway ID, if one exists. You can explicitly\ndisable this in order to avoid the lookup if you know the VPC does not have\na VPN Gatway attached. (Default true)", - "type": "boolean" - } - }, - "required": [ - "account", - "filter", - "region" - ] - }, - "EndpointServiceAvailabilityZonesContextQuery": { - "description": "Query to endpoint service context provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "serviceName": { - "description": "Query service name", - "type": "string" - } - }, - "required": [ - "account", - "region", - "serviceName" - ] - }, - "LoadBalancerContextQuery": { - "description": "Query input for looking up a load balancer", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "loadBalancerType": { - "$ref": "#/definitions/LoadBalancerType", - "description": "Filter load balancers by their type" - }, - "loadBalancerArn": { - "description": "Find by load balancer's ARN (Default - does not search by load balancer arn)", - "type": "string" - }, - "loadBalancerTags": { - "description": "Match load balancer tags (Default - does not match load balancers by tags)", - "type": "array", - "items": { - "$ref": "#/definitions/Tag" - } - } - }, - "required": [ - "account", - "loadBalancerType", - "region" - ] - }, - "LoadBalancerType": { - "description": "Type of load balancer", - "type": "string", - "enum": [ - "network", - "application" - ] - }, - "LoadBalancerListenerContextQuery": { - "description": "Query input for looking up a load balancer listener", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "listenerArn": { - "description": "Find by listener's arn (Default - does not find by listener arn)", - "type": "string" - }, - "listenerProtocol": { - "description": "Filter by listener protocol (Default - does not filter by listener protocol)", - "enum": [ - "HTTP", - "HTTPS", - "TCP", - "TCP_UDP", - "TLS", - "UDP" - ], - "type": "string" - }, - "listenerPort": { - "description": "Filter listeners by listener port (Default - does not filter by a listener port)", - "type": "number" - }, - "loadBalancerType": { - "$ref": "#/definitions/LoadBalancerType", - "description": "Filter load balancers by their type" - }, - "loadBalancerArn": { - "description": "Find by load balancer's ARN (Default - does not search by load balancer arn)", - "type": "string" - }, - "loadBalancerTags": { - "description": "Match load balancer tags (Default - does not match load balancers by tags)", - "type": "array", - "items": { - "$ref": "#/definitions/Tag" - } - } - }, - "required": [ - "account", - "loadBalancerType", - "region" - ] - }, - "SecurityGroupContextQuery": { - "description": "Query input for looking up a security group", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "securityGroupId": { - "description": "Security group id (Default - None)", - "type": "string" - }, - "securityGroupName": { - "description": "Security group name (Default - None)", - "type": "string" - }, - "vpcId": { - "description": "VPC ID (Default - None)", - "type": "string" - } - }, - "required": [ - "account", - "region" - ] - }, - "KeyContextQuery": { - "description": "Query input for looking up a KMS Key", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "aliasName": { - "description": "Alias name used to search the Key", - "type": "string" - } - }, - "required": [ - "account", - "aliasName", - "region" - ] - }, - "PluginContextQuery": { - "description": "Query input for plugins\n\nThis alternate branch is necessary because it needs to be able to escape all type checking\nwe do on on the cloud assembly -- we cannot know the properties that will be used a priori.", - "type": "object", - "additionalProperties": {}, - "properties": { - "pluginName": { - "description": "The name of the plugin", - "type": "string" - } - }, - "required": [ - "pluginName" - ] - }, - "RuntimeInfo": { - "description": "Information about the application's runtime components.", - "type": "object", - "properties": { - "libraries": { - "description": "The list of libraries loaded in the application, associated with their versions.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "libraries" - ] - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json deleted file mode 100644 index a43e4f30b6f64..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json +++ /dev/null @@ -1,493 +0,0 @@ -{ - "$ref": "#/definitions/IntegManifest", - "definitions": { - "IntegManifest": { - "description": "Definitions for the integration testing manifest", - "type": "object", - "properties": { - "version": { - "description": "Version of the manifest", - "type": "string" - }, - "enableLookups": { - "description": "Enable lookups for this test. If lookups are enabled\nthen `stackUpdateWorkflow` must be set to false.\nLookups should only be enabled when you are explicitely testing\nlookups.", - "default": false, - "type": "boolean" - }, - "synthContext": { - "description": "Additional context to use when performing\na synth. Any context provided here will override\nany default context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "testCases": { - "description": "test cases", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/TestCase" - } - } - }, - "required": [ - "testCases", - "version" - ] - }, - "TestCase": { - "description": "Represents an integration test case", - "type": "object", - "properties": { - "stacks": { - "description": "Stacks that should be tested as part of this test case\nThe stackNames will be passed as args to the cdk commands\nso dependent stacks will be automatically deployed unless\n`exclusively` is passed", - "type": "array", - "items": { - "type": "string" - } - }, - "assertionStack": { - "description": "The node id of the stack that contains assertions.\nThis is the value that can be used to deploy the stack with the CDK CLI (Default - no assertion stack)", - "type": "string" - }, - "assertionStackName": { - "description": "The name of the stack that contains assertions (Default - no assertion stack)", - "type": "string" - }, - "stackUpdateWorkflow": { - "description": "Run update workflow on this test case\nThis should only be set to false to test scenarios\nthat are not possible to test as part of the update workflow (Default true)", - "type": "boolean" - }, - "cdkCommandOptions": { - "description": "Additional options to use for each CDK command (Default - runner default options)", - "$ref": "#/definitions/CdkCommands" - }, - "hooks": { - "description": "Additional commands to run at predefined points in the test workflow\n\ne.g. { postDeploy: ['yarn', 'test'] } (Default - no hooks)", - "$ref": "#/definitions/Hooks" - }, - "diffAssets": { - "description": "Whether or not to include asset hashes in the diff\nAsset hashes can introduces a lot of unneccessary noise into tests,\nbut there are some cases where asset hashes _should_ be included. For example\nany tests involving custom resources or bundling", - "default": false, - "type": "boolean" - }, - "allowDestroy": { - "description": "List of CloudFormation resource types in this stack that can\nbe destroyed as part of an update without failing the test.\n\nThis list should only include resources that for this specific\nintegration test we are sure will not cause errors or an outage if\ndestroyed. For example, maybe we know that a new resource will be created\nfirst before the old resource is destroyed which prevents any outage.\n\ne.g. ['AWS::IAM::Role'] (Default - do not allow destruction of any resources on update)", - "type": "array", - "items": { - "type": "string" - } - }, - "regions": { - "description": "Limit deployment to these regions (Default - can run in any region)", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "stacks" - ] - }, - "CdkCommands": { - "description": "Options for specific cdk commands that are run\nas part of the integration test workflow", - "type": "object", - "properties": { - "deploy": { - "description": "Options to for the cdk deploy command (Default - default deploy options)", - "$ref": "#/definitions/DeployCommand" - }, - "destroy": { - "description": "Options to for the cdk destroy command (Default - default destroy options)", - "$ref": "#/definitions/DestroyCommand" - } - } - }, - "DeployCommand": { - "description": "Represents a cdk deploy command", - "type": "object", - "properties": { - "args": { - "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", - "$ref": "#/definitions/DeployOptions" - }, - "enabled": { - "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", - "type": "boolean" - }, - "expectError": { - "description": "If the runner should expect this command to fail", - "default": false, - "type": "boolean" - }, - "expectedMessage": { - "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", - "type": "string" - } - } - }, - "DeployOptions": { - "description": "Options to use with cdk deploy", - "type": "object", - "properties": { - "exclusively": { - "description": "Only perform action on the given stack", - "default": false, - "type": "boolean" - }, - "toolkitStackName": { - "description": "Name of the toolkit stack to use/deploy (Default CDKToolkit)", - "type": "string" - }, - "reuseAssets": { - "description": "Reuse the assets with the given asset IDs (Default - do not reuse assets)", - "type": "array", - "items": { - "type": "string" - } - }, - "changeSetName": { - "description": "Optional name to use for the CloudFormation change set.\nIf not provided, a name will be generated automatically. (Default - auto generate a name)", - "type": "string" - }, - "force": { - "description": "Always deploy, even if templates are identical.", - "default": false, - "type": "boolean" - }, - "rollback": { - "description": "Rollback failed deployments (Default true)", - "type": "boolean" - }, - "notificationArns": { - "description": "ARNs of SNS topics that CloudFormation will notify with stack related events (Default - no notifications)", - "type": "array", - "items": { - "type": "string" - } - }, - "requireApproval": { - "description": "What kind of security changes require approval (Default RequireApproval.Never)", - "enum": [ - "any-change", - "broadening", - "never" - ], - "type": "string" - }, - "execute": { - "description": "Whether to execute the ChangeSet\nNot providing `execute` parameter will result in execution of ChangeSet (Default true)", - "type": "boolean" - }, - "parameters": { - "description": "Additional parameters for CloudFormation at deploy time (Default [object Object])", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "usePreviousParameters": { - "description": "Use previous values for unspecified parameters\n\nIf not set, all parameters must be specified for every deployment. (Default true)", - "type": "boolean" - }, - "outputsFile": { - "description": "Path to file where stack outputs will be written after a successful deploy as JSON (Default - Outputs are not written to any file)", - "type": "string" - }, - "ci": { - "description": "Whether we are on a CI system", - "default": false, - "type": "boolean" - }, - "concurrency": { - "description": "Deploy multiple stacks in parallel (Default 1)", - "type": "number" - }, - "stacks": { - "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", - "type": "array", - "items": { - "type": "string" - } - }, - "all": { - "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", - "type": "boolean" - }, - "app": { - "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", - "type": "string" - }, - "roleArn": { - "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", - "type": "string" - }, - "context": { - "description": "Additional context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trace": { - "description": "Print trace for stack warnings", - "default": false, - "type": "boolean" - }, - "strict": { - "description": "Do not construct stacks with warnings", - "default": false, - "type": "boolean" - }, - "lookups": { - "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", - "type": "boolean" - }, - "ignoreErrors": { - "description": "Ignores synthesis errors, which will likely produce an invalid output", - "default": false, - "type": "boolean" - }, - "json": { - "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", - "default": false, - "type": "boolean" - }, - "verbose": { - "description": "show debug logs", - "default": false, - "type": "boolean" - }, - "debug": { - "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", - "default": false, - "type": "boolean" - }, - "profile": { - "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", - "type": "string" - }, - "proxy": { - "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", - "type": "string" - }, - "caBundlePath": { - "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", - "type": "string" - }, - "ec2Creds": { - "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", - "type": "boolean" - }, - "versionReporting": { - "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", - "type": "boolean" - }, - "pathMetadata": { - "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", - "type": "boolean" - }, - "assetMetadata": { - "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", - "type": "boolean" - }, - "staging": { - "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", - "default": false, - "type": "boolean" - }, - "output": { - "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", - "type": "string" - }, - "notices": { - "description": "Show relevant notices (Default true)", - "type": "boolean" - }, - "color": { - "description": "Show colors and other style from console output (Default true)", - "type": "boolean" - } - } - }, - "DestroyCommand": { - "description": "Represents a cdk destroy command", - "type": "object", - "properties": { - "args": { - "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", - "$ref": "#/definitions/DestroyOptions" - }, - "enabled": { - "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", - "type": "boolean" - }, - "expectError": { - "description": "If the runner should expect this command to fail", - "default": false, - "type": "boolean" - }, - "expectedMessage": { - "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", - "type": "string" - } - } - }, - "DestroyOptions": { - "description": "Options to use with cdk destroy", - "type": "object", - "properties": { - "force": { - "description": "Do not ask for permission before destroying stacks", - "default": false, - "type": "boolean" - }, - "exclusively": { - "description": "Only destroy the given stack", - "default": false, - "type": "boolean" - }, - "stacks": { - "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", - "type": "array", - "items": { - "type": "string" - } - }, - "all": { - "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", - "type": "boolean" - }, - "app": { - "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", - "type": "string" - }, - "roleArn": { - "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", - "type": "string" - }, - "context": { - "description": "Additional context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trace": { - "description": "Print trace for stack warnings", - "default": false, - "type": "boolean" - }, - "strict": { - "description": "Do not construct stacks with warnings", - "default": false, - "type": "boolean" - }, - "lookups": { - "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", - "type": "boolean" - }, - "ignoreErrors": { - "description": "Ignores synthesis errors, which will likely produce an invalid output", - "default": false, - "type": "boolean" - }, - "json": { - "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", - "default": false, - "type": "boolean" - }, - "verbose": { - "description": "show debug logs", - "default": false, - "type": "boolean" - }, - "debug": { - "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", - "default": false, - "type": "boolean" - }, - "profile": { - "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", - "type": "string" - }, - "proxy": { - "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", - "type": "string" - }, - "caBundlePath": { - "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", - "type": "string" - }, - "ec2Creds": { - "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", - "type": "boolean" - }, - "versionReporting": { - "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", - "type": "boolean" - }, - "pathMetadata": { - "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", - "type": "boolean" - }, - "assetMetadata": { - "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", - "type": "boolean" - }, - "staging": { - "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", - "default": false, - "type": "boolean" - }, - "output": { - "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", - "type": "string" - }, - "notices": { - "description": "Show relevant notices (Default true)", - "type": "boolean" - }, - "color": { - "description": "Show colors and other style from console output (Default true)", - "type": "boolean" - } - } - }, - "Hooks": { - "description": "Commands to run at predefined points during the\nintegration test workflow", - "type": "object", - "properties": { - "preDeploy": { - "description": "Commands to run prior to deploying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "postDeploy": { - "description": "Commands to run prior after deploying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "preDestroy": { - "description": "Commands to run prior to destroying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "postDestroy": { - "description": "Commands to run after destroying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh b/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh deleted file mode 100755 index 04a6710e54bdb..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -euo pipefail -scriptsdir=$(cd $(dirname $0) && pwd) -packagedir=$(cd ${scriptsdir}/.. && pwd) - -# Output -OUTPUT_DIR="${packagedir}/schema" -mkdir -p ${OUTPUT_DIR} - -# regenerate JSON schema and bumps the version -ts-node --prefer-ts-exts -e "require('${packagedir}/scripts/update-schema.ts').update()" diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts deleted file mode 100644 index 532a0774612f3..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts +++ /dev/null @@ -1,151 +0,0 @@ -import * as fs from 'fs'; -import * as path from 'path'; -import * as semver from 'semver'; -// eslint-disable-next-line import/no-extraneous-dependencies -import * as tjs from 'typescript-json-schema'; - -function log(message: string) { - // eslint-disable-next-line no-console - console.log(message); -} - -/** - * Where schemas are committed. - */ -const SCHEMA_DIR = path.resolve(__dirname, '../schema'); - -const SCHEMA_DEFINITIONS: { - [schemaName: string]: { - /** - * The name of the root type. - */ - rootTypeName: string; - /** - * Files loaded to generate the schema. - * Should be relative to `cloud-assembly-schema/lib`. - * Usually this is just the file containing the root type. - */ - files: string[]; - }; -} = { - 'assets': { - rootTypeName: 'AssetManifest', - files: [path.join('assets', 'schema.ts')], - }, - 'cloud-assembly': { - rootTypeName: 'AssemblyManifest', - files: [path.join('cloud-assembly', 'schema.ts')], - }, - 'integ': { - rootTypeName: 'IntegManifest', - files: [path.join('integ-tests', 'schema.ts')], - }, -}; - -export const SCHEMAS = Object.keys(SCHEMA_DEFINITIONS); - -export function update() { - for (const s of SCHEMAS) { - generateSchema(s); - } - - bump(); -} - -export function bump() { - const versionFile = path.join(SCHEMA_DIR, 'cloud-assembly.version.json'); - - // eslint-disable-next-line @typescript-eslint/no-require-imports - const metadata = require(versionFile); - - const oldVersion = metadata.version; - const newVersion = semver.inc(oldVersion, 'major'); - - log(`Updating schema version: ${oldVersion} -> ${newVersion}`); - fs.writeFileSync(versionFile, JSON.stringify({ version: newVersion })); -} - -/** - * Generates a schema from typescript types. - * @returns JSON schema - * @param schemaName the schema to generate - * @param shouldBump writes a new version of the schema and bumps the major version - */ -export function generateSchema(schemaName: string, saveToFile: boolean = true) { - const spec = SCHEMA_DEFINITIONS[schemaName]; - const out = saveToFile ? path.join(SCHEMA_DIR, `${schemaName}.schema.json`) : ''; - - const settings: Partial = { - required: true, - ref: true, - topRef: true, - noExtraProps: false, - out, - }; - - const compilerOptions = { - strictNullChecks: true, - }; - - const program = tjs.getProgramFromFiles(spec.files.map(file =>path.join(__dirname, '..', 'lib', file)), compilerOptions); - const schema = tjs.generateSchema(program, spec.rootTypeName, settings); - - augmentDescription(schema); - addAnyMetadataEntry(schema); - - if (out) { - log(`Generating schema to ${out}`); - fs.writeFileSync(out, JSON.stringify(schema, null, 4)); - } - - return schema; -} - -/** - * Remove 'default' from the schema since its generated - * from the tsdocs, which are not necessarily actual values, - * but rather descriptive behavior. - * - * To keep this inforamtion in the schema, we append it to the - * 'description' of the property. - */ -function augmentDescription(schema: any) { - - function _recurse(o: any) { - for (const prop in o) { - - if (prop === 'description' && typeof o[prop] === 'string') { - - const description = o[prop]; - const defaultValue = o.default; - - if (!defaultValue) { - // property doesn't have a default value - // skip - continue; - } - - const descriptionWithDefault = `${description} (Default ${defaultValue})`; - - delete o.default; - o[prop] = descriptionWithDefault; - - } else if (typeof o[prop] === 'object') { - _recurse(o[prop]); - } - } - } - - _recurse(schema); - -} - -/** - * Patch the properties of MetadataEntry to allow - * specifying any free form data. This is needed since source - * code doesn't allow this in order to enforce stricter jsii - * compatibility checks. - */ -function addAnyMetadataEntry(schema: any) { - schema?.definitions?.MetadataEntry?.properties.data.anyOf.push({ description: 'Free form data.' }); -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap b/packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap deleted file mode 100644 index 14a8ff8031165..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap +++ /dev/null @@ -1,7 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`manifest load 1`] = ` -{ - "version": "0.0.0", -} -`; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts deleted file mode 100644 index 24ddd465484b7..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts +++ /dev/null @@ -1,194 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import { FileAssetPackaging, Manifest } from '../lib'; - -describe('Docker image asset', () => { - test('valid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - dockerImages: { - asset: { - source: { - directory: '.', - }, - destinations: { - dest: { - region: 'us-north-20', - repositoryName: 'REPO', - imageTag: 'TAG', - }, - }, - }, - externalAsset: { - source: { - executable: ['sometool'], - }, - destinations: { - dest: { - region: 'us-north-20', - repositoryName: 'REPO', - imageTag: 'TAG', - }, - }, - }, - }, - }); - }).not.toThrow(); - }); - - test('invalid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - dockerImages: { - asset: { - source: { - directory: true, - }, - destinations: {}, - }, - externalAsset: { - source: {}, - destinations: {}, - }, - }, - }); - }).toThrow(/instance\.dockerImages\.asset\.source\.directory is not of a type\(s\) string/); - }); -}); - -describe('File asset', () => { - describe('valid input', () => { - test('without packaging', () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 'a/b/c', - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - externalAsset: { - source: { - executable: ['sometool'], - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).not.toThrow(); - }); - - for (const packaging of Object.values(FileAssetPackaging)) { - test(`with "${packaging}" packaging`, () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 'a/b/c', - packaging, - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).not.toThrow(); - }); - } - }); - - describe('invalid input', () => { - test('bad "source.path" property', () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 3, - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - externalAsset: { - source: { - executable: ['sometool'], - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).toThrow(/instance\.files\.asset\.source\.path is not of a type\(s\) string/); - }); - - test('bad "source.packaging" property', () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 'a/b/c', - packaging: 'BLACK_HOLE', - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).toThrow(/instance\.files\.asset\.source\.packaging is not one of enum values: file,zip/); - }); - }); -}); - -function validate(manifest: any) { - const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'assets.test.')); - const filePath = path.join(dir, 'manifest.json'); - fs.writeFileSync(filePath, JSON.stringify(manifest, undefined, 2)); - try { - Manifest.loadAssetManifest(filePath); - } finally { - fs.unlinkSync(filePath); - fs.rmdirSync(dir); - } -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json deleted file mode 100644 index ef6fc1c901429..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "version": "99.99.99" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json deleted file mode 100644 index ea1558cb1e6f9..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "version": "0.0.0", - "artifacts": { - "MyArt": { - "type": "who:am:i", - "environment": "aws://37736633/us-region-1" - } - } -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json deleted file mode 100644 index da1a33b17936e..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "version": "0.0.0", - "runtime": { - "libraries": ["should", "be", "a", "map"] - } -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json deleted file mode 100644 index 36b2250cf8d33..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "version": "version" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json deleted file mode 100644 index c158d5be87422..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "version": "0.0.0" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json deleted file mode 100644 index cd2209c526595..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "version": "0.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "stack": { - "type": "aws:cloudformation:stack", - "metadata": { - "AwsCdkPlaygroundBatch": [ - { - "type": "random-array", - "data": ["42"], - "trace": ["trace"] - }, - { - "type": "random-number", - "data": 42, - "trace": ["trace"] - }, - { - "type": "random-map", - "data": { - "key": "value" - }, - "trace": ["trace"] - } - ] - } - } - } - } \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json deleted file mode 100644 index d1f0bca305c81..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "version": "0.0.0", - "who-am-i": "unknown" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json deleted file mode 100644 index 4d18eed47c8a0..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "version": "0.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "stack": { - "type": "aws:cloudformation:stack", - "metadata": { - "AwsCdkPlaygroundBatch": [ - { - "type": "aws:cdk:stack-tags", - "data": [{ - "Key": "hello", - "Value": "world" - }], - "trace": ["trace"] - }, - { - "type": "aws:cdk:asset", - "data": { - "repositoryName": "repo", - "imageTag": "tag", - "id": "id", - "packaging": "container-image", - "path": "path", - "sourceHash": "hash" - }, - "trace": ["trace"] - } - ] - } - } - } -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts deleted file mode 100644 index 3baefc89d750f..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts +++ /dev/null @@ -1,137 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import { Manifest } from '../lib'; - -describe('Integration test', () => { - test('valid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - testCase1: { - stacks: ['stack1', 'stack2'], - stackUpdateWorkflow: true, - cdkCommandOptions: { - deploy: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - exclusively: true, - toolkitStackName: 'Stack', - reuseAssets: ['asset1', 'asset2'], - changeSetName: 'changeset', - force: true, - rollback: false, - notificationArns: ['arn1', 'arn2'], - execute: true, - parameters: { - 'MYPARAM': 'Value', - 'Stack1:OtherParam': 'OtherValue', - }, - usePreviousParameters: true, - outputsFile: 'outputs.json', - ci: true, - requireApproval: 'never', - app: 'node bin/my-app.js', - roleArn: 'roleArn', - context: { - KEY: 'value', - }, - trace: true, - strict: true, - lookups: true, - ignoreErrors: true, - json: true, - verbose: true, - debug: true, - profile: 'profile', - proxy: 'https://proxy', - caBundlePath: 'path/to/bundle', - ec2Creds: true, - versionReporting: false, - pathMetadata: false, - assetMetadata: true, - staging: false, - output: true, - notices: true, - color: false, - }, - }, - synth: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - quiet: true, - exclusively: true, - validation: true, - }, - }, - destroy: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - force: true, - exclusively: true, - }, - }, - }, - hooks: { - preDeploy: ['yarn test'], - postDeploy: ['some other command'], - preDestroy: ['command1', 'command2'], - postDestroy: ['command3', 'command4'], - }, - diffAssets: true, - allowDestroy: ['AWS::IAM::Role'], - region: ['us-east-1', 'us-east-2'], - }, - }, - }); - }); - }); - - test('invalid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - stacks: true, - }, - }); - }).toThrow(/instance\.testCases\.stacks is not of a type\(s\) object/); - }); - - test('without command options', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - testCase1: { - stacks: ['stack1', 'stack2'], - stackUpdateWorkflow: true, - hooks: { - preDeploy: ['yarn test'], - }, - diffAssets: true, - }, - }, - }); - }); - }); -}); - -function validate(manifest: any) { - const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'integ.test.')); - const filePath = path.join(dir, 'manifest.json'); - fs.writeFileSync(filePath, JSON.stringify(manifest, undefined, 2)); - try { - Manifest.loadIntegManifest(filePath); - } finally { - fs.unlinkSync(filePath); - fs.rmdirSync(dir); - } -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts deleted file mode 100644 index a8f1311a2dcc9..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts +++ /dev/null @@ -1,162 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import * as semver from 'semver'; -import { AssemblyManifest, Manifest, StackTagsMetadataEntry } from '../lib'; - -const FIXTURES = path.join(__dirname, 'fixtures'); - -function fixture(name: string) { - return path.join(FIXTURES, name, 'manifest.json'); -} - -test('manifest save', () => { - - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - - const assemblyManifest: AssemblyManifest = { - version: 'version', - runtime: { - libraries: { lib1: '1.2.3' }, - }, - }; - - Manifest.saveAssemblyManifest(assemblyManifest, manifestFile); - - const saved = JSON.parse(fs.readFileSync(manifestFile, { encoding: 'utf-8' })); - - expect(saved).toEqual({ - ...assemblyManifest, - version: Manifest.version(), // version is forced - }); -}); - -test('manifest load', () => { - const loaded = Manifest.loadAssemblyManifest(fixture('only-version')); - expect(loaded).toMatchSnapshot(); -}); - -test('manifest load fails for invalid nested property', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('invalid-nested-property'))).toThrow(/Invalid assembly manifest/); -}); - -test('manifest load fails for invalid artifact type', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('invalid-artifact-type'))).toThrow(/Invalid assembly manifest/); -}); - -test('manifest load fails on higher major version', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('high-version'))).toThrow(/Cloud assembly schema version mismatch/); -}); - -// once we start introducing minor version bumps that are considered -// non breaking, this test can be removed. -test('manifest load fails on higher minor version', () => { - - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - - const newVersion = semver.inc(Manifest.version(), 'minor'); - expect(newVersion).toBeTruthy(); - - if (newVersion) { - const assemblyManifest: AssemblyManifest = { - version: newVersion, - }; - - // can't use saveAssemblyManifest because it will force the correct version - fs.writeFileSync(manifestFile, JSON.stringify(assemblyManifest)); - - expect(() => Manifest.loadAssemblyManifest(manifestFile)).toThrow(/Cloud assembly schema version mismatch/); - } -}); - -test('manifest load doesnt fail if version checking is disabled, and unknown properties are added', () => { - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - const newVersion = semver.inc(Manifest.version(), 'major'); - expect(newVersion).toBeTruthy(); - - const assemblyManifest: AssemblyManifest = { - version: newVersion!, - artifacts: { - SomeArtifact: { - type: 'aws:cloudformation:stack', - thisPropertyWillNeverBeInTheManifest: 'i_hope', - } as any, - UnknownArtifact: { - type: 'unknown-artifact-type', - } as any, - }, - }; - - // can't use saveAssemblyManifest because it will force the correct version - fs.writeFileSync(manifestFile, JSON.stringify(assemblyManifest)); - - Manifest.loadAssemblyManifest(manifestFile, { skipVersionCheck: true, skipEnumCheck: true }); -}); - -// once we start introducing patch version bumps that are considered -// non breaking, this test can be removed. -test('manifest load fails on higher patch version', () => { - - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - - const newVersion = semver.inc(Manifest.version(), 'patch'); - expect(newVersion).toBeTruthy(); - - if (newVersion) { - const assemblyManifest: AssemblyManifest = { - version: newVersion, - }; - - // can't use saveAssemblyManifest because it will force the correct version - fs.writeFileSync(manifestFile, JSON.stringify(assemblyManifest)); - - expect(() => Manifest.loadAssemblyManifest(manifestFile)).toThrow(/Cloud assembly schema version mismatch/); - } -}); - -test('manifest load fails on invalid version', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('invalid-version'))).toThrow(/Invalid semver string/); -}); - -test('manifest load succeeds on unknown properties', () => { - const manifest = Manifest.loadAssemblyManifest(fixture('unknown-property')); - expect(manifest.version).toEqual('0.0.0'); -}); - -test('stack-tags are deserialized properly', () => { - - const m: AssemblyManifest = Manifest.loadAssemblyManifest(fixture('with-stack-tags')); - - if (m.artifacts?.stack?.metadata?.AwsCdkPlaygroundBatch[0].data) { - const entry = m.artifacts.stack.metadata.AwsCdkPlaygroundBatch[0].data as StackTagsMetadataEntry; - expect(entry[0].key).toEqual('hello'); - expect(entry[0].value).toEqual('world'); - } - expect(m.version).toEqual('0.0.0'); - -}); - -test('can access random metadata', () => { - - const loaded = Manifest.loadAssemblyManifest(fixture('random-metadata')); - const randomArray = loaded.artifacts?.stack.metadata?.AwsCdkPlaygroundBatch[0].data; - const randomNumber = loaded.artifacts?.stack.metadata?.AwsCdkPlaygroundBatch[1].data; - const randomMap = loaded.artifacts?.stack.metadata?.AwsCdkPlaygroundBatch[2].data; - - expect(randomArray).toEqual(['42']); - expect(randomNumber).toEqual(42); - expect(randomMap).toEqual({ - key: 'value', - }); - - expect(randomMap).toBeTruthy(); - - if (randomMap) { - expect((randomMap as any).key).toEqual('value'); - } - -}); diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts deleted file mode 100644 index ad935bbe73789..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts +++ /dev/null @@ -1,47 +0,0 @@ -import { generateSchema, SCHEMAS } from '../scripts/update-schema'; - -test('if this test fails, run "yarn update-schema"', () => { - - // when we compare schemas we ignore changes the - // description that is generated from the ts docstrings. - const docStringFields = [ - 'description', - ]; - - for (const schemaName of SCHEMAS) { - const expected = removeStringKeys(generateSchema(schemaName, false), docStringFields); - - // eslint-disable-next-line @typescript-eslint/no-require-imports - const actual = removeStringKeys(require(`../schema/${schemaName}.schema.json`), docStringFields); - - try { - expect(actual).toEqual(expected); - } catch (err: any) { - // I couldn't for the life of me figure out how to provide additional error message - // to jest...any ideas? - err.message = `Whoops, Looks like the schema has changed. Did you forget to run 'yarn update-schema'?\n\n${err.message}`; - throw err; - } - } - -}); - -function removeStringKeys(obj: any, keys: string[]) { - - function _recurse(o: any) { - for (const prop in o) { - if (keys.includes(prop) && typeof o[prop] === 'string') { - delete o[prop]; - } else if (typeof o[prop] === 'object') { - _recurse(o[prop]); - } - } - } - const cloned = clone(obj); - _recurse(cloned); - return cloned; -} - -function clone(obj: any) { - return JSON.parse(JSON.stringify(obj)); -} diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts index 01fd49c9c2ea7..3c6c45b5de2f2 100644 --- a/packages/aws-cdk-lib/index.ts +++ b/packages/aws-cdk-lib/index.ts @@ -157,6 +157,7 @@ export * as aws_lambda from './aws-lambda'; export * as aws_lambda_destinations from './aws-lambda-destinations'; export * as aws_lambda_event_sources from './aws-lambda-event-sources'; export * as aws_lambda_nodejs from './aws-lambda-nodejs'; +export * as aws_launchwizard from './aws-launchwizard'; export * as aws_lex from './aws-lex'; export * as aws_licensemanager from './aws-licensemanager'; export * as aws_lightsail from './aws-lightsail'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 2d3b00e5b87f7..b364698e5381f 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -122,6 +122,7 @@ "@aws-cdk/asset-awscli-v1": "^2.2.202", "@aws-cdk/asset-kubectl-v20": "^2.1.2", "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@balena/dockerignore": "^1.0.2", "case": "1.6.3", "fs-extra": "^11.2.0", @@ -135,7 +136,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.1.13", + "@aws-cdk/aws-service-spec": "^0.1.16", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", @@ -373,6 +374,7 @@ "./aws-lambda-destinations": "./aws-lambda-destinations/index.js", "./aws-lambda-event-sources": "./aws-lambda-event-sources/index.js", "./aws-lambda-nodejs": "./aws-lambda-nodejs/index.js", + "./aws-launchwizard": "./aws-launchwizard/index.js", "./aws-lex": "./aws-lex/index.js", "./aws-licensemanager": "./aws-licensemanager/index.js", "./aws-lightsail": "./aws-lightsail/index.js", diff --git a/packages/aws-cdk-lib/pipelines/README.md b/packages/aws-cdk-lib/pipelines/README.md index 2eceefc9e5236..40c06136e9dea 100644 --- a/packages/aws-cdk-lib/pipelines/README.md +++ b/packages/aws-cdk-lib/pipelines/README.md @@ -1,11 +1,10 @@ # CDK Pipelines - A construct library for painless Continuous Delivery of CDK applications. -CDK Pipelines is an *opinionated construct library*. It is purpose-built to +CDK Pipelines is an _opinionated construct library_. It is purpose-built to deploy one or more copies of your CDK applications using CloudFormation with a -minimal amount of effort on your part. It is *not* intended to support arbitrary +minimal amount of effort on your part. It is _not_ intended to support arbitrary deployment pipelines, and very specifically it is not built to use CodeDeploy to deploy applications to instances, or deploy your custom-built ECR images to an ECS cluster directly: use CDK file assets with CloudFormation Init for instances, or @@ -13,12 +12,12 @@ CDK container assets for ECS clusters instead. Give the CDK Pipelines way of doing things a shot first: you might find it does everything you need. If you need more control, or if you need `v2` support from -`aws-codepipeline`, we recommend you drop down to using the `aws-codepipeline` +`aws-codepipeline`, we recommend you drop down to using the `aws-codepipeline` construct library directly. > This module contains two sets of APIs: an **original** and a **modern** version of -> CDK Pipelines. The *modern* API has been updated to be easier to work with and -> customize, and will be the preferred API going forward. The *original* version +> CDK Pipelines. The _modern_ API has been updated to be easier to work with and +> customize, and will be the preferred API going forward. The _original_ version > of the API is still available for backwards compatibility, but we recommend migrating > to the new version if possible. > @@ -40,28 +39,28 @@ You then define a `Pipeline`, instantiate as many instances of `MyApplicationStage` as you want for your test and production environments, with different parameters for each, and calling `pipeline.addStage()` for each of them. You can deploy to the same account and Region, or to a different one, -with the same amount of code. The *CDK Pipelines* library takes care of the +with the same amount of code. The _CDK Pipelines_ library takes care of the details. -CDK Pipelines supports multiple *deployment engines* (see +CDK Pipelines supports multiple _deployment engines_ (see [Using a different deployment engine](#using-a-different-deployment-engine)), and comes with a deployment engine that deploys CDK apps using AWS CodePipeline. -To use the CodePipeline engine, define a `CodePipeline` construct. The following +To use the CodePipeline engine, define a `CodePipeline` construct. The following example creates a CodePipeline that deploys an application from GitHub: ```ts /** The stacks for our app are minimally defined here. The internals of these - * stacks aren't important, except that DatabaseStack exposes an attribute - * "table" for a database table it defines, and ComputeStack accepts a reference - * to this table in its properties. - */ + * stacks aren't important, except that DatabaseStack exposes an attribute + * "table" for a database table it defines, and ComputeStack accepts a reference + * to this table in its properties. + */ class DatabaseStack extends Stack { public readonly table: dynamodb.TableV2; constructor(scope: Construct, id: string) { super(scope, id); this.table = new dynamodb.TableV2(this, 'Table', { - partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING } + partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }, }); } } @@ -87,26 +86,29 @@ class MyPipelineStack extends Stack { synth: new pipelines.ShellStep('Synth', { // Use a connection created using the AWS console to authenticate to GitHub // Other sources are available. - input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', - }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + input: pipelines.CodePipelineSource.connection( + 'my-org/my-app', + 'main', + { + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + } + ), + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); // 'MyApplication' is defined below. Call `addStage` as many times as // necessary with any account and region (may be different from the // pipeline's). - pipeline.addStage(new MyApplication(this, 'Prod', { - env: { - account: '123456789012', - region: 'eu-west-1', - }, - })); + pipeline.addStage( + new MyApplication(this, 'Prod', { + env: { + account: '123456789012', + region: 'eu-west-1', + }, + }) + ); } } @@ -134,7 +136,7 @@ new MyPipelineStack(this, 'PipelineStack', { env: { account: '123456789012', region: 'eu-west-1', - } + }, }); ``` @@ -143,7 +145,7 @@ application stages in the source code, or new stacks to `MyApplication`, the pipeline will automatically reconfigure itself to deploy those new stages and stacks. -(Note that you have to *bootstrap* all environments before the above code +(Note that you have to _bootstrap_ all environments before the above code will work, and switch on "Modern synthesis" if you are using CDKv1. See the section **CDK Environment Bootstrapping** below for more information). @@ -152,7 +154,7 @@ more information). To provision the pipeline you have defined, make sure the target environment has been bootstrapped (see below), and then execute deploying the -`PipelineStack` *once*. Afterwards, the pipeline will keep itself up-to-date. +`PipelineStack` _once_. Afterwards, the pipeline will keep itself up-to-date. > **Important**: be sure to `git commit` and `git push` before deploying the > Pipeline stack using `cdk deploy`! @@ -183,27 +185,16 @@ To make the development more convenient, the self-mutation feature can be turned off temporarily, by passing `selfMutation: false` property, example: ```ts -// Modern API -const modernPipeline = new pipelines.CodePipeline(this, 'Pipeline', { +const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { selfMutation: false, synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); - -// Original API -const cloudAssemblyArtifact = new codepipeline.Artifact(); -const originalPipeline = new pipelines.CdkPipeline(this, 'Pipeline', { - selfMutating: false, - cloudAssemblyArtifact, -}); ``` ## Defining the pipeline @@ -232,11 +223,7 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -252,12 +239,7 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'cd mysubdir', - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['cd mysubdir', 'npm ci', 'npm run build', 'npx cdk synth'], primaryOutputDirectory: 'mysubdir/cdk.out', }), }); @@ -284,12 +266,8 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'yarn install --frozen-lockfile', - 'yarn build', - 'npx cdk synth', - ], - }) + commands: ['yarn install --frozen-lockfile', 'yarn build', 'npx cdk synth'], + }), }); ``` @@ -307,7 +285,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { 'npm install -g aws-cdk', 'cdk synth', ], - }) + }), }); ``` @@ -322,11 +300,8 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'npm install -g aws-cdk', - 'cdk synth', - ], - }) + commands: ['npm install -g aws-cdk', 'cdk synth'], + }), }); ``` @@ -358,7 +333,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { // Abstract over doing the build './build.sh', ], - }) + }), }); ``` @@ -368,19 +343,20 @@ for developers at the same time. #### CodePipeline Sources -In CodePipeline, *Sources* define where the source of your application lives. +In CodePipeline, _Sources_ define where the source of your application lives. When a change to the source is detected, the pipeline will start executing. Source objects can be created by factory methods on the `CodePipelineSource` class: ##### GitHub, GitHub Enterprise, BitBucket using a connection -The recommended way of connecting to GitHub or BitBucket is by using a *connection*. +The recommended way of connecting to GitHub or BitBucket is by using a _connection_. You will first use the AWS Console to authenticate to the source control provider, and then use the connection ARN in your pipeline definition: ```ts pipelines.CodePipelineSource.connection('org/repo', 'branch', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', }); ``` @@ -406,7 +382,11 @@ that the CodeCommit repository and then use `CodePipelineSource.codeCommit` to reference it: ```ts -const repository = codecommit.Repository.fromRepositoryName(this, 'Repository', 'my-repository'); +const repository = codecommit.Repository.fromRepositoryName( + this, + 'Repository', + 'my-repository' +); pipelines.CodePipelineSource.codeCommit(repository, 'main'); ``` @@ -448,12 +428,12 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.gitHub('myorg/repo2', 'main'), additionalInputs: { - 'subdir': pipelines.CodePipelineSource.gitHub('myorg/repo3', 'main'), + subdir: pipelines.CodePipelineSource.gitHub('myorg/repo3', 'main'), '../siblingdir': prebuild, }, commands: ['./build.sh'], - }) + }), }); ``` @@ -467,12 +447,14 @@ so, call `pipeline.addStage()` on the Stage object: declare const pipeline: pipelines.CodePipeline; // Do this as many times as necessary with any account and region // Account and region may different from the pipeline's. -pipeline.addStage(new MyApplicationStage(this, 'Prod', { - env: { - account: '123456789012', - region: 'eu-west-1', - } -})); +pipeline.addStage( + new MyApplicationStage(this, 'Prod', { + env: { + account: '123456789012', + region: 'eu-west-1', + }, + }) +); ``` CDK Pipelines will automatically discover all `Stacks` in the given `Stage` @@ -491,7 +473,7 @@ correctly and any requisite replication Buckets are created. By default, all applications added to CDK Pipelines by calling `addStage()` will be deployed in sequence, one after the other. If you have a lot of stages, you can speed up the pipeline by choosing to deploy some stages in parallel. You do this -by calling `addWave()` instead of `addStage()`: a *wave* is a set of stages that +by calling `addWave()` instead of `addStage()`: a _wave_ is a set of stages that are all deployed in parallel instead of sequentially. Waves themselves are still deployed in sequence. For example, the following will deploy two copies of your application to `eu-west-1` and `eu-central-1` in parallel: @@ -499,19 +481,23 @@ application to `eu-west-1` and `eu-central-1` in parallel: ```ts declare const pipeline: pipelines.CodePipeline; const europeWave = pipeline.addWave('Europe'); -europeWave.addStage(new MyApplicationStage(this, 'Ireland', { - env: { region: 'eu-west-1' } -})); -europeWave.addStage(new MyApplicationStage(this, 'Germany', { - env: { region: 'eu-central-1' } -})); +europeWave.addStage( + new MyApplicationStage(this, 'Ireland', { + env: { region: 'eu-west-1' }, + }) +); +europeWave.addStage( + new MyApplicationStage(this, 'Germany', { + env: { region: 'eu-central-1' }, + }) +); ``` #### Deploying to other accounts / encrypting the Artifact Bucket CDK Pipelines can transparently deploy to other Regions and other accounts (provided those target environments have been -[*bootstrapped*](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)). +[_bootstrapped_](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)). However, deploying to another account requires one additional piece of configuration: you need to enable `crossAccountKeys: true` when creating the pipeline. @@ -530,13 +516,10 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { enableKeyRotation: true, // optional synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -592,9 +575,7 @@ pipeline.addStage(preprod, { ], }); pipeline.addStage(prod, { - pre: [ - new pipelines.ManualApprovalStep('PromoteToProd'), - ], + pre: [new pipelines.ManualApprovalStep('PromoteToProd')], }); ``` @@ -616,15 +597,18 @@ declare const pipeline: pipelines.CodePipeline; const prod = new MyStacksStage(this, 'Prod'); pipeline.addStage(prod, { - stackSteps: [{ - stack: prod.stack1, - pre: [new pipelines.ManualApprovalStep('Pre-Stack Check')], // Executed before stack is prepared - changeSet: [new pipelines.ManualApprovalStep('ChangeSet Approval')], // Executed after stack is prepared but before the stack is deployed - post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed - }, { - stack: prod.stack2, - post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed - }], + stackSteps: [ + { + stack: prod.stack1, + pre: [new pipelines.ManualApprovalStep('Pre-Stack Check')], // Executed before stack is prepared + changeSet: [new pipelines.ManualApprovalStep('ChangeSet Approval')], // Executed after stack is prepared but before the stack is deployed + post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed + }, + { + stack: prod.stack2, + post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed + }, + ], }); ``` @@ -664,7 +648,9 @@ class MyOutputStage extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); - this.loadBalancerAddress = new CfnOutput(this, 'Output', {value: 'value'}); + this.loadBalancerAddress = new CfnOutput(this, 'Output', { + value: 'value', + }); } } @@ -724,8 +710,12 @@ declare const vpc: ec2.Vpc; declare const mySecurityGroup: ec2.SecurityGroup; new pipelines.CodeBuildStep('Synth', { // ...standard ShellStep props... - commands: [/* ... */], - env: { /* ... */ }, + commands: [ + /* ... */ + ], + env: { + /* ... */ + }, // If you are using a CodeBuildStep explicitly, set the 'cdk.out' directory // to be the synth step's output. @@ -746,12 +736,14 @@ new pipelines.CodeBuildStep('Synth', { privileged: true, }, timeout: Duration.minutes(90), - fileSystemLocations: [codebuild.FileSystemLocation.efs({ - identifier: "myidentifier2", - location: "myclodation.mydnsroot.com:/loc", - mountPoint: "/media", - mountOptions: "opts", - })], + fileSystemLocations: [ + codebuild.FileSystemLocation.efs({ + identifier: 'myidentifier2', + location: 'myclodation.mydnsroot.com:/loc', + mountPoint: '/media', + mountOptions: 'opts', + }), + ], // Control Elastic Network Interface creation vpc: vpc, @@ -763,12 +755,14 @@ new pipelines.CodeBuildStep('Synth', { // Additional policy statements for the execution role rolePolicyStatements: [ - new iam.PolicyStatement({ /* ... */ }), + new iam.PolicyStatement({ + /* ... */ + }), ], }); ``` -You can also configure defaults for *all* CodeBuild projects by passing `codeBuildDefaults`, +You can also configure defaults for _all_ CodeBuild projects by passing `codeBuildDefaults`, or just for the synth, asset publishing, and self-mutation projects by passing `synthCodeBuildDefaults`, `assetPublishingCodeBuildDefaults`, or `selfMutationCodeBuildDefaults`: @@ -782,13 +776,10 @@ new pipelines.CodePipeline(this, 'Pipeline', { // Standard CodePipeline properties synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), // Defaults for all CodeBuild projects @@ -811,7 +802,9 @@ new pipelines.CodePipeline(this, 'Pipeline', { // Additional policy statements for the execution role rolePolicy: [ - new iam.PolicyStatement({ /* ... */ }), + new iam.PolicyStatement({ + /* ... */ + }), ], // Information about logs @@ -825,9 +818,15 @@ new pipelines.CodePipeline(this, 'Pipeline', { }, }, - synthCodeBuildDefaults: { /* ... */ }, - assetPublishingCodeBuildDefaults: { /* ... */ }, - selfMutationCodeBuildDefaults: { /* ... */ }, + synthCodeBuildDefaults: { + /* ... */ + }, + assetPublishingCodeBuildDefaults: { + /* ... */ + }, + selfMutationCodeBuildDefaults: { + /* ... */ + }, }); ``` @@ -840,10 +839,13 @@ doesn't have a matching class yet, you can define your own step class that exten Here's an example that adds a Jenkins step: ```ts -class MyJenkinsStep extends pipelines.Step implements pipelines.ICodePipelineActionFactory { +class MyJenkinsStep + extends pipelines.Step + implements pipelines.ICodePipelineActionFactory +{ constructor( private readonly provider: cpactions.JenkinsProvider, - private readonly input: pipelines.FileSet, + private readonly input: pipelines.FileSet ) { super('MyJenkinsStep'); @@ -851,27 +853,33 @@ class MyJenkinsStep extends pipelines.Step implements pipelines.ICodePipelineAct // that may contain outputs from other steps. It doesn't matter what the // structure is, as long as it contains the values that may contain outputs. this.discoverReferencedOutputs({ - env: { /* ... */ } + env: { + /* ... */ + }, }); } - public produceAction(stage: codepipeline.IStage, options: pipelines.ProduceActionOptions): pipelines.CodePipelineActionFactoryResult { - + public produceAction( + stage: codepipeline.IStage, + options: pipelines.ProduceActionOptions + ): pipelines.CodePipelineActionFactoryResult { // This is where you control what type of Action gets added to the // CodePipeline - stage.addAction(new cpactions.JenkinsAction({ - // Copy 'actionName' and 'runOrder' from the options - actionName: options.actionName, - runOrder: options.runOrder, - - // Jenkins-specific configuration - type: cpactions.JenkinsActionType.TEST, - jenkinsProvider: this.provider, - projectName: 'MyJenkinsProject', - - // Translate the FileSet into a codepipeline.Artifact - inputs: [options.artifacts.toCodePipeline(this.input)], - })); + stage.addAction( + new cpactions.JenkinsAction({ + // Copy 'actionName' and 'runOrder' from the options + actionName: options.actionName, + runOrder: options.runOrder, + + // Jenkins-specific configuration + type: cpactions.JenkinsActionType.TEST, + jenkinsProvider: this.provider, + projectName: 'MyJenkinsProject', + + // Translate the FileSet into a codepipeline.Artifact + inputs: [options.artifacts.toCodePipeline(this.input)], + }) + ); return { runOrdersConsumed: 1 }; } @@ -881,26 +889,35 @@ class MyJenkinsStep extends pipelines.Step implements pipelines.ICodePipelineAct Another example, adding a lambda step referencing outputs from a stack: ```ts -class MyLambdaStep extends pipelines.Step implements pipelines.ICodePipelineActionFactory { - private stackOutputReference: pipelines.StackOutputReference +class MyLambdaStep + extends pipelines.Step + implements pipelines.ICodePipelineActionFactory +{ + private stackOutputReference: pipelines.StackOutputReference; - constructor( - private readonly fn: lambda.Function, - stackOutput: CfnOutput, - ) { + constructor(private readonly fn: lambda.Function, stackOutput: CfnOutput) { super('MyLambdaStep'); - this.stackOutputReference = pipelines.StackOutputReference.fromCfnOutput(stackOutput); + this.stackOutputReference = + pipelines.StackOutputReference.fromCfnOutput(stackOutput); } - public produceAction(stage: codepipeline.IStage, options: pipelines.ProduceActionOptions): pipelines.CodePipelineActionFactoryResult { - - stage.addAction(new cpactions.LambdaInvokeAction({ - actionName: options.actionName, - runOrder: options.runOrder, - // Map the reference to the variable name the CDK has generated for you. - userParameters: {stackOutput: options.stackOutputsMap.toCodePipeline(this.stackOutputReference)}, - lambda: this.fn, - })); + public produceAction( + stage: codepipeline.IStage, + options: pipelines.ProduceActionOptions + ): pipelines.CodePipelineActionFactoryResult { + stage.addAction( + new cpactions.LambdaInvokeAction({ + actionName: options.actionName, + runOrder: options.runOrder, + // Map the reference to the variable name the CDK has generated for you. + userParameters: { + stackOutput: options.stackOutputsMap.toCodePipeline( + this.stackOutputReference + ), + }, + lambda: this.fn, + }) + ); return { runOrdersConsumed: 1 }; } @@ -924,7 +941,7 @@ This also gives you more direct control over the underlying `CodePipeline.Pipeli if the way the modern API creates it doesn't allow for desired configurations. Use `CodePipelineFileset` to convert CodePipeline **artifacts** into CDK Pipelines **file sets**, that can be used everywhere a file set or file set producer is expected. -Here's an example of passing in an existing pipeline and using a *source* that's already +Here's an example of passing in an existing pipeline and using a _source_ that's already in the pipeline: ```ts @@ -936,7 +953,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { codePipeline: codePipeline, synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineFileSet.fromArtifact(sourceArtifact), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -970,7 +987,7 @@ Docker can be used in 3 different places in the pipeline: - If you are using Docker to bundle file assets anywhere in your project (for example, if you are using such construct libraries as `aws-cdk-lib/aws-lambda-nodejs`): Docker will run in the - *synth* project. + _synth_ project. For the first case, you don't need to do anything special. For the other two cases, you need to make sure that **privileged mode** is enabled on the correct CodeBuild @@ -991,9 +1008,10 @@ you need to pass `dockerEnabledForSelfMutation: true` to the pipeline. For examp const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), // Turn this on because the pipeline uses Docker image assets @@ -1017,7 +1035,7 @@ pipeline.addWave('MyWave', { ``` > **Important**: You must turn on the `dockerEnabledForSelfMutation` flag, -> commit and allow the pipeline to self-update *before* adding the actual +> commit and allow the pipeline to self-update _before_ adding the actual > Docker asset. ### Using bundled file assets @@ -1030,9 +1048,10 @@ if you add a construct like `aws-cdk-lib/aws-lambda-nodejs`), you need to pass const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), // Turn this on because the application uses bundled file assets @@ -1041,7 +1060,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { ``` > **Important**: You must turn on the `dockerEnabledForSynth` flag, -> commit and allow the pipeline to self-update *before* adding the actual +> commit and allow the pipeline to self-update _before_ adding the actual > Docker asset. ### Authenticating to Docker registries @@ -1052,22 +1071,42 @@ any of the application stages — require authentication, either due to being in different environment (e.g., ECR repo) or to avoid throttling (e.g., DockerHub). ```ts -const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'DHSecret', 'arn:aws:...'); -const customRegSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'CRSecret', 'arn:aws:...'); -const repo1 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo1'); -const repo2 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo2'); +const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn( + this, + 'DHSecret', + 'arn:aws:...' +); +const customRegSecret = secretsmanager.Secret.fromSecretCompleteArn( + this, + 'CRSecret', + 'arn:aws:...' +); +const repo1 = ecr.Repository.fromRepositoryArn( + this, + 'Repo', + 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo1' +); +const repo2 = ecr.Repository.fromRepositoryArn( + this, + 'Repo', + 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo2' +); const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { dockerCredentials: [ pipelines.DockerCredential.dockerHub(dockerHubSecret), - pipelines.DockerCredential.customRegistry('dockerregistry.example.com', customRegSecret), + pipelines.DockerCredential.customRegistry( + 'dockerregistry.example.com', + customRegSecret + ), pipelines.DockerCredential.ecr([repo1, repo2]), ], synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -1082,17 +1121,23 @@ optional role to assume before requesting the credentials. By default, the Docker credentials provided to the pipeline will be available to the **Synth**, **Self-Update**, and **Asset Publishing** actions within the -*pipeline. The scope of the credentials can be limited via the `DockerCredentialUsage` option. +\*pipeline. The scope of the credentials can be limited via the `DockerCredentialUsage` option. ```ts -const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'DHSecret', 'arn:aws:...'); +const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn( + this, + 'DHSecret', + 'arn:aws:...' +); // Only the image asset publishing actions will be granted read access to the secret. -const creds = pipelines.DockerCredential.dockerHub(dockerHubSecret, { usages: [pipelines.DockerCredentialUsage.ASSET_PUBLISHING] }); +const creds = pipelines.DockerCredential.dockerHub(dockerHubSecret, { + usages: [pipelines.DockerCredentialUsage.ASSET_PUBLISHING], +}); ``` ## CDK Environment Bootstrapping -An *environment* is an *(account, region)* pair where you want to deploy a +An _environment_ is an _(account, region)_ pair where you want to deploy a CDK stack (see [Environments](https://docs.aws.amazon.com/cdk/latest/guide/environments.html) in the CDK Developer Guide). In a Continuous Deployment pipeline, there are @@ -1102,16 +1147,16 @@ different stages of the application). These can be the same, though best practices recommend you isolate your different application stages from each other in different AWS accounts or regions. -Before you can provision the pipeline, you have to *bootstrap* the environment you want +Before you can provision the pipeline, you have to _bootstrap_ the environment you want to create it in. If you are deploying your application to different environments, you -also have to bootstrap those and be sure to add a *trust* relationship. +also have to bootstrap those and be sure to add a _trust_ relationship. After you have bootstrapped an environment and created a pipeline that deploys -to it, it's important that you don't delete the stack or change its *Qualifier*, +to it, it's important that you don't delete the stack or change its _Qualifier_, or future deployments to this environment will fail. If you want to upgrade the bootstrap stack to a newer version, do that by updating it in-place. -> This library requires the *modern* bootstrapping stack which has +> This library requires the _modern_ bootstrapping stack which has > been updated specifically to support cross-account continuous delivery. > > If you are using CDKv2, you do not need to do anything else. Modern @@ -1189,7 +1234,7 @@ These command lines explained: > Be aware that anyone who has access to the trusted Accounts **effectively has all > permissions conferred by the configured CloudFormation execution policies**, > allowing them to do things like read arbitrary S3 buckets and create arbitrary -> infrastructure in the bootstrapped account. Restrict the list of `--trust`ed Accounts, +> infrastructure in the bootstrapped account. Restrict the list of `--trust`ed Accounts, > or restrict the policies configured by `--cloudformation-execution-policies`.
@@ -1223,7 +1268,7 @@ The "new" bootstrap stack (obtained by running `cdk bootstrap` with contains: - An S3 bucket and ECR repository with predictable names, so that we can reference - assets in these storage locations *without* the use of CloudFormation template + assets in these storage locations _without_ the use of CloudFormation template parameters. - A set of roles with permissions to access these asset locations and to execute CloudFormation, assumable from whatever accounts you specify under `--trust`. @@ -1256,30 +1301,40 @@ declare const sharedXRegionUsWest2KeyArn: string; const usWest1Bucket = s3.Bucket.fromBucketAttributes(scope, 'UsEast1Bucket', { bucketArn: sharedXRegionUsWest1BucketArn, - encryptionKey: kms.Key.fromKeyArn(scope, 'UsEast1BucketKeyArn', sharedXRegionUsWest1BucketArn), + encryptionKey: kms.Key.fromKeyArn( + scope, + 'UsEast1BucketKeyArn', + sharedXRegionUsWest1BucketArn + ), }); const usWest2Bucket = s3.Bucket.fromBucketAttributes(scope, 'UsWest2Bucket', { bucketArn: sharedXRegionUsWest2BucketArn, - encryptionKey: kms.Key.fromKeyArn(scope, 'UsWest2BucketKeyArn', sharedXRegionUsWest2KeyArn), + encryptionKey: kms.Key.fromKeyArn( + scope, + 'UsWest2BucketKeyArn', + sharedXRegionUsWest2KeyArn + ), }); const crossRegionReplicationBuckets: Record = { 'us-west-1': usWest1Bucket, 'us-west-2': usWest2Bucket, // Support for additional regions. -} +}; const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', }), - commands: ['npm ci','npm run build','npx cdk synth'], - }), // Use shared buckets. + commands: ['npm ci', 'npm run build', 'npx cdk synth'], + }), // Use shared buckets. crossRegionReplicationBuckets, }); ``` + ## Context Lookups You might be using CDK constructs that need to look up [runtime @@ -1299,7 +1354,7 @@ contains the results of the context lookups. This will make sure your synthesized infrastructure is consistent and repeatable. If you do not commit `cdk.context.json`, the results of the lookups may suddenly be different in unexpected ways, and even produce results that cannot be deployed or will cause -data loss. To give an account permissions to perform lookups against an +data loss. To give an account permissions to perform lookups against an environment, without being able to deploy to it and make changes, run `cdk bootstrap --trust-for-lookup=`. @@ -1313,7 +1368,8 @@ lookup roles. As an example, doing so would look like this: new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.CodeBuildStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), commands: [ // Commands to load cdk.context.json from somewhere here @@ -1405,9 +1461,7 @@ You can insert the security check by using a `ConfirmPermissionsBroadening` step declare const pipeline: pipelines.CodePipeline; const stage = new MyApplicationStage(this, 'MyApplication'); pipeline.addStage(stage, { - pre: [ - new pipelines.ConfirmPermissionsBroadening('Check', { stage }), - ], + pre: [new pipelines.ConfirmPermissionsBroadening('Check', { stage })], }); ``` @@ -1436,7 +1490,7 @@ check enabled. ## Using a different deployment engine -CDK Pipelines supports multiple *deployment engines*, but this module vends a +CDK Pipelines supports multiple _deployment engines_, but this module vends a construct for only one such engine: AWS CodePipeline. It is also possible to use CDK Pipelines to build pipelines backed by other deployment engines. @@ -1490,7 +1544,7 @@ but the directory wasn't there. There are two common causes for this: ### is in ROLLBACK_COMPLETE state and can not be updated -If you see the following error during execution of your pipeline: +If you see the following error during execution of your pipeline: ```plaintext Stack ... is in ROLLBACK_COMPLETE state and can not be updated. (Service: @@ -1520,7 +1574,7 @@ project that uses the AWS SDK for JavaScript, without the target application having been installed yet. For example, it can be triggered by `npx cdk synth` if `aws-cdk` is not in your `package.json`. -Work around this by either installing the target application using NPM *before* +Work around this by either installing the target application using NPM _before_ running `npx`, or set the environment variable `NPM_CONFIG_UNSAFE_PERM=true`. ### Cannot connect to the Docker daemon at unix:///var/run/docker.sock @@ -1539,21 +1593,6 @@ that bundles asset using tools run via Docker, like `aws-lambda-nodejs`, `aws-la Make sure you set the `privileged` environment variable to `true` in the synth definition: -```ts -const sourceArtifact = new codepipeline.Artifact(); -const cloudAssemblyArtifact = new codepipeline.Artifact(); -const pipeline = new pipelines.CdkPipeline(this, 'MyPipeline', { - cloudAssemblyArtifact, - synthAction: pipelines.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - environment: { - privileged: true, - }, - }), -}); -``` - After turning on `privilegedMode: true`, you will need to do a one-time manual cdk deploy of your pipeline to get it going again (as with a broken 'synth' the pipeline will not be able to self update to the right state). @@ -1606,27 +1645,6 @@ An "S3 Access Denied" error can have two causes: - Asset hashes have changed, but self-mutation has been disabled in the pipeline. - You have deleted and recreated the bootstrap stack, or changed its qualifier. -#### Self-mutation step has been removed - -Some constructs, such as EKS clusters, generate nested stacks. When CloudFormation tries -to deploy those stacks, it may fail with this error: - -```console -S3 error: Access Denied For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html -``` - -This happens because the pipeline is not self-mutating and, as a consequence, the `FileAssetX` -build projects get out-of-sync with the generated templates. To fix this, make sure the -`selfMutating` property is set to `true`: - -```ts -const cloudAssemblyArtifact = new codepipeline.Artifact(); -const pipeline = new pipelines.CdkPipeline(this, 'MyPipeline', { - selfMutating: true, - cloudAssemblyArtifact, -}); -``` - #### Bootstrap roles have been renamed or recreated While attempting to deploy an application stage, the "Prepare" or "Deploy" stage may fail with a cryptic error like: @@ -1656,7 +1674,7 @@ $ env CDK_NEW_BOOTSTRAP=1 npx cdk bootstrap \ ``` - Update all impacted stacks in the pipeline to use this new qualifier. -See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html for more info. + See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html for more info. ```ts new Stack(this, 'MyStack', { @@ -1681,13 +1699,13 @@ encryption key policy for the artifacts bucket may have a statement that looks l ```json { - "Effect" : "Allow", - "Principal" : { + "Effect": "Allow", + "Principal": { // "AWS" : "AROAYBRETNYCYV6ZF2R93" // Indicates this issue; replace this value - "AWS": "arn:aws:iam::0123456789012:role/cdk-hnb659fds-deploy-role-0123456789012-eu-west-1", // Correct value + "AWS": "arn:aws:iam::0123456789012:role/cdk-hnb659fds-deploy-role-0123456789012-eu-west-1" // Correct value }, - "Action" : [ "kms:Decrypt", "kms:DescribeKey" ], - "Resource" : "*" + "Action": ["kms:Decrypt", "kms:DescribeKey"], + "Resource": "*" } ``` @@ -1704,7 +1722,7 @@ framework version that your application uses. You either forgot to change the `cliVersion` parameter, or changed the `cliVersion` in the same commit in which you changed the framework version. Because a change to the pipeline settings needs a successful run of the `SelfMutate` step to be applied, the next iteration of the -`SelfMutate` step still executes with the *old* CLI version, and that old CLI version +`SelfMutate` step still executes with the _old_ CLI version, and that old CLI version is not able to read the cloud assembly produced by the new framework version. Solution: change the `cliVersion` first, commit, push and deploy, and only then @@ -1751,8 +1769,8 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { // Add the shell commands to install your drop-in Docker // replacement to the CodeBuild enviromment. commands: installCommands, - } - } + }, + }, }), buildEnvironment: { environmentVariables: { @@ -1760,8 +1778,8 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { // `docker` when building / publishing docker images. // e.g., `drop-in-replacement build . -f path/to/Dockerfile` CDK_DOCKER: { value: 'drop-in-replacement' }, - } - } + }, + }, }, }); ``` @@ -1789,14 +1807,16 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { buildEnvironment: { // Provide a custom build image containing your toolchain and the // pre-installed replacement for the `docker` command. - buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('your-docker-registry'), + buildImage: codebuild.LinuxBuildImage.fromDockerRegistry( + 'your-docker-registry' + ), environmentVariables: { // If you haven't provided an `ENV` in your Dockerfile that overrides // `CDK_DOCKER`, then you must provide the name of the command that // the AWS CDK should run instead of `docker` here. CDK_DOCKER: { value: 'drop-in-replacement' }, - } - } + }, + }, }, }); ``` diff --git a/packages/aws-cdk-lib/pipelines/lib/index.ts b/packages/aws-cdk-lib/pipelines/lib/index.ts index 5f469e9fd5ce6..e26c394c027cb 100644 --- a/packages/aws-cdk-lib/pipelines/lib/index.ts +++ b/packages/aws-cdk-lib/pipelines/lib/index.ts @@ -1,4 +1,3 @@ -export * from './legacy'; export * from './blueprint'; export * from './codepipeline'; export * from './main'; diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts deleted file mode 100644 index 3de0c99c3de23..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts +++ /dev/null @@ -1,386 +0,0 @@ -import * as fs from 'fs'; -import * as path from 'path'; -import { Construct, Node } from 'constructs'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as cpactions from '../../../../aws-codepipeline-actions'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { Aws, CfnCapabilities, Stack } from '../../../../core'; -import * as cxapi from '../../../../cx-api'; -import { appOf, assemblyBuilderOf } from '../../private/construct-internals'; -import { toPosixPath } from '../../private/fs'; - -/** - * Customization options for a DeployCdkStackAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface DeployCdkStackActionOptions { - /** - * Base name of the action - * - * @default stackName - */ - readonly baseActionName?: string; - - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * Run order for the Prepare action - * - * @default 1 - */ - readonly prepareRunOrder?: number; - - /** - * Run order for the Execute action - * - * @default - prepareRunOrder + 1 - */ - readonly executeRunOrder?: number; - - /** - * Artifact to write Stack Outputs to - * - * @default - No outputs - */ - readonly output?: codepipeline.Artifact; - - /** - * Filename in output to write Stack outputs to - * - * @default - Required when 'output' is set - */ - readonly outputFileName?: string; - - /** - * Name of the change set to create and deploy - * - * @default 'PipelineChange' - */ - readonly changeSetName?: string; -} - -/** - * Properties for a DeployCdkStackAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface DeployCdkStackActionProps extends DeployCdkStackActionOptions { - /** - * Relative path of template in the input artifact - */ - readonly templatePath: string; - - /** - * Role for the action to assume - * - * This controls the account to deploy into - */ - readonly actionRole: iam.IRole; - - /** - * The name of the stack that should be created/updated - */ - readonly stackName: string; - - /** - * Role to execute CloudFormation under - * - * @default - Execute CloudFormation using the action role - */ - readonly cloudFormationExecutionRole?: iam.IRole; - - /** - * Region to deploy into - * - * @default - Same region as pipeline - */ - readonly region?: string; - - /** - * Artifact ID for the stack deployed here - * - * Used for pipeline order checking. - * - * @default - Order will not be checked - */ - readonly stackArtifactId?: string; - - /** - * Artifact ID for the stacks this stack depends on - * - * Used for pipeline order checking. - * - * @default - No dependencies - */ - readonly dependencyStackArtifactIds?: string[]; - - /** - * Template configuration path relative to the input artifact - * - * @default - No template configuration - */ - readonly templateConfigurationPath?: string; -} - -/** - * Options for the 'fromStackArtifact' operation - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface CdkStackActionFromArtifactOptions extends DeployCdkStackActionOptions { - /** - * The name of the stack that should be created/updated - * - * @default - Same as stack artifact - */ - readonly stackName?: string; -} - -/** - * Action to deploy a CDK Stack - * - * Adds two CodePipeline Actions to the pipeline: one to create a ChangeSet - * and one to execute it. - * - * You do not need to instantiate this action yourself -- it will automatically - * be added by the pipeline when you add stack artifacts or entire stages. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class DeployCdkStackAction implements codepipeline.IAction { - /** - * Construct a DeployCdkStackAction from a Stack artifact - */ - public static fromStackArtifact(scope: Construct, artifact: cxapi.CloudFormationStackArtifact, options: CdkStackActionFromArtifactOptions) { - if (!artifact.assumeRoleArn) { - throw new Error(`Stack '${artifact.stackName}' does not have deployment role information; use the 'DefaultStackSynthesizer' synthesizer, or set the '@aws-cdk/core:newStyleStackSynthesis' context key.`); - } - - const artRegion = artifact.environment.region; - const region = artRegion === Stack.of(scope).region || artRegion === cxapi.UNKNOWN_REGION ? undefined : artRegion; - const artAccount = artifact.environment.account; - const account = artAccount === Stack.of(scope).account || artAccount === cxapi.UNKNOWN_ACCOUNT ? undefined : artAccount; - - const actionRole = roleFromPlaceholderArn(scope, region, account, artifact.assumeRoleArn); - const cloudFormationExecutionRole = roleFromPlaceholderArn(scope, region, account, artifact.cloudFormationExecutionRoleArn); - - // We need the path of the template relative to the root Cloud Assembly - // It should be easier to get this, but for now it is what it is. - const appAsmRoot = assemblyBuilderOf(appOf(scope)).outdir; - const fullTemplatePath = path.join(artifact.assembly.directory, artifact.templateFile); - - let fullConfigPath; - if (Object.keys(artifact.tags).length > 0) { - fullConfigPath = `${fullTemplatePath}.config.json`; - - // Write the template configuration file (for parameters into CreateChangeSet call that - // cannot be configured any other way). They must come from a file, and there's unfortunately - // no better hook to write this file (`construct.onSynthesize()` would have been the prime candidate - // but that is being deprecated--and DeployCdkStackAction isn't even a construct). - writeTemplateConfiguration(fullConfigPath, { - Tags: artifact.tags, - }); - } - - return new DeployCdkStackAction({ - actionRole, - cloudFormationExecutionRole, - templatePath: toPosixPath(path.relative(appAsmRoot, fullTemplatePath)), - templateConfigurationPath: fullConfigPath ? toPosixPath(path.relative(appAsmRoot, fullConfigPath)) : undefined, - region, - stackArtifactId: artifact.id, - dependencyStackArtifactIds: artifact.dependencies.filter(isStackArtifact).map(s => s.id), - stackName: options.stackName ?? artifact.stackName, - ...options, - }); - } - - /** - * The runorder for the prepare action - */ - public readonly prepareRunOrder: number; - - /** - * The runorder for the execute action - */ - public readonly executeRunOrder: number; - - /** - * Name of the deployed stack - */ - public readonly stackName: string; - - /** - * Artifact id of the artifact this action was based on - */ - public readonly stackArtifactId?: string; - - /** - * Artifact ids of the artifact this stack artifact depends on - */ - public readonly dependencyStackArtifactIds: string[]; - - private readonly prepareChangeSetAction: cpactions.CloudFormationCreateReplaceChangeSetAction; - private readonly executeChangeSetAction: cpactions.CloudFormationExecuteChangeSetAction; - - constructor(props: DeployCdkStackActionProps) { - if (props.output && !props.outputFileName) { - throw new Error('If \'output\' is set, \'outputFileName\' is also required'); - } - - this.stackArtifactId = props.stackArtifactId; - this.dependencyStackArtifactIds = props.dependencyStackArtifactIds ?? []; - - this.prepareRunOrder = props.prepareRunOrder ?? 1; - this.executeRunOrder = props.executeRunOrder ?? this.prepareRunOrder + 1; - this.stackName = props.stackName; - const baseActionName = props.baseActionName ?? this.stackName; - const changeSetName = props.changeSetName ?? 'PipelineChange'; - - this.prepareChangeSetAction = new cpactions.CloudFormationCreateReplaceChangeSetAction({ - actionName: `${baseActionName}.Prepare`, - changeSetName, - runOrder: this.prepareRunOrder, - stackName: this.stackName, - templatePath: props.cloudAssemblyInput.atPath(props.templatePath), - adminPermissions: false, - role: props.actionRole, - deploymentRole: props.cloudFormationExecutionRole, - region: props.region, - cfnCapabilities: [CfnCapabilities.NAMED_IAM, CfnCapabilities.AUTO_EXPAND], - templateConfiguration: props.templateConfigurationPath ? props.cloudAssemblyInput.atPath(props.templateConfigurationPath) : undefined, - }); - this.executeChangeSetAction = new cpactions.CloudFormationExecuteChangeSetAction({ - actionName: `${baseActionName}.Deploy`, - changeSetName, - runOrder: this.executeRunOrder, - stackName: this.stackName, - role: props.actionRole, - region: props.region, - outputFileName: props.outputFileName, - output: props.output, - }); - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): - codepipeline.ActionConfig { - stage.addAction(this.prepareChangeSetAction); - - return this.executeChangeSetAction.bind(scope, stage, options); - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.executeChangeSetAction.onStateChange(name, target, options); - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - return this.executeChangeSetAction.actionProperties; - } -} - -function roleFromPlaceholderArn(scope: Construct, region: string | undefined, - account: string | undefined, arn: string): iam.IRole; -function roleFromPlaceholderArn(scope: Construct, region: string | undefined, - account: string | undefined, arn: string | undefined): iam.IRole | undefined; -function roleFromPlaceholderArn(scope: Construct, region: string | undefined, - account: string | undefined, arn: string | undefined): iam.IRole | undefined { - - if (!arn) { return undefined; } - - // Use placeholdered arn as construct ID. - const id = arn; - - // https://github.com/aws/aws-cdk/issues/7255 - let existingRole = Node.of(scope).tryFindChild(`ImmutableRole${id}`) as iam.IRole; - if (existingRole) { return existingRole; } - // For when #7255 is fixed. - existingRole = Node.of(scope).tryFindChild(id) as iam.IRole; - if (existingRole) { return existingRole; } - - const arnToImport = cxapi.EnvironmentPlaceholders.replace(arn, { - region: region ?? Aws.REGION, - accountId: account ?? Aws.ACCOUNT_ID, - partition: Aws.PARTITION, - }); - return iam.Role.fromRoleArn(scope, id, arnToImport, { mutable: false, addGrantsToResources: true }); -} - -/** - * Options for CdkDeployAction.fromStackArtifact - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface FromStackArtifactOptions { - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * Run order for the 2 actions that will be created - * - * @default 1 - */ - readonly prepareRunOrder?: number; - - /** - * Run order for the Execute action - * - * @default - prepareRunOrder + 1 - */ - readonly executeRunOrder?: number; - - /** - * Artifact to write Stack Outputs to - * - * @default - No outputs - */ - readonly output?: codepipeline.Artifact; - - /** - * Filename in output to write Stack outputs to - * - * @default - Required when 'output' is set - */ - readonly outputFileName?: string; -} - -function isStackArtifact(a: cxapi.CloudArtifact): a is cxapi.CloudFormationStackArtifact { - // instanceof is too risky, and we're at a too late stage to properly fix. - // return a instanceof cxapi.CloudFormationStackArtifact; - return a.constructor.name === 'CloudFormationStackArtifact'; -} - -/** - * Template configuration in a CodePipeline - * - * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/continuous-delivery-codepipeline-cfn-artifacts.html#w2ab1c13c17c15 - */ -interface TemplateConfiguration { - readonly Parameters?: Record; - readonly Tags?: Record; - readonly StackPolicy?: { - readonly Statements: Array>; - }; -} - -/** - * Write template configuration to the given file - */ -function writeTemplateConfiguration(filename: string, config: TemplateConfiguration) { - fs.writeFileSync(filename, JSON.stringify(config, undefined, 2), { encoding: 'utf-8' }); -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts deleted file mode 100644 index 834ded93472f2..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './deploy-cdk-stack-action'; -export * from './publish-assets-action'; -export * from './update-pipeline-action'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts deleted file mode 100644 index 89bd087101972..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts +++ /dev/null @@ -1,228 +0,0 @@ -import * as fs from 'fs'; -import * as path from 'path'; -import { IDependable, Construct } from 'constructs'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../../aws-codepipeline-actions'; -import * as ec2 from '../../../../aws-ec2'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { ISynthesisSession, Lazy, Stack, attachCustomSynthesis } from '../../../../core'; -import { AssetType } from '../../blueprint/asset-type'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; -import { toPosixPath } from '../../private/fs'; - -/** - * Props for a PublishAssetsAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface PublishAssetsActionProps { - /** - * Name of publishing action - */ - readonly actionName: string; - - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * AssetType we're publishing - */ - readonly assetType: AssetType; - - /** - * Version of CDK CLI to 'npm install'. - * - * @default - Latest version - */ - readonly cdkCliVersion?: string; - - /** - * Name of the CodeBuild project - * - * @default - Automatically generated - */ - readonly projectName?: string; - - /** - * Role to use for CodePipeline and CodeBuild to build and publish the assets. - * - * @default - Automatically generated - */ - readonly role?: iam.IRole; - - /** - * Any Dependable construct that the CodeBuild project needs to take a dependency on. - * - * @default - none - */ - readonly dependable?: IDependable; - - /** - * The VPC where to execute the PublishAssetsAction. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * Custom BuildSpec that is merged with generated one - * - * @default - none - */ - readonly buildSpec?: codebuild.BuildSpec; - - /** - * Use a file buildspec written to the cloud assembly instead of an inline buildspec. - * This prevents size limitation errors as inline specs have a max length of 25600 characters - * - * @default false - */ - readonly createBuildspecFile?: boolean; - - /** - * Additional commands to run before installing cdk-assert - * Use this to setup proxies or npm mirrors - * - * @default - - */ - readonly preInstallCommands?: string[]; -} - -/** - * Action to publish an asset in the pipeline - * - * Creates a CodeBuild project which will use the CDK CLI - * to prepare and publish the asset. - * - * You do not need to instantiate this action -- it will automatically - * be added by the pipeline when you add stacks that use assets. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class PublishAssetsAction extends Construct implements codepipeline.IAction { - private readonly action: codepipeline.IAction; - private readonly commands = new Array(); - - private readonly buildSpec: codebuild.BuildSpec; - - constructor(scope: Construct, id: string, private readonly props: PublishAssetsActionProps) { - super(scope, id); - - const installSuffix = props.cdkCliVersion ? `@${props.cdkCliVersion}` : ''; - const installCommand = `npm install -g cdk-assets${installSuffix}`; - - const buildSpec = codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - install: { - commands: props.preInstallCommands ? [...props.preInstallCommands, installCommand] : installCommand, - }, - build: { - commands: Lazy.list({ produce: () => this.commands }), - }, - }, - }); - this.buildSpec = props.buildSpec ? codebuild.mergeBuildSpecs(props.buildSpec, buildSpec) : buildSpec; - - const project = new codebuild.PipelineProject(this, 'Default', { - projectName: this.props.projectName, - environment: { - buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE, - privileged: (props.assetType === AssetType.DOCKER_IMAGE) ? true : undefined, - }, - vpc: props.vpc, - subnetSelection: props.subnetSelection, - buildSpec: props.createBuildspecFile ? codebuild.BuildSpec.fromSourceFilename(this.getBuildSpecFileName()) : this.buildSpec, - role: props.role, - }); - - if (props.dependable) { - project.node.addDependency(props.dependable); - } - - this.action = new codepipeline_actions.CodeBuildAction({ - actionName: props.actionName, - project, - input: this.props.cloudAssemblyInput, - role: props.role, - // Add this purely so that the pipeline will selfupdate if the CLI version changes - environmentVariables: props.cdkCliVersion ? { - CDK_CLI_VERSION: { value: props.cdkCliVersion }, - } : undefined, - }); - - attachCustomSynthesis(this, { - onSynthesize: this._onSynth.bind(this), - }); - } - - private getBuildSpecFileName(): string { - return `buildspec-assets-${this.node.path.replace(new RegExp('/', 'g'), '-')}.yaml`; - } - - private _onSynth(session: ISynthesisSession): void { - if (this.props.createBuildspecFile) { - const specFile = path.join(session.outdir, this.getBuildSpecFileName()); - fs.writeFileSync(specFile, Stack.of(this).resolve(this.buildSpec.toBuildSpec()), { encoding: 'utf-8' }); - } - } - - /** - * Add a single publishing command - * - * Manifest path should be relative to the root Cloud Assembly. - */ - public addPublishCommand(relativeManifestPath: string, assetSelector: string) { - const command = `cdk-assets --path "${toPosixPath(relativeManifestPath)}" --verbose publish "${assetSelector}"`; - if (!this.commands.includes(command)) { - this.commands.push(command); - } - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): - codepipeline.ActionConfig { - return this.action.bind(scope, stage, options); - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.action.onStateChange(name, target, options); - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - // FIXME: I have had to make this class a Construct, because: - // - // - It needs access to the Construct tree, because it is going to add a `PipelineProject`. - // - I would have liked to have done that in bind(), however, - // - `actionProperties` (this method) is called BEFORE bind() is called, and by that point I - // don't have the "inner" Action yet to forward the call to. - // - // I've therefore had to construct the inner CodeBuildAction in the constructor, which requires making this - // Action a Construct. - // - // Combined with how non-intuitive it is to make the "StackDeployAction", I feel there is something - // wrong with the Action abstraction here. - return this.action.actionProperties; - } -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts deleted file mode 100644 index 85672ab4a849f..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts +++ /dev/null @@ -1,183 +0,0 @@ -import { Construct } from 'constructs'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as cpactions from '../../../../aws-codepipeline-actions'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { Stack } from '../../../../core'; -import { dockerCredentialsInstallCommands, DockerCredential, DockerCredentialUsage } from '../../docker-credentials'; -import { embeddedAsmPath } from '../../private/construct-internals'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; - -/** - * Props for the UpdatePipelineAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface UpdatePipelineActionProps { - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * Name of the pipeline stack - * - * @deprecated - Use `pipelineStackHierarchicalId` instead. - * @default - none - */ - readonly pipelineStackName?: string; - - /** - * Hierarchical id of the pipeline stack - */ - readonly pipelineStackHierarchicalId: string; - - /** - * Version of CDK CLI to 'npm install'. - * - * @default - Latest version - */ - readonly cdkCliVersion?: string; - - /** - * Name of the CodeBuild project - * - * @default - Automatically generated - */ - readonly projectName?: string; - - /** - * Whether the build step should run in privileged mode. - * - * @default - false - */ - readonly privileged?: boolean; - - /** - * Docker registries and associated credentials necessary during the pipeline - * self-update stage. - * - * @default [] - */ - readonly dockerCredentials?: DockerCredential[]; - - /** - * Custom BuildSpec that is merged with generated one - * - * @default - none - */ - readonly buildSpec?: codebuild.BuildSpec; -} - -/** - * Action to self-mutate the pipeline - * - * Creates a CodeBuild project which will use the CDK CLI - * to deploy the pipeline stack. - * - * You do not need to instantiate this action -- it will automatically - * be added by the pipeline. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class UpdatePipelineAction extends Construct implements codepipeline.IAction { - private readonly action: codepipeline.IAction; - - constructor(scope: Construct, id: string, props: UpdatePipelineActionProps) { - super(scope, id); - - const installSuffix = props.cdkCliVersion ? `@${props.cdkCliVersion}` : ''; - - const stackIdentifier = props.pipelineStackHierarchicalId ?? props.pipelineStackName; - const buildSpec = codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - install: { - commands: [ - `npm install -g aws-cdk${installSuffix}`, - ...dockerCredentialsInstallCommands(DockerCredentialUsage.SELF_UPDATE, props.dockerCredentials), - ], - }, - build: { - commands: [ - // Cloud Assembly is in *current* directory. - `cdk -a ${embeddedAsmPath(scope)} deploy ${stackIdentifier} --require-approval=never --verbose`, - ], - }, - }, - }); - const selfMutationProject = new codebuild.PipelineProject(this, 'SelfMutation', { - projectName: props.projectName, - environment: { - buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE, - privileged: props.privileged ?? false, - }, - buildSpec: props.buildSpec ? codebuild.mergeBuildSpecs(props.buildSpec, buildSpec) : buildSpec, - }); - - // allow the self-mutating project permissions to assume the bootstrap Action role - selfMutationProject.addToRolePolicy(new iam.PolicyStatement({ - actions: ['sts:AssumeRole'], - resources: [`arn:*:iam::${Stack.of(this).account}:role/*`], - conditions: { - 'ForAnyValue:StringEquals': { - 'iam:ResourceTag/aws-cdk:bootstrap-role': ['image-publishing', 'file-publishing', 'deploy'], - }, - }, - })); - selfMutationProject.addToRolePolicy(new iam.PolicyStatement({ - actions: ['cloudformation:DescribeStacks'], - resources: ['*'], // this is needed to check the status of the bootstrap stack when doing `cdk deploy` - })); - // S3 checks for the presence of the ListBucket permission - selfMutationProject.addToRolePolicy(new iam.PolicyStatement({ - actions: ['s3:ListBucket'], - resources: ['*'], - })); - (props.dockerCredentials ?? []).forEach(reg => reg.grantRead(selfMutationProject, DockerCredentialUsage.SELF_UPDATE)); - - this.action = new cpactions.CodeBuildAction({ - actionName: 'SelfMutate', - input: props.cloudAssemblyInput, - project: selfMutationProject, - // Add this purely so that the pipeline will selfupdate if the CLI version changes - environmentVariables: props.cdkCliVersion ? { - CDK_CLI_VERSION: { value: props.cdkCliVersion }, - } : undefined, - }); - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig { - return this.action.bind(scope, stage, options); - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.action.onStateChange(name, target, options); - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - // FIXME: I have had to make this class a Construct, because: - // - // - It needs access to the Construct tree, because it is going to add a `PipelineProject`. - // - I would have liked to have done that in bind(), however, - // - `actionProperties` (this method) is called BEFORE bind() is called, and by that point I - // don't have the "inner" Action yet to forward the call to. - // - // I've therefore had to construct the inner CodeBuildAction in the constructor, which requires making this - // Action a Construct. - // - // Combined with how non-intuitive it is to make the "StackDeployAction", I feel there is something - // wrong with the Action abstraction here. - return this.action.actionProperties; - } -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/index.ts deleted file mode 100644 index ca2b108fcb0d8..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/index.ts +++ /dev/null @@ -1,5 +0,0 @@ -export * from './pipeline'; -export * from './stage'; -export * from './synths'; -export * from './actions'; -export * from './validation'; diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts deleted file mode 100644 index ea87b74b2f4de..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts +++ /dev/null @@ -1,624 +0,0 @@ -import * as path from 'path'; -import { Construct } from 'constructs'; -import { DeployCdkStackAction, PublishAssetsAction, UpdatePipelineAction } from './actions'; -import { AddStageOptions, AssetPublishingCommand, BaseStageOptions, CdkStage, StackOutput } from './stage'; -import { SimpleSynthAction } from './synths'; -import * as codebuild from '../../../aws-codebuild'; -import * as codepipeline from '../../../aws-codepipeline'; -import * as ec2 from '../../../aws-ec2'; -import * as iam from '../../../aws-iam'; -import { Annotations, App, CfnOutput, PhysicalName, Stack, Stage } from '../../../core'; -import { AssetType } from '../blueprint/asset-type'; -import { dockerCredentialsInstallCommands, DockerCredential, DockerCredentialUsage } from '../docker-credentials'; -import { ApplicationSecurityCheck } from '../private/application-security-check'; -import { AssetSingletonRole } from '../private/asset-singleton-role'; -import { CachedFnSub } from '../private/cached-fnsub'; -import { preferredCliVersion } from '../private/cli-version'; -import { appOf, assemblyBuilderOf } from '../private/construct-internals'; - -const CODE_BUILD_LENGTH_LIMIT = 100; -/** - * Properties for a CdkPipeline - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface CdkPipelineProps { - /** - * The CodePipeline action used to retrieve the CDK app's source - * - * @default - Required unless `codePipeline` is given - */ - readonly sourceAction?: codepipeline.IAction; - - /** - * The CodePipeline action build and synthesis step of the CDK app - * - * @default - Required unless `codePipeline` or `sourceAction` is given - */ - readonly synthAction?: codepipeline.IAction; - - /** - * The artifact you have defined to be the artifact to hold the cloudAssemblyArtifact for the synth action - */ - readonly cloudAssemblyArtifact: codepipeline.Artifact; - - /** - * Existing CodePipeline to add deployment stages to - * - * Use this if you want more control over the CodePipeline that gets created. - * You can choose to not pass this value, in which case a new CodePipeline is - * created with default settings. - * - * If you pass an existing CodePipeline, it should have been created - * with `restartExecutionOnUpdate: true`. - * - * [disable-awslint:ref-via-interface] - * - * @default - A new CodePipeline is automatically generated - */ - readonly codePipeline?: codepipeline.Pipeline; - - /** - * Name of the pipeline - * - * Can only be set if `codePipeline` is not set. - * - * @default - A name is automatically generated - */ - readonly pipelineName?: string; - - /** - * Create KMS keys for cross-account deployments - * - * This controls whether the pipeline is enabled for cross-account deployments. - * - * Can only be set if `codePipeline` is not set. - * - * By default cross-account deployments are enabled, but this feature requires - * that KMS Customer Master Keys are created which have a cost of $1/month. - * - * If you do not need cross-account deployments, you can set this to `false` to - * not create those keys and save on that cost (the artifact bucket will be - * encrypted with an AWS-managed key). However, cross-account deployments will - * no longer be possible. - * - * @default true - */ - readonly crossAccountKeys?: boolean; - // @deprecated(v2): switch to default false - - /** - * Enables KMS key rotation for cross-account keys. - * - * Cannot be set if `crossAccountKeys` was set to `false`. - * - * Key rotation costs $1/month when enabled. - * - * @default - false (key rotation is disabled) - */ - readonly enableKeyRotation?: boolean; - - /** - * CDK CLI version to use in pipeline - * - * Some Actions in the pipeline will download and run a version of the CDK - * CLI. Specify the version here. - * - * @default - Latest version - */ - readonly cdkCliVersion?: string; - - /** - * The VPC where to execute the CdkPipeline actions. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * Whether the pipeline will update itself - * - * This needs to be set to `true` to allow the pipeline to reconfigure - * itself when assets or stages are being added to it, and `true` is the - * recommended setting. - * - * You can temporarily set this to `false` while you are iterating - * on the pipeline itself and prefer to deploy changes using `cdk deploy`. - * - * @default true - */ - readonly selfMutating?: boolean; - - /** - * Custom BuildSpec that is merged with generated one (for self-mutation stage) - * - * @default - none - */ - readonly selfMutationBuildSpec?: codebuild.BuildSpec; - - /** - * Whether this pipeline creates one asset upload action per asset type or one asset upload per asset - * - * @default false - */ - readonly singlePublisherPerType?: boolean; - - /** - * Additional commands to run before installing cdk-assets during the asset publishing step - * Use this to setup proxies or npm mirrors - * - * @default - - */ - readonly assetPreInstallCommands?: string[]; - - /** - * Custom BuildSpec that is merged with generated one (for asset publishing actions) - * - * @default - none - */ - readonly assetBuildSpec?: codebuild.BuildSpec; - - /** - * Whether the pipeline needs to build Docker images in the UpdatePipeline stage. - * - * If the UpdatePipeline stage tries to build a Docker image and this flag is not - * set to `true`, the build step will run in non-privileged mode and consequently - * will fail with a message like: - * - * > Cannot connect to the Docker daemon at unix:///var/run/docker.sock. - * > Is the docker daemon running? - * - * This flag has an effect only if `selfMutating` is also `true`. - * - * @default - false - */ - readonly supportDockerAssets?: boolean; - - /** - * A list of credentials used to authenticate to Docker registries. - * - * Specify any credentials necessary within the pipeline to build, synth, update, or publish assets. - * - * @default [] - */ - readonly dockerCredentials?: DockerCredential[]; -} - -/** - * A Pipeline to deploy CDK apps - * - * Defines an AWS CodePipeline-based Pipeline to deploy CDK applications. - * - * Automatically manages the following: - * - * - Stack dependency order. - * - Asset publishing. - * - Keeping the pipeline up-to-date as the CDK apps change. - * - Using stack outputs later on in the pipeline. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class CdkPipeline extends Construct { - private readonly _pipeline: codepipeline.Pipeline; - private readonly _assets: AssetPublishing; - private readonly _stages: CdkStage[] = []; - private readonly _outputArtifacts: Record = {}; - private readonly _cloudAssemblyArtifact: codepipeline.Artifact; - private readonly _dockerCredentials: DockerCredential[]; - private _applicationSecurityCheck?: ApplicationSecurityCheck; - private readonly cliVersion?: string; - - constructor(scope: Construct, id: string, props: CdkPipelineProps) { - super(scope, id); - this.cliVersion = props.cdkCliVersion ?? preferredCliVersion(); - - if (!App.isApp(this.node.root)) { - throw new Error('CdkPipeline must be created under an App'); - } - - this._cloudAssemblyArtifact = props.cloudAssemblyArtifact; - this._dockerCredentials = props.dockerCredentials ?? []; - const pipelineStack = Stack.of(this); - - if (props.codePipeline) { - if (props.pipelineName) { - throw new Error('Cannot set \'pipelineName\' if an existing CodePipeline is given using \'codePipeline\''); - } - if (props.crossAccountKeys !== undefined) { - throw new Error('Cannot set \'crossAccountKeys\' if an existing CodePipeline is given using \'codePipeline\''); - } - if (props.enableKeyRotation !== undefined) { - throw new Error('Cannot set \'enableKeyRotation\' if an existing CodePipeline is given using \'codePipeline\''); - } - - this._pipeline = props.codePipeline; - } else { - this._pipeline = new codepipeline.Pipeline(this, 'Pipeline', { - pipelineName: props.pipelineName, - crossAccountKeys: props.crossAccountKeys, - enableKeyRotation: props.enableKeyRotation, - restartExecutionOnUpdate: true, - }); - } - - if (props.sourceAction && !props.synthAction) { - // Because of ordering limitations, you can: bring your own Source, bring your own - // Both, or bring your own Nothing. You cannot bring your own Build (which because of the - // current CodePipeline API must go BEFORE what we're adding) and then having us add a - // Source after it. That doesn't make any sense. - throw new Error('When passing a \'sourceAction\' you must also pass a \'synthAction\' (or a \'codePipeline\' that already has both)'); - } - if (!props.sourceAction && (!props.codePipeline || props.codePipeline.stages.length < 1)) { - throw new Error('You must pass a \'sourceAction\' (or a \'codePipeline\' that already has a Source stage)'); - } - - if (props.sourceAction) { - this._pipeline.addStage({ - stageName: 'Source', - actions: [props.sourceAction], - }); - } - - if (props.synthAction) { - if (props.synthAction instanceof SimpleSynthAction && this._dockerCredentials.length > 0) { - props.synthAction._addDockerCredentials(this._dockerCredentials); - } - - this._pipeline.addStage({ - stageName: 'Build', - actions: [props.synthAction], - }); - } - - if (props.selfMutating ?? true) { - this._pipeline.addStage({ - stageName: 'UpdatePipeline', - actions: [new UpdatePipelineAction(this, 'UpdatePipeline', { - cloudAssemblyInput: this._cloudAssemblyArtifact, - pipelineStackHierarchicalId: pipelineStack.node.path, - cdkCliVersion: this.cliVersion, - projectName: maybeSuffix(props.pipelineName, '-selfupdate'), - privileged: props.supportDockerAssets, - dockerCredentials: this._dockerCredentials, - buildSpec: props.selfMutationBuildSpec, - })], - }); - } - - this._assets = new AssetPublishing(this, 'Assets', { - cloudAssemblyInput: this._cloudAssemblyArtifact, - cdkCliVersion: this.cliVersion, - pipeline: this._pipeline, - projectName: maybeSuffix(props.pipelineName, '-publish'), - vpc: props.vpc, - subnetSelection: props.subnetSelection, - singlePublisherPerType: props.singlePublisherPerType, - preInstallCommands: props.assetPreInstallCommands, - buildSpec: props.assetBuildSpec, - dockerCredentials: this._dockerCredentials, - }); - - this.node.addValidation({ validate: () => this.validatePipeline() }); - } - - /** - * The underlying CodePipeline object - * - * You can use this to add more Stages to the pipeline, or Actions - * to Stages. - */ - public get codePipeline(): codepipeline.Pipeline { - return this._pipeline; - } - - /** - * Access one of the pipeline's stages by stage name - * - * You can use this to add more Actions to a stage. - */ - public stage(stageName: string): codepipeline.IStage { - return this._pipeline.stage(stageName); - } - - /** - * Get a cached version of an Application Security Check, which consists of: - * - CodeBuild Project to check for security changes in a stage - * - Lambda Function that approves the manual approval if no security changes are detected - * - * @internal - */ - public _getApplicationSecurityCheck(): ApplicationSecurityCheck { - if (!this._applicationSecurityCheck) { - this._applicationSecurityCheck = new ApplicationSecurityCheck(this, 'PipelineApplicationSecurityCheck', { - codePipeline: this._pipeline, - }); - } - return this._applicationSecurityCheck; - } - - /** - * Add pipeline stage that will deploy the given application stage - * - * The application construct should subclass `Stage` and can contain any - * number of `Stacks` inside it that may have dependency relationships - * on one another. - * - * All stacks in the application will be deployed in the appropriate order, - * and all assets found in the application will be added to the asset - * publishing stage. - */ - public addApplicationStage(appStage: Stage, options: AddStageOptions = {}): CdkStage { - const stage = this.addStage(appStage.stageName, options); - stage.addApplication(appStage, options); - return stage; - } - - /** - * Add a new, empty stage to the pipeline - * - * Prefer to use `addApplicationStage` if you are intended to deploy a CDK - * application, but you can use this method if you want to add other kinds of - * Actions to a pipeline. - */ - public addStage(stageName: string, options?: BaseStageOptions) { - const pipelineStage = this._pipeline.addStage({ - stageName, - }); - - const stage = new CdkStage(this, stageName, { - cloudAssemblyArtifact: this._cloudAssemblyArtifact, - pipelineStage, - stageName, - host: { - publishAsset: this._assets.addPublishAssetAction.bind(this._assets), - stackOutputArtifact: (artifactId) => this._outputArtifacts[artifactId], - }, - ...options, - }); - this._stages.push(stage); - return stage; - } - - /** - * Get the StackOutput object that holds this CfnOutput's value in this pipeline - * - * `StackOutput` can be used in validation actions later in the pipeline. - */ - public stackOutput(cfnOutput: CfnOutput): StackOutput { - const stack = Stack.of(cfnOutput); - - if (!this._outputArtifacts[stack.artifactId]) { - // We should have stored the ArtifactPath in the map, but its Artifact - // property isn't publicly readable... - const artifactName = `${stack.artifactId}_Outputs`; - const compactName = artifactName.slice(artifactName.length - Math.min(artifactName.length, CODE_BUILD_LENGTH_LIMIT)); - this._outputArtifacts[stack.artifactId] = new codepipeline.Artifact(compactName); - } - - return new StackOutput(this._outputArtifacts[stack.artifactId].atPath('outputs.json'), cfnOutput.logicalId); - } - - /** - * Validate that we don't have any stacks violating dependency order in the pipeline - * - * Our own convenience methods will never generate a pipeline that does that (although - * this is a nice verification), but a user can also add the stacks by hand. - */ - private validatePipeline(): string[] { - const ret = new Array(); - - ret.push(...this.validateDeployOrder()); - ret.push(...this.validateRequestedOutputs()); - - return ret; - } - - /** - * Return all StackDeployActions in an ordered list - */ - private get stackActions(): DeployCdkStackAction[] { - return flatMap(this._pipeline.stages, s => s.actions.filter(isDeployAction)); - } - - private * validateDeployOrder(): IterableIterator { - const stackActions = this.stackActions; - for (const stackAction of stackActions) { - // For every dependency, it must be executed in an action before this one is prepared. - for (const depId of stackAction.dependencyStackArtifactIds) { - const depAction = stackActions.find(s => s.stackArtifactId === depId); - - if (depAction === undefined) { - Annotations.of(this).addWarningV2('@aws-cdk/pipelines:dependencyOnNonPipelineStack', `Stack '${stackAction.stackName}' depends on stack ` + - `'${depId}', but that dependency is not deployed through the pipeline!`); - } else if (!(depAction.executeRunOrder < stackAction.prepareRunOrder)) { - yield `Stack '${stackAction.stackName}' depends on stack ` + - `'${depAction.stackName}', but is deployed before it in the pipeline!`; - } - } - } - } - - private * validateRequestedOutputs(): IterableIterator { - const artifactIds = this.stackActions.map(s => s.stackArtifactId); - - for (const artifactId of Object.keys(this._outputArtifacts)) { - if (!artifactIds.includes(artifactId)) { - yield `Trying to use outputs for Stack '${artifactId}', but Stack is not deployed in this pipeline. Add it to the pipeline.`; - } - } - } -} - -function isDeployAction(a: codepipeline.IAction): a is DeployCdkStackAction { - return a instanceof DeployCdkStackAction; -} - -function flatMap(xs: A[], f: (x: A) => B[]): B[] { - return Array.prototype.concat([], ...xs.map(f)); -} - -interface AssetPublishingProps { - readonly cloudAssemblyInput: codepipeline.Artifact; - readonly pipeline: codepipeline.Pipeline; - readonly cdkCliVersion?: string; - readonly projectName?: string; - readonly vpc?: ec2.IVpc; - readonly subnetSelection?: ec2.SubnetSelection; - readonly singlePublisherPerType?: boolean; - readonly preInstallCommands?: string[]; - readonly buildSpec?: codebuild.BuildSpec; - readonly dockerCredentials: DockerCredential[]; -} - -/** - * Add appropriate publishing actions to the asset publishing stage - */ -class AssetPublishing extends Construct { - // CodePipelines has a hard limit of 50 actions per stage. See https://github.com/aws/aws-cdk/issues/9353 - private readonly MAX_PUBLISHERS_PER_STAGE = 50; - - private readonly publishers: Record = {}; - private readonly assetRoles: Map = new Map(); - private readonly assetAttachedPolicies: Record = {}; - private readonly myCxAsmRoot: string; - private readonly cachedFnSub = new CachedFnSub(); - - private readonly lastStageBeforePublishing?: codepipeline.IStage; - private readonly stages: codepipeline.IStage[] = []; - private readonly pipeline: codepipeline.Pipeline; - private readonly dockerCredentials: DockerCredential[]; - - private _fileAssetCtr = 0; - private _dockerAssetCtr = 0; - - constructor(scope: Construct, id: string, private readonly props: AssetPublishingProps) { - super(scope, id); - this.myCxAsmRoot = path.resolve(assemblyBuilderOf(appOf(this)).outdir); - - this.pipeline = this.props.pipeline; - // Hacks to get access to the innards of Pipeline - const stages: codepipeline.IStage[] = (this.props.pipeline as any)._stages; - // Any asset publishing stages will be added directly after the last stage that currently exists. - this.lastStageBeforePublishing = stages.slice(-1)[0]; - - this.dockerCredentials = props.dockerCredentials; - } - - /** - * Make sure there is an action in the stage to publish the given asset - * - * Assets are grouped by asset ID (which represent individual assets) so all assets - * are published in parallel. For each assets, all destinations are published sequentially - * so that we can reuse expensive operations between them (mostly: building a Docker image). - */ - public addPublishAssetAction(command: AssetPublishingCommand) { - // FIXME: this is silly, we need the relative path here but no easy way to get it - const relativePath = path.relative(this.myCxAsmRoot, command.assetManifestPath); - - // The path cannot be outside the asm root. I don't really understand how this could ever - // come to pass, but apparently it has (see https://github.com/aws/aws-cdk/issues/9766). - // Add a sanity check here so we can catch it more quickly next time. - if (relativePath.startsWith(`..${path.sep}`)) { - throw new Error(`The asset manifest (${command.assetManifestPath}) cannot be outside the Cloud Assembly directory (${this.myCxAsmRoot}). Please report this error at https://github.com/aws/aws-cdk/issues to help us debug why this is happening.`); - } - - // Late-binding here (rather than in the constructor) to prevent creating the role in cases where no asset actions are created. - const assetRole = this.generateAssetRole(command.assetType); - // The ARNs include raw AWS pseudo parameters (e.g., ${AWS::Partition}), which need to be substituted. - assetRole.addAssumeRole(this.cachedFnSub.fnSub(command.assetPublishingRoleArn)); - const publisherKey = this.props.singlePublisherPerType ? command.assetType.toString() : command.assetId; - - let action = this.publishers[publisherKey]; - if (!action) { - // Dynamically create new stages as needed, with `MAX_PUBLISHERS_PER_STAGE` assets per stage. - const stageIndex = this.props.singlePublisherPerType ? 0 : - Math.floor((this._fileAssetCtr + this._dockerAssetCtr) / this.MAX_PUBLISHERS_PER_STAGE); - - if (!this.props.singlePublisherPerType && stageIndex >= this.stages.length) { - const previousStage = this.stages.slice(-1)[0] ?? this.lastStageBeforePublishing; - this.stages.push(this.pipeline.addStage({ - stageName: `Assets${stageIndex > 0 ? stageIndex + 1 : ''}`, - placement: { justAfter: previousStage }, - })); - } else if (this.props.singlePublisherPerType && this.stages.length == 0) { - this.stages.push(this.pipeline.addStage({ - stageName: 'Assets', - placement: { justAfter: this.lastStageBeforePublishing }, - })); - } - - // The asset ID would be a logical candidate for the construct path and project names, but if the asset - // changes it leads to recreation of a number of Role/Policy/Project resources which is slower than - // necessary. Number sequentially instead. - // - // FIXME: The ultimate best solution is probably to generate a single Project per asset type - // and reuse that for all assets. - const id = this.props.singlePublisherPerType ? - command.assetType === AssetType.FILE ? 'FileAsset' : 'DockerAsset' : - command.assetType === AssetType.FILE ? `FileAsset${++this._fileAssetCtr}` : `DockerAsset${++this._dockerAssetCtr}`; - - const credsInstallCommands = dockerCredentialsInstallCommands(DockerCredentialUsage.ASSET_PUBLISHING, this.dockerCredentials); - - // NOTE: It's important that asset changes don't force a pipeline self-mutation. - // This can cause an infinite loop of updates (see https://github.com/aws/aws-cdk/issues/9080). - // For that reason, we use the id as the actionName below, rather than the asset hash. - action = this.publishers[publisherKey] = new PublishAssetsAction(this, id, { - actionName: id, - cloudAssemblyInput: this.props.cloudAssemblyInput, - cdkCliVersion: this.props.cdkCliVersion, - assetType: command.assetType, - role: this.assetRoles.get(command.assetType), - dependable: this.assetAttachedPolicies[command.assetType], - vpc: this.props.vpc, - subnetSelection: this.props.subnetSelection, - buildSpec: this.props.buildSpec, - createBuildspecFile: this.props.singlePublisherPerType, - preInstallCommands: [...(this.props.preInstallCommands ?? []), ...credsInstallCommands], - }); - this.stages[stageIndex].addAction(action); - } - - action.addPublishCommand(relativePath, command.assetSelector); - } - - /** - * This role is used by both the CodePipeline build action and related CodeBuild project. Consolidating these two - * roles into one, and re-using across all assets, saves significant size of the final synthesized output. - * Modeled after the CodePipeline role and 'CodePipelineActionRole' roles. - * Generates one role per asset type to separate file and Docker/image-based permissions. - */ - private generateAssetRole(assetType: AssetType) { - const existing = this.assetRoles.get(assetType); - if (existing) { - return existing; - } - - const rolePrefix = assetType === AssetType.DOCKER_IMAGE ? 'Docker' : 'File'; - const assetRole = new AssetSingletonRole(this, `${rolePrefix}Role`, { - roleName: PhysicalName.GENERATE_IF_NEEDED, - assumedBy: new iam.CompositePrincipal(new iam.ServicePrincipal('codebuild.amazonaws.com'), new iam.AccountPrincipal(Stack.of(this).account)), - }); - - // Grant pull access for any ECR registries and secrets that exist - if (assetType === AssetType.DOCKER_IMAGE) { - this.dockerCredentials.forEach(reg => reg.grantRead(assetRole, DockerCredentialUsage.ASSET_PUBLISHING)); - } - - this.assetRoles.set(assetType, assetRole); - return assetRole; - } -} - -function maybeSuffix(x: string | undefined, suffix: string): string | undefined { - if (x === undefined) { return undefined; } - return `${x}${suffix}`; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts deleted file mode 100644 index 79f224b87e583..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts +++ /dev/null @@ -1,586 +0,0 @@ -import { Construct, Node } from 'constructs'; -import { DeployCdkStackAction } from './actions'; -import { CdkPipeline } from './pipeline'; -import * as codebuild from '../../../aws-codebuild'; -import * as codepipeline from '../../../aws-codepipeline'; -import * as cpactions from '../../../aws-codepipeline-actions'; -import { CodeBuildAction } from '../../../aws-codepipeline-actions'; -import * as sns from '../../../aws-sns'; -import { Stage, Aspects } from '../../../core'; -import * as cxapi from '../../../cx-api'; -import { AssetType } from '../blueprint/asset-type'; -import { ApplicationSecurityCheck } from '../private/application-security-check'; -import { AssetManifestReader, DockerImageManifestEntry, FileManifestEntry } from '../private/asset-manifest'; -import { pipelineSynth } from '../private/construct-internals'; -import { topologicalSort } from '../private/toposort'; - -/** - * Construction properties for a CdkStage - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface CdkStageProps { - /** - * Name of the stage that should be created - */ - readonly stageName: string; - - /** - * The underlying Pipeline Stage associated with thisCdkStage - */ - readonly pipelineStage: codepipeline.IStage; - - /** - * The CodePipeline Artifact with the Cloud Assembly - */ - readonly cloudAssemblyArtifact: codepipeline.Artifact; - - /** - * Features the Stage needs from its environment - */ - readonly host: IStageHost; - - /** - * Run a security check before every application prepare/deploy actions. - * - * Note: Stage level security check can be overriden per application as follows: - * `stage.addApplication(app, { confirmBroadeningPermissions: false })` - * - * @default false - */ - readonly confirmBroadeningPermissions?: boolean; - - /** - * Optional SNS topic to send notifications to when any security check registers - * changes within a application. - * - * Note: The Stage Notification Topic can be overriden per application as follows: - * `stage.addApplication(app, { securityNotificationTopic: newTopic })` - * - * @default undefined no stage level notification topic - */ - readonly securityNotificationTopic?: sns.ITopic; -} - -/** - * Stage in a CdkPipeline - * - * You don't need to instantiate this class directly. Use - * `cdkPipeline.addStage()` instead. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class CdkStage extends Construct { - private _nextSequentialRunOrder = 1; // Must start at 1 eh - private _manualApprovalCounter = 1; - private readonly pipelineStage: codepipeline.IStage; - private readonly cloudAssemblyArtifact: codepipeline.Artifact; - private readonly stacksToDeploy = new Array(); - private readonly stageName: string; - private readonly host: IStageHost; - private readonly confirmBroadeningPermissions: boolean; - private readonly pipeline?: CdkPipeline; - private readonly securityNotificationTopic?: sns.ITopic; - private _applicationSecurityCheck?: ApplicationSecurityCheck; - private _prepared = false; - - constructor(scope: Construct, id: string, props: CdkStageProps) { - super(scope, id); - - if (scope instanceof CdkPipeline) { - this.pipeline = scope; - } - - this.stageName = props.stageName; - this.pipelineStage = props.pipelineStage; - this.cloudAssemblyArtifact = props.cloudAssemblyArtifact; - this.host = props.host; - this.confirmBroadeningPermissions = props.confirmBroadeningPermissions ?? false; - this.securityNotificationTopic = props.securityNotificationTopic; - - Aspects.of(this).add({ visit: () => this.prepareStage() }); - } - - /** - * Add all stacks in the application Stage to this stage - * - * The application construct should subclass `Stage` and can contain any - * number of `Stacks` inside it that may have dependency relationships - * on one another. - * - * All stacks in the application will be deployed in the appropriate order, - * and all assets found in the application will be added to the asset - * publishing stage. - */ - public addApplication(appStage: Stage, options: AddStageOptions = {}) { - const asm = pipelineSynth(appStage); - const extraRunOrderSpace = options.extraRunOrderSpace ?? 0; - - if (options.confirmBroadeningPermissions ?? this.confirmBroadeningPermissions) { - this.addSecurityCheck(appStage, options); - } - - if (asm.stacks.length === 0) { - // If we don't check here, a more puzzling "stage contains no actions" - // error will be thrown come deployment time. - throw new Error(`The given Stage construct ('${appStage.node.path}') should contain at least one Stack`); - } - - const sortedTranches = topologicalSort(asm.stacks, - stack => stack.id, - stack => stack.dependencies.map(d => d.id)); - - for (const stacks of sortedTranches) { - const runOrder = this.nextSequentialRunOrder(extraRunOrderSpace + 2); // 2 actions for Prepare/Execute ChangeSet - let executeRunOrder = runOrder + extraRunOrderSpace + 1; - - // If we need to insert a manual approval action, then what's the executeRunOrder - // now is where we add a manual approval step, and we allocate 1 more runOrder - // for the execute. - if (options.manualApprovals) { - this.addManualApprovalAction({ runOrder: runOrder + 1 }); - executeRunOrder = this.nextSequentialRunOrder(); - } - - // These don't have a dependency on each other, so can all be added in parallel - for (const stack of stacks) { - this.addStackArtifactDeployment(stack, { runOrder, executeRunOrder }); - } - } - } - - /** - * Get a cached version of an ApplicationSecurityCheck, which consists of: - * - CodeBuild Project to check for security changes in a stage - * - Lambda Function that approves the manual approval if no security changes are detected - * - * The ApplicationSecurityCheck is cached from the pipeline **if** this stage is scoped - * to a CDK Pipeline. If this stage **is not** scoped to a pipeline, create an ApplicationSecurityCheck - * scoped to the stage itself. - * - * @internal - */ - private getApplicationSecurityCheck(): ApplicationSecurityCheck { - if (this._applicationSecurityCheck) { - return this._applicationSecurityCheck; - } - - this._applicationSecurityCheck = this.pipeline - ? this.pipeline._getApplicationSecurityCheck() - : new ApplicationSecurityCheck(this, 'StageApplicationSecurityCheck', { - codePipeline: this.pipelineStage.pipeline as codepipeline.Pipeline, - }); - return this._applicationSecurityCheck; - } - - /** - * Add a deployment action based on a stack artifact - */ - public addStackArtifactDeployment(stackArtifact: cxapi.CloudFormationStackArtifact, options: AddStackOptions = {}) { - // Get all assets manifests and add the assets in 'em to the asset publishing stage. - this.publishAssetDependencies(stackArtifact); - - // Remember for later, see 'prepare()' - // We know that deploying a stack is going to take up 2 runorder slots later on. - const runOrder = options.runOrder ?? this.nextSequentialRunOrder(2); - const executeRunOrder = options.executeRunOrder ?? runOrder + 1; - this.stacksToDeploy.push({ - prepareRunOrder: runOrder, - executeRunOrder, - stackArtifact, - }); - - this.advanceRunOrderPast(runOrder); - this.advanceRunOrderPast(executeRunOrder); - } - - /** - * Add a manual approval action - * - * If you need more flexibility than what this method offers, - * use `addAction` with a `ManualApprovalAction`. - */ - public addManualApprovalAction(options: AddManualApprovalOptions = {}) { - let actionName = options.actionName; - if (!actionName) { - actionName = `ManualApproval${this._manualApprovalCounter > 1 ? this._manualApprovalCounter : ''}`; - this._manualApprovalCounter += 1; - } - - this.addActions(new cpactions.ManualApprovalAction({ - actionName, - runOrder: options.runOrder ?? this.nextSequentialRunOrder(), - })); - } - - /** - * Add one or more CodePipeline Actions - * - * You need to make sure it is created with the right runOrder. Call `nextSequentialRunOrder()` - * for every action to get actions to execute in sequence. - */ - public addActions(...actions: codepipeline.IAction[]) { - for (const action of actions) { - this.pipelineStage.addAction(action); - } - } - - /** - * Return the runOrder number necessary to run the next Action in sequence with the rest - * - * FIXME: This is here because Actions are immutable and can't be reordered - * after creation, nor is there a way to specify relative priorities, which - * is a limitation that we should take away in the base library. - */ - public nextSequentialRunOrder(count: number = 1): number { - const ret = this._nextSequentialRunOrder; - this._nextSequentialRunOrder += count; - return ret; - } - - /** - * Whether this Stage contains an action to deploy the given stack, identified by its artifact ID - */ - public deploysStack(artifactId: string) { - return this.stacksToDeploy.map(s => s.stackArtifact.id).includes(artifactId); - } - - /** - * Actually add all the DeployStack actions to the stage. - * - * We do this late because before we can render the actual DeployActions, - * we need to know whether or not we need to capture the stack outputs. - * - * FIXME: This is here because Actions are immutable and can't be reordered - * after creation, nor is there a way to specify relative priorities, which - * is a limitation that we should take away in the base library. - */ - private prepareStage() { - // FIXME: Make sure this only gets run once. There seems to be an issue in the reconciliation - // loop that may trigger this more than once if it throws an error somewhere, and the exception - // that gets thrown here will then override the actual failure. - if (this._prepared) { return; } - this._prepared = true; - - for (const { prepareRunOrder, stackArtifact, executeRunOrder } of this.stacksToDeploy) { - const artifact = this.host.stackOutputArtifact(stackArtifact.id); - - this.pipelineStage.addAction(DeployCdkStackAction.fromStackArtifact(this, stackArtifact, { - baseActionName: this.simplifyStackName(stackArtifact.stackName), - cloudAssemblyInput: this.cloudAssemblyArtifact, - output: artifact, - outputFileName: artifact ? 'outputs.json' : undefined, - prepareRunOrder, - executeRunOrder, - })); - } - } - - /** - * Advance the runorder counter so that the next sequential number is higher than the given one - */ - private advanceRunOrderPast(lastUsed: number) { - this._nextSequentialRunOrder = Math.max(lastUsed + 1, this._nextSequentialRunOrder); - } - - /** - * Simplify the stack name by removing the `Stage-` prefix if it exists. - */ - private simplifyStackName(s: string) { - return stripPrefix(s, `${this.stageName}-`); - } - - /** - * Add a security check before the prepare/deploy actions of an CDK stage. - * The security check consists of two actions: - * - CodeBuild Action to check for security changes in a stage - * - Manual Approval Action that is auto approved via a Lambda if no security changes detected - */ - private addSecurityCheck(appStage: Stage, options?: BaseStageOptions) { - const { cdkDiffProject } = this.getApplicationSecurityCheck(); - const notificationTopic: sns.ITopic | undefined = options?.securityNotificationTopic ?? this.securityNotificationTopic; - notificationTopic?.grantPublish(cdkDiffProject); - - const appStageName = appStage.stageName; - const approveActionName = `${appStageName}ManualApproval`; - const diffAction = new CodeBuildAction({ - runOrder: this.nextSequentialRunOrder(), - actionName: `${appStageName}SecurityCheck`, - input: this.cloudAssemblyArtifact, - project: cdkDiffProject, - variablesNamespace: `${appStageName}SecurityCheck`, - environmentVariables: { - STAGE_PATH: { - value: Node.of(appStage).path, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - STAGE_NAME: { - value: this.stageName, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - ACTION_NAME: { - value: approveActionName, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - ...notificationTopic ? { - NOTIFICATION_ARN: { - value: notificationTopic.topicArn, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - NOTIFICATION_SUBJECT: { - value: `Confirm permission broadening in ${appStageName}`, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - } : {}, - }, - }); - - const approve = new cpactions.ManualApprovalAction({ - actionName: approveActionName, - runOrder: this.nextSequentialRunOrder(), - additionalInformation: `#{${appStageName}SecurityCheck.MESSAGE}`, - externalEntityLink: `#{${appStageName}SecurityCheck.LINK}`, - }); - - this.addActions(diffAction, approve); - } - - /** - * Make sure all assets depended on by this stack are published in this pipeline - * - * Taking care to exclude the stack template itself -- it is being published - * as an asset because the CLI needs to know the asset publishing role when - * pushing the template to S3, but in the case of CodePipeline we always - * reference the template from the artifact bucket. - * - * (NOTE: this is only true for top-level stacks, not nested stacks. Nested - * Stack templates are always published as assets). - */ - private publishAssetDependencies(stackArtifact: cxapi.CloudFormationStackArtifact) { - const assetManifests = stackArtifact.dependencies.filter(isAssetManifest); - - for (const manifestArtifact of assetManifests) { - const manifest = AssetManifestReader.fromFile(manifestArtifact.file); - - for (const entry of manifest.entries) { - let assetType: AssetType; - if (entry instanceof DockerImageManifestEntry) { - assetType = AssetType.DOCKER_IMAGE; - } else if (entry instanceof FileManifestEntry) { - // Don't publish the template for this stack - if (entry.source.packaging === 'file' && entry.source.path === stackArtifact.templateFile) { - continue; - } - - assetType = AssetType.FILE; - } else { - throw new Error(`Unrecognized asset type: ${entry.type}`); - } - - if (!entry.destination.assumeRoleArn) { - throw new Error('assumeRoleArn is missing on asset and required'); - } - - this.host.publishAsset({ - assetManifestPath: manifestArtifact.file, - assetId: entry.id.assetId, - assetSelector: entry.id.toString(), - assetType, - assetPublishingRoleArn: entry.destination.assumeRoleArn, - }); - } - } - } -} - -/** - * Additional options for adding a stack deployment - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AddStackOptions { - /** - * Base runorder - * - * @default - Next sequential runorder - */ - readonly runOrder?: number; - - /** - * Base runorder - * - * @default - runOrder + 1 - */ - readonly executeRunOrder?: number; -} - -/** - * A single output of a Stack - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class StackOutput { - /** - * The artifact and file the output is stored in - */ - public readonly artifactFile: codepipeline.ArtifactPath; - - /** - * The name of the output in the JSON object in the file - */ - public readonly outputName: string; - - /** - * Build a StackOutput from a known artifact and an output name - */ - constructor(artifactFile: codepipeline.ArtifactPath, outputName: string) { - this.artifactFile = artifactFile; - this.outputName = outputName; - } -} - -function stripPrefix(s: string, prefix: string) { - return s.startsWith(prefix) ? s.slice(prefix.length) : s; -} - -function isAssetManifest(s: cxapi.CloudArtifact): s is cxapi.AssetManifestArtifact { - // instanceof is too risky, and we're at a too late stage to properly fix. - // return s instanceof cxapi.AssetManifestArtifact; - return s.constructor.name === 'AssetManifestArtifact'; -} - -/** - * Features that the Stage needs from its environment - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface IStageHost { - /** - * Make sure all the assets from the given manifest are published - */ - publishAsset(command: AssetPublishingCommand): void; - - /** - * Return the Artifact the given stack has to emit its outputs into, if any - */ - stackOutputArtifact(stackArtifactId: string): codepipeline.Artifact | undefined; -} - -/** - * Instructions to publish certain assets - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AssetPublishingCommand { - /** - * Asset manifest path - */ - readonly assetManifestPath: string; - - /** - * Asset identifier - */ - readonly assetId: string; - - /** - * Asset selector to pass to `cdk-assets`. - */ - readonly assetSelector: string; - - /** - * Type of asset to publish - */ - readonly assetType: AssetType; - - /** - * ARN of the IAM Role used to publish this asset. - */ - readonly assetPublishingRoleArn: string; -} - -/** - * Base options for a pipelines stage - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface BaseStageOptions { - /** - * Runs a `cdk diff --security-only --fail` to pause the pipeline if there - * are any security changes. - * - * If the stage is configured with `confirmBroadeningPermissions` enabled, you can use this - * property to override the stage configuration. For example, Pipeline Stage - * "Prod" has confirmBroadeningPermissions enabled, with applications "A", "B", "C". All three - * applications will run a security check, but if we want to disable the one for "C", - * we run `stage.addApplication(C, { confirmBroadeningPermissions: false })` to override the pipeline - * stage behavior. - * - * Adds 1 to the run order space. - * - * @default false - */ - readonly confirmBroadeningPermissions?: boolean; - /** - * Optional SNS topic to send notifications to when the security check registers - * changes within the application. - * - * @default undefined no notification topic for security check manual approval action - */ - readonly securityNotificationTopic?: sns.ITopic; -} - -/** - * Options for adding an application stage to a pipeline - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AddStageOptions extends BaseStageOptions { - /** - * Add manual approvals before executing change sets - * - * This gives humans the opportunity to confirm the change set looks alright - * before deploying it. - * - * @default false - */ - readonly manualApprovals?: boolean; - /** - * Add room for extra actions - * - * You can use this to make extra room in the runOrder sequence between the - * changeset 'prepare' and 'execute' actions and insert your own actions there. - * - * @default 0 - */ - readonly extraRunOrderSpace?: number; -} - -/** - * Options for addManualApproval - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AddManualApprovalOptions { - /** - * The name of the manual approval action - * - * @default 'ManualApproval' with a rolling counter - */ - readonly actionName?: string; - - /** - * The runOrder for this action - * - * @default - The next sequential runOrder - */ - readonly runOrder?: number; -} - -/** - * Queued "deploy stack" command that is reified during prepare() - */ -interface DeployStackCommand { - prepareRunOrder: number; - executeRunOrder: number; - stackArtifact: cxapi.CloudFormationStackArtifact; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts deleted file mode 100644 index 0a5a34c6f0eaa..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts +++ /dev/null @@ -1,15 +0,0 @@ -import * as codebuild from '../../../../aws-codebuild'; - -export function copyEnvironmentVariables(...names: string[]): Record { - const ret: Record = {}; - for (const name of names) { - if (process.env[name]) { - ret[name] = { value: process.env[name] }; - } - } - return ret; -} - -export function filterEmpty(xs: Array): string[] { - return xs.filter(x => x) as any; -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts deleted file mode 100644 index 4764f7d9647c6..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './simple-synth-action'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts deleted file mode 100644 index 8381668962d52..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts +++ /dev/null @@ -1,591 +0,0 @@ -import * as crypto from 'crypto'; -import * as path from 'path'; -import { Construct } from 'constructs'; -import { copyEnvironmentVariables, filterEmpty } from './_util'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../../aws-codepipeline-actions'; -import * as ec2 from '../../../../aws-ec2'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { Stack } from '../../../../core'; -import { dockerCredentialsInstallCommands, DockerCredential, DockerCredentialUsage } from '../../docker-credentials'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; -import { toPosixPath } from '../../private/fs'; - -const DEFAULT_OUTPUT_DIR = 'cdk.out'; - -/** - * Configuration options for a SimpleSynth - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface SimpleSynthOptions { - /** - * The source artifact of the CodePipeline - */ - readonly sourceArtifact: codepipeline.Artifact; - - /** - * The artifact where the CloudAssembly should be emitted - */ - readonly cloudAssemblyArtifact: codepipeline.Artifact; - - /** - * Environment variables to send into build - * - * NOTE: You may run into the 1000-character limit for the Action configuration if you have a large - * number of variables or if their names or values are very long. - * If you do, pass them to the underlying CodeBuild project directly in `environment` instead. - * However, you will not be able to use CodePipeline Variables in this case. - * - * @default - No additional environment variables - */ - readonly environmentVariables?: Record; - - /** - * Environment variables to copy over from parent env - * - * These are environment variables that are being used by the build. - * - * @default - No environment variables copied - */ - readonly copyEnvironmentVariables?: string[]; - - /** - * Name of the build action - * - * @default 'Synth' - */ - readonly actionName?: string; - - /** - * Name of the CodeBuild project - * - * @default - Automatically generated - */ - readonly projectName?: string; - - /** - * Build environment to use for CodeBuild job - * - * @default BuildEnvironment.LinuxBuildImage.STANDARD_6_0 - */ - readonly environment?: codebuild.BuildEnvironment; - - /** - * Directory inside the source where package.json and cdk.json are located - * - * @default - Repository root - */ - readonly subdirectory?: string; - - /** - * Produce additional output artifacts after the build based on the given directories - * - * Can be used to produce additional artifacts during the build step, - * separate from the cloud assembly, which can be used further on in the - * pipeline. - * - * Directories are evaluated with respect to `subdirectory`. - * - * @default - No additional artifacts generated - */ - readonly additionalArtifacts?: AdditionalArtifact[]; - - /** - * Policy statements to add to role used during the synth - * - * Can be used to add acces to a CodeArtifact repository etc. - * - * @default - No policy statements added to CodeBuild Project Role - */ - readonly rolePolicyStatements?: iam.PolicyStatement[]; - - /** - * The VPC where to execute the SimpleSynth. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * custom BuildSpec that is merged with the generated one - * - * @default - none - */ - readonly buildSpec?: codebuild.BuildSpec; -} - -/** - * Construction props for SimpleSynthAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface SimpleSynthActionProps extends SimpleSynthOptions { - /** - * The synth command - */ - readonly synthCommand: string; - - /** - * The install command - * - * If not provided by the build image or another dependency - * management tool, at least install the CDK CLI here using - * `npm install -g aws-cdk`. - * - * @default - No install required - * @deprecated Use `installCommands` instead - */ - readonly installCommand?: string; - - /** - * The build command - * - * If your programming language requires a compilation step, put the - * compilation command here. - * - * @default - No build required - * @deprecated Use `buildCommands` instead - */ - readonly buildCommand?: string; - - /** - * Install commands - * - * If not provided by the build image or another dependency - * management tool, at least install the CDK CLI here using - * `npm install -g aws-cdk`. - * - * @default - No install required - */ - readonly installCommands?: string[]; - - /** - * The build commands - * - * If your programming language requires a compilation step, put the - * compilation command here. - * - * @default - No build required - */ - readonly buildCommands?: string[]; - - /** - * Test commands - * - * These commands are run after the build commands but before the - * synth command. - * - * @default - No test commands - */ - readonly testCommands?: string[]; -} - -/** - * Specification of an additional artifact to generate - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AdditionalArtifact { - /** - * Directory to be packaged - */ - readonly directory: string; - - /** - * Artifact to represent the build directory in the pipeline - */ - readonly artifact: codepipeline.Artifact; -} - -/** - * A standard synth with a generated buildspec - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class SimpleSynthAction implements codepipeline.IAction, iam.IGrantable { - - /** - * Create a standard NPM synth action - * - * Uses `npm ci` to install dependencies and `npx cdk synth` to synthesize. - * - * If you need a build step, add `buildCommand: 'npm run build'`. - */ - public static standardNpmSynth(options: StandardNpmSynthOptions) { - return new SimpleSynthAction({ - ...options, - installCommand: options.installCommand ?? 'npm ci', - synthCommand: options.synthCommand ?? 'npx cdk synth', - vpc: options.vpc, - subnetSelection: options.subnetSelection, - environment: { - ...options.environment, - environmentVariables: { - // Need this in case the CDK CLI is not in the 'package.json' of the project, - // and 'npx' is going to download it; without this setting, 'npx' will not properly - // install the package into the root user's home directory - NPM_CONFIG_UNSAFE_PERM: { value: 'true' }, - ...options.environment?.environmentVariables, - }, - }, - }); - } - - /** - * Create a standard Yarn synth action - * - * Uses `yarn install --frozen-lockfile` to install dependencies and `npx cdk synth` to synthesize. - * - * If you need a build step, add `buildCommand: 'yarn build'`. - */ - public static standardYarnSynth(options: StandardYarnSynthOptions) { - return new SimpleSynthAction({ - ...options, - installCommand: options.installCommand ?? 'yarn install --frozen-lockfile', - synthCommand: options.synthCommand ?? 'npx cdk synth', - vpc: options.vpc, - subnetSelection: options.subnetSelection, - environment: { - ...options.environment, - environmentVariables: { - // Need this in case the CDK CLI is not in the 'package.json' of the project, - // and 'npx' is going to download it; without this setting, 'npx' will not properly - // install the package into the root user's home directory - NPM_CONFIG_UNSAFE_PERM: { value: 'true' }, - ...options.environment?.environmentVariables, - }, - }, - }); - } - - private _action?: codepipeline_actions.CodeBuildAction; - private _actionProperties: codepipeline.ActionProperties; - private _project?: codebuild.IProject; - private _dockerCredentials?: DockerCredential[]; - - constructor(private readonly props: SimpleSynthActionProps) { - // A number of actionProperties get read before bind() is even called (so before we - // have made the Project and can construct the actual CodeBuildAction) - // - // - actionName - // - resource - // - region - // - category - // - role - // - owner - this._actionProperties = { - actionName: props.actionName ?? 'Synth', - category: codepipeline.ActionCategory.BUILD, - provider: 'CodeBuild', - artifactBounds: { minInputs: 0, maxInputs: 5, minOutputs: 0, maxOutputs: 5 }, - inputs: [props.sourceArtifact], - outputs: [props.cloudAssemblyArtifact, ...(props.additionalArtifacts ?? []).map(a => a.artifact)], - }; - - if (this.props.installCommand && this.props.installCommands) { - throw new Error('Pass either \'installCommand\' or \'installCommands\', but not both'); - } - - if (this.props.buildCommand && this.props.buildCommands) { - throw new Error('Pass either \'buildCommand\' or \'buildCommands\', but not both'); - } - - const addls = props.additionalArtifacts ?? []; - if (Object.keys(addls).length > 0) { - if (!props.cloudAssemblyArtifact.artifactName) { - throw new Error('You must give all output artifacts, including the \'cloudAssemblyArtifact\', names when using \'additionalArtifacts\''); - } - for (const addl of addls) { - if (!addl.artifact.artifactName) { - throw new Error('You must give all output artifacts passed to SimpleSynthAction names when using \'additionalArtifacts\''); - } - } - } - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - return this._actionProperties; - } - - /** - * Project generated to run the synth command - */ - public get project(): codebuild.IProject { - if (!this._project) { - throw new Error('Project becomes available after SimpleSynthAction has been bound to a stage'); - } - return this._project; - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig { - const buildCommands = this.props.buildCommands ?? [this.props.buildCommand]; - const installCommands = this.props.installCommands ?? [this.props.installCommand]; - const testCommands = this.props.testCommands ?? []; - const synthCommand = this.props.synthCommand; - - const environment = { buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE, ...this.props.environment }; - const osType = (environment.buildImage instanceof codebuild.WindowsBuildImage) - ? ec2.OperatingSystemType.WINDOWS - : ec2.OperatingSystemType.LINUX; - - const buildSpec = codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - pre_build: { - commands: filterEmpty([ - this.props.subdirectory ? `cd ${this.props.subdirectory}` : '', - ...installCommands, - ...dockerCredentialsInstallCommands(DockerCredentialUsage.SYNTH, this._dockerCredentials, osType), - ]), - }, - build: { - commands: filterEmpty([ - ...buildCommands, - ...testCommands, - synthCommand, - ]), - }, - }, - artifacts: renderArtifacts(this), - }); - - const environmentVariables = { - ...copyEnvironmentVariables(...this.props.copyEnvironmentVariables || []), - }; - - const mergedBuildSpec = this.props.buildSpec ? codebuild.mergeBuildSpecs(this.props.buildSpec, buildSpec) : buildSpec; - - // A hash over the values that make the CodeBuild Project unique (and necessary - // to restart the pipeline if one of them changes). projectName is not necessary to include - // here because the pipeline will definitely restart if projectName changes. - // (Resolve tokens) - const projectConfigHash = hash(Stack.of(scope).resolve({ - environment: serializeBuildEnvironment(environment), - buildSpecString: mergedBuildSpec.toBuildSpec(), - environmentVariables, - })); - - const project = new codebuild.PipelineProject(scope, 'CdkBuildProject', { - projectName: this.props.projectName, - environment, - vpc: this.props.vpc, - subnetSelection: this.props.subnetSelection, - buildSpec: mergedBuildSpec, - environmentVariables, - }); - - if (this.props.rolePolicyStatements !== undefined) { - this.props.rolePolicyStatements.forEach(policyStatement => { - project.addToRolePolicy(policyStatement); - }); - } - - this._project = project; - - this._dockerCredentials?.forEach(reg => reg.grantRead(project.grantPrincipal, DockerCredentialUsage.SYNTH)); - - this._action = new codepipeline_actions.CodeBuildAction({ - actionName: this.actionProperties.actionName, - input: this.props.sourceArtifact, - outputs: [this.props.cloudAssemblyArtifact, ...(this.props.additionalArtifacts ?? []).map(a => a.artifact)], - - // Inclusion of the hash here will lead to the pipeline structure for any changes - // made the config of the underlying CodeBuild Project. - // Hence, the pipeline will be restarted. This is necessary if the users - // adds (for example) build or test commands to the buildspec. - environmentVariables: { - ...this.props.environmentVariables, - _PROJECT_CONFIG_HASH: { value: projectConfigHash }, - }, - project, - }); - this._actionProperties = this._action.actionProperties; - - return this._action.bind(scope, stage, options); - - function renderArtifacts(self: SimpleSynthAction) { - // save the generated files in the output artifact - // This part of the buildspec has to look completely different depending on whether we're - // using secondary artifacts or not. - - const cloudAsmArtifactSpec = { - 'base-directory': toPosixPath(path.join(self.props.subdirectory ?? '.', DEFAULT_OUTPUT_DIR)), - 'files': '**/*', - }; - - if (self.props.additionalArtifacts) { - const secondary: Record = {}; - if (!self.props.cloudAssemblyArtifact.artifactName) { - throw new Error('When using additional output artifacts, you must also name the CloudAssembly artifact'); - } - secondary[self.props.cloudAssemblyArtifact.artifactName] = cloudAsmArtifactSpec; - self.props.additionalArtifacts.forEach((art) => { - if (!art.artifact.artifactName) { - throw new Error('You must give the output artifact a name'); - } - secondary[art.artifact.artifactName] = { - 'base-directory': toPosixPath(path.join(self.props.subdirectory ?? '.', art.directory)), - 'files': '**/*', - }; - }); - - return { 'secondary-artifacts': secondary }; - } - - return cloudAsmArtifactSpec; - } - } - - /** - * The CodeBuild Project's principal - */ - public get grantPrincipal(): iam.IPrincipal { - return this.project.grantPrincipal; - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - if (!this._action) { - throw new Error('Need bind() first'); - } - - return this._action.onStateChange(name, target, options); - } - - /** - * Associate one or more Docker registries and associated credentials with the synth action. - * This will be used to inject installation commands to set up `cdk-assets`, - * and grant read access to the credentials. - * @internal - */ - public _addDockerCredentials(dockerCredentials: DockerCredential[]) { - this._dockerCredentials = dockerCredentials; - } -} - -/** - * Options for a convention-based synth using NPM - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface StandardNpmSynthOptions extends SimpleSynthOptions { - /** - * The install command - * - * @default 'npm ci' - */ - readonly installCommand?: string; - - /** - * The build command - * - * By default, we assume NPM projects are either written in JavaScript or are - * using `ts-node`, so don't need a build command. - * - * Otherwise, put the build command here, for example `npm run build`. - * - * @default - No build required - */ - readonly buildCommand?: string; - - /** - * The synth command - * - * @default 'npx cdk synth' - */ - readonly synthCommand?: string; - - /** - * Test commands - * - * These commands are run after the build commands but before the - * synth command. - * - * @default - No test commands - */ - readonly testCommands?: string[]; -} - -/** - * Options for a convention-based synth using Yarn - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface StandardYarnSynthOptions extends SimpleSynthOptions { - /** - * The install command - * - * @default 'yarn install --frozen-lockfile' - */ - readonly installCommand?: string; - - /** - * The build command - * - * By default, we assume NPM projects are either written in JavaScript or are - * using `ts-node`, so don't need a build command. - * - * Otherwise, put the build command here, for example `npm run build`. - * - * @default - No build required - */ - readonly buildCommand?: string; - - /** - * The synth command - * - * @default 'npx cdk synth' - */ - readonly synthCommand?: string; - - /** - * Test commands - * - * These commands are run after the build commands but before the - * synth command. - * - * @default - No test commands - */ - readonly testCommands?: string[]; -} - -function hash
(obj: A) { - const d = crypto.createHash('sha256'); - d.update(JSON.stringify(obj)); - return d.digest('hex'); -} - -/** - * Serialize a build environment to data (get rid of constructs & objects), so we can JSON.stringify it - */ -function serializeBuildEnvironment(env: codebuild.BuildEnvironment) { - return { - privileged: env.privileged, - environmentVariables: env.environmentVariables, - type: env.buildImage?.type, - imageId: env.buildImage?.imageId, - computeType: env.computeType, - imagePullPrincipalType: env.buildImage?.imagePullPrincipalType, - secretsManagerArn: env.buildImage?.secretsManagerCredentials?.secretArn, - }; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts deleted file mode 100644 index 20192332e3b78..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts +++ /dev/null @@ -1,97 +0,0 @@ -import { Construct } from 'constructs'; -import * as codepipeline from '../../../../aws-codepipeline'; -import { IGrantable } from '../../../../aws-iam'; -import * as s3assets from '../../../../aws-s3-assets'; - -/** - * Additional files to use in a shell script - */ -export abstract class Files { - /** - * Use the files from a CodePipeline artifact - */ - public static fromArtifact(artifact: codepipeline.Artifact): Files { - if (!artifact) { - // Typechecking may mess up - throw new Error('Files.fromArtifact(): input artifact is required, got undefined'); - } - - return { - bind: () => ({ artifact }), - grantRead: () => { /* Not necessary */ }, - }; - } - - /** - * Create a new asset to bundle up the files in a directory on disk - */ - public static fromDirectory(directoryPath: string): Files { - let realFiles: Files; - return { - bind(scope: Construct) { - realFiles = Files.fromAsset(new s3assets.Asset(scope, directoryPath, { - path: directoryPath, - })); - - return realFiles.bind(scope); - }, - grantRead(grantee: IGrantable) { - if (!realFiles) { - throw new Error('bind() must be called first'); - } - realFiles.grantRead(grantee); - }, - }; - } - - /** - * Use an existing asset as a file source - */ - public static fromAsset(asset: s3assets.Asset): Files { - return { - bind: () => ({ - commands: [ - `echo "Downloading additional files from ${asset.s3ObjectUrl}"`, - `aws s3 cp ${asset.s3ObjectUrl} /tmp/dl.zip`, - 'unzip /tmp/dl.zip -d .', - ], - }), - grantRead: (grantee) => asset.grantRead(grantee), - }; - } - - protected constructor() { - } - - /** - * Bind the Files to a usage location - */ - public abstract bind(scope: Construct): FilesConfig; - - /** - * Grant read permissions to the file set to the given grantable - * - * Must be called after bind(). - */ - - public abstract grantRead(grantee: IGrantable): void; -} - -/** - * Config for a Files source - */ -export interface FilesConfig { - /** - * CodePipeline artifact to add to the set of input artifacts for the project - * - * @default - No artifact - */ - readonly artifact?: codepipeline.Artifact; - - /** - * Commands to add to the set of commands for the project - * - * @default - No commands - */ - readonly commands?: string[]; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts deleted file mode 100644 index f2751fc92af49..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './shell-script-action'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts deleted file mode 100644 index fa24517321942..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts +++ /dev/null @@ -1,253 +0,0 @@ -import { Construct } from 'constructs'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../../aws-codepipeline-actions'; -import * as ec2 from '../../../../aws-ec2'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; -import { StackOutput } from '../stage'; - -/** - * Properties for ShellScriptAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface ShellScriptActionProps { - /** - * Name of the validation action in the pipeline - */ - readonly actionName: string; - - /** - * Stack outputs to make available as environment variables - * - * @default - No outputs used - */ - readonly useOutputs?: Record; - - /** - * Commands to run - */ - readonly commands: string[]; - - /** - * Bash options to set at the start of the script - * - * @default '-eu' (errexit and nounset) - */ - readonly bashOptions?: string; - - /** - * Additional artifacts to use as input for the CodeBuild project - * - * You can use these files to load more complex test sets into the - * shellscript build environment. - * - * The files artifact given here will be unpacked into the current - * working directory, the other ones will be unpacked into directories - * which are available through the environment variables - * $CODEBUILD_SRC_DIR_. - * - * The CodeBuild job must have at least one input artifact, so you - * must provide either at least one additional artifact here or one - * stack output using `useOutput`. - * - * @default - No additional artifacts - */ - readonly additionalArtifacts?: codepipeline.Artifact[]; - - /** - * The CodeBuild environment where scripts are executed. - * - * @default LinuxBuildImage.STANDARD_7_0 - */ - readonly environment?: codebuild.BuildEnvironment; - - /** - * Environment variables to send into build - * - * @default - No additional environment variables - */ - readonly environmentVariables?: Record; - - /** - * RunOrder for this action - * - * Use this to sequence the shell script after the deployments. - * - * The default value is 100 so you don't have to supply the value if you just - * want to run this after the application stacks have been deployed, and you - * don't have more than 100 stacks. - * - * @default 100 - */ - readonly runOrder?: number; - - /** - * Additional policy statements to add to the execution role - * - * @default - No policy statements - */ - readonly rolePolicyStatements?: iam.PolicyStatement[]; - - /** - * The VPC where to execute the specified script. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * Which security group to associate with the script's project network interfaces. - * If no security group is identified, one will be created automatically. - * - * Only used if 'vpc' is supplied. - * - * @default - Security group will be automatically created. - * - */ - readonly securityGroups?: ec2.ISecurityGroup[]; -} - -/** - * Validate a revision using shell commands - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class ShellScriptAction implements codepipeline.IAction, iam.IGrantable { - private _project?: codebuild.IProject; - - private _action?: codepipeline_actions.CodeBuildAction; - private _actionProperties: codepipeline.ActionProperties; - - constructor(private readonly props: ShellScriptActionProps) { - // A number of actionProperties get read before bind() is even called (so before we - // have made the Project and can construct the actual CodeBuildAction) - // - // - actionName - // - resource - // - region - // - category - // - role - // - owner - this._actionProperties = { - actionName: props.actionName, - category: codepipeline.ActionCategory.BUILD, - provider: 'CodeBuild', - artifactBounds: { minInputs: 0, maxInputs: 5, minOutputs: 0, maxOutputs: 5 }, - inputs: [], - outputs: [], - }; - - if (Object.keys(props.useOutputs ?? {}).length + (props.additionalArtifacts ?? []).length === 0) { - throw new Error('You must supply either \'useOutputs\' or \'additionalArtifacts\', since a CodeBuild Action must always have at least one input artifact.'); - } - } - - /** - * The CodeBuild Project's principal - */ - public get grantPrincipal(): iam.IPrincipal { - return this.project.grantPrincipal; - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - return this._actionProperties; - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig { - const inputs = new Array(); - inputs.push(...this.props.additionalArtifacts ?? []); - - const envVarCommands = new Array(); - - const bashOptions = this.props.bashOptions ?? '-eu'; - if (bashOptions) { - envVarCommands.push(`set ${bashOptions}`); - } - for (const [varName, output] of Object.entries(this.props.useOutputs ?? {})) { - const outputArtifact = output.artifactFile; - - // Add the artifact to the list of inputs, if it's not in there already. Determine - // the location where CodeBuild is going to stick it based on whether it's the first (primary) - // input or an 'extra input', then parse. - let artifactIndex = inputs.findIndex(a => a.artifactName === outputArtifact.artifact.artifactName); - if (artifactIndex === -1) { - artifactIndex = inputs.push(outputArtifact.artifact) - 1; - } - const dirEnv = artifactIndex === 0 ? 'CODEBUILD_SRC_DIR' : `CODEBUILD_SRC_DIR_${outputArtifact.artifact.artifactName}`; - envVarCommands.push(`export ${varName}="$(node -pe 'require(process.env.${dirEnv} + "/${outputArtifact.fileName}")["${output.outputName}"]')"`); - } - - this._project = new codebuild.PipelineProject(scope, 'Project', { - environment: this.props.environment || { buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE }, - vpc: this.props.vpc, - securityGroups: this.props.securityGroups, - subnetSelection: this.props.subnetSelection, - buildSpec: codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - build: { - commands: [ - ...envVarCommands, - ...this.props.commands, - ], - }, - }, - }), - }); - for (const statement of this.props.rolePolicyStatements ?? []) { - this._project.addToRolePolicy(statement); - } - - this._action = new codepipeline_actions.CodeBuildAction({ - actionName: this.props.actionName, - input: inputs[0], - extraInputs: inputs.slice(1), - runOrder: this.props.runOrder ?? 100, - project: this._project, - environmentVariables: this.props.environmentVariables, - }); - // Replace the placeholder actionProperties at the last minute - this._actionProperties = this._action.actionProperties; - - return this._action.bind(scope, stage, options); - } - - /** - * Project generated to run the shell script in - */ - public get project(): codebuild.IProject { - if (!this._project) { - throw new Error('Project becomes available after ShellScriptAction has been bound to a stage'); - } - return this._project; - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - if (!this._action) { - throw new Error('Need bind() first'); - } - - return this._action.onStateChange(name, target, options); - } -} diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts deleted file mode 100644 index cce5bd87ae81e..0000000000000 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts +++ /dev/null @@ -1,126 +0,0 @@ -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; -import { Stack } from '../../../core'; -import { mkdict } from '../../lib/private/javascript'; -import { PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, MegaAssetsApp, stackTemplate } from '../testhelpers'; - -let legacyApp: TestApp; -let modernApp: TestApp; - -let legacyPipelineStack: Stack; -let modernPipelineStack: Stack; - -describeDeprecated('logical id stability', () => { - // this test suite verifies logical id between the new and old (deprecated) APIs. - // so it must be in a 'describeDeprecated' block - - beforeEach(() => { - legacyApp = new TestApp({ - context: { - '@aws-cdk/core:newStyleStackSynthesis': '1', - 'aws:cdk:enable-path-metadata': true, - }, - }); - modernApp = new TestApp({ - context: { - '@aws-cdk/core:newStyleStackSynthesis': '1', - 'aws:cdk:enable-path-metadata': true, - }, - }); - legacyPipelineStack = new Stack(legacyApp, 'PipelineStack', { env: PIPELINE_ENV }); - modernPipelineStack = new Stack(modernApp, 'PipelineStack', { env: PIPELINE_ENV }); - }); - - afterEach(() => { - legacyApp.cleanup(); - modernApp.cleanup(); - }); - - test('stateful or nameable resources have the same logicalID between old and new API', () => { - const legacyPipe = new LegacyTestGitHubNpmPipeline(legacyPipelineStack, 'Cdk'); - legacyPipe.addApplicationStage(new MegaAssetsApp(legacyPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const modernPipe = new ModernTestGitHubNpmPipeline(modernPipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - modernPipe.addStage(new MegaAssetsApp(modernPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const legacyTemplate = stackTemplate(legacyPipelineStack).template; - const modernTemplate = stackTemplate(modernPipelineStack).template; - - const legacyStateful = filterR(legacyTemplate.Resources, isStateful); - const modernStateful = filterR(modernTemplate.Resources, isStateful); - - expect(mapR(modernStateful, typeOfRes)).toEqual(mapR(legacyStateful, typeOfRes)); - }); - - test('nameable resources have the same names between old and new API', () => { - const legacyPipe = new LegacyTestGitHubNpmPipeline(legacyPipelineStack, 'Cdk', { - pipelineName: 'asdf', - }); - legacyPipe.addApplicationStage(new MegaAssetsApp(legacyPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const modernPipe = new ModernTestGitHubNpmPipeline(modernPipelineStack, 'Cdk', { - pipelineName: 'asdf', - crossAccountKeys: true, - }); - modernPipe.addStage(new MegaAssetsApp(modernPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const legacyTemplate = stackTemplate(legacyPipelineStack).template; - const modernTemplate = stackTemplate(modernPipelineStack).template; - - const legacyNamed = filterR(legacyTemplate.Resources, hasName); - const modernNamed = filterR(modernTemplate.Resources, hasName); - - expect(mapR(modernNamed, nameProps)).toEqual(mapR(legacyNamed, nameProps)); - }); -}); - -const STATEFUL_TYPES = [ - // Holds state - 'AWS::S3::Bucket', - 'AWS::KMS::Key', - 'AWS::KMS::Alias', - // Can be physical-named so will be impossible to replace - 'AWS::CodePipeline::Pipeline', - 'AWS::CodeBuild::Project', -]; - -function filterR(resources: Record, fn: (x: Resource) => boolean): Record { - return mkdict(Object.entries(resources).filter(([, resource]) => fn(resource))); -} - -function mapR(resources: Record, fn: (x: Resource) => A): Record { - return mkdict(Object.entries(resources).map(([lid, resource]) => [lid, fn(resource)] as const)); -} - -function typeOfRes(r: Resource) { - return r.Type; -} - -function isStateful(r: Resource) { - return STATEFUL_TYPES.includes(r.Type); -} - -function nameProps(r: Resource) { - return Object.entries(r.Properties).filter(([prop, _]) => - // Don't care about policy names - prop.endsWith('Name') && prop !== 'PolicyName'); -} - -function hasName(r: Resource) { - return nameProps(r).length > 0; -} - -interface Resource { - readonly Type: string; - readonly Properties: Record; - readonly Metadata?: Record; -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts deleted file mode 100644 index 1da9b4ecfb71e..0000000000000 --- a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts +++ /dev/null @@ -1,65 +0,0 @@ -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; -import * as codePipeline from '../../../aws-codepipeline'; -import * as cdk from '../../../core'; -import * as cdkp from '../../lib'; - -describeDeprecated('codepipeline existing', () => { - - test('Does not allow setting a pipelineName if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CdkPipeline(stack, 'CDKPipeline', { - pipelineName: 'CustomPipelineName', - codePipeline: existingCodePipeline, - cloudAssemblyArtifact: new codePipeline.Artifact(), - }); - }).toThrow("Cannot set 'pipelineName' if an existing CodePipeline is given using 'codePipeline'"); - }); - - test('Does not allow enabling crossAccountKeys if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CdkPipeline(stack, 'CDKPipeline', { - crossAccountKeys: true, - codePipeline: existingCodePipeline, - cloudAssemblyArtifact: new codePipeline.Artifact(), - }); - }).toThrow("Cannot set 'crossAccountKeys' if an existing CodePipeline is given using 'codePipeline'"); - }); - - test('Does not allow enabling key rotation if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CdkPipeline(stack, 'CDKPipeline', { - enableKeyRotation: true, - codePipeline: existingCodePipeline, - cloudAssemblyArtifact: new codePipeline.Artifact(), - }); - }).toThrow("Cannot set 'enableKeyRotation' if an existing CodePipeline is given using 'codePipeline'"); - }); - - test('Does not allow setting crossRegionReplicationBuckets if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CodePipeline(stack, 'CDKPipeline', { - crossRegionReplicationBuckets: {}, // Even the empty set is forbidden. - codePipeline: existingCodePipeline, - synth: new cdkp.ShellStep('Synth', { - commands: ['echo hello'], - }), - }).buildPipeline(); - }).toThrow("Cannot set 'crossRegionReplicationBuckets' if an existing CodePipeline is given using 'codePipeline'"); - }); -}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts index 1f222fee6c439..87c1ace7e9515 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts @@ -5,7 +5,7 @@ import * as cb from '../../../aws-codebuild'; import * as ec2 from '../../../aws-ec2'; import { Stack, Stage } from '../../../core'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, FileAssetApp, MegaAssetsApp, TwoFileAssetsApp, DockerAssetApp, PlainStackApp, stringLike } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, FileAssetApp, MegaAssetsApp, TwoFileAssetsApp, DockerAssetApp, PlainStackApp, stringLike } from '../testhelpers'; const FILE_ASSET_SOURCE_HASH = '8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5'; const FILE_ASSET_SOURCE_HASH2 = 'ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e'; @@ -16,6 +16,61 @@ const IMAGE_PUBLISHING_ROLE = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role let app: TestApp; let pipelineStack: Stack; +function expectedAssetRolePolicy(assumeRolePattern: string | string[], attachedRole: string) { + if (typeof assumeRolePattern === 'string') { assumeRolePattern = [assumeRolePattern]; } + + return { + PolicyDocument: { + Statement: [{ + Action: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'], + Effect: 'Allow', + Resource: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:logs:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:log-group:/aws/codebuild/*`, + ]], + }, + }, + { + Action: ['codebuild:CreateReportGroup', 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases', 'codebuild:BatchPutCodeCoverages'], + Effect: 'Allow', + Resource: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:codebuild:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:report-group/*`, + ]], + }, + }, + { + Action: ['codebuild:BatchGetBuilds', 'codebuild:StartBuild', 'codebuild:StopBuild'], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Resource: unsingleton(assumeRolePattern.map(arn => { return { 'Fn::Sub': arn }; })), + }, + { + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Effect: 'Allow', + Resource: [ + { 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, + { 'Fn::Join': ['', [{ 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, '/*']] }, + ], + }, + { + Action: ['kms:Decrypt', 'kms:DescribeKey'], + Effect: 'Allow', + Resource: { 'Fn::GetAtt': ['CdkPipelineArtifactsBucketEncryptionKeyDDD3258C', 'Arn'] }, + }], + }, + Roles: [{ Ref: attachedRole }], + }; +} + beforeEach(() => { app = new TestApp(); pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); @@ -26,550 +81,170 @@ afterEach(() => { }); describe('basic pipeline', () => { - behavior('no assets stage if the application has no assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new PlainStackApp(app, 'App')); - THEN_codePipelineExpectation(); - }); + test('no assets stage if the application has no assets', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new PlainStackApp(app, 'App')); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new PlainStackApp(app, 'App')); - - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.not(Match.arrayWith([Match.objectLike({ + Name: 'Assets', + })])), }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.not(Match.arrayWith([Match.objectLike({ - Name: 'Assets', - })])), - }); - } }); - describe('asset stage placement', () => { - behavior('assets stage comes before any user-defined stages', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: 'Assets' }), - Match.objectLike({ Name: 'App' }), - ], - }); - } - }); - - behavior('up to 50 assets fit in a single stage', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new MegaAssetsApp(app, 'App', { numAssets: 50 })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 50 })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: 'Assets' }), - Match.objectLike({ Name: 'App' }), - ], - }); - } - }); - - behavior('51 assets triggers a second stage', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new MegaAssetsApp(app, 'App', { numAssets: 51 })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 51 })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: stringLike('Assets*') }), - Match.objectLike({ Name: stringLike('Assets*2') }), - Match.objectLike({ Name: 'App' }), - ], - }); - } - }); - - behavior('101 assets triggers a third stage', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new MegaAssetsApp(app, 'App', { numAssets: 101 })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 101 })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: stringLike('Assets*') }), // 'Assets' vs 'Assets.1' - Match.objectLike({ Name: stringLike('Assets*2') }), - Match.objectLike({ Name: stringLike('Assets*3') }), - Match.objectLike({ Name: 'App' }), - ], - }); - } + test('assets stage comes before any user-defined stages', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new FileAssetApp(app, 'App')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: 'Assets' }), + Match.objectLike({ Name: 'App' }), + ], }); }); - behavior('command line properly locates assets in subassembly', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); + test('up to 50 assets fit in a single stage', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 50 })); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: 'Assets' }), + Match.objectLike({ Name: 'App' }), + ], }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith([`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`]), - }, - }, - })), - }, - }); - } }); - behavior('multiple assets are published in parallel', (suite) => { - suite.legacy(() => { + describe('asset stage placement', () => { + test('51 assets triggers a second stage', () => { // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 51 })); - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - Match.objectLike({ RunOrder: 1 }), - Match.objectLike({ RunOrder: 1 }), - ], - }]), + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: stringLike('Assets*') }), + Match.objectLike({ Name: stringLike('Assets*2') }), + Match.objectLike({ Name: 'App' }), + ], }); - } - }); - - behavior('assets are also published when using the lower-level addStackArtifactDeployment', (suite) => { - suite.legacy(() => { - // GIVEN - const asm = new FileAssetApp(app, 'FileAssetApp').synth(); + }, + ); - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage('SomeStage').addStackArtifactDeployment(asm.getStackByName('FileAssetApp-Stack')); + test('101 assets triggers a third stage', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 101 })); - // THEN Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - Match.objectLike({ - Name: 'FileAsset1', - RunOrder: 1, - }), - ], - }]), + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: stringLike('Assets*') }), // 'Assets' vs 'Assets.1' + Match.objectLike({ Name: stringLike('Assets*2') }), + Match.objectLike({ Name: stringLike('Assets*3') }), + Match.objectLike({ Name: 'App' }), + ], }); - }); - - // This function does not exist in the modern API - suite.doesNotApply.modern(); + }, + ); }); - behavior('file image asset publishers do not use privilegedmode', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); + test('command line properly locates assets in subassembly', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith([stringLike('cdk-assets *')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: Match.arrayWith([`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`]), }, - })), - }, - Environment: Match.objectLike({ - PrivilegedMode: false, - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }), - }); - } - }); - - behavior('docker image asset publishers use privilegedmode', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); + }, + })), + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith([stringLike('cdk-assets *')]), - }, - }, - })), - }, - Environment: Match.objectLike({ - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - PrivilegedMode: true, - }), - }); - } }); - behavior('can control fix/CLI version used in asset publishing', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - cdkCliVersion: '1.2.3', - }); - pipeline.addApplicationStage(new FileAssetApp(pipelineStack, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - cliVersion: '1.2.3', - }); - pipeline.addStage(new FileAssetApp(pipelineStack, 'FileAssetApp')); + test('multiple assets are published in parallel', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Assets', + Actions: [ + Match.objectLike({ RunOrder: 1 }), + Match.objectLike({ RunOrder: 1 }), + ], + }]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm install -g cdk-assets@1.2.3'], - }, - }, - })), - }, - }); - } }); - describe('asset roles and policies', () => { - behavior('includes file publishing assets role for apps with file assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new FileAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { - AssumeRolePolicyDocument: { - Statement: [ - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Principal: { - Service: 'codebuild.amazonaws.com', - }, - }, - ], - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); - } - }); - - behavior('publishing assets role may assume roles from multiple environments', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - pipeline.addApplicationStage(new FileAssetApp(app, 'App2', { - env: { - account: '0123456789012', - region: 'eu-west-1', - }, - })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - - pipeline.addStage(new FileAssetApp(app, 'App1')); - pipeline.addStage(new FileAssetApp(app, 'App2', { - env: { - account: '0123456789012', - region: 'eu-west-1', - }, - })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy([FILE_PUBLISHING_ROLE, 'arn:${AWS::Partition}:iam::0123456789012:role/cdk-hnb659fds-file-publishing-role-0123456789012-eu-west-1'], - 'CdkAssetsFileRole6BE17A07')); - } - }); - - behavior('publishing assets role de-dupes assumed roles', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - pipeline.addApplicationStage(new FileAssetApp(app, 'App2')); - pipeline.addApplicationStage(new FileAssetApp(app, 'App3')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new FileAssetApp(app, 'App1')); - pipeline.addStage(new FileAssetApp(app, 'App2')); - pipeline.addStage(new FileAssetApp(app, 'App3')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); - } - }); - - behavior('includes image publishing assets role for apps with Docker assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); + test('file image asset publishers do not use privilegedmode', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { - AssumeRolePolicyDocument: { - Statement: [ - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Principal: { - Service: 'codebuild.amazonaws.com', - }, - }, - ], + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: Match.arrayWith([stringLike('cdk-assets *')]), + }, }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); - } - }); - - behavior('includes both roles for apps with both file and Docker assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App2')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new FileAssetApp(app, 'App1')); - pipeline.addStage(new DockerAssetApp(app, 'App2')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); - } + })), + }, + Environment: Match.objectLike({ + PrivilegedMode: false, + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }), }); }); -}); -behavior('can supply pre-install scripts to asset upload', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - assetPreInstallCommands: [ - 'npm config set registry https://registry.com', - ], - }); - pipeline.addApplicationStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); + test('docker image asset publishers use privilegedmode', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - assetPublishingCodeBuildDefaults: { - partialBuildSpec: cb.BuildSpec.fromObject({ - version: '0.2', + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ phases: { - install: { - commands: [ - 'npm config set registry https://registry.com', - ], + build: { + commands: Match.arrayWith([stringLike('cdk-assets *')]), }, }, - }), + })), }, + Environment: Match.objectLike({ + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + PrivilegedMode: true, + }), }); - pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); }); - function THEN_codePipelineExpectation() { + test('can control fix/CLI version used in asset publishing', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + cliVersion: '1.2.3', + }); + pipeline.addStage(new FileAssetApp(pipelineStack, 'FileAssetApp')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, @@ -578,379 +253,297 @@ behavior('can supply pre-install scripts to asset upload', (suite) => { BuildSpec: Match.serializedJson(Match.objectLike({ phases: { install: { - commands: ['npm config set registry https://registry.com', 'npm install -g cdk-assets@2'], + commands: ['npm install -g cdk-assets@1.2.3'], }, }, - })), - }, - }); - } -}); - -describe('pipeline with VPC', () => { - let vpc: ec2.Vpc; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'Vpc'); - }); - - behavior('asset CodeBuild Project uses VPC subnets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - vpc, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - VpcConfig: Match.objectLike({ - SecurityGroupIds: [ - { 'Fn::GetAtt': ['CdkAssetsDockerAsset1SecurityGroup078F5C66', 'GroupId'] }, - ], - Subnets: [ - { Ref: 'VpcPrivateSubnet1Subnet536B997A' }, - { Ref: 'VpcPrivateSubnet2Subnet3788AAA1' }, - { Ref: 'VpcPrivateSubnet3SubnetF258B56E' }, - ], - VpcId: { Ref: 'Vpc8378EB38' }, - }), - }); - } - }); - - behavior('Pipeline-generated CodeBuild Projects have appropriate execution role permissions', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - vpc, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - THEN_codePipelineExpectation(); + })), + }, }); - - function THEN_codePipelineExpectation() { - // Assets Project - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - Roles: [ - { Ref: 'CdkAssetsDockerRole484B6DD3' }, - ], - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), - Effect: 'Allow', - Resource: '*', - }]), - }, - }); - } }); - behavior('Asset publishing CodeBuild Projects have correct VPC permissions', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - vpc, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { + describe('asset roles and policies', () => { + test('includes file publishing assets role for apps with file assets', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - THEN_codePipelineExpectation(); - }); + pipeline.addStage(new FileAssetApp(app, 'App1')); - function THEN_codePipelineExpectation() { - // Assets Project - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { Statement: [ - Match.objectLike({ - Resource: '*', - Action: [ - 'ec2:CreateNetworkInterface', - 'ec2:DescribeNetworkInterfaces', - 'ec2:DeleteNetworkInterface', - 'ec2:DescribeSubnets', - 'ec2:DescribeSecurityGroups', - 'ec2:DescribeDhcpOptions', - 'ec2:DescribeVpcs', - ], - }), + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codebuild.amazonaws.com', + }, + }, ], }, - Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], }); - Template.fromStack(pipelineStack).hasResource('AWS::CodeBuild::Project', { - Properties: { - ServiceRole: { 'Fn::GetAtt': ['CdkAssetsDockerRole484B6DD3', 'Arn'] }, - }, - DependsOn: [ - 'CdkAssetsDockerAsset1PolicyDocument8DA96A22', - ], - }); - } - }); -}); - -describe('pipeline with single asset publisher', () => { - behavior('multiple assets are using the same job in singlePublisherMode', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - singlePublisherPerType: true, - }); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); + }, + ); - suite.modern(() => { + test('publishing assets role may assume roles from multiple environments', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - publishAssetsInParallel: false, + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - function THEN_codePipelineExpectation() { - // THEN - const buildSpecName = new Capture(stringLike('buildspec-*.yaml')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - // Only one file asset action - Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), - ], - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: buildSpecName, + pipeline.addStage(new FileAssetApp(app, 'App1')); + pipeline.addStage(new FileAssetApp(app, 'App2', { + env: { + account: '0123456789012', + region: 'eu-west-1', }, - }); - const assembly = synthesize(pipelineStack); - - const actualFileName = buildSpecName.asString(); + })); - const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, actualFileName), { encoding: 'utf-8' })); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); - } - }); - - behavior('other pipeline writes to separate assets build spec file', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - singlePublisherPerType: true, - }); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy([FILE_PUBLISHING_ROLE, 'arn:${AWS::Partition}:iam::0123456789012:role/cdk-hnb659fds-file-publishing-role-0123456789012-eu-west-1'], + 'CdkAssetsFileRole6BE17A07')); + }, + ); - const pipelineStack2 = new Stack(app, 'PipelineStack2', { env: PIPELINE_ENV }); - const otherPipeline = new LegacyTestGitHubNpmPipeline(pipelineStack2, 'Cdk', { - singlePublisherPerType: true, + test('publishing assets role de-dupes assumed roles', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - otherPipeline.addApplicationStage(new TwoFileAssetsApp(app, 'OtherFileAssetApp')); + pipeline.addStage(new FileAssetApp(app, 'App1')); + pipeline.addStage(new FileAssetApp(app, 'App2')); + pipeline.addStage(new FileAssetApp(app, 'App3')); - THEN_codePipelineExpectation(pipelineStack2); - }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); + }, + ); - suite.modern(() => { + test('includes image publishing assets role for apps with Docker assets', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - publishAssetsInParallel: false, - }); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - const pipelineStack2 = new Stack(app, 'PipelineStack2', { env: PIPELINE_ENV }); - const otherPipeline = new ModernTestGitHubNpmPipeline(pipelineStack2, 'Cdk', { - publishAssetsInParallel: false, + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - otherPipeline.addStage(new TwoFileAssetsApp(app, 'OtherFileAssetApp')); - - THEN_codePipelineExpectation(pipelineStack2); - }); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - function THEN_codePipelineExpectation(pipelineStack2: Stack) { - // THEN - const buildSpecName1 = new Capture(stringLike('buildspec-*.yaml')); - const buildSpecName2 = new Capture(stringLike('buildspec-*.yaml')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: buildSpecName1, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codebuild.amazonaws.com', + }, + }, + ], }, }); - Template.fromStack(pipelineStack2).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: buildSpecName2, - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); + }, + ); + + test('includes both roles for apps with both file and Docker assets', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); + pipeline.addStage(new FileAssetApp(app, 'App1')); + pipeline.addStage(new DockerAssetApp(app, 'App2')); - expect(buildSpecName1.asString()).not.toEqual(buildSpecName2.asString()); - } + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); + }, + ); }); }); -describe('pipeline with custom asset publisher BuildSpec', () => { - - behavior('custom buildspec is merged correctly', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - singlePublisherPerType: true, - assetBuildSpec: cb.BuildSpec.fromObject({ - phases: { - pre_install: { - commands: 'preinstall', - }, +test('can supply pre-install scripts to asset upload', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + assetPublishingCodeBuildDefaults: { + partialBuildSpec: cb.BuildSpec.fromObject({ + version: '0.2', + phases: { + install: { + commands: [ + 'npm config set registry https://registry.com', + ], }, - cache: { - paths: 'node_modules', + }, + }), + }, + }); + pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm config set registry https://registry.com', 'npm install -g cdk-assets@2'], }, - }), - }); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + }, + })), + }, + }); +}); + +describe('pipeline with VPC', () => { + let vpc: ec2.Vpc; + beforeEach(() => { + vpc = new ec2.Vpc(pipelineStack, 'Vpc'); + }); - THEN_codePipelineExpectation(); + test('asset CodeBuild Project uses VPC subnets', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, }); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - publishAssetsInParallel: false, - assetPublishingCodeBuildDefaults: { - partialBuildSpec: cb.BuildSpec.fromObject({ - phases: { - pre_install: { - commands: 'preinstall', - }, - }, - cache: { - paths: 'node_modules', - }, - }), - }, - }); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: Match.objectLike({ + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkAssetsDockerAsset1SecurityGroup078F5C66', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'VpcPrivateSubnet1Subnet536B997A' }, + { Ref: 'VpcPrivateSubnet2Subnet3788AAA1' }, + { Ref: 'VpcPrivateSubnet3SubnetF258B56E' }, + ], + VpcId: { Ref: 'Vpc8378EB38' }, + }), + }); + }); - THEN_codePipelineExpectation(); + test('Pipeline-generated CodeBuild Projects have appropriate execution role permissions', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, + }); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); + // Assets Project + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkAssetsDockerRole484B6DD3' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, }); + }); - function THEN_codePipelineExpectation() { - const buildSpecName = new Capture(stringLike('buildspec-*')); + test('Asset publishing CodeBuild Projects have correct VPC permissions', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, + }); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); + // Assets Project + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + Match.objectLike({ + Resource: '*', + Action: [ + 'ec2:CreateNetworkInterface', + 'ec2:DescribeNetworkInterfaces', + 'ec2:DeleteNetworkInterface', + 'ec2:DescribeSubnets', + 'ec2:DescribeSecurityGroups', + 'ec2:DescribeDhcpOptions', + 'ec2:DescribeVpcs', + ], + }), + ], + }, + Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], + }); + Template.fromStack(pipelineStack).hasResource('AWS::CodeBuild::Project', { + Properties: { + ServiceRole: { 'Fn::GetAtt': ['CdkAssetsDockerRole484B6DD3', 'Arn'] }, + }, + DependsOn: [ + 'CdkAssetsDockerAsset1PolicyDocument8DA96A22', + ], + }); + }); +}); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - // Only one file asset action - Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), - ], - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: buildSpecName, +test('adding environment variable to assets job adds SecretsManager permissions', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + assetPublishingCodeBuildDefaults: { + buildEnvironment: { + environmentVariables: { + FOOBAR: { + value: 'FoobarSecret', + type: cb.BuildEnvironmentVariableType.SECRETS_MANAGER, + }, }, - }); - const assembly = synthesize(pipelineStack); - const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, buildSpecName.asString())).toString()); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); - expect(buildSpec.phases.pre_install.commands).toContain('preinstall'); - expect(buildSpec.cache.paths).toContain('node_modules'); - } + }, + }, + }); + pipeline.addStage(new FileAssetApp(pipelineStack, 'MyApp')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + Match.objectLike({ + Action: 'secretsmanager:GetSecretValue', + Effect: 'Allow', + Resource: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':secretsmanager:us-pipeline:123pipeline:secret:FoobarSecret-??????', + ]], + }, + }), + ]), + }, }); }); -function expectedAssetRolePolicy(assumeRolePattern: string | string[], attachedRole: string) { - if (typeof assumeRolePattern === 'string') { assumeRolePattern = [assumeRolePattern]; } +describe('pipeline with single asset publisher', () => { + test('other pipeline writes to separate assets build spec file', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + publishAssetsInParallel: false, + }); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - return { - PolicyDocument: { - Statement: [{ - Action: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'], - Effect: 'Allow', - Resource: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - `:logs:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:log-group:/aws/codebuild/*`, - ]], - }, - }, - { - Action: ['codebuild:CreateReportGroup', 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases', 'codebuild:BatchPutCodeCoverages'], - Effect: 'Allow', - Resource: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - `:codebuild:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:report-group/*`, - ]], - }, - }, - { - Action: ['codebuild:BatchGetBuilds', 'codebuild:StartBuild', 'codebuild:StopBuild'], - Effect: 'Allow', - Resource: '*', - }, - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Resource: unsingleton(assumeRolePattern.map(arn => { return { 'Fn::Sub': arn }; })), + const pipelineStack2 = new Stack(app, 'PipelineStack2', { env: PIPELINE_ENV }); + const otherPipeline = new ModernTestGitHubNpmPipeline(pipelineStack2, 'Cdk-2', { + publishAssetsInParallel: false, + }); + otherPipeline.addStage(new TwoFileAssetsApp(app, 'OtherFileAssetApp')); + // THEN + const buildSpecName1 = new Capture(stringLike('buildspec-*.yaml')); + const buildSpecName2 = new Capture(stringLike('buildspec-*.yaml')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: buildSpecName1, }, - { - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Effect: 'Allow', - Resource: [ - { 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, - { 'Fn::Join': ['', [{ 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, '/*']] }, - ], + }); + Template.fromStack(pipelineStack2).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: buildSpecName2, }, - { - Action: ['kms:Decrypt', 'kms:DescribeKey'], - Effect: 'Allow', - Resource: { 'Fn::GetAtt': ['CdkPipelineArtifactsBucketEncryptionKeyDDD3258C', 'Arn'] }, - }], - }, - Roles: [{ Ref: attachedRole }], - }; -} + }); -behavior('necessary secrets manager permissions get added to asset roles', suite => { - // Not possible to configure this for legacy pipelines - suite.doesNotApply.legacy(); + expect(buildSpecName1.asString()).not.toEqual(buildSpecName2.asString()); + }); - suite.modern(() => { + test('necessary secrets manager permissions get added to asset roles', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { assetPublishingCodeBuildDefaults: { buildEnvironment: { @@ -965,10 +558,6 @@ behavior('necessary secrets manager permissions get added to asset roles', suite }); pipeline.addStage(new FileAssetApp(pipelineStack, 'MyApp')); - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { Statement: Match.arrayWith([{ @@ -990,50 +579,94 @@ behavior('necessary secrets manager permissions get added to asset roles', suite { Ref: 'PipelineAssetsFileRole59943A77' }, ], }); - } -}); + }); + + test('multiple assets are using the same job in singlePublisherMode', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + publishAssetsInParallel: false, + }); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + + // THEN + const buildSpecName = new Capture(stringLike('buildspec-*.yaml')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Assets', + Actions: [ + // Only one file asset action + Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), + ], + }]), + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: buildSpecName, + }, + }); + const assembly = synthesize(pipelineStack); -behavior('adding environment variable to assets job adds SecretsManager permissions', suite => { - // No way to manipulate buildEnvironment in legacy API - suite.doesNotApply.legacy(); + const actualFileName = buildSpecName.asString(); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, actualFileName), { encoding: 'utf-8' })); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); + }); +}); + +describe('pipeline with custom asset publisher BuildSpec', () => { + test('custom buildspec is merged correctly', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + publishAssetsInParallel: false, assetPublishingCodeBuildDefaults: { - buildEnvironment: { - environmentVariables: { - FOOBAR: { - value: 'FoobarSecret', - type: cb.BuildEnvironmentVariableType.SECRETS_MANAGER, + partialBuildSpec: cb.BuildSpec.fromObject({ + phases: { + pre_install: { + commands: 'preinstall', }, }, - }, + cache: { + paths: 'node_modules', + }, + }), }, }); - pipeline.addStage(new FileAssetApp(pipelineStack, 'MyApp')); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([ - Match.objectLike({ - Action: 'secretsmanager:GetSecretValue', - Effect: 'Allow', - Resource: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':secretsmanager:us-pipeline:123pipeline:secret:FoobarSecret-??????', - ]], - }, - }), - ]), + const buildSpecName = new Capture(stringLike('buildspec-*')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Assets', + Actions: [ + // Only one file asset action + Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), + ], + }]), + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: buildSpecName, }, }); + + const assembly = synthesize(pipelineStack); + const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, buildSpecName.asString())).toString()); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); + expect(buildSpec.phases.pre_install.commands).toContain('preinstall'); + expect(buildSpec.cache.paths).toContain('node_modules'); }); }); function synthesize(stack: Stack) { - const root = stack.node.root; + const root = Stage.of(stack); if (!Stage.isStage(root)) { throw new Error('unexpected: all stacks must be part of a Stage'); } diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts index 75d58084dadfb..8ca4d83650a8f 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts @@ -4,7 +4,7 @@ import * as path from 'path'; import { Construct } from 'constructs'; import { Capture, Match, Template } from '../../../assertions'; import { Stack, Stage, StageProps, Tags } from '../../../core'; -import { behavior, LegacyTestGitHubNpmPipeline, OneStackApp, BucketStack, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; +import { OneStackApp, BucketStack, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -18,204 +18,132 @@ afterEach(() => { app.cleanup(); }); -behavior('stack templates in nested assemblies are correctly addressed', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'App', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: stringLike('*Prepare'), - InputArtifacts: [Match.objectLike({})], - Configuration: Match.objectLike({ - StackName: 'App-Stack', - TemplatePath: stringLike('*::assembly-App/*.template.json'), - }), +test('stack templates in nested assemblies are correctly addressed', () => { + + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackApp(app, 'App')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'App', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: stringLike('*Prepare'), + InputArtifacts: [Match.objectLike({})], + Configuration: Match.objectLike({ + StackName: 'App-Stack', + TemplatePath: stringLike('*::assembly-App/*.template.json'), }), - ]), - }]), - }); - } + }), + ]), + }]), + }); }); -behavior('obvious error is thrown when stage contains no stacks', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - - // WHEN - expect(() => { - pipeline.addApplicationStage(new Stage(app, 'EmptyStage')); - }).toThrow(/should contain at least one Stack/); - }); +test('obvious error is thrown when stage contains no stacks', () => { - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - // WHEN - expect(() => { - pipeline.addStage(new Stage(app, 'EmptyStage')); - }).toThrow(/should contain at least one Stack/); - }); + // WHEN + expect(() => { + pipeline.addStage(new Stage(app, 'EmptyStage')); + }).toThrow(/should contain at least one Stack/); }); -behavior('overridden stack names are respected', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackAppWithCustomName(app, 'App1')); - pipeline.addApplicationStage(new OneStackAppWithCustomName(app, 'App2')); - - THEN_codePipelineExpectation(); - }); +test('overridden stack names are respected', () => { - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackAppWithCustomName(app, 'App1')); - pipeline.addStage(new OneStackAppWithCustomName(app, 'App2')); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackAppWithCustomName(app, 'App1')); + pipeline.addStage(new OneStackAppWithCustomName(app, 'App2')); - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'App1', + Actions: Match.arrayWith([Match.objectLike({ + Name: stringLike('*Prepare'), + Configuration: Match.objectLike({ + StackName: 'MyFancyStack', + }), + })]), + }, + { + Name: 'App2', + Actions: Match.arrayWith([Match.objectLike({ + Name: stringLike('*Prepare'), + Configuration: Match.objectLike({ + StackName: 'MyFancyStack', + }), + })]), + }, + ]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'App1', - Actions: Match.arrayWith([Match.objectLike({ - Name: stringLike('*Prepare'), - Configuration: Match.objectLike({ - StackName: 'MyFancyStack', - }), - })]), - }, - { - Name: 'App2', - Actions: Match.arrayWith([Match.objectLike({ - Name: stringLike('*Prepare'), - Configuration: Match.objectLike({ - StackName: 'MyFancyStack', - }), - })]), - }, - ]), - }); - } }); -behavior('changing CLI version leads to a different pipeline structure (restarting it)', (suite) => { - suite.legacy(() => { - // GIVEN - const stack2 = new Stack(app, 'Stack2', { env: PIPELINE_ENV }); - const stack3 = new Stack(app, 'Stack3', { env: PIPELINE_ENV }); +test('changing CLI version leads to a different pipeline structure (restarting it)', () => { - // WHEN - new LegacyTestGitHubNpmPipeline(stack2, 'Cdk', { - cdkCliVersion: '1.2.3', - }); - new LegacyTestGitHubNpmPipeline(stack3, 'Cdk', { - cdkCliVersion: '4.5.6', - }); + // GIVEN + const stack2 = new Stack(app, 'Stack2', { env: PIPELINE_ENV }); + const stack3 = new Stack(app, 'Stack3', { env: PIPELINE_ENV }); - THEN_codePipelineExpectation(stack2, stack3); + // WHEN + new ModernTestGitHubNpmPipeline(stack2, 'Cdk', { + cliVersion: '1.2.3', }); - - suite.modern(() => { - // GIVEN - const stack2 = new Stack(app, 'Stack2', { env: PIPELINE_ENV }); - const stack3 = new Stack(app, 'Stack3', { env: PIPELINE_ENV }); - - // WHEN - new ModernTestGitHubNpmPipeline(stack2, 'Cdk', { - cliVersion: '1.2.3', - }); - new ModernTestGitHubNpmPipeline(stack3, 'Cdk', { - cliVersion: '4.5.6', - }); - - THEN_codePipelineExpectation(stack2, stack3); + new ModernTestGitHubNpmPipeline(stack3, 'Cdk', { + cliVersion: '4.5.6', }); - function THEN_codePipelineExpectation(stack2: Stack, stack3: Stack) { - // THEN - const structure2 = new Capture(); - const structure3 = new Capture(); - - Template.fromStack(stack2).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: structure2, - }); - Template.fromStack(stack3).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: structure3, - }); - - expect(JSON.stringify(structure2.asArray())).not.toEqual(JSON.stringify(structure3.asArray())); - } -}); - -behavior('tags get reflected in pipeline', (suite) => { - suite.legacy(() => { - // WHEN - const stage = new OneStackApp(app, 'App'); - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - Tags.of(stage).add('CostCenter', 'F00B4R'); - pipeline.addApplicationStage(stage); + // THEN + const structure2 = new Capture(); + const structure3 = new Capture(); - THEN_codePipelineExpectation(); + Template.fromStack(stack2).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: structure2, }); - - suite.modern(() => { - // WHEN - const stage = new OneStackApp(app, 'App'); - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - Tags.of(stage).add('CostCenter', 'F00B4R'); - pipeline.addStage(stage); - THEN_codePipelineExpectation(); + Template.fromStack(stack3).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: structure3, }); - function THEN_codePipelineExpectation() { - // THEN - const templateConfig = new Capture(); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'App', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: stringLike('*Prepare'), - InputArtifacts: [Match.objectLike({})], - Configuration: Match.objectLike({ - StackName: 'App-Stack', - TemplateConfiguration: templateConfig, - }), + expect(JSON.stringify(structure2.asArray())).not.toEqual(JSON.stringify(structure3.asArray())); +}); + +test('tags get reflected in pipeline', () => { + + // WHEN + const stage = new OneStackApp(app, 'App'); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + Tags.of(stage).add('CostCenter', 'F00B4R'); + pipeline.addStage(stage); + + // THEN + const templateConfig = new Capture(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'App', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: stringLike('*Prepare'), + InputArtifacts: [Match.objectLike({})], + Configuration: Match.objectLike({ + StackName: 'App-Stack', + TemplateConfiguration: templateConfig, }), - ]), - }]), - }); + }), + ]), + }]), + }); - expect(templateConfig.asString()).toMatch(/::assembly-App\/.*\.template\..*json/); - const [, relConfigFile] = templateConfig.asString().split('::'); - const absConfigFile = path.join(app.outdir, relConfigFile); - const configFile = JSON.parse(fs.readFileSync(absConfigFile, { encoding: 'utf-8' })); - expect(configFile).toEqual(expect.objectContaining({ - Tags: { - CostCenter: 'F00B4R', - }, - })); - } + expect(templateConfig.asString()).toMatch(/::assembly-App\/.*\.template\..*json/); + const [, relConfigFile] = templateConfig.asString().split('::'); + const absConfigFile = path.join(app.outdir, relConfigFile); + const configFile = JSON.parse(fs.readFileSync(absConfigFile, { encoding: 'utf-8' })); + expect(configFile).toEqual(expect.objectContaining({ + Tags: { + CostCenter: 'F00B4R', + }, + })); }); class OneStackAppWithCustomName extends Stage { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts index e0266239dff2d..60f38abc0bd49 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts @@ -6,7 +6,7 @@ import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CodeBuildStep } from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, DockerAssetApp, stringLike } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, DockerAssetApp, stringLike } from '../testhelpers'; const secretSynthArn = 'arn:aws:secretsmanager:eu-west-1:0123456789012:secret:synth-012345'; const secretUpdateArn = 'arn:aws:secretsmanager:eu-west-1:0123456789012:secret:update-012345'; @@ -30,248 +30,173 @@ afterEach(() => { app.cleanup(); }); -behavior('synth action receives install commands and access to relevant credentials', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); +test('synth action receives install commands and access to relevant credentials', () => { - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'App1')); + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - THEN_codePipelineExpectation(); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, }); - function THEN_codePipelineExpectation() { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: Match.arrayWith([ - 'mkdir $HOME/.cdk', - `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the Synth project - build: { - commands: Match.arrayWith([stringLike('*cdk*synth*')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir $HOME/.cdk', + `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, + ]), }, - })), - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], - Effect: 'Allow', - Resource: secretSynthArn, - }]), - Version: '2012-10-17', - }, - Roles: [{ Ref: stringLike('Cdk*BuildProjectRole*') }], - }); - } + // Prove we're looking at the Synth project + build: { + commands: Match.arrayWith([stringLike('*cdk*synth*')]), + }, + }, + })), + }, + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: secretSynthArn, + }]), + Version: '2012-10-17', + }, + Roles: [{ Ref: stringLike('Cdk*BuildProjectRole*') }], + }); }); -behavior('synth action receives Windows install commands if a Windows image is detected', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk2', { - npmSynthOptions: { - environment: { - buildImage: cb.WindowsBuildImage.WINDOWS_BASE_2_0, - }, +test('synth action receives Windows install commands if a Windows image is detected', () => { + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk2', { + synth: new CodeBuildStep('Synth', { + commands: ['cdk synth'], + primaryOutputDirectory: 'cdk.out', + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + buildEnvironment: { + buildImage: cb.WindowsBuildImage.WINDOWS_BASE_2_0, + computeType: cb.ComputeType.MEDIUM, }, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); + }), }); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk2', { - synth: new CodeBuildStep('Synth', { - commands: ['cdk synth'], - primaryOutputDirectory: 'cdk.out', - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - buildEnvironment: { - buildImage: cb.WindowsBuildImage.WINDOWS_BASE_2_0, - computeType: cb.ComputeType.MEDIUM, - }, - }), - }); - pipeline.addStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, }); - function THEN_codePipelineExpectation() { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: 'aws/codebuild/windows-base:2.0' }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: Match.arrayWith([ - 'mkdir %USERPROFILE%\\.cdk', - `echo '${expectedCredsConfig}' > %USERPROFILE%\\.cdk\\cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the Synth project - build: { - commands: Match.arrayWith([stringLike('*cdk*synth*')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: 'aws/codebuild/windows-base:2.0' }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir %USERPROFILE%\\.cdk', + `echo '${expectedCredsConfig}' > %USERPROFILE%\\.cdk\\cdk-docker-creds.json`, + ]), }, - })), - }, - }); - } -}); - -behavior('self-update receives install commands and access to relevant credentials', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation('install'); + // Prove we're looking at the Synth project + build: { + commands: Match.arrayWith([stringLike('*cdk*synth*')]), + }, + }, + })), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'App1')); +test('self-update receives install commands and access to relevant credentials', () => { + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - THEN_codePipelineExpectation('pre_build'); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'selfupdate.example.com': { secretsManagerSecretId: secretUpdateArn } }, }); - function THEN_codePipelineExpectation(expectedPhase: string) { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'selfupdate.example.com': { secretsManagerSecretId: secretUpdateArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [expectedPhase]: { - commands: Match.arrayWith([ - 'mkdir $HOME/.cdk', - `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the SelfMutate project - build: { - commands: Match.arrayWith([ - stringLike('cdk * deploy PipelineStack*'), - ]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir $HOME/.cdk', + `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, + ]), }, - })), - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], - Effect: 'Allow', - Resource: secretUpdateArn, - }]), - Version: '2012-10-17', - }, - Roles: [{ Ref: stringLike('*SelfMutat*Role*') }], - }); - } + // Prove we're looking at the SelfMutate project + build: { + commands: Match.arrayWith([ + stringLike('cdk * deploy PipelineStack*'), + ]), + }, + }, + })), + }, + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: secretUpdateArn, + }]), + Version: '2012-10-17', + }, + Roles: [{ Ref: stringLike('*SelfMutat*Role*') }], + }); }); -behavior('asset publishing receives install commands and access to relevant credentials', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation('install'); - }); +test('asset publishing receives install commands and access to relevant credentials', () => { - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'App1')); + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - THEN_codePipelineExpectation('pre_build'); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'publish.example.com': { secretsManagerSecretId: secretPublishArn } }, }); - function THEN_codePipelineExpectation(expectedPhase: string) { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'publish.example.com': { secretsManagerSecretId: secretPublishArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [expectedPhase]: { - commands: Match.arrayWith([ - 'mkdir $HOME/.cdk', - `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the Publishing project - build: { - commands: Match.arrayWith([stringLike('cdk-assets*')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir $HOME/.cdk', + `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, + ]), }, - })), - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], - Effect: 'Allow', - Resource: secretPublishArn, - }]), - Version: '2012-10-17', - }, - Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], - }); - } + // Prove we're looking at the Publishing project + build: { + commands: Match.arrayWith([stringLike('cdk-assets*')]), + }, + }, + })), + }, + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: secretPublishArn, + }]), + Version: '2012-10-17', + }, + Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], + }); }); -class LegacyPipelineWithCreds extends LegacyTestGitHubNpmPipeline { - constructor(scope: Construct, id: string, props?: ConstructorParameters[2]) { - super(scope, id, { - dockerCredentials: [ - cdkp.DockerCredential.customRegistry('synth.example.com', secretSynth, { - usages: [cdkp.DockerCredentialUsage.SYNTH], - }), - cdkp.DockerCredential.customRegistry('selfupdate.example.com', secretUpdate, { - usages: [cdkp.DockerCredentialUsage.SELF_UPDATE], - }), - cdkp.DockerCredential.customRegistry('publish.example.com', secretPublish, { - usages: [cdkp.DockerCredentialUsage.ASSET_PUBLISHING], - }), - ], - ...props, - }); - } -} - class ModernPipelineWithCreds extends ModernTestGitHubNpmPipeline { constructor(scope: Construct, id: string, props?: ConstructorParameters[2]) { super(scope, id, { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts index 777ffb83a0d2c..7af68c900ff43 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts @@ -1,7 +1,7 @@ /* eslint-disable import/no-extraneous-dependencies */ import { Match, Template } from '../../../assertions'; import { Stack } from '../../../core'; -import { behavior, LegacyTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; +import { OneStackApp, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -15,378 +15,387 @@ afterEach(() => { app.cleanup(); }); -behavior('action has right settings for same-env deployment', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'Same')); - - THEN_codePipelineExpection(agnosticRole); - }); - - suite.additional('legacy: even if env is specified but the same as the pipeline', () => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'Same', { - env: PIPELINE_ENV, - })); - - THEN_codePipelineExpection(pipelineEnvRole); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackApp(app, 'Same')); - - THEN_codePipelineExpection(agnosticRole); - }); - - suite.additional('modern: even if env is specified but the same as the pipeline', () => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackApp(app, 'Same', { - env: PIPELINE_ENV, - })); - - THEN_codePipelineExpection(pipelineEnvRole); - }); - - function THEN_codePipelineExpection(roleArn: (x: string) => any) { - // THEN: pipeline structure is correct - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Same', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), - RoleArn: roleArn('deploy-role'), - Configuration: Match.objectLike({ - StackName: 'Same-Stack', - RoleArn: roleArn('cfn-exec-role'), - }), - }), - Match.objectLike({ - Name: stringLike('*Deploy'), - RoleArn: roleArn('deploy-role'), - Configuration: Match.objectLike({ - StackName: 'Same-Stack', - }), - }), - ], - }]), - }); - - // THEN: artifact bucket can be read by deploy role - Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Principal: { - AWS: roleArn('deploy-role'), +test('action has right settings for same-env deployment', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackApp(app, 'Same')); + + // THEN: pipeline structure is correct + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Same', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-', + { Ref: 'AWS::Region' }, + ]], }, - })]), - }, - }); - } -}); - -behavior('action has right settings for cross-account deployment', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'CrossAccount', { env: { account: 'you' } })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - pipeline.addStage(new OneStackApp(app, 'CrossAccount', { env: { account: 'you' } })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN: Pipelien structure is correct - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'CrossAccount', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), + Configuration: Match.objectLike({ + StackName: 'Same-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-', + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-cfn-exec-role-', + { Ref: 'AWS::AccountId' }, + '-', { Ref: 'AWS::Region' }, ]], }, - Configuration: Match.objectLike({ - StackName: 'CrossAccount-Stack', - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-', - { Ref: 'AWS::Region' }, - ]], - }, - }), }), - Match.objectLike({ - Name: stringLike('*Deploy'), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-', + { Ref: 'AWS::Region' }, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'Same-Stack', + }), + }), + ], + }]), + }); + + // THEN: artifact bucket can be read by deploy role + Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-', + { Ref: 'AWS::Region' }, + ]], + }, + }, + })]), + }, + }); +}); + +test('even if env is specified but the same as the pipeline', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackApp(app, 'Same', { + env: PIPELINE_ENV, + })); + + // THEN: pipeline structure is correct + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Same', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-deploy-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'Same-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-', - { Ref: 'AWS::Region' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-cfn-exec-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, ]], }, - Configuration: Match.objectLike({ - StackName: 'CrossAccount-Stack', - }), }), - ], - }]), - }); + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-deploy-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'Same-Stack', + }), + }), + ], + }]), + }); + + // THEN: artifact bucket can be read by deploy role + Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-deploy-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, + ]], + }, + }, + })]), + }, + }); +}); - // THEN: Artifact bucket can be read by deploy role - Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Principal: { - AWS: { +test('action has right settings for cross-account deployment', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + crossAccountKeys: true, + }); + pipeline.addStage(new OneStackApp(app, 'CrossAccount', { env: { account: 'you' } })); + + // THEN: Pipelien structure is correct + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'CrossAccount', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-', + { Ref: 'AWS::Region' }, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'CrossAccount-Stack', + RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - stringLike('*-deploy-role-*'), + ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-', { Ref: 'AWS::Region' }, ]], }, + }), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-', + { Ref: 'AWS::Region' }, + ]], }, - })]), - }, - }); - } -}); - -behavior('action has right settings for cross-region deployment', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'CrossRegion', { env: { region: 'elsewhere' } })); + Configuration: Match.objectLike({ + StackName: 'CrossAccount-Stack', + }), + }), + ], + }]), + }); - THEN_codePipelineExpectation(); + // THEN: Artifact bucket can be read by deploy role + Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + stringLike('*-deploy-role-*'), + { Ref: 'AWS::Region' }, + ]], + }, + }, + })]), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - pipeline.addStage(new OneStackApp(app, 'CrossRegion', { env: { region: 'elsewhere' } })); +test('action has right settings for cross-region deployment', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + crossAccountKeys: true, }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'CrossRegion', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), + pipeline.addStage(new OneStackApp(app, 'CrossRegion', { env: { region: 'elsewhere' } })); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'CrossRegion', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossRegion-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, ':iam::', { Ref: 'AWS::AccountId' }, - ':role/cdk-hnb659fds-deploy-role-', + ':role/cdk-hnb659fds-cfn-exec-role-', { Ref: 'AWS::AccountId' }, '-elsewhere', ]], }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossRegion-Stack', - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::', - { Ref: 'AWS::AccountId' }, - ':role/cdk-hnb659fds-cfn-exec-role-', - { Ref: 'AWS::AccountId' }, - '-elsewhere', - ]], - }, - }), }), - Match.objectLike({ - Name: stringLike('*Deploy'), - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::', - { Ref: 'AWS::AccountId' }, - ':role/cdk-hnb659fds-deploy-role-', - { Ref: 'AWS::AccountId' }, - '-elsewhere', - ]], - }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossRegion-Stack', - }), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossRegion-Stack', }), - ], - }]), - }); - } -}); - -behavior('action has right settings for cross-account/cross-region deployment', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'CrossBoth', { - env: { - account: 'you', - region: 'elsewhere', - }, - })); - - THEN_codePipelineExpectations(); + }), + ], + }]), }); +}); - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - pipeline.addStage(new OneStackApp(app, 'CrossBoth', { - env: { - account: 'you', - region: 'elsewhere', - }, - })); - - THEN_codePipelineExpectations(); +test('action has right settings for cross-account/cross-region deployment', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + crossAccountKeys: true, }); - - function THEN_codePipelineExpectations() { - // THEN: pipeline structure must be correct - const stack = app.stackArtifact(pipelineStack); - expect(stack).toBeDefined(); - Template.fromStack(stack!).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'CrossBoth', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), + pipeline.addStage(new OneStackApp(app, 'CrossBoth', { + env: { + account: 'you', + region: 'elsewhere', + }, + })); + + // THEN: pipeline structure must be correct + const stack = app.stackArtifact(pipelineStack); + expect(stack).toBeDefined(); + Template.fromStack(stack!).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'CrossBoth', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossBoth-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', + ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-elsewhere', ]], }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossBoth-Stack', - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-elsewhere', - ]], - }, - }), }), - Match.objectLike({ - Name: stringLike('*Deploy'), - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', - ]], - }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossBoth-Stack', - }), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossBoth-Stack', }), - ], - }]), - }); + }), + ], + }]), + }); - // THEN: artifact bucket can be read by deploy role - const supportStack = app.stackArtifact('PipelineStack-support-elsewhere'); - expect(supportStack).toBeDefined(); - Template.fromStack(supportStack!).hasResourceProperties('AWS::S3::BucketPolicy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: Match.arrayWith(['s3:GetObject*', 's3:GetBucket*', 's3:List*']), - Principal: { - AWS: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - stringLike('*-deploy-role-*'), - ]], - }, + // THEN: artifact bucket can be read by deploy role + const supportStack = app.stackArtifact('PipelineStack-support-elsewhere'); + expect(supportStack).toBeDefined(); + Template.fromStack(supportStack!).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: Match.arrayWith(['s3:GetObject*', 's3:GetBucket*', 's3:List*']), + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + stringLike('*-deploy-role-*'), + ]], }, - })]), - }, - }); + }, + })]), + }, + }); - // And the key to go along with it - Template.fromStack(supportStack!).hasResourceProperties('AWS::KMS::Key', { - KeyPolicy: { - Statement: Match.arrayWith([Match.objectLike({ - Action: Match.arrayWith(['kms:Decrypt', 'kms:DescribeKey']), - Principal: { - AWS: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - stringLike('*-deploy-role-*'), - ]], - }, + // And the key to go along with it + Template.fromStack(supportStack!).hasResourceProperties('AWS::KMS::Key', { + KeyPolicy: { + Statement: Match.arrayWith([Match.objectLike({ + Action: Match.arrayWith(['kms:Decrypt', 'kms:DescribeKey']), + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + stringLike('*-deploy-role-*'), + ]], }, - })]), - }, - }); - } -}); - -function agnosticRole(roleName: string) { - return { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::', - { Ref: 'AWS::AccountId' }, - `:role/cdk-hnb659fds-${roleName}-`, - { Ref: 'AWS::AccountId' }, - '-', - { Ref: 'AWS::Region' }, - ]], - }; -} - -function pipelineEnvRole(roleName: string) { - return { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-${roleName}-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, - ]], - }; -} \ No newline at end of file + }, + })]), + }, + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts index a6bf349aee638..8130e6d23cf95 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts @@ -1,23 +1,19 @@ -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; import { Match, Template } from '../../../assertions'; import * as cp from '../../../aws-codepipeline'; import * as cpa from '../../../aws-codepipeline-actions'; import { SecretValue, Stack } from '../../../core'; import * as cdkp from '../../lib'; -import { CodePipelineFileSet } from '../../lib'; -import { behavior, FileAssetApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, PIPELINE_ENV, TestApp, TestGitHubAction } from '../testhelpers'; +import { ModernTestGitHubNpmPipeline, PIPELINE_ENV, TestApp } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; let sourceArtifact: cp.Artifact; -let cloudAssemblyArtifact: cp.Artifact; let codePipeline: cp.Pipeline; beforeEach(() => { app = new TestApp(); pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); sourceArtifact = new cp.Artifact(); - cloudAssemblyArtifact = new cp.Artifact(); }); afterEach(() => { @@ -29,247 +25,90 @@ describe('with empty existing CodePipeline', () => { codePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline'); }); - behavior('both actions are required', (suite) => { - suite.legacy(() => { - // WHEN - expect(() => { - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { cloudAssemblyArtifact, codePipeline }); - }).toThrow(/You must pass a 'sourceAction'/); - }); - - // 'synth' is not optional so this doesn't apply - suite.doesNotApply.modern(); - }); + test('can give both actions', () => { - behavior('can give both actions', (suite) => { - suite.legacy(() => { - // WHEN - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { - cloudAssemblyArtifact, - codePipeline, - sourceAction: new TestGitHubAction(sourceArtifact), - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - new cdkp.CodePipeline(pipelineStack, 'Cdk', { - codePipeline, - synth: new cdkp.ShellStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - commands: ['true'], - }), - }); - - THEN_codePipelineExpectation(); + // WHEN + new cdkp.CodePipeline(pipelineStack, 'Cdk', { + codePipeline, + synth: new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + commands: ['true'], + }), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - ], - }); - } - }); -}); - -describe('with custom Source stage in existing Pipeline', () => { - beforeEach(() => { - codePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline', { - stages: [ - { - stageName: 'CustomSource', - actions: [new TestGitHubAction(sourceArtifact)], - }, + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), ], }); - }); - - behavior('Work with synthAction', (suite) => { - suite.legacy(() => { - // WHEN - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { - codePipeline, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - new cdkp.CodePipeline(pipelineStack, 'Cdk', { - codePipeline, - synth: new cdkp.ShellStep('Synth', { - input: cdkp.CodePipelineFileSet.fromArtifact(sourceArtifact), - commands: ['true'], - }), - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'CustomSource' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - ], - }); - } - }); + }, + ); }); -describeDeprecated('with Source and Build stages in existing Pipeline', () => { +describe('with custom Source stage in existing Pipeline', () => { beforeEach(() => { codePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline', { stages: [ { stageName: 'CustomSource', - actions: [new TestGitHubAction(sourceArtifact)], - }, - { - stageName: 'CustomBuild', - actions: [cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact })], + actions: [new cpa.GitHubSourceAction({ + actionName: 'GitHub', + output: sourceArtifact, + oauthToken: SecretValue.unsafePlainText('$3kr1t'), + owner: 'test', + repo: 'test', + trigger: cpa.GitHubTrigger.POLL, + })], }, ], }); }); - behavior('can supply no actions', (suite) => { - suite.legacy(() => { - // WHEN - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { - codePipeline, - cloudAssemblyArtifact, - }); + test('Work with synthAction', () => { - THEN_codePipelineExpectation(); + new cdkp.CodePipeline(pipelineStack, 'Cdk', { + codePipeline, + synth: new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineFileSet.fromArtifact(sourceArtifact), + commands: ['true'], + }), }); - suite.modern(() => { - new cdkp.CodePipeline(pipelineStack, 'Cdk', { - codePipeline, - synth: cdkp.CodePipelineFileSet.fromArtifact(cloudAssemblyArtifact), - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'CustomSource' }), - Match.objectLike({ Name: 'CustomBuild' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - ], - }); - } - }); -}); - -behavior('can add another action to an existing stage', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.stage('Source').addAction(new cpa.GitHubSourceAction({ - actionName: 'GitHub2', - oauthToken: SecretValue.unsafePlainText('oops'), - output: new cp.Artifact(), - owner: 'OWNER', - repo: 'REPO', - })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.buildPipeline(); - - pipeline.pipeline.stages[0].addAction(new cpa.GitHubSourceAction({ - actionName: 'GitHub2', - oauthToken: SecretValue.unsafePlainText('oops'), - output: new cp.Artifact(), - owner: 'OWNER', - repo: 'REPO', - })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { + // THEN Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Source', - Actions: [ - Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }) }), - Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }), Name: 'GitHub2' }), - ], - }]), + Stages: [ + Match.objectLike({ Name: 'CustomSource' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + ], }); - } + }, + ); }); -behavior('assets stage inserted after existing pipeline actions', (suite) => { - let existingCodePipeline: cp.Pipeline; - beforeEach(() => { - existingCodePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline', { - stages: [ - { - stageName: 'CustomSource', - actions: [new TestGitHubAction(sourceArtifact)], - }, - { - stageName: 'CustomBuild', - actions: [cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact })], - }, +test('can add another action to an existing stage', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.buildPipeline(); + + pipeline.pipeline.stages[0].addAction(new cpa.GitHubSourceAction({ + actionName: 'GitHub2', + oauthToken: SecretValue.unsafePlainText('oops'), + output: new cp.Artifact(), + owner: 'OWNER', + repo: 'REPO', + })); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Source', + Actions: [ + Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }) }), + Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }), Name: 'GitHub2' }), ], - }); - }); - - suite.legacy(() => { - const pipeline = new cdkp.CdkPipeline(pipelineStack, 'CdkEmptyPipeline', { - cloudAssemblyArtifact: cloudAssemblyArtifact, - selfMutating: false, - codePipeline: existingCodePipeline, - // No source/build actions - }); - pipeline.addApplicationStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new cdkp.CodePipeline(pipelineStack, 'CdkEmptyPipeline', { - codePipeline: existingCodePipeline, - selfMutation: false, - synth: CodePipelineFileSet.fromArtifact(cloudAssemblyArtifact), - // No source/build actions - }); - pipeline.addStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); + }]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'CustomSource' }), - Match.objectLike({ Name: 'CustomBuild' }), - Match.objectLike({ Name: 'Assets' }), - Match.objectLike({ Name: 'App' }), - ], - }); - } }); + diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts index 88138cb2b840f..a6d75ea6cdbd4 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts @@ -3,8 +3,7 @@ import { Topic } from '../../../aws-sns'; import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, TestApp, stringLike } from '../testhelpers'; -import { behavior } from '../testhelpers/compliance'; +import { ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, TestApp, stringLike } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -18,417 +17,205 @@ afterEach(() => { app.cleanup(); }); -behavior('security check option generates lambda/codebuild at pipeline scope', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'App'), { confirmBroadeningPermissions: true }); +test('security check option generates lambda/codebuild at pipeline scope', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new OneStackApp(app, 'App'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Check', { + stage, + }), + ], }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new OneStackApp(app, 'App'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Check', { - stage, - }), + const template = Template.fromStack(pipelineStack); + template.resourceCountIs('AWS::Lambda::Function', 1); + template.hasResourceProperties('AWS::Lambda::Function', { + Role: { + 'Fn::GetAtt': [ + stringLike('CdkPipeline*SecurityCheckCDKPipelinesAutoApproveServiceRole*'), + 'Arn', ], - }); - - THEN_codePipelineExpectation(); + }, }); - - function THEN_codePipelineExpectation() { - const template = Template.fromStack(pipelineStack); - template.resourceCountIs('AWS::Lambda::Function', 1); - template.hasResourceProperties('AWS::Lambda::Function', { - Role: { - 'Fn::GetAtt': [ - stringLike('CdkPipeline*SecurityCheckCDKPipelinesAutoApproveServiceRole*'), - 'Arn', - ], + // 1 for github build, 1 for synth stage, and 1 for the application security check + template.resourceCountIs('AWS::CodeBuild::Project', 3); + + // No CodeBuild project has a build image that is not the standard iamge + const projects = template.findResources('AWS::CodeBuild::Project', { + Properties: { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, }, - }); - // 1 for github build, 1 for synth stage, and 1 for the application security check - template.resourceCountIs('AWS::CodeBuild::Project', 3); - - // No CodeBuild project has a build image that is not the standard iamge - const projects = template.findResources('AWS::CodeBuild::Project', { - Properties: { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - }, - }); - expect(Object.keys(projects).length).toEqual(3); - } -}); - -behavior('security check option passes correct environment variables to check project', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(pipelineStack, 'App'), { confirmBroadeningPermissions: true }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new OneStackApp(pipelineStack, 'App'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Check', { - stage, - }), - ], - }); - - THEN_codePipelineExpectation(); + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'App', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: stringLike('*Check'), - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { name: 'STAGE_PATH', type: 'PLAINTEXT', value: 'PipelineSecurityStack/App' }, - { name: 'STAGE_NAME', type: 'PLAINTEXT', value: 'App' }, - { name: 'ACTION_NAME', type: 'PLAINTEXT', value: Match.anyValue() }, - ]), - }), - }), - ]), - }, - ]), - }); - } + expect(Object.keys(projects).length).toEqual(3); }); -behavior('pipeline created with auto approve tags and lambda/codebuild w/ valid permissions', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'App'), { confirmBroadeningPermissions: true }); +test('security check option passes correct environment variables to check project', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new OneStackApp(pipelineStack, 'App'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Check', { + stage, + }), + ], }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new OneStackApp(app, 'App'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Check', { - stage, - }), - ], - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // CodePipeline must be tagged as SECURITY_CHECK=ALLOW_APPROVE - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Tags: [ - { - Key: 'SECURITY_CHECK', - Value: 'ALLOW_APPROVE', - }, - ], - }); - // Lambda Function only has access to pipelines tagged SECURITY_CHECK=ALLOW_APPROVE - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: [ - { - Action: ['codepipeline:GetPipelineState', 'codepipeline:PutApprovalResult'], - Condition: { - StringEquals: { 'aws:ResourceTag/SECURITY_CHECK': 'ALLOW_APPROVE' }, - }, - Effect: 'Allow', - Resource: '*', - }, - ], - }, - }); - // CodeBuild must have access to the stacks and invoking the lambda function - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([ - { - Action: 'sts:AssumeRole', - Condition: { - 'ForAnyValue:StringEquals': { - 'iam:ResourceTag/aws-cdk:bootstrap-role': [ - 'deploy', - ], - }, - }, - Effect: 'Allow', - Resource: '*', - }, - { - Action: 'lambda:InvokeFunction', - Effect: 'Allow', - Resource: [ - { - 'Fn::GetAtt': [ - stringLike('*AutoApprove*'), - 'Arn', - ], - }, - { - 'Fn::Join': [ - '', - [ - { - 'Fn::GetAtt': [ - stringLike('*AutoApprove*'), - 'Arn', - ], - }, - ':*', - ], - ], - }, - ], - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'App', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: stringLike('*Check'), + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { name: 'STAGE_PATH', type: 'PLAINTEXT', value: 'PipelineSecurityStack/App' }, + { name: 'STAGE_NAME', type: 'PLAINTEXT', value: 'App' }, + { name: 'ACTION_NAME', type: 'PLAINTEXT', value: Match.anyValue() }, + ]), + }), + }), ]), }, - }); - } + ]), + }); }); -behavior('confirmBroadeningPermissions option at addApplicationStage runs security check on all apps unless overriden', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const securityStage = pipeline.addApplicationStage(new OneStackApp(app, 'StageSecurityCheckStack'), { confirmBroadeningPermissions: true }); - securityStage.addApplication(new OneStackApp(app, 'AnotherStack')); - securityStage.addApplication(new OneStackApp(app, 'SkipCheckStack'), { confirmBroadeningPermissions: false }); +test('pipeline created with auto approve tags and lambda/codebuild w/ valid permissions', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new OneStackApp(app, 'App'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Check', { + stage, + }), + ], }); - // For the modern API, there is no inheritance - suite.doesNotApply.modern(); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - { - Actions: [Match.objectLike({ Name: 'GitHub', RunOrder: 1 })], - Name: 'Source', - }, - { - Actions: [Match.objectLike({ Name: 'Synth', RunOrder: 1 })], - Name: 'Build', - }, - { - Actions: [Match.objectLike({ Name: 'SelfMutate', RunOrder: 1 })], - Name: 'UpdatePipeline', - }, + // CodePipeline must be tagged as SECURITY_CHECK=ALLOW_APPROVE + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Tags: [ + { + Key: 'SECURITY_CHECK', + Value: 'ALLOW_APPROVE', + }, + ], + }); + // Lambda Function only has access to pipelines tagged SECURITY_CHECK=ALLOW_APPROVE + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ { - Actions: [ - Match.objectLike({ Name: 'StageSecurityCheckStackSecurityCheck', RunOrder: 1 }), - Match.objectLike({ Name: 'StageSecurityCheckStackManualApproval', RunOrder: 2 }), - Match.objectLike({ Name: 'AnotherStackSecurityCheck', RunOrder: 5 }), - Match.objectLike({ Name: 'AnotherStackManualApproval', RunOrder: 6 }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), - Match.objectLike({ Name: 'AnotherStack-Stack.Prepare', RunOrder: 7 }), - Match.objectLike({ Name: 'AnotherStack-Stack.Deploy', RunOrder: 8 }), - Match.objectLike({ Name: 'SkipCheckStack-Stack.Prepare', RunOrder: 9 }), - Match.objectLike({ Name: 'SkipCheckStack-Stack.Deploy', RunOrder: 10 }), - ], - Name: 'StageSecurityCheckStack', + Action: ['codepipeline:GetPipelineState', 'codepipeline:PutApprovalResult'], + Condition: { + StringEquals: { 'aws:ResourceTag/SECURITY_CHECK': 'ALLOW_APPROVE' }, + }, + Effect: 'Allow', + Resource: '*', }, ], - }); - } -}); - -behavior('confirmBroadeningPermissions option at addApplication runs security check only on selected application', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const noSecurityStage = pipeline.addApplicationStage(new OneStackApp(app, 'NoSecurityCheckStack')); - noSecurityStage.addApplication(new OneStackApp(app, 'EnableCheckStack'), { confirmBroadeningPermissions: true }); - - THEN_codePipelineExpectation(); + }, }); - - // For the modern API, there is no inheritance - suite.doesNotApply.modern(); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - { - Actions: [Match.objectLike({ Name: 'GitHub', RunOrder: 1 })], - Name: 'Source', - }, + // CodeBuild must have access to the stacks and invoking the lambda function + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ { - Actions: [Match.objectLike({ Name: 'Synth', RunOrder: 1 })], - Name: 'Build', - }, - { - Actions: [Match.objectLike({ Name: 'SelfMutate', RunOrder: 1 })], - Name: 'UpdatePipeline', + Action: 'sts:AssumeRole', + Condition: { + 'ForAnyValue:StringEquals': { + 'iam:ResourceTag/aws-cdk:bootstrap-role': [ + 'deploy', + ], + }, + }, + Effect: 'Allow', + Resource: '*', }, { - Actions: [ - Match.objectLike({ Name: 'EnableCheckStackSecurityCheck', RunOrder: 3 }), - Match.objectLike({ Name: 'EnableCheckStackManualApproval', RunOrder: 4 }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 1 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 2 }), - Match.objectLike({ Name: 'EnableCheckStack-Stack.Prepare', RunOrder: 5 }), - Match.objectLike({ Name: 'EnableCheckStack-Stack.Deploy', RunOrder: 6 }), + Action: 'lambda:InvokeFunction', + Effect: 'Allow', + Resource: [ + { + 'Fn::GetAtt': [ + stringLike('*AutoApprove*'), + 'Arn', + ], + }, + { + 'Fn::Join': [ + '', + [ + { + 'Fn::GetAtt': [ + stringLike('*AutoApprove*'), + 'Arn', + ], + }, + ':*', + ], + ], + }, ], - Name: 'NoSecurityCheckStack', }, - ], - }); - } -}); - -behavior('confirmBroadeningPermissions and notification topic options generates the right resources', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const topic = new Topic(pipelineStack, 'NotificationTopic'); - pipeline.addApplicationStage(new OneStackApp(app, 'MyStack'), { - confirmBroadeningPermissions: true, - securityNotificationTopic: topic, - }); - - THEN_codePipelineExpectation(); + ]), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const topic = new Topic(pipelineStack, 'NotificationTopic'); - const stage = new OneStackApp(app, 'MyStack'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Approve', { - stage, - notificationTopic: topic, - }), - ], - }); - - THEN_codePipelineExpectation(); +test('confirmBroadeningPermissions and notification topic options generates the right resources', () => { + + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const topic = new Topic(pipelineStack, 'NotificationTopic'); + const stage = new OneStackApp(app, 'MyStack'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Approve', { + stage, + notificationTopic: topic, + }), + ], }); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).resourceCountIs('AWS::SNS::Topic', 1); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'MyStack', - Actions: [ - Match.objectLike({ - Configuration: { - ProjectName: { Ref: stringLike('*SecurityCheck*') }, - EnvironmentVariables: { - 'Fn::Join': ['', [ - stringLike('*'), - { Ref: 'NotificationTopicEB7A0DF1' }, - stringLike('*'), - ]], - }, - }, - Name: stringLike('*Check'), - Namespace: stringLike('*'), - RunOrder: 1, - }), - Match.objectLike({ - Configuration: { - CustomData: stringLike('#{*.MESSAGE}'), - ExternalEntityLink: stringLike('#{*.LINK}'), + Template.fromStack(pipelineStack).resourceCountIs('AWS::SNS::Topic', 1); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'MyStack', + Actions: [ + Match.objectLike({ + Configuration: { + ProjectName: { Ref: stringLike('*SecurityCheck*') }, + EnvironmentVariables: { + 'Fn::Join': ['', [ + stringLike('*'), + { Ref: 'NotificationTopicEB7A0DF1' }, + stringLike('*'), + ]], }, - Name: stringLike('*Approv*'), - RunOrder: 2, - }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), - ], - }, - ]), - }); - } -}); - -behavior('Stages declared outside the pipeline create their own ApplicationSecurityCheck', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const pipelineStage = pipeline.codePipeline.addStage({ - stageName: 'UnattachedStage', - }); - - const unattachedStage = new cdkp.CdkStage(pipelineStack, 'UnattachedStage', { - stageName: 'UnattachedStage', - pipelineStage, - cloudAssemblyArtifact: pipeline.cloudAssemblyArtifact, - host: { - publishAsset: () => undefined, - stackOutputArtifact: () => undefined, + }, + Name: stringLike('*Check'), + Namespace: stringLike('*'), + RunOrder: 1, + }), + Match.objectLike({ + Configuration: { + CustomData: stringLike('#{*.MESSAGE}'), + ExternalEntityLink: stringLike('#{*.LINK}'), + }, + Name: stringLike('*Approv*'), + RunOrder: 2, + }), + Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), + Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), + ], }, - }); - - unattachedStage.addApplication(new OneStackApp(app, 'UnattachedStage'), { - confirmBroadeningPermissions: true, - }); - - THEN_codePipelineExpectation(); + ]), }); - - // Not a valid use of the modern API - suite.doesNotApply.modern(); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).resourceCountIs('AWS::Lambda::Function', 1); - // 1 for github build, 1 for synth stage, and 1 for the application security check - Template.fromStack(pipelineStack).resourceCountIs('AWS::CodeBuild::Project', 3); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Tags: [ - { - Key: 'SECURITY_CHECK', - Value: 'ALLOW_APPROVE', - }, - ], - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - { - Actions: [ - Match.objectLike({ - Configuration: { - ProjectName: { Ref: 'UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B' }, - }, - Name: 'UnattachedStageSecurityCheck', - RunOrder: 1, - }), - Match.objectLike({ - Configuration: { - CustomData: '#{UnattachedStageSecurityCheck.MESSAGE}', - ExternalEntityLink: '#{UnattachedStageSecurityCheck.LINK}', - }, - Name: 'UnattachedStageManualApproval', - RunOrder: 2, - }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), - ], - Name: 'UnattachedStage', - }, - ], - }); - } }); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts index 98828dc57eb47..6b62207ba9bc7 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts @@ -4,7 +4,7 @@ import * as cb from '../../../aws-codebuild'; import * as cp from '../../../aws-codepipeline'; import { Stack, Stage } from '../../../core'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, LegacyTestGitHubNpmPipeline, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -18,288 +18,186 @@ afterEach(() => { app.cleanup(); }); -behavior('CodePipeline has self-mutation stage', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); - }); +test('CodePipeline has self-mutation stage', () => { - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); - }); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'UpdatePipeline', - Actions: [ - Match.objectLike({ - Name: 'SelfMutate', - Configuration: Match.objectLike({ - ProjectName: { Ref: Match.anyValue() }, - }), + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'UpdatePipeline', + Actions: [ + Match.objectLike({ + Name: 'SelfMutate', + Configuration: Match.objectLike({ + ProjectName: { Ref: Match.anyValue() }, }), - ], - }]), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm install -g aws-cdk@2'], - }, - build: { - commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), - }, - }, - })), - Type: 'CODEPIPELINE', - }, - }); - } -}); - -behavior('selfmutation stage correctly identifies nested assembly of pipeline stack', (suite) => { - suite.legacy(() => { - const pipelineStage = new Stage(app, 'PipelineStage'); - const nestedPipelineStack = new Stack(pipelineStage, 'PipelineStack', { env: PIPELINE_ENV }); - new LegacyTestGitHubNpmPipeline(nestedPipelineStack, 'Cdk'); - - THEN_codePipelineExpectation(nestedPipelineStack); - }); - - suite.modern(() => { - const pipelineStage = new Stage(app, 'PipelineStage'); - const nestedPipelineStack = new Stack(pipelineStage, 'PipelineStack', { env: PIPELINE_ENV }); - new ModernTestGitHubNpmPipeline(nestedPipelineStack, 'Cdk'); - - THEN_codePipelineExpectation(nestedPipelineStack); + }), + ], + }]), }); - function THEN_codePipelineExpectation(nestedPipelineStack: Stack) { - Template.fromStack(nestedPipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith(['cdk -a assembly-PipelineStage deploy PipelineStage/PipelineStack --require-approval=never --verbose']), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm install -g aws-cdk@2'], + }, + build: { + commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), }, - })), - }, - }); - } + }, + })), + Type: 'CODEPIPELINE', + }, + }); }); -behavior('selfmutation feature can be turned off', (suite) => { - suite.legacy(() => { - const cloudAssemblyArtifact = new cp.Artifact(); - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - cloudAssemblyArtifact, - selfMutating: false, - }); +test('selfmutation stage correctly identifies nested assembly of pipeline stack', () => { - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - selfMutation: false, - }); + const pipelineStage = new Stage(app, 'PipelineStage'); + const nestedPipelineStack = new Stack(pipelineStage, 'PipelineStack', { env: PIPELINE_ENV }); + new ModernTestGitHubNpmPipeline(nestedPipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); + Template.fromStack(nestedPipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: Match.arrayWith(['cdk -a assembly-PipelineStage deploy PipelineStage/PipelineStack --require-approval=never --verbose']), + }, + }, + })), + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.not(Match.arrayWith([{ - Name: 'UpdatePipeline', - Actions: Match.anyValue(), - }])), - }); - } }); -behavior('can control fix/CLI version used in pipeline selfupdate', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - pipelineName: 'vpipe', - cdkCliVersion: '1.2.3', - }); +test('selfmutation feature can be turned off', () => { - THEN_codePipelineExpectation(); + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + selfMutation: false, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - pipelineName: 'vpipe', - cliVersion: '1.2.3', - }); - - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.not(Match.arrayWith([{ + Name: 'UpdatePipeline', + Actions: Match.anyValue(), + }])), }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Name: 'vpipe-selfupdate', - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm install -g aws-cdk@1.2.3'], - }, - }, - })), - }, - }); - } }); -behavior('Pipeline stack itself can use assets (has implications for selfupdate)', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'PrivilegedPipeline', { - supportDockerAssets: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - PrivilegedMode: true, - }, - }); +test('can control fix/CLI version used in pipeline selfupdate', () => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + pipelineName: 'vpipe', + cliVersion: '1.2.3', }); - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'PrivilegedPipeline', { - dockerEnabledForSelfMutation: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - PrivilegedMode: true, - }, - }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Name: 'vpipe-selfupdate', + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm install -g aws-cdk@1.2.3'], + }, + }, + })), + }, }); }); -behavior('self-update project role uses tagged bootstrap-role permissions', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); +test('Pipeline stack itself can use assets (has implications for selfupdate)', () => { - THEN_codePipelineExpectations(); + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'PrivilegedPipeline', { + dockerEnabledForSelfMutation: true, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectations(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + PrivilegedMode: true, + }, }); +}); - function THEN_codePipelineExpectations() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([ - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Resource: 'arn:*:iam::123pipeline:role/*', - Condition: { - 'ForAnyValue:StringEquals': { - 'iam:ResourceTag/aws-cdk:bootstrap-role': ['image-publishing', 'file-publishing', 'deploy'], - }, +test('self-update project role uses tagged bootstrap-role permissions', () => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Resource: 'arn:*:iam::123pipeline:role/*', + Condition: { + 'ForAnyValue:StringEquals': { + 'iam:ResourceTag/aws-cdk:bootstrap-role': ['image-publishing', 'file-publishing', 'deploy'], }, }, - { - Action: 'cloudformation:DescribeStacks', - Effect: 'Allow', - Resource: '*', - }, - { - Action: 's3:ListBucket', - Effect: 'Allow', - Resource: '*', - }, - ]), - }, - }); - } + }, + { + Action: 'cloudformation:DescribeStacks', + Effect: 'Allow', + Resource: '*', + }, + { + Action: 's3:ListBucket', + Effect: 'Allow', + Resource: '*', + }, + ]), + }, + }); }); -behavior('self-mutation stage can be customized with BuildSpec', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - selfMutationBuildSpec: cb.BuildSpec.fromObject({ +test('self-mutation stage can be customized with BuildSpec', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + selfMutationCodeBuildDefaults: { + partialBuildSpec: cb.BuildSpec.fromObject({ phases: { install: { - commands: 'npm config set registry example.com', + commands: ['npm config set registry example.com'], }, }, cache: { - paths: 'node_modules', + paths: ['node_modules'], }, }), - }); - - THEN_codePipelineExpectation(); + }, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - selfMutationCodeBuildDefaults: { - partialBuildSpec: cb.BuildSpec.fromObject({ - phases: { - install: { - commands: ['npm config set registry example.com'], - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + PrivilegedMode: false, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm config set registry example.com', 'npm install -g aws-cdk@2'], }, - cache: { - paths: ['node_modules'], + build: { + commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), }, - }), - }, - }); - - THEN_codePipelineExpectation(); + }, + cache: { + paths: ['node_modules'], + }, + })), + Type: 'CODEPIPELINE', + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - PrivilegedMode: false, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm config set registry example.com', 'npm install -g aws-cdk@2'], - }, - build: { - commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), - }, - }, - cache: { - paths: ['node_modules'], - }, - })), - Type: 'CODEPIPELINE', - }, - }); - } }); diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts index 827c2839a6462..489bd2a295289 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts @@ -1,6 +1,6 @@ import { Match, Template } from '../../../assertions'; import { App, Stack } from '../../../core'; -import { behavior, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, sortByRunOrder, TestApp, ThreeStackApp, TwoStackApp } from '../testhelpers'; +import { ModernTestGitHubNpmPipeline, PIPELINE_ENV, sortByRunOrder, TestApp, ThreeStackApp, TwoStackApp } from '../testhelpers'; let app: App; let pipelineStack: Stack; @@ -10,169 +10,41 @@ beforeEach(() => { pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); }); -behavior('interdependent stacks are in the right order', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); +test('interdependent stacks are in the right order', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'MyApp')); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyApp', + Actions: sortByRunOrder([ + Match.objectLike({ Name: 'Stack1.Prepare' }), + Match.objectLike({ Name: 'Stack1.Deploy' }), + Match.objectLike({ Name: 'Stack2.Prepare' }), + Match.objectLike({ Name: 'Stack2.Deploy' }), + ]), + }]), }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - ]), - }]), - }); - } }); -behavior('multiple independent stacks go in parallel', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new ThreeStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); +test('multiple independent stacks go in parallel', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new ThreeStackApp(app, 'MyApp')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyApp', + Actions: sortByRunOrder([ + // 1 and 2 in parallel + Match.objectLike({ Name: 'Stack1.Prepare' }), + Match.objectLike({ Name: 'Stack2.Prepare' }), + Match.objectLike({ Name: 'Stack1.Deploy' }), + Match.objectLike({ Name: 'Stack2.Deploy' }), + // Then 3 + Match.objectLike({ Name: 'Stack3.Prepare' }), + Match.objectLike({ Name: 'Stack3.Deploy' }), + ]), + }]), }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new ThreeStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - // 1 and 2 in parallel - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - // Then 3 - Match.objectLike({ Name: 'Stack3.Prepare' }), - Match.objectLike({ Name: 'Stack3.Deploy' }), - ]), - }]), - }); - } -}); - -behavior('user can request manual change set approvals', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoStackApp(app, 'MyApp'), { - manualApprovals: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'ManualApproval' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'ManualApproval2' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - ]), - }]), - }); - }); - - // No change set approvals in Modern API for now. - suite.doesNotApply.modern(); -}); - -behavior('user can request extra runorder space between prepare and deploy', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoStackApp(app, 'MyApp'), { - extraRunOrderSpace: 1, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ - Name: 'Stack1.Prepare', - RunOrder: 1, - }), - Match.objectLike({ - Name: 'Stack1.Deploy', - RunOrder: 3, - }), - Match.objectLike({ - Name: 'Stack2.Prepare', - RunOrder: 4, - }), - Match.objectLike({ - Name: 'Stack2.Deploy', - RunOrder: 6, - }), - ]), - }]), - }); - }); - - // No change set approvals in Modern API for now. - suite.doesNotApply.modern(); -}); - -behavior('user can request both manual change set approval and extraRunOrderSpace', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'MyApp'), { - extraRunOrderSpace: 1, - manualApprovals: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ - Name: 'Stack.Prepare', - RunOrder: 1, - }), - Match.objectLike({ - Name: 'ManualApproval', - RunOrder: 2, - }), - Match.objectLike({ - Name: 'Stack.Deploy', - RunOrder: 4, - }), - ]), - }]), - }); - }); - - // No change set approvals in Modern API for now. - suite.doesNotApply.modern(); }); diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts index 30cbed9db1faf..ce52f6a2df0a8 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts @@ -9,7 +9,7 @@ import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CodeBuildStep } from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, ModernTestGitHubNpmPipelineProps, OneStackApp } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, ModernTestGitHubNpmPipelineProps, OneStackApp } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -19,10 +19,6 @@ let cloudAssemblyArtifact: codepipeline.Artifact; // Must be unique across all test files, but preferably also consistent const OUTDIR = 'testcdk0.out'; -// What phase install commands get rendered to -const LEGACY_INSTALLS = 'pre_build'; -const MODERN_INSTALLS = 'install'; - beforeEach(() => { app = new TestApp({ outdir: OUTDIR }); pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); @@ -34,1124 +30,737 @@ afterEach(() => { app.cleanup(); }); -behavior('synth takes arrays of commands', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, - installCommands: ['install1', 'install2'], - buildCommands: ['build1', 'build2'], - testCommands: ['test1', 'test2'], - synthCommand: 'cdk synth', - }), - }); - - THEN_codePipelineExpectation(LEGACY_INSTALLS); - }); - - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['install1', 'install2'], - commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], - }); - - THEN_codePipelineExpectation(MODERN_INSTALLS); - }); - - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: [ - 'install1', - 'install2', - ], - }, - build: { - commands: [ - 'build1', - 'build2', - 'test1', - 'test2', - 'cdk synth', - ], - }, +test('synth takes arrays of commands', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['install1', 'install2'], + commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: [ + 'install1', + 'install2', + ], }, - })), - }, - }); - } + build: { + commands: [ + 'build1', + 'build2', + 'test1', + 'test2', + 'cdk synth', + ], + }, + }, + })), + }, + }); }); -behavior('synth sets artifact base-directory to cdk.out', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - THEN_codePipelineExpectation(); - }); +test('synth sets artifact base-directory to cdk.out', () => { - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + artifacts: { + 'base-directory': 'cdk.out', + }, + })), + }, }); +}); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - artifacts: { - 'base-directory': 'cdk.out', +test('synth supports setting subdirectory', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['cd subdir'], + commands: ['true'], + primaryOutputDirectory: 'subdir/cdk.out', + }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: Match.arrayWith(['cd subdir']), }, - })), - }, - }); - } + }, + artifacts: { + 'base-directory': 'subdir/cdk.out', + }, + })), + }, + }); }); -behavior('synth supports setting subdirectory', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - subdirectory: 'subdir', - }), - }); +test('npm synth sets, or allows setting, UNSAFE_PERM=true', () => { - THEN_codePipelineExpectation(LEGACY_INSTALLS); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + env: { + NPM_CONFIG_UNSAFE_PERM: 'true', + }, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['cd subdir'], - commands: ['true'], - primaryOutputDirectory: 'subdir/cdk.out', - }); - THEN_codePipelineExpectation(MODERN_INSTALLS); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + EnvironmentVariables: [ + { + Name: 'NPM_CONFIG_UNSAFE_PERM', + Type: 'PLAINTEXT', + Value: 'true', + }, + ], + }, }); - - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: Match.arrayWith(['cd subdir']), - }, - }, - artifacts: { - 'base-directory': 'subdir/cdk.out', - }, - })), - }, - }); - } }); -behavior('npm synth sets, or allows setting, UNSAFE_PERM=true', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - }), - }); - - THEN_codePipelineExpectation(); +test('Magic CodePipeline variables passed to synth envvars must be rendered in the action', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + env: { + VERSION: codepipeline.GlobalVariables.executionId, + }, + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Build', + Actions: [ + Match.objectLike({ + Name: 'Synth', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson(Match.arrayWith([ + { + name: 'VERSION', + type: 'PLAINTEXT', + value: '#{codepipeline.PipelineExecutionId}', + }, + ])), + }), + }), + ], + }]), }); +}); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { +test('CodeBuild: environment variables specified in multiple places are correctly merged', () => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + synth: new CodeBuildStep('Synth', { env: { - NPM_CONFIG_UNSAFE_PERM: 'true', + SOME_ENV_VAR: 'SomeValue', }, - }); - - THEN_codePipelineExpectation(); + installCommands: [ + 'install1', + 'install2', + ], + commands: ['synth'], + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + environmentVariables: { + INNER_VAR: { value: 'InnerValue' }, + }, + privileged: true, + }, + }), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - EnvironmentVariables: [ - { - Name: 'NPM_CONFIG_UNSAFE_PERM', - Type: 'PLAINTEXT', - Value: 'true', + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + EnvironmentVariables: Match.arrayWith([ + { + Name: 'INNER_VAR', + Type: 'PLAINTEXT', + Value: 'InnerValue', + }, + { + Name: 'SOME_ENV_VAR', + Type: 'PLAINTEXT', + Value: 'SomeValue', + }, + ]), + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['install1', 'install2'], }, - ], - }, - }); - } -}); - -behavior('synth assumes a JavaScript project by default (no build, yes synth)', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: ['npm ci'], - }, - build: { - commands: ['npx cdk synth'], - }, + build: { + commands: ['synth'], }, - })), - }, - }); - }); - - // Modern pipeline does not assume anything anymore - suite.doesNotApply.modern(); -}); - -behavior('Magic CodePipeline variables passed to synth envvars must be rendered in the action', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, - environmentVariables: { - VERSION: { value: codepipeline.GlobalVariables.executionId }, }, - synthCommand: 'synth', - }), - }); - THEN_codePipelineExpectation(); + })), + }, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-2', { + synth: new cdkp.CodeBuildStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: '.', env: { - VERSION: codepipeline.GlobalVariables.executionId, + SOME_ENV_VAR: 'SomeValue', }, - }); - - THEN_codePipelineExpectation(); + installCommands: [ + 'install1', + 'install2', + ], + commands: ['synth'], + buildEnvironment: { + environmentVariables: { + INNER_VAR: { value: 'InnerValue' }, + }, + privileged: true, + }, + }), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Build', - Actions: [ - Match.objectLike({ - Name: 'Synth', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson(Match.arrayWith([ - { - name: 'VERSION', - type: 'PLAINTEXT', - value: '#{codepipeline.PipelineExecutionId}', - }, - ])), - }), - }), - ], - }]), - }); - } -}); - -behavior('CodeBuild: environment variables specified in multiple places are correctly merged', (suite) => { - // We don't support merging environment variables in this way in the legacy API - suite.doesNotApply.legacy(); - - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new CodeBuildStep('Synth', { - env: { - SOME_ENV_VAR: 'SomeValue', + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + EnvironmentVariables: Match.arrayWith([ + { + Name: 'INNER_VAR', + Type: 'PLAINTEXT', + Value: 'InnerValue', }, - installCommands: [ - 'install1', - 'install2', - ], - commands: ['synth'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, + { + Name: 'SOME_ENV_VAR', + Type: 'PLAINTEXT', + Value: 'SomeValue', + }, + ]), + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['install1', 'install2'], + }, + build: { + commands: ['synth'], }, - privileged: true, }, - }), - }); - THEN_codePipelineExpectation(MODERN_INSTALLS); + })), + }, }); +}); - suite.additional('modern2, using the specific CodeBuild action', () => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: '.', - env: { - SOME_ENV_VAR: 'SomeValue', - }, - installCommands: [ - 'install1', - 'install2', - ], - commands: ['synth'], - buildEnvironment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, +test('install command can be overridden/specified', () => { + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['/bin/true'], + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['/bin/true'], }, - privileged: true, }, - }), - }); - THEN_codePipelineExpectation(MODERN_INSTALLS); + })), + }, }); +}); - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: Match.objectLike({ - PrivilegedMode: true, - EnvironmentVariables: Match.arrayWith([ - { - Name: 'INNER_VAR', - Type: 'PLAINTEXT', - Value: 'InnerValue', - }, - { - Name: 'SOME_ENV_VAR', - Type: 'PLAINTEXT', - Value: 'SomeValue', - }, - ]), - }), - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: ['install1', 'install2'], +test('Synth can output additional artifacts', () => { + + // WHEN + const synth = new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + commands: ['cdk synth'], + }); + synth.addOutputDirectory('test'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: synth, + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + artifacts: { + 'secondary-artifacts': { + Synth_Output: { + 'base-directory': 'cdk.out', + 'files': '**/*', }, - build: { - commands: ['synth'], + Synth_test: { + 'base-directory': 'test', + 'files': '**/*', }, }, - })), - }, - }); - } + }, + })), + }, + }); }); -behavior('install command can be overridden/specified', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - installCommand: '/bin/true', - }), - }); +test('Synth can be made to run in a VPC', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); - THEN_codePipelineExpectation(LEGACY_INSTALLS); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, }); - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['/bin/true'], - }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, + ], + VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + }, + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, + }); +}); - THEN_codePipelineExpectation(MODERN_INSTALLS); +test('Modern, using the synthCodeBuildDefaults', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synthCodeBuildDefaults: { vpc }, }); - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: ['/bin/true'], - }, - }, - })), - }, - }); - } + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, + ], + VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + }, + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, + }); }); -behavior('synth can have its test commands set', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - installCommand: '/bin/true', - testCommands: ['echo "Running tests"'], - }), - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: ['/bin/true'], - }, - build: { - commands: ['echo "Running tests"', 'npx cdk synth'], - }, - }, - })), +test('Modern, using CodeBuildStep', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new CodeBuildStep('Synth', { + commands: ['asdf'], + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + computeType: cbuild.ComputeType.LARGE, }, - }); + }), + codeBuildDefaults: { vpc }, }); - // There are no implicit commands in modern synth - suite.doesNotApply.modern(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, + ], + VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + }, + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, + }); }); -behavior('Synth can output additional artifacts', (suite) => { - suite.legacy(() => { - // WHEN - const addlArtifact = new codepipeline.Artifact('IntegTest'); - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - additionalArtifacts: [ - { - artifact: addlArtifact, - directory: 'test', - }, - ], - }), - }); +test('Pipeline action contains a hash that changes as the buildspec changes', () => { + const hash1 = modernSynthWithAction(() => ({ commands: ['asdf'] })); - THEN_codePipelineExpectation('CloudAsm', 'IntegTest'); - }); + // To make sure the hash is not just random :) + const hash1prime = modernSynthWithAction(() => ({ commands: ['asdf'] })); - suite.modern(() => { - // WHEN - const synth = new cdkp.ShellStep('Synth', { + const hash2 = modernSynthWithAction(() => ({ + installCommands: ['do install'], + })); + const hash3 = modernSynthWithAction(() => ({ + synth: new CodeBuildStep('Synth', { + commands: ['asdf'], input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - commands: ['cdk synth'], - }); - synth.addOutputDirectory('test'); - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: synth, - }); - - THEN_codePipelineExpectation('Synth_Output', 'Synth_test'); - }); - - function THEN_codePipelineExpectation(asmArtifact: string, testArtifact: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - artifacts: { - 'secondary-artifacts': { - [asmArtifact]: { - 'base-directory': 'cdk.out', - 'files': '**/*', - }, - [testArtifact]: { - 'base-directory': 'test', - 'files': '**/*', - }, - }, - }, - })), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + computeType: cbuild.ComputeType.LARGE, }, - }); - } + }), + })); + + const hash4 = modernSynthWithAction(() => ({ + env: { + xyz: 'SOME-VALUE', + }, + })); + + expect(hash1).toEqual(hash1prime); + + expect(hash1).not.toEqual(hash2); + expect(hash1).not.toEqual(hash3); + expect(hash1).not.toEqual(hash4); + expect(hash2).not.toEqual(hash3); + expect(hash2).not.toEqual(hash4); + expect(hash3).not.toEqual(hash4); }); -behavior('Synth can be made to run in a VPC', (suite) => { - let vpc: ec2.Vpc; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); +function modernSynthWithAction(cb: () => ModernTestGitHubNpmPipelineProps) { + const _app = new TestApp({ outdir: OUTDIR }); + const _pipelineStack = new Stack(_app, 'PipelineStack', { env: PIPELINE_ENV }); + + new ModernTestGitHubNpmPipeline(_pipelineStack, 'Cdk', cb()); + + return captureProjectConfigHash(_pipelineStack); +} + +function captureProjectConfigHash(_pipelineStack: Stack) { + const theHash = new Capture(); + Template.fromStack(_pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Build', + Actions: [ + Match.objectLike({ + Name: 'Synth', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { + name: '_PROJECT_CONFIG_HASH', + type: 'PLAINTEXT', + value: theHash, + }, + ]), + }), + }), + ], + }]), }); - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - vpc, - sourceArtifact, - cloudAssemblyArtifact, - }), - }); + return theHash.asString(); +} - THEN_codePipelineExpectation(); - }); +test('Synth CodeBuild project role can be granted permissions', () => { + const bucket: s3.IBucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); + // GIVEN + const pipe = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipe.buildPipeline(); - THEN_codePipelineExpectation(); - }); + // WHEN + bucket.grantRead(pipe.synthProject); - suite.additional('Modern, using the synthCodeBuildDefaults', () => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synthCodeBuildDefaults: { vpc }, - }); - - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], + })]), + }, }); +}); - suite.additional('Modern, using CodeBuildStep', () => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new CodeBuildStep('Synth', { - commands: ['asdf'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - computeType: cbuild.ComputeType.LARGE, - }, - }), - codeBuildDefaults: { vpc }, - }); - - THEN_codePipelineExpectation(); - }); +test('Synth can reference an imported ECR repo', () => { - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - VpcConfig: { - SecurityGroupIds: [ - { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, - ], - Subnets: [ - { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, - { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, - { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, - ], - VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.CodeBuildStep('Synth', { + commands: ['build'], + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + buildImage: cbuild.LinuxBuildImage.fromEcrRepository( + ecr.Repository.fromRepositoryName(pipelineStack, 'ECRImage', 'my-repo-name'), + ), }, - }); + }), + }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - Roles: [ - { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, - ], - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), - Effect: 'Allow', - Resource: '*', - }]), - }, - }); - } + // THEN -- no exception (necessary for linter) + expect(true).toBeTruthy(); }); -behavior('Pipeline action contains a hash that changes as the buildspec changes', (suite) => { - suite.legacy(() => { - const hash1 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - })); - - // To make sure the hash is not just random :) - const hash1prime = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - })); - - const hash2 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - installCommand: 'do install', - })); - const hash3 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - environment: { - computeType: cbuild.ComputeType.LARGE, - }, - })); - const hash4 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - environment: { - environmentVariables: { - xyz: { value: 'SOME-VALUE' }, - }, - }, - })); +test('CodeBuild: Can specify additional policy statements', () => { - expect(hash1).toEqual(hash1prime); + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.CodeBuildStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: '.', + commands: ['synth'], + rolePolicyStatements: [ + new iam.PolicyStatement({ + actions: ['codeartifact:*', 'sts:GetServiceBearerToken'], + resources: ['arn:my:arn'], + }), + ], + }), + }); - expect(hash1).not.toEqual(hash2); - expect(hash1).not.toEqual(hash3); - expect(hash1).not.toEqual(hash4); - expect(hash2).not.toEqual(hash3); - expect(hash2).not.toEqual(hash4); - expect(hash3).not.toEqual(hash4); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: [ + 'codeartifact:*', + 'sts:GetServiceBearerToken', + ], + Resource: 'arn:my:arn', + })]), + }, }); +}); - suite.modern(() => { - const hash1 = modernSynthWithAction(() => ({ commands: ['asdf'] })); - - // To make sure the hash is not just random :) - const hash1prime = modernSynthWithAction(() => ({ commands: ['asdf'] })); - - const hash2 = modernSynthWithAction(() => ({ - installCommands: ['do install'], - })); - const hash3 = modernSynthWithAction(() => ({ - synth: new CodeBuildStep('Synth', { - commands: ['asdf'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - computeType: cbuild.ComputeType.LARGE, - }, - }), - })); +test('Multiple input sources in side-by-side directories', () => { - const hash4 = modernSynthWithAction(() => ({ - env: { - xyz: 'SOME-VALUE', + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + commands: ['false'], + additionalInputs: { + '../sibling': cdkp.CodePipelineSource.gitHub('foo/bar', 'main'), + 'sub': new cdkp.ShellStep('Prebuild', { + input: cdkp.CodePipelineSource.gitHub('pre/build', 'main'), + commands: ['true'], + primaryOutputDirectory: 'built', + }), }, - })); - - expect(hash1).toEqual(hash1prime); - - expect(hash1).not.toEqual(hash2); - expect(hash1).not.toEqual(hash3); - expect(hash1).not.toEqual(hash4); - expect(hash2).not.toEqual(hash3); - expect(hash2).not.toEqual(hash4); - expect(hash3).not.toEqual(hash4); + }), }); - // eslint-disable-next-line max-len - function legacySynthWithAction(cb: (sourceArtifact: codepipeline.Artifact, cloudAssemblyArtifact: codepipeline.Artifact) => codepipeline.IAction) { - const _app = new TestApp({ outdir: OUTDIR }); - const _pipelineStack = new Stack(_app, 'PipelineStack', { env: PIPELINE_ENV }); - const _sourceArtifact = new codepipeline.Artifact(); - const _cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - - new LegacyTestGitHubNpmPipeline(_pipelineStack, 'Cdk', { - sourceArtifact: _sourceArtifact, - cloudAssemblyArtifact: _cloudAssemblyArtifact, - synthAction: cb(_sourceArtifact, _cloudAssemblyArtifact), - }); - - return captureProjectConfigHash(_pipelineStack); - } - - function modernSynthWithAction(cb: () => ModernTestGitHubNpmPipelineProps) { - const _app = new TestApp({ outdir: OUTDIR }); - const _pipelineStack = new Stack(_app, 'PipelineStack', { env: PIPELINE_ENV }); - - new ModernTestGitHubNpmPipeline(_pipelineStack, 'Cdk', cb()); - - return captureProjectConfigHash(_pipelineStack); - } - - function captureProjectConfigHash(_pipelineStack: Stack) { - const theHash = new Capture(); - Template.fromStack(_pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'Source', + Actions: [ + Match.objectLike({ Configuration: Match.objectLike({ Repo: 'bar' }) }), + Match.objectLike({ Configuration: Match.objectLike({ Repo: 'build' }) }), + Match.objectLike({ Configuration: Match.objectLike({ Repo: 'test' }) }), + ], + }, + { Name: 'Build', Actions: [ + Match.objectLike({ Name: 'Prebuild', RunOrder: 1 }), Match.objectLike({ Name: 'Synth', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { - name: '_PROJECT_CONFIG_HASH', - type: 'PLAINTEXT', - value: theHash, - }, - ]), - }), + RunOrder: 2, + InputArtifacts: [ + // 3 input artifacts + Match.anyValue(), + Match.anyValue(), + Match.anyValue(), + ], }), ], - }]), - }); - - return theHash.asString(); - } -}); - -behavior('Synth CodeBuild project role can be granted permissions', (suite) => { - let bucket: s3.IBucket; - beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); - }); - - suite.legacy(() => { - // GIVEN - const synthAction = cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - }); - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction, - }); - - // WHEN - bucket.grantRead(synthAction); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // GIVEN - const pipe = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipe.buildPipeline(); - - // WHEN - bucket.grantRead(pipe.synthProject); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], - })]), }, - }); - } -}); - -behavior('Synth can reference an imported ECR repo', (suite) => { - // Repro from https://github.com/aws/aws-cdk/issues/10535 - - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - environment: { - buildImage: cbuild.LinuxBuildImage.fromEcrRepository( - ecr.Repository.fromRepositoryName(pipelineStack, 'ECRImage', 'my-repo-name'), - ), - }, - }), - }); - - // THEN -- no exception (necessary for linter) - expect(true).toBeTruthy(); - }); - - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - commands: ['build'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - buildImage: cbuild.LinuxBuildImage.fromEcrRepository( - ecr.Repository.fromRepositoryName(pipelineStack, 'ECRImage', 'my-repo-name'), - ), + ]), + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: [ + '[ ! -d "../sibling" ] || { echo \'additionalInputs: "../sibling" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_foo_bar_Source" "../sibling"', + '[ ! -d "sub" ] || { echo \'additionalInputs: "sub" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_Prebuild_Output" "sub"', + ], + }, + build: { + commands: [ + 'false', + ], + }, }, - }), - }); - - // THEN -- no exception (necessary for linter) - expect(true).toBeTruthy(); - }); -}); - -behavior('CodeBuild: Can specify additional policy statements', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['codeartifact:*', 'sts:GetServiceBearerToken'], - resources: ['arn:my:arn'], - }), - ], - }), - }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: '.', - commands: ['synth'], - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['codeartifact:*', 'sts:GetServiceBearerToken'], - resources: ['arn:my:arn'], - }), - ], - }), - }); - - THEN_codePipelineExpectation(); + })), + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: [ - 'codeartifact:*', - 'sts:GetServiceBearerToken', - ], - Resource: 'arn:my:arn', - })]), - }, - }); - } }); -behavior('Multiple input sources in side-by-side directories', (suite) => { - // Legacy API does not support this - suite.doesNotApply.legacy(); - - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.ShellStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - commands: ['false'], - additionalInputs: { - '../sibling': cdkp.CodePipelineSource.gitHub('foo/bar', 'main'), - 'sub': new cdkp.ShellStep('Prebuild', { - input: cdkp.CodePipelineSource.gitHub('pre/build', 'main'), - commands: ['true'], - primaryOutputDirectory: 'built', - }), - }, - }), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'Source', - Actions: [ - Match.objectLike({ Configuration: Match.objectLike({ Repo: 'bar' }) }), - Match.objectLike({ Configuration: Match.objectLike({ Repo: 'build' }) }), - Match.objectLike({ Configuration: Match.objectLike({ Repo: 'test' }) }), - ], - }, - { - Name: 'Build', - Actions: [ - Match.objectLike({ Name: 'Prebuild', RunOrder: 1 }), - Match.objectLike({ - Name: 'Synth', - RunOrder: 2, - InputArtifacts: [ - // 3 input artifacts - Match.anyValue(), - Match.anyValue(), - Match.anyValue(), - ], - }), - ], - }, - ]), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: [ - '[ ! -d "../sibling" ] || { echo \'additionalInputs: "../sibling" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_foo_bar_Source" "../sibling"', - '[ ! -d "sub" ] || { echo \'additionalInputs: "sub" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_Prebuild_Output" "sub"', - ], - }, - build: { - commands: [ - 'false', - ], - }, +test('Can easily switch on privileged mode for synth', () => { + + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + dockerEnabledForSynth: true, + commands: ['LookAtMe'], + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'LookAtMe', + ], }, - })), - }, - }); + }, + })), + }, }); }); -behavior('Can easily switch on privileged mode for synth', (suite) => { - // Legacy API does not support this - suite.doesNotApply.legacy(); +test('can provide custom BuildSpec that is merged with generated one', () => { - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - dockerEnabledForSynth: true, - commands: ['LookAtMe'], - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: Match.objectLike({ - PrivilegedMode: true, - }), - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'LookAtMe', - ], - }, - }, - })), + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.CodeBuildStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + env: { + SOME_ENV_VAR: 'SomeValue', }, - }); - }); -}); - -behavior('can provide custom BuildSpec that is merged with generated one', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, + buildEnvironment: { environmentVariables: { - SOME_ENV_VAR: { value: 'SomeValue' }, + INNER_VAR: { value: 'InnerValue' }, }, - environment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, + privileged: true, + }, + installCommands: [ + 'install1', + 'install2', + ], + commands: ['synth'], + partialBuildSpec: cbuild.BuildSpec.fromObject({ + env: { + variables: { + FOO: 'bar', }, - privileged: true, }, - installCommands: [ - 'install1', - 'install2', - ], - synthCommand: 'synth', - buildSpec: cbuild.BuildSpec.fromObject({ - env: { - variables: { - FOO: 'bar', - }, + phases: { + pre_build: { + commands: ['installCustom'], }, - phases: { - pre_build: { - commands: 'installCustom', - }, - }, - cache: { - paths: ['node_modules'], - }, - }), + }, + cache: { + paths: ['node_modules'], + }, }), - }); - - THEN_codePipelineExpectation(); + }), }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - env: { - SOME_ENV_VAR: 'SomeValue', + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + EnvironmentVariables: Match.arrayWith([ + { + Name: 'INNER_VAR', + Type: 'PLAINTEXT', + Value: 'InnerValue', }, - buildEnvironment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, + ]), + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + env: { + variables: { + FOO: 'bar', }, - privileged: true, }, - installCommands: [ - 'install1', - 'install2', - ], - commands: ['synth'], - partialBuildSpec: cbuild.BuildSpec.fromObject({ - env: { - variables: { - FOO: 'bar', - }, - }, - phases: { - pre_build: { - commands: ['installCustom'], - }, + phases: { + pre_build: { + commands: Match.arrayWith(['installCustom']), }, - cache: { - paths: ['node_modules'], + build: { + commands: ['synth'], }, - }), - }), - }); - - THEN_codePipelineExpectation(); + }, + cache: { + paths: ['node_modules'], + }, + })), + }, }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: Match.objectLike({ - PrivilegedMode: true, - EnvironmentVariables: Match.arrayWith([ - { - Name: 'INNER_VAR', - Type: 'PLAINTEXT', - Value: 'InnerValue', - }, - ]), - }), - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - env: { - variables: { - FOO: 'bar', - }, - }, - phases: { - pre_build: { - commands: Match.arrayWith(['installCustom']), - }, - build: { - commands: ['synth'], - }, - }, - cache: { - paths: ['node_modules'], - }, - })), - }, - }); - } }); -behavior('stacks synthesized for pipeline will be checked during synth', (suite) => { - let stage: OneStackApp; - beforeEach(() => { - stage = new OneStackApp(pipelineStack, 'MyApp'); - }); - - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, - installCommands: ['install1', 'install2'], - buildCommands: ['build1', 'build2'], - testCommands: ['test1', 'test2'], - synthCommand: 'cdk synth', - }), - }); - pipeline.addApplicationStage(stage); - - THEN(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['install1', 'install2'], - commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], - }); - pipeline.addStage(stage); +test('stacks synthesized for pipeline will be checked during synth', () => { + let stage: OneStackApp = new OneStackApp(pipelineStack, 'MyApp'); - THEN(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['install1', 'install2'], + commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], }); + pipeline.addStage(stage); - function THEN() { - // All stacks in the ASM have been synthesized with 'validateOnSynth: true' - const asm = stage.synth(); - for (const stack of asm.stacks) { - expect(stack.validateOnSynth).toEqual(true); - } + // All stacks in the ASM have been synthesized with 'validateOnSynth: true' + const asm = stage.synth(); + for (const stack of asm.stacks) { + expect(stack.validateOnSynth).toEqual(true); } }); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts index f1a560fdae911..5af4eb5733394 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts @@ -9,7 +9,7 @@ import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CodePipelineSource, ShellStep } from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { AppWithOutput, behavior, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, sortByRunOrder, StageWithStackOutput, stringNoLongerThan, TestApp, TwoStackApp } from '../testhelpers'; +import { AppWithOutput, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, sortByRunOrder, StageWithStackOutput, stringNoLongerThan, TestApp, TwoStackApp } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -23,775 +23,471 @@ afterEach(() => { app.cleanup(); }); -behavior('can add manual approval after app', (suite) => { - // No need to be backwards compatible - suite.doesNotApply.legacy(); +test('can add manual approval after app', () => { - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'MyApp'), { - post: [ - new cdkp.ManualApprovalStep('Approve'), - ], - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - Match.objectLike({ Name: 'Approve' }), - ]), - }]), - }); + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'MyApp'), { + post: [ + new cdkp.ManualApprovalStep('Approve'), + ], + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyApp', + Actions: sortByRunOrder([ + Match.objectLike({ Name: 'Stack1.Prepare' }), + Match.objectLike({ Name: 'Stack1.Deploy' }), + Match.objectLike({ Name: 'Stack2.Prepare' }), + Match.objectLike({ Name: 'Stack2.Deploy' }), + Match.objectLike({ Name: 'Approve' }), + ]), + }]), }); }); -behavior('can add steps to wave', (suite) => { - // No need to be backwards compatible - suite.doesNotApply.legacy(); +test('can add steps to wave', () => { - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const wave = pipeline.addWave('MyWave', { - post: [ - new cdkp.ManualApprovalStep('Approve'), - ], - }); - wave.addStage(new OneStackApp(pipelineStack, 'Stage1')); - wave.addStage(new OneStackApp(pipelineStack, 'Stage2')); - wave.addStage(new OneStackApp(pipelineStack, 'Stage3')); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyWave', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stage1.Stack.Prepare' }), - Match.objectLike({ Name: 'Stage2.Stack.Prepare' }), - Match.objectLike({ Name: 'Stage3.Stack.Prepare' }), - Match.objectLike({ Name: 'Stage1.Stack.Deploy' }), - Match.objectLike({ Name: 'Stage2.Stack.Deploy' }), - Match.objectLike({ Name: 'Stage3.Stack.Deploy' }), - Match.objectLike({ Name: 'Approve' }), - ]), - }]), - }); + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const wave = pipeline.addWave('MyWave', { + post: [ + new cdkp.ManualApprovalStep('Approve'), + ], + }); + wave.addStage(new OneStackApp(pipelineStack, 'Stage1')); + wave.addStage(new OneStackApp(pipelineStack, 'Stage2')); + wave.addStage(new OneStackApp(pipelineStack, 'Stage3')); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyWave', + Actions: sortByRunOrder([ + Match.objectLike({ Name: 'Stage1.Stack.Prepare' }), + Match.objectLike({ Name: 'Stage2.Stack.Prepare' }), + Match.objectLike({ Name: 'Stage3.Stack.Prepare' }), + Match.objectLike({ Name: 'Stage1.Stack.Deploy' }), + Match.objectLike({ Name: 'Stage2.Stack.Deploy' }), + Match.objectLike({ Name: 'Stage3.Stack.Deploy' }), + Match.objectLike({ Name: 'Approve' }), + ]), + }]), }); }); -behavior('script validation steps can use stack outputs as environment variables', (suite) => { - suite.legacy(() => { - // GIVEN - const { pipeline } = legacySetup(); - const stage = new StageWithStackOutput(app, 'MyApp'); - - // WHEN - const pipeStage = pipeline.addApplicationStage(stage); - pipeStage.addActions(new cdkp.ShellScriptAction({ - actionName: 'TestOutput', - useOutputs: { - BUCKET_NAME: pipeline.stackOutput(stage.output), - }, - commands: ['echo $BUCKET_NAME'], - })); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: Match.arrayWith([ - Match.objectLike({ - ActionTypeId: { - Provider: 'CodeBuild', - }, - Configuration: { - ProjectName: Match.anyValue(), - }, - InputArtifacts: [{ Name: Match.anyValue() }], - Name: 'TestOutput', - }), - Match.objectLike({ - Name: 'Stack.Deploy', - OutputArtifacts: [{ Name: Match.anyValue() }], - Configuration: { - OutputFileName: 'outputs.json', - }, - }), - ]), - }]), - }); +test('script validation steps can use stack outputs as environment variables', () => { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'export BUCKET_NAME="$(node -pe \'require(process.env.CODEBUILD_SRC_DIR + "/outputs.json")["BucketName"]\')"', - 'echo $BUCKET_NAME', - ], - }, - }, - })), - Type: 'CODEPIPELINE', - }, - }); - }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const myApp = new AppWithOutput(app, 'Alpha'); - pipeline.addStage(myApp, { - post: [ - new cdkp.ShellStep('Approve', { - commands: ['/bin/true'], - envFromCfnOutputs: { - THE_OUTPUT: myApp.theOutput, - }, - }), - ], - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Alpha', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'Stack.Deploy', - Namespace: 'AlphaStack6B3389FA', - }), - Match.objectLike({ - Name: 'Approve', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { name: 'THE_OUTPUT', value: '#{AlphaStack6B3389FA.MyOutput}', type: 'PLAINTEXT' }, - ]), - }), - }), - ]), - }]), - }); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const myApp = new AppWithOutput(app, 'Alpha'); + pipeline.addStage(myApp, { + post: [ + new cdkp.ShellStep('Approve', { + commands: ['/bin/true'], + envFromCfnOutputs: { + THE_OUTPUT: myApp.theOutput, + }, + }), + ], }); -}); -behavior('stackOutput generates names limited to 100 characters', (suite) => { - suite.legacy(() => { - const { pipeline } = legacySetup(); - const stage = new StageWithStackOutput(app, 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild'); - const pipeStage = pipeline.addApplicationStage(stage); - pipeStage.addActions(new cdkp.ShellScriptAction({ - actionName: 'TestOutput', - useOutputs: { - BUCKET_NAME: pipeline.stackOutput(stage.output), - }, - commands: ['echo $BUCKET_NAME'], - })); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild', - Actions: Match.arrayWith([ - Match.objectLike({ - ActionTypeId: { - Provider: 'CodeBuild', - }, - Configuration: { - ProjectName: Match.anyValue(), - }, - InputArtifacts: [{ Name: stringNoLongerThan(100) }], - Name: 'TestOutput', - }), - Match.objectLike({ - Name: 'Stack.Deploy', - OutputArtifacts: [{ Name: stringNoLongerThan(100) }], - Configuration: { - OutputFileName: 'outputs.json', - }, - }), - ]), - }]), - }); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new StageWithStackOutput(app, 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild'); - pipeline.addStage(stage, { - post: [ - new cdkp.ShellStep('TestOutput', { - commands: ['echo $BUCKET_NAME'], - envFromCfnOutputs: { - BUCKET_NAME: stage.output, - }, + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Alpha', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'Stack.Deploy', + Namespace: 'AlphaStack6B3389FA', }), - ], - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'Stack.Deploy', - Namespace: stringNoLongerThan(100), + Match.objectLike({ + Name: 'Approve', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { name: 'THE_OUTPUT', value: '#{AlphaStack6B3389FA.MyOutput}', type: 'PLAINTEXT' }, + ]), }), - ]), - }]), - }); + }), + ]), + }]), }); }); -behavior('validation step can run from scripts in source', (suite) => { - suite.legacy(() => { - const { pipeline, sourceArtifact } = legacySetup(); - - // WHEN - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'UseSources', - additionalArtifacts: [sourceArtifact], - commands: ['true'], - })); +test('stackOutput generates names limited to 100 characters', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new StageWithStackOutput(app, 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild'); + pipeline.addStage(stage, { + post: [ + new cdkp.ShellStep('TestOutput', { + commands: ['echo $BUCKET_NAME'], + envFromCfnOutputs: { + BUCKET_NAME: stage.output, + }, + }), + ], }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [ - new cdkp.ShellStep('UseSources', { - input: pipeline.gitHubSource, - commands: ['set -eu', 'true'], + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'Stack.Deploy', + Namespace: stringNoLongerThan(100), }), - ], - }); - - THEN_codePipelineExpectation(); + ]), + }]), }); - - function THEN_codePipelineExpectation() { - const sourceArtifact = new Capture(); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Source', - Actions: [ - Match.objectLike({ - OutputArtifacts: [{ Name: sourceArtifact }], - }), - ], - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'UseSources', - InputArtifacts: [{ Name: sourceArtifact.asString() }], - }), - ]), - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'true', - ], - }, - }, - })), - }, - }); - } }); -behavior('can use additional output artifacts from build', (suite) => { - suite.legacy(() => { - // WHEN - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'UseBuildArtifact', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - })); +test('validation step can run from scripts in source', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [ + new cdkp.ShellStep('UseSources', { + input: pipeline.gitHubSource, + commands: ['set -eu', 'true'], + }), + ], }); - suite.modern(() => { - const synth = new ShellStep('Synth', { - input: CodePipelineSource.gitHub('test/test', 'main'), - commands: ['synth'], - }); + const sourceArtifact = new Capture(); - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth, - }); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [ - new cdkp.ShellStep('UseBuildArtifact', { - input: synth.addOutputDirectory('test'), - commands: ['set -eu', 'true'], + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Source', + Actions: [ + Match.objectLike({ + OutputArtifacts: [{ Name: sourceArtifact }], }), ], - }); - - THEN_codePipelineExpectation(); + }]), }); - - function THEN_codePipelineExpectation() { - const integArtifact = new Capture(); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Build', - Actions: [ - Match.objectLike({ - Name: 'Synth', - OutputArtifacts: [ - { Name: Match.anyValue() }, // It's not the first output - { Name: integArtifact }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'UseSources', + InputArtifacts: [{ Name: sourceArtifact.asString() }], + }), + ]), + }]), + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'set -eu', + 'true', ], - }), - ], - }]), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'UseBuildArtifact', - InputArtifacts: [{ Name: integArtifact.asString() }], - }), - ]), - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'true', - ], - }, }, - })), - }, - }); - } + }, + })), + }, + }); }); -behavior('can add policy statements to shell script action', (suite) => { - suite.legacy(() => { - // WHEN - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'Boop', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['s3:Banana'], - resources: ['*'], - }), - ], - })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [ - new cdkp.CodeBuildStep('Boop', { - commands: ['true'], - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['s3:Banana'], - resources: ['*'], - }), +test('can use additional output artifacts from build', () => { + const synth = new ShellStep('Synth', { + input: CodePipelineSource.gitHub('test/test', 'main'), + commands: ['synth'], + }); + + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth, + }); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [ + new cdkp.ShellStep('UseBuildArtifact', { + input: synth.addOutputDirectory('test'), + commands: ['set -eu', 'true'], + }), + ], + }); + + const integArtifact = new Capture(); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Build', + Actions: [ + Match.objectLike({ + Name: 'Synth', + OutputArtifacts: [ + { Name: Match.anyValue() }, // It's not the first output + { Name: integArtifact }, ], }), ], - }); - - THEN_codePipelineExpectation(); + }]), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: 's3:Banana', - Resource: '*', - })]), - }, - }); - } -}); - -behavior('can grant permissions to shell script action', (suite) => { - let bucket: s3.IBucket; - beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'UseBuildArtifact', + InputArtifacts: [{ Name: integArtifact.asString() }], + }), + ]), + }]), }); - - suite.legacy(() => { - const { pipeline, integTestArtifact } = legacySetup(); - const action = new cdkp.ShellScriptAction({ - actionName: 'Boop', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - }); - pipeline.addStage('Test').addActions(action); - - // WHEN - bucket.grantRead(action); - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'set -eu', + 'true', + ], + }, + }, + })), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); +test('can add policy statements to shell script action', () => { - const codeBuildStep = new cdkp.CodeBuildStep('Boop', { - commands: ['true'], - }); + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [ + new cdkp.CodeBuildStep('Boop', { + commands: ['true'], + rolePolicyStatements: [ + new iam.PolicyStatement({ + actions: ['s3:Banana'], + resources: ['*'], + }), + ], + }), + ], + }); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [codeBuildStep], - }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: 's3:Banana', + Resource: '*', + })]), + }, + }); +}); - pipeline.buildPipeline(); +test('can grant permissions to shell script action', () => { + const bucket: s3.IBucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); - // WHEN - bucket.grantRead(codeBuildStep.project); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); + const codeBuildStep = new cdkp.CodeBuildStep('Boop', { + commands: ['true'], }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], - })]), - }, - }); - } -}); - -behavior('can run shell script actions in a VPC', (suite) => { - let vpc: ec2.Vpc; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'VPC'); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [codeBuildStep], }); - suite.legacy(() => { - const { pipeline, integTestArtifact } = legacySetup(); + pipeline.buildPipeline(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - vpc, - actionName: 'VpcAction', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - })); + // WHEN + bucket.grantRead(codeBuildStep.project); - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], + })]), + }, }); +}); - suite.modern(() => { - // All CodeBuild jobs automatically go into the VPC - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); +test('can run shell script actions in a VPC', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'VPC'); - pipeline.addStage(new TwoStackApp(app, 'MyApp'), { - post: [new cdkp.ShellStep('VpcAction', { - commands: ['set -eu', 'true'], - })], - }); - - THEN_codePipelineExpectation(); + // All CodeBuild jobs automatically go into the VPC + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + codeBuildDefaults: { vpc }, }); - suite.additional('modern, alternate API', () => { - // Can also explicitly specify a VPC when going to the "full config" class - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'MyApp-1'), { + post: [new cdkp.ShellStep('VpcAction', { + commands: ['set -eu', 'true'], + })], + }); - pipeline.addStage(new TwoStackApp(app, 'MyApp'), { - post: [new cdkp.CodeBuildStep('VpcAction', { - commands: ['set -eu', 'true'], - vpc, - })], - }); + // Can also explicitly specify a VPC when going to the "full config" class + const pipeline2 = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-2'); - THEN_codePipelineExpectation(); + pipeline2.addStage(new TwoStackApp(app, 'MyApp-2'), { + post: [new cdkp.CodeBuildStep('VpcAction', { + commands: ['set -eu', 'true'], + vpc, + })], }); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - VpcConfig: { - Subnets: [ - { - Ref: 'VPCPrivateSubnet1Subnet8BCA10E0', - }, - { - Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A', - }, - { - Ref: 'VPCPrivateSubnet3Subnet3EDCD457', - }, - ], - VpcId: { - Ref: 'VPCB9E5F0B4', + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + VpcConfig: { + Subnets: [ + { + Ref: 'VPCPrivateSubnet1Subnet8BCA10E0', }, + { + Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A', + }, + { + Ref: 'VPCPrivateSubnet3Subnet3EDCD457', + }, + ], + VpcId: { + Ref: 'VPCB9E5F0B4', }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'true', - ], - }, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'set -eu', + 'true', + ], }, - })), - }, - }); - } + }, + })), + }, + }); }); -behavior('can run shell script actions with a specific SecurityGroup', (suite) => { - let vpc: ec2.Vpc; - let sg: ec2.SecurityGroup; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'VPC'); - sg = new ec2.SecurityGroup(pipelineStack, 'SG', { vpc }); - }); +test('can run shell script actions with a specific SecurityGroup', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'VPC'); + const sg: ec2.SecurityGroup = new ec2.SecurityGroup(pipelineStack, 'SG', { vpc }); + + // All CodeBuild jobs automatically go into the VPC + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - suite.legacy(() => { - // WHEN - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [new cdkp.CodeBuildStep('sgAction', { + commands: ['set -eu', 'true'], vpc, securityGroups: [sg], - actionName: 'sgAction', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - })); - - THEN_codePipelineExpectation(); + })], }); - suite.modern(() => { - // All CodeBuild jobs automatically go into the VPC - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.CodeBuildStep('sgAction', { - commands: ['set -eu', 'true'], - vpc, - securityGroups: [sg], - })], - }); - - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'sgAction', + }), + ]), + }]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'sgAction', - }), - ]), - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - VpcConfig: { - SecurityGroupIds: [ - { - 'Fn::GetAtt': [ - 'SGADB53937', - 'GroupId', - ], - }, - ], - VpcId: { - Ref: 'VPCB9E5F0B4', + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { + 'Fn::GetAtt': [ + 'SGADB53937', + 'GroupId', + ], }, + ], + VpcId: { + Ref: 'VPCB9E5F0B4', }, - }); - } + }, + }); }); -behavior('can run scripts with specified BuildEnvironment', (suite) => { - suite.legacy(() => { - let { pipeline, integTestArtifact } = legacySetup(); - - // WHEN - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'imageAction', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - environment: { buildImage: codebuild.LinuxBuildImage.STANDARD_2_0 }, - })); - - THEN_codePipelineExpectation(); - }); +test('can run scripts with specified BuildEnvironment', () => { - suite.modern(() => { - // Run all Build jobs with the given image - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { - buildEnvironment: { - buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, - }, + // Run all Build jobs with the given image + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + codeBuildDefaults: { + buildEnvironment: { + buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, }, - }); - - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.ShellStep('imageAction', { - commands: ['true'], - })], - }); - - THEN_codePipelineExpectation(); + }, }); - suite.additional('modern, alternative API', () => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'Test-1'), { + post: [new cdkp.ShellStep('imageAction', { + commands: ['true'], + })], + }); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.CodeBuildStep('imageAction', { - commands: ['true'], - buildEnvironment: { - buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, - }, - })], - }); + const pipeline2 = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-2'); - THEN_codePipelineExpectation(); + pipeline2.addStage(new TwoStackApp(app, 'Test-2'), { + post: [new cdkp.CodeBuildStep('imageAction', { + commands: ['true'], + buildEnvironment: { + buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, + }, + })], }); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: 'aws/codebuild/standard:2.0', - }, - }); - } + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: 'aws/codebuild/standard:2.0', + }, + }); }); -behavior('can run scripts with magic environment variables', (suite) => { - suite.legacy(() => { - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'imageAction', - additionalArtifacts: [integTestArtifact], +test('can run scripts with magic environment variables', () => { + + // Run all Build jobs with the given image + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [new cdkp.ShellStep('imageAction', { commands: ['true'], - environmentVariables: { - VERSION: { value: codepipeline.GlobalVariables.executionId }, + env: { + VERSION: codepipeline.GlobalVariables.executionId, }, - })); - - THEN_codePipelineExpectation(); + })], }); - suite.modern(() => { - // Run all Build jobs with the given image - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.ShellStep('imageAction', { - commands: ['true'], - env: { - VERSION: codepipeline.GlobalVariables.executionId, - }, - })], - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'imageAction', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { - name: 'VERSION', - type: 'PLAINTEXT', - value: '#{codepipeline.PipelineExecutionId}', - }, - ]), - }), + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'imageAction', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { + name: 'VERSION', + type: 'PLAINTEXT', + value: '#{codepipeline.PipelineExecutionId}', + }, + ]), }), - ]), - }]), - }); - } -}); - -/** - * Some shared setup for legacy API tests - */ -function legacySetup() { - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - additionalArtifacts: [{ directory: 'test', artifact: integTestArtifact }], - }), - }); - - return { sourceArtifact, cloudAssemblyArtifact, integTestArtifact, pipeline }; -} \ No newline at end of file + }), + ]), + }]), + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/legacy/fs.test.ts b/packages/aws-cdk-lib/pipelines/test/fs.test.ts similarity index 85% rename from packages/aws-cdk-lib/pipelines/test/legacy/fs.test.ts rename to packages/aws-cdk-lib/pipelines/test/fs.test.ts index da49fa9cf2986..49cbe2458e64a 100644 --- a/packages/aws-cdk-lib/pipelines/test/legacy/fs.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/fs.test.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { toPosixPath } from '../../lib/private/fs'; +import { toPosixPath } from '../lib/private/fs'; test('translate path.sep', () => { expect(toPosixPath(`a${path.sep}b${path.sep}c`)).toEqual('a/b/c'); diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts index 2d3c4ebed35ba..d50366234083f 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts @@ -1,68 +1,13 @@ import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; interface SkippedSuite { - legacy(reason?: string): void; - modern(reason?: string): void; } interface Suite { readonly doesNotApply: SkippedSuite; - legacy(fn: () => void): void; - modern(fn: () => void): void; additional(description: string, fn: () => void): void; -} - -// eslint-disable-next-line jest/no-export -export function behavior(name: string, cb: (suite: Suite) => void) { - // Since the goal of the compliance test suites is to compare modern and legacy (i.e. deprecated) APIs, - // use `describeDeprecated()` block here since usage of the legacy API is inevitable. - describeDeprecated(name, () => { - const unwritten = new Set(['modern', 'legacy']); - - function scratchOff(flavor: string) { - if (!unwritten.has(flavor)) { - throw new Error(`Already had test for ${flavor}. Use .additional() to add more tests.`); - } - unwritten.delete(flavor); - } - - cb({ - legacy: (testFn) => { - scratchOff('legacy'); - test('legacy', testFn); - }, - modern: (testFn) => { - scratchOff('modern'); - test('modern', testFn); - }, - additional: test, - doesNotApply: { - modern: (reason?: string) => { - scratchOff('modern'); - - if (reason != null) { - // eslint-disable-next-line jest/no-disabled-tests - test.skip(`modern - ${reason}`, () => {}); - } - }, - - legacy: (reason?: string) => { - scratchOff('legacy'); - - if (reason != null) { - // eslint-disable-next-line jest/no-disabled-tests - test.skip(`legacy - ${reason}`, () => {}); - } - }, - }, - }); - - for (const missing of unwritten) { - test.todo(missing); - } - }); -} +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts index fbc50d3b1a003..866d791e45856 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts @@ -1,5 +1,4 @@ export * from './compliance'; -export * from './legacy-pipeline'; export * from './modern-pipeline'; export * from './test-app'; export * from './matchers'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts deleted file mode 100644 index cc5340b74e7c8..0000000000000 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts +++ /dev/null @@ -1,47 +0,0 @@ -import { Construct } from 'constructs'; -import * as codepipeline from '../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../aws-codepipeline-actions'; -import { SecretValue } from '../../../core'; -import * as cdkp from '../../lib'; - -export interface LegacyTestGitHubNpmPipelineExtraProps { - readonly sourceArtifact?: codepipeline.Artifact; - readonly npmSynthOptions?: Partial; -} - -export class LegacyTestGitHubNpmPipeline extends cdkp.CdkPipeline { - public readonly sourceArtifact: codepipeline.Artifact; - public readonly cloudAssemblyArtifact: codepipeline.Artifact; - - constructor(scope: Construct, id: string, props?: Partial & LegacyTestGitHubNpmPipelineExtraProps) { - const sourceArtifact = props?.sourceArtifact ?? new codepipeline.Artifact(); - const cloudAssemblyArtifact = props?.cloudAssemblyArtifact ?? new codepipeline.Artifact(); - - super(scope, id, { - sourceAction: new TestGitHubAction(sourceArtifact), - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - ...props?.npmSynthOptions, - }), - cloudAssemblyArtifact, - ...props, - }); - - this.sourceArtifact = sourceArtifact; - this.cloudAssemblyArtifact = cloudAssemblyArtifact; - } -} - -export class TestGitHubAction extends codepipeline_actions.GitHubSourceAction { - constructor(sourceArtifact: codepipeline.Artifact) { - super({ - actionName: 'GitHub', - output: sourceArtifact, - oauthToken: SecretValue.unsafePlainText('$3kr1t'), - owner: 'test', - repo: 'test', - trigger: codepipeline_actions.GitHubTrigger.POLL, - }); - } -} diff --git a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts index c97ef832bf8ad..58a7436ec118b 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts @@ -12,15 +12,22 @@ export const AWS_CDK_METADATA = new Set([ 'ap-east-1', 'ap-northeast-1', 'ap-northeast-2', + 'ap-northeast-3', 'ap-south-1', + 'ap-south-2', 'ap-southeast-1', 'ap-southeast-2', + 'ap-southeast-3', + 'ap-southeast-4', 'ca-central-1', + 'ca-west-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', + 'eu-central-2', 'eu-north-1', 'eu-south-1', + 'eu-south-2', 'eu-west-1', 'eu-west-2', 'eu-west-3', diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json index d3a778f9552b4..d3a316063c252 100644 --- a/packages/aws-cdk-lib/scripts/scope-map.json +++ b/packages/aws-cdk-lib/scripts/scope-map.json @@ -423,6 +423,9 @@ "aws-lambda": [ "AWS::Lambda" ], + "aws-launchwizard": [ + "AWS::LaunchWizard" + ], "aws-lex": [ "AWS::Lex" ], diff --git a/packages/aws-cdk/THIRD_PARTY_LICENSES b/packages/aws-cdk/THIRD_PARTY_LICENSES index bdd874b45cfec..a7dc51a926a60 100644 --- a/packages/aws-cdk/THIRD_PARTY_LICENSES +++ b/packages/aws-cdk/THIRD_PARTY_LICENSES @@ -1,6 +1,6 @@ The aws-cdk package includes the following third-party software/licensing: -** @jsii/check-node@1.101.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.101.0 | Apache-2.0 +** @jsii/check-node@1.102.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.102.0 | Apache-2.0 jsii Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -2954,6 +2954,26 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +---------------- + +** semver@7.6.3 - https://www.npmjs.com/package/semver/v/7.6.3 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + ---------------- ** slice-ansi@4.0.0 - https://www.npmjs.com/package/slice-ansi/v/4.0.0 | MIT diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 8162bb751544d..a678374b16958 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -96,11 +96,11 @@ "xml-js": "^1.6.11" }, "dependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", - "@jsii/check-node": "1.101.0", + "@jsii/check-node": "1.102.0", "archiver": "^5.3.2", "aws-sdk": "^2.1653.0", "camelcase": "^6.3.0", diff --git a/packages/aws-cdk/test/api/exec.test.ts b/packages/aws-cdk/test/api/exec.test.ts index d15f9ac9c0ce2..a8c32aed06d8a 100644 --- a/packages/aws-cdk/test/api/exec.test.ts +++ b/packages/aws-cdk/test/api/exec.test.ts @@ -76,7 +76,7 @@ test('cli throws when manifest version > schema version', async () => { } const expectedError = 'This CDK CLI is not compatible with the CDK library used by your application. Please upgrade the CLI to the latest version.' - + `\n(Cloud assembly schema version mismatch: Maximum schema version supported is ${currentSchemaVersion}, but found ${mockManifestVersion})`; + + `\n(Cloud assembly schema version mismatch: Maximum schema version supported is ${semver.major(currentSchemaVersion)}.x.x, but found ${mockManifestVersion})`; config.settings.set(['app'], 'cdk.out'); diff --git a/packages/awslint/package.json b/packages/awslint/package.json index f9ba600f5ba97..39b7b0a6ababb 100644 --- a/packages/awslint/package.json +++ b/packages/awslint/package.json @@ -18,10 +18,10 @@ "awslint": "bin/awslint" }, "dependencies": { - "@jsii/spec": "1.101.0", + "@jsii/spec": "1.102.0", "chalk": "^4", "fs-extra": "^9.1.0", - "jsii-reflect": "1.101.0", + "jsii-reflect": "1.102.0", "change-case": "^4.1.2", "yargs": "^16.2.0" }, @@ -71,4 +71,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index e07450f12ec3a..8b19ba83cb908 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -43,7 +43,7 @@ "@aws-cdk/pkglint": "0.0.0" }, "dependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cx-api": "0.0.0", "archiver": "^5.3.2", "aws-sdk": "^2.1653.0", @@ -79,4 +79,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/tools/@aws-cdk/cdk-build-tools/package.json b/tools/@aws-cdk/cdk-build-tools/package.json index 53374615cbef5..c65e33c5fae5b 100644 --- a/tools/@aws-cdk/cdk-build-tools/package.json +++ b/tools/@aws-cdk/cdk-build-tools/package.json @@ -62,8 +62,8 @@ "jest-junit": "^13.2.0", "jsii": "~5.4.25", "jsii-rosetta": "~5.4.24", - "jsii-pacmak": "1.101.0", - "jsii-reflect": "1.101.0", + "jsii-pacmak": "1.102.0", + "jsii-reflect": "1.102.0", "markdownlint-cli": "^0.41.0", "nyc": "^15.1.0", "semver": "^7.6.2", @@ -87,4 +87,4 @@ "ubergen": { "exclude": true } -} +} \ No newline at end of file diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index 0ce2d7e2475b5..ee14350a750e6 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.13", - "@aws-cdk/service-spec-importers": "^0.0.42", - "@aws-cdk/service-spec-types": "^0.0.81", + "@aws-cdk/aws-service-spec": "^0.1.16", + "@aws-cdk/service-spec-importers": "^0.0.44", + "@aws-cdk/service-spec-types": "^0.0.84", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index faf55a9c8ec6f..8f0c3f4ac727f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -51,14 +51,22 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523" integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg== -"@aws-cdk/aws-service-spec@^0.1.13": - version "0.1.13" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.13.tgz#bd7904550b581b4ce93ed8145d5ca33f42c0d406" - integrity sha512-n8jDKzKx8SQzeF2HLZ4RG1PyhXKgUaS+Vn8Gk4LjRKmQDSPfDy1ZGLjzu3Po0Z6fLgJEgFG/jdl3ENZwZJ4u1w== +"@aws-cdk/aws-service-spec@^0.1.16": + version "0.1.16" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.16.tgz#2cb1f7b1783c4dc362492296ebf61c7fd5cc88c7" + integrity sha512-9NX+04puH6zkTQY2shOzSWa8Ge1sdz0M4sqZw/UI9mgHbflfhxgSkjTwz6Fe/B3FH3ZA1RXl/wW6ThEqeAb3fw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.81" + "@aws-cdk/service-spec-types" "^0.0.84" "@cdklabs/tskb" "^0.0.3" +"@aws-cdk/cloud-assembly-schema@^36.0.5": + version "36.0.5" + resolved "https://registry.npmjs.org/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-36.0.5.tgz#20207347d263eea8c3e0381ce2b9d169f0fbfe41" + integrity sha512-3BYOfDqB+xU/ZCjdQ1SDc6qodvg93DY7MPU9FuuIhvqLQBsuO6e//WNZlkToo/QXE9FFm7d/TQI9AyAD/Y/84w== + dependencies: + jsonschema "^1.4.1" + semver "^7.6.3" + "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": version "2.0.242" resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v24/-/lambda-layer-kubectl-v24-2.0.242.tgz#4273a5ad7714f933a7eba155eb9280823086db71" @@ -74,12 +82,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v30/-/lambda-layer-kubectl-v30-2.0.0.tgz#97c40d31e5350ce7170be5d188361118b1e39231" integrity sha512-yES6NfrJ3QV1372lAZ2FLXp/no4bqDWBXeSREJdrpWjQzD0wvL/hCpHEyjZrzHhOi27YbMxFTQ3g9isKAul8+A== -"@aws-cdk/service-spec-importers@^0.0.42": - version "0.0.42" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.42.tgz#554ade2437b6a15b68aad5f827b125fe517095cf" - integrity sha512-D8Sb2f8RkoJF+UVet7mVhXbio6LYEesS5JlALbHS4Z4JQtWxhrrRbpjYy/Ke5xnee5Fgnc7UGU/hntah/wJ/Vw== +"@aws-cdk/service-spec-importers@^0.0.44": + version "0.0.44" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.44.tgz#8a2c55e69f1fd33ff19877e7eb82d87cf35cd229" + integrity sha512-Oo5qbamIPx/YOeZlmxNJsenPvNkyaofgieWhZavqhAgk0H5VCis4/stxnUwZzsu3Bc7SCg/vQRILDt4oGt981Q== dependencies: - "@aws-cdk/service-spec-types" "^0.0.81" + "@aws-cdk/service-spec-types" "^0.0.84" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -90,10 +98,10 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.81": - version "0.0.81" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.81.tgz#0ce955d293e69b56ae578581d3034d7dcdee2372" - integrity sha512-6gHHE75SUwsnglXMBR9SZP+waUwDoM/PCDqxNvhH0IJ4HrLUFNGvo3iLV/ZzKkxd1IJP+kmUZA8CbRnSSnJiMg== +"@aws-cdk/service-spec-types@^0.0.84": + version "0.0.84" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.84.tgz#b6fa7429bb556d26eb39c18a2ee9802079bdb234" + integrity sha512-AM3ghRsd9cZlpW+nuVRRdQiPuGV9iWDyHnR/Vjd9xKQEf+Qmh9vnRmB205rFncAIlbFjHXxgapII+lujHCGDmQ== dependencies: "@cdklabs/tskb" "^0.0.3" @@ -4250,7 +4258,22 @@ chalk "^4.1.2" semver "^7.6.0" -"@jsii/spec@1.101.0", "@jsii/spec@^1.101.0": +"@jsii/check-node@1.102.0": + version "1.102.0" + resolved "https://registry.npmjs.org/@jsii/check-node/-/check-node-1.102.0.tgz#d5dce81b60411b35d4890e69eee2b86d606c8672" + integrity sha512-uyKjxCe1ou11RJz6koBr5vXtyaGjTA45hF+H88GNW96vms7jKqmYdMm067Az1OKwl38h02lQRQ2tmoEzV7u74w== + dependencies: + chalk "^4.1.2" + semver "^7.6.3" + +"@jsii/spec@1.102.0", "@jsii/spec@^1.102.0": + version "1.102.0" + resolved "https://registry.npmjs.org/@jsii/spec/-/spec-1.102.0.tgz#3f9cfcd44e4358ba7259730452e89b2111918524" + integrity sha512-/VcmoEyp7HR0xoFz47/fiyZjAv+0gHG4ZwTbgB+umbB88bTbLZadnqBL7T9OIKQbK4w8HNOaRnHwjNBIYIPxWQ== + dependencies: + ajv "^8.17.1" + +"@jsii/spec@^1.101.0": version "1.101.0" resolved "https://registry.npmjs.org/@jsii/spec/-/spec-1.101.0.tgz#b1c3488d5df2ee0c355e0a3493e3de4add9d7452" integrity sha512-855OnjKm4RTzRA78GGTNBG/GLe6X/vHJYD58zg7Rw8rWS7sU6iB65TM/7P7R3cufVew8umjjPjvW7ygS6ZqITQ== @@ -6843,6 +6866,16 @@ ajv@^8.0.1, ajv@^8.13.0: require-from-string "^2.0.2" uri-js "^4.4.1" +ajv@^8.17.1: + version "8.17.1" + resolved "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" + integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== + dependencies: + fast-deep-equal "^3.1.3" + fast-uri "^3.0.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + ansi-align@^3.0.1: version "3.0.1" resolved "https://registry.npmjs.org/ansi-align/-/ansi-align-3.0.1.tgz#0cdf12e111ace773a86e9a1fad1225c43cb19a59" @@ -7934,10 +7967,10 @@ co@^4.6.0: resolved "https://registry.npmjs.org/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184" integrity sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ== -codemaker@^1.101.0: - version "1.101.0" - resolved "https://registry.npmjs.org/codemaker/-/codemaker-1.101.0.tgz#27e5e0311f08061618804e485a015eaa860aa718" - integrity sha512-bAg+N4PA8mniJrCpTYFdaFmJA+3fE1Vjgf4o1EnPc07nw6qRcJsr/D9ZZoutEsvw7UM8OmZp4qZxVzpCqRhhQQ== +codemaker@^1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/codemaker/-/codemaker-1.102.0.tgz#336dd6a8f7ffd64e02afcee7830c1f8d768f0efe" + integrity sha512-lxsbbcSMxCdT+9wUv1AvBH9791andoWDcQ6s7ZK6KsMZ+UkRLO3obzhi7Zm+RIA3lHecqzaGmOKyRnu0Dx/Zew== dependencies: camelcase "^6.3.0" decamelize "^5.0.1" @@ -8066,6 +8099,15 @@ commonmark@^0.31.0: minimist "~1.2.5" string.prototype.repeat "^1.0.0" +commonmark@^0.31.1: + version "0.31.1" + resolved "https://registry.npmjs.org/commonmark/-/commonmark-0.31.1.tgz#5c8b1b5eaaca00a0912cad68d1f0f00c836cecd3" + integrity sha512-M6pbc3sRU96iiOK7rmjv/TNrXvTaOscvthUCq7YOrlvZWbqAA36fyEtBvyI3nCcEK4u+JAy9sAdtftIeXwIWig== + dependencies: + entities "~3.0.1" + mdurl "~1.0.1" + minimist "~1.2.5" + compare-func@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/compare-func/-/compare-func-2.0.0.tgz#fb65e75edbddfd2e568554e8b5b05fff7a51fcb3" @@ -9629,6 +9671,11 @@ fast-memoize@^2.5.2: resolved "https://registry.npmjs.org/fast-memoize/-/fast-memoize-2.5.2.tgz#79e3bb6a4ec867ea40ba0e7146816f6cdce9b57e" integrity sha512-Ue0LwpDYErFbmNnZSF0UH6eImUwDmogUO1jyE+JbN2gsQz/jICm1Ve7t9QT0rNSsfJt+Hs4/S3GnsDVjL4HVrw== +fast-uri@^3.0.1: + version "3.0.1" + resolved "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.1.tgz#cddd2eecfc83a71c1be2cc2ef2061331be8a7134" + integrity sha512-MWipKbbYiYI0UC7cl8m/i/IWTqfC8YXsqjzybjddLsFjStroQzsHXkc73JutMvBiXmOvapk+axIl79ig5t55Bw== + fast-xml-parser@4.2.5: version "4.2.5" resolved "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz#a6747a09296a6cb34f2ae634019bf1738f3b421f" @@ -11601,37 +11648,49 @@ jsesc@^2.5.1: resolved "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4" integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA== -jsii-diff@1.101.0: - version "1.101.0" - resolved "https://registry.npmjs.org/jsii-diff/-/jsii-diff-1.101.0.tgz#d8bf59c522aaf419e9465170db78810a9795f8a9" - integrity sha512-7DvBiLireA91AnWCxt7EcKd04/zp8Rhk8oTYSGtIM57ZNZ+FV7cbrgxmXqja6P1ZXz67N3UAjKC8KdtFXeOqRA== +jsii-diff@1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/jsii-diff/-/jsii-diff-1.102.0.tgz#4008ea927f4367eecef813189822df6d6f239109" + integrity sha512-mFXOk5CDlk7ojkomHh2H6ngcknht1/r5Qmeice+B1xlL/fEmySs+g/ILowDED4Yu4P4491kZzh3EDMAaf34NkQ== dependencies: - "@jsii/check-node" "1.101.0" - "@jsii/spec" "^1.101.0" + "@jsii/check-node" "1.102.0" + "@jsii/spec" "^1.102.0" fs-extra "^10.1.0" - jsii-reflect "^1.101.0" + jsii-reflect "^1.102.0" log4js "^6.9.1" yargs "^16.2.0" -jsii-pacmak@1.101.0: - version "1.101.0" - resolved "https://registry.npmjs.org/jsii-pacmak/-/jsii-pacmak-1.101.0.tgz#8ad183be51d5a79e455253b27ae596efcb8a3b35" - integrity sha512-07a04KtOj+Kmx+5XQVD1JG6QOh6JNqFWh4bbzMDKiFx7JoHhQnLq07b/OlUpCuP7J7Q9WaXXYM59EUQpXO07wg== +jsii-pacmak@1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/jsii-pacmak/-/jsii-pacmak-1.102.0.tgz#ccf7f98f05c2b1bad34a0b90dbf5c479bd45c1a1" + integrity sha512-3/nqBYNH8n/5IWI0sBFBYl1yATokEDUDQtYFLjzk7oXNWpUJ23/encI78Cs55ZS6UXcfWN3xczGLqCWnsgEpnw== dependencies: - "@jsii/check-node" "1.101.0" - "@jsii/spec" "^1.101.0" + "@jsii/check-node" "1.102.0" + "@jsii/spec" "^1.102.0" clone "^2.1.2" - codemaker "^1.101.0" - commonmark "^0.31.0" + codemaker "^1.102.0" + commonmark "^0.31.1" escape-string-regexp "^4.0.0" fs-extra "^10.1.0" - jsii-reflect "^1.101.0" - semver "^7.6.0" + jsii-reflect "^1.102.0" + semver "^7.6.3" spdx-license-list "^6.9.0" xmlbuilder "^15.1.1" yargs "^16.2.0" -jsii-reflect@1.101.0, jsii-reflect@^1.101.0: +jsii-reflect@1.102.0, jsii-reflect@^1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.102.0.tgz#4d1d3c9e2f51d157a43297d55dd61487bf61e384" + integrity sha512-Lf2l8z3HSRSyouFGpDddfheP2LznKvFDKVlUWEzO+jDnQFOJOYTv4x617Yy5JIeIa9D8f70drRelOqove6hZtQ== + dependencies: + "@jsii/check-node" "1.102.0" + "@jsii/spec" "^1.102.0" + chalk "^4" + fs-extra "^10.1.0" + oo-ascii-tree "^1.102.0" + yargs "^16.2.0" + +jsii-reflect@^1.101.0: version "1.101.0" resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.101.0.tgz#e96fa687ba9db5c4b70995839aacceea11abc288" integrity sha512-ZCFb+laktj/ekNadUYksf+jLZq4fjoQeNe344GwslJOaemGjgAeqy0atV2H8nvTYU8ubszFApUPpdoRvtxgdPw== @@ -13640,6 +13699,11 @@ oo-ascii-tree@^1.101.0: resolved "https://registry.npmjs.org/oo-ascii-tree/-/oo-ascii-tree-1.101.0.tgz#bd14acf6a71430c02443f865975ec0c4b4ff03aa" integrity sha512-hNE9Nfvo4HLa9/dAiaiXUm64KHUvgBa7jPftsb8gZdTv1G1wSMMnd9j7SMcRzaMbDEqi+0cfgeBSIcsKy+k0vA== +oo-ascii-tree@^1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/oo-ascii-tree/-/oo-ascii-tree-1.102.0.tgz#438e67730bc8503ae28e40a5273075e5f489b875" + integrity sha512-SNcZNfqtov0Af+6hx+qnliUhTOIxPUfboX/zQnc2EdmGHLXKQ3eSPQ40NopCgv4canzl5EvKGlCJaMCvk2viCQ== + open@^7.4.2: version "7.4.2" resolved "https://registry.npmjs.org/open/-/open-7.4.2.tgz#b8147e26dcf3e426316c730089fd71edd29c2321" @@ -14988,11 +15052,16 @@ semver@^6.0.0, semver@^6.1.1, semver@^6.3.0, semver@^6.3.1: resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.0.0, semver@^7.1.1, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.2: +semver@^7.0.0, semver@^7.1.1, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.3, semver@^7.5.4, semver@^7.6.2: version "7.6.2" resolved "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13" integrity sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w== +semver@^7.6.0, semver@^7.6.3: + version "7.6.3" + resolved "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" + integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== + sentence-case@^3.0.4: version "3.0.4" resolved "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz#3645a7b8c117c787fde8702056225bb62a45131f"