From 51ee4dc6abf4e65888189ceb3bb5307bb86c89ed Mon Sep 17 00:00:00 2001 From: Andrwe Lord Weber Date: Fri, 2 Aug 2024 20:52:16 +0200 Subject: [PATCH 01/40] chore(rds): add support for 8.0.mysql_aurora.3.07.1 (#30990) (description based on https://github.com/aws/aws-cdk/pull/30479) ### Reason for this change Add support for newly supported 8.0.mysql_aurora.3.07.1. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3071.html ### Description of changes Add a new version as a new property to AuroraMysqlEngineVersion class. ### Description of how you validated changes I used the AWS CLI to verify that the new version is available. ```bash $ aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[?EngineVersion=='8.0.mysql_aurora.3.07.1']" [ { "Engine": "aurora-mysql", "EngineVersion": "8.0.mysql_aurora.3.07.1", "DBParameterGroupFamily": "aurora-mysql8.0", "DBEngineDescription": "Aurora MySQL", "DBEngineVersionDescription": "Aurora MySQL 3.07.1 (compatible with MySQL 8.0.36)", "ValidUpgradeTarget": [], "ExportableLogTypes": [ "audit", "error", "general", "slowquery" ], "SupportsLogExportsToCloudwatchLogs": true, "SupportsReadReplica": false, "SupportedEngineModes": [ "provisioned" ], "SupportedFeatureNames": [ "Bedrock" ], "Status": "available", "SupportsParallelQuery": true, "SupportsGlobalDatabases": true, "MajorEngineVersion": "8.0", "SupportsBabelfish": false, "SupportsLimitlessDatabase": false, "SupportsCertificateRotationWithoutRestart": true, "SupportedCACertificateIdentifiers": [ "rds-ca-2019", "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], "SupportsLocalWriteForwarding": true, "SupportsIntegrations": true } ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts | 2 ++ packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts index 54c13c31df6cb..31f22952067a3 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts @@ -613,6 +613,8 @@ export class AuroraMysqlEngineVersion { public static readonly VER_3_06_1 = AuroraMysqlEngineVersion.builtIn_8_0('3.06.1'); /** Version "8.0.mysql_aurora.3.07.0". */ public static readonly VER_3_07_0 = AuroraMysqlEngineVersion.builtIn_8_0('3.07.0'); + /** Version "8.0.mysql_aurora.3.07.1". */ + public static readonly VER_3_07_1 = AuroraMysqlEngineVersion.builtIn_8_0('3.07.1'); /** * Create a new AuroraMysqlEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts index d74cd935d85fe..2d04692d592e5 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts @@ -156,6 +156,9 @@ describe('cluster engine', () => { const engine_ver_2_11_3 = DatabaseClusterEngine.auroraMysql({ version: AuroraMysqlEngineVersion.VER_2_11_3, }); + const engine_ver_3_07_1 = DatabaseClusterEngine.auroraMysql({ + version: AuroraMysqlEngineVersion.VER_3_07_1, + }); // THEN expect(engine_VER_14_3.parameterGroupFamily).toEqual('aurora-postgresql14'); @@ -171,5 +174,6 @@ describe('cluster engine', () => { expect(engine_ver_2_8_3.parameterGroupFamily).toEqual('aurora-mysql5.7'); expect(engine_ver_2_8_4.parameterGroupFamily).toEqual('aurora-mysql5.7'); expect(engine_ver_2_11_3.parameterGroupFamily).toEqual('aurora-mysql5.7'); + expect(engine_ver_3_07_1.parameterGroupFamily).toEqual('aurora-mysql8.0'); }); }); From 3670d83f40d22b72d883515b14c819ceb69f81df Mon Sep 17 00:00:00 2001 From: Andrwe Lord Weber Date: Mon, 5 Aug 2024 11:19:27 +0200 Subject: [PATCH 02/40] chore(rds): add support for aurora-postgresql 16.3 (#31003) ### Reason for this change Add support for newly supported aurora-postgresql16 16.3. ### Description of changes Add a new version as a new property to AuroraPostgresEngineVersion class. (see https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-versions.html) The change already happened with https://github.com/aws/aws-cdk/pull/30242 and was reverted by https://github.com/aws/aws-cdk/pull/30296 as the version was not available. ### Description of how you validated changes The version 16.3 is available now: ```bash $ aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[?EngineVersion=='16.3']" [ { "Engine": "aurora-postgresql", "EngineVersion": "16.3", "DBParameterGroupFamily": "aurora-postgresql16", "DBEngineDescription": "Aurora (PostgreSQL)", "DBEngineVersionDescription": "Aurora PostgreSQL (Compatible with PostgreSQL 16.3)", "ValidUpgradeTarget": [], "ExportableLogTypes": [ "postgresql" ], "SupportsLogExportsToCloudwatchLogs": true, "SupportsReadReplica": false, "SupportedEngineModes": [ "provisioned" ], "SupportedFeatureNames": [ "Comprehend", "Lambda", "s3Export", "s3Import", "SageMaker" ], "Status": "available", "SupportsParallelQuery": false, "SupportsGlobalDatabases": true, "MajorEngineVersion": "16", "SupportsBabelfish": true, "SupportsLimitlessDatabase": false, "SupportsCertificateRotationWithoutRestart": true, "SupportedCACertificateIdentifiers": [ "rds-ca-2019", "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], "SupportsLocalWriteForwarding": true, "SupportsIntegrations": false } ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts | 2 ++ packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts index 31f22952067a3..53c3ace4aa99f 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts @@ -1019,6 +1019,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_16_1 = AuroraPostgresEngineVersion.of('16.1', '16', { s3Import: true, s3Export: true }); /** Version "16.2". */ public static readonly VER_16_2 = AuroraPostgresEngineVersion.of('16.2', '16', { s3Import: true, s3Export: true }); + /** Version "16.3". */ + public static readonly VER_16_3 = AuroraPostgresEngineVersion.of('16.3', '16', { s3Import: true, s3Export: true }); /** * Create a new AuroraPostgresEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts index 2d04692d592e5..441881a597991 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts @@ -106,6 +106,8 @@ describe('cluster engine', () => { 'aurora-postgresql10'); expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('14.3', '14') }).parameterGroupFamily).toEqual( 'aurora-postgresql14'); + expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('16.3', '16') }).parameterGroupFamily).toEqual( + 'aurora-postgresql16'); }); test('supported log types', () => { From 541493297dd996725b060c84d23651a69e239750 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 5 Aug 2024 17:14:15 +0300 Subject: [PATCH 03/40] feat: update L1 CloudFormation resource definitions (#31025) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-amazonmq │ └ resources │ ├[~] resource AWS::AmazonMQ::Broker │ │ └ properties │ │ ├ AutoMinorVersionUpgrade: - boolean (required) │ │ │ + boolean │ │ └ EngineVersion: - string (required) │ │ + string │ └[~] resource AWS::AmazonMQ::Configuration │ └ properties │ └ EngineVersion: - string (required, immutable) │ + string (immutable) ├[~] service aws-apptest │ └ resources │ └[~] resource AWS::AppTest::TestCase │ └ types │ ├[~] type M2ManagedActionProperties │ │ ├ - documentation: Specifies the AWS Mainframe Modernization managed action properties. │ │ │ + documentation: Specifies the Mainframe Modernization managed action properties. │ │ └ properties │ │ ├ ForceStop: (documentation changed) │ │ └ ImportDataSetLocation: (documentation changed) │ ├[~] type M2ManagedApplicationAction │ │ ├ - documentation: Specifies the AWS Mainframe Modernization managed application action. │ │ │ + documentation: Specifies the Mainframe Modernization managed application action. │ │ └ properties │ │ ├ ActionType: (documentation changed) │ │ ├ Properties: (documentation changed) │ │ └ Resource: (documentation changed) │ ├[~] type M2NonManagedApplicationAction │ │ ├ - documentation: Specifies the AWS Mainframe Modernization non-managed application action. │ │ │ + documentation: Specifies the Mainframe Modernization non-managed application action. │ │ └ properties │ │ ├ ActionType: (documentation changed) │ │ └ Resource: (documentation changed) │ └[~] type ResourceAction │ └ properties │ ├ M2ManagedApplicationAction: (documentation changed) │ └ M2NonManagedApplicationAction: (documentation changed) ├[~] service aws-arczonalshift │ └ resources │ └[+] resource AWS::ARCZonalShift::AutoshiftObserverNotificationStatus │ ├ name: AutoshiftObserverNotificationStatus │ │ cloudFormationType: AWS::ARCZonalShift::AutoshiftObserverNotificationStatus │ │ documentation: Definition of AWS::ARCZonalShift::AutoshiftObserverNotificationStatus Resource Type │ ├ properties │ │ └Status: string (required, immutable) │ └ attributes │ ├AccountId: string │ └Region: string ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ └ types │ └[~] type NodeRangeProperty │ └ properties │ └[+] EksProperties: EksProperties ├[~] service aws-bedrock │ └ resources │ ├[+] resource AWS::Bedrock::Flow │ │ ├ name: Flow │ │ │ cloudFormationType: AWS::Bedrock::Flow │ │ │ documentation: Creates a prompt flow that you can use to send an input through various steps to yield an output. You define a flow by configuring nodes, each of which corresponds to a step of the flow, and creating connections between the nodes to create paths to different outputs. You can define the flow in one of the following ways: │ │ │ - Define a [FlowDefinition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-flow-flowdefinition.html) in the `Definition` property. │ │ │ - Provide the definition in the `DefinitionString` property as a JSON-formatted string matching the [FlowDefinition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-flow-flowdefinition.html) property. │ │ │ - Provide an Amazon S3 location in the `DefinitionS3Location` property that matches the [FlowDefinition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-flow-flowdefinition.html) . │ │ │ If you use the `DefinitionString` or `DefinitionS3Location` property, you can use the `DefinitionSubstitutions` property to define key-value pairs to replace at runtime. │ │ │ For more information, see [How it works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-how-it-works.html) and [Create a prompt flow in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-create.html) in the Amazon Bedrock User Guide. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │ ├ properties │ │ │ ├Definition: FlowDefinition │ │ │ ├DefinitionString: string │ │ │ ├DefinitionS3Location: S3Location │ │ │ ├DefinitionSubstitutions: Map │ │ │ ├Description: string │ │ │ ├ExecutionRoleArn: string (required) │ │ │ ├Name: string (required) │ │ │ ├CustomerEncryptionKeyArn: string │ │ │ ├Tags: Map │ │ │ └TestAliasTags: Map │ │ ├ attributes │ │ │ ├Arn: string │ │ │ ├CreatedAt: string │ │ │ ├Id: string │ │ │ ├Status: string │ │ │ ├UpdatedAt: string │ │ │ └Version: string │ │ └ types │ │ ├type FlowDefinition │ │ │├ documentation: The definition of the nodes and connections between nodes in the flow. │ │ ││ name: FlowDefinition │ │ │└ properties │ │ │ ├Nodes: Array │ │ │ └Connections: Array │ │ ├type FlowNode │ │ │├ documentation: Contains configurations about a node in the flow. │ │ ││ name: FlowNode │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ ├Type: string (required) │ │ │ ├Configuration: FlowNodeConfiguration │ │ │ ├Inputs: Array │ │ │ └Outputs: Array │ │ ├type FlowNodeConfiguration │ │ │├ documentation: Contains configurations for a node in your flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: FlowNodeConfiguration │ │ │└ properties │ │ │ ├Input: json │ │ │ ├Output: json │ │ │ ├KnowledgeBase: KnowledgeBaseFlowNodeConfiguration │ │ │ ├Condition: ConditionFlowNodeConfiguration │ │ │ ├Lex: LexFlowNodeConfiguration │ │ │ ├Prompt: PromptFlowNodeConfiguration │ │ │ └LambdaFunction: LambdaFunctionFlowNodeConfiguration │ │ ├type KnowledgeBaseFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a knowledge base node in a flow. This node takes a query as the input and returns, as the output, the retrieved responses directly (as an array) or a response generated based on the retrieved responses. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: KnowledgeBaseFlowNodeConfiguration │ │ │└ properties │ │ │ ├KnowledgeBaseId: string (required) │ │ │ └ModelId: string │ │ ├type ConditionFlowNodeConfiguration │ │ │├ documentation: Defines a condition node in your flow. You can specify conditions that determine which node comes next in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: ConditionFlowNodeConfiguration │ │ │└ properties │ │ │ └Conditions: Array (required) │ │ ├type FlowCondition │ │ │├ documentation: Defines a condition in the condition node. │ │ ││ name: FlowCondition │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ └Expression: string │ │ ├type LexFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a Lex node in the flow. You specify a Amazon Lex bot to invoke. This node takes an utterance as the input and returns as the output the intent identified by the Amazon Lex bot. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: LexFlowNodeConfiguration │ │ │└ properties │ │ │ ├BotAliasArn: string (required) │ │ │ └LocaleId: string (required) │ │ ├type PromptFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a prompt node in the flow. You can use a prompt from Prompt management or you can define one in this node. If the prompt contains variables, the inputs into this node will fill in the variables. The output from this node is the response generated by the model. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: PromptFlowNodeConfiguration │ │ │└ properties │ │ │ └SourceConfiguration: PromptFlowNodeSourceConfiguration (required) │ │ ├type PromptFlowNodeSourceConfiguration │ │ │├ documentation: Contains configurations for a prompt and whether it is from Prompt management or defined inline. │ │ ││ name: PromptFlowNodeSourceConfiguration │ │ │└ properties │ │ │ ├Resource: PromptFlowNodeResourceConfiguration │ │ │ └Inline: PromptFlowNodeInlineConfiguration │ │ ├type PromptFlowNodeResourceConfiguration │ │ │├ documentation: Contains configurations for a prompt from Prompt management to use in a node. │ │ ││ name: PromptFlowNodeResourceConfiguration │ │ │└ properties │ │ │ └PromptArn: string (required) │ │ ├type PromptFlowNodeInlineConfiguration │ │ │├ documentation: Contains configurations for a prompt defined inline in the node. │ │ ││ name: PromptFlowNodeInlineConfiguration │ │ │└ properties │ │ │ ├TemplateType: string (required) │ │ │ ├TemplateConfiguration: PromptTemplateConfiguration (required) │ │ │ ├ModelId: string (required) │ │ │ └InferenceConfiguration: PromptInferenceConfiguration │ │ ├type PromptTemplateConfiguration │ │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) . │ │ ││ name: PromptTemplateConfiguration │ │ │└ properties │ │ │ └Text: TextPromptTemplateConfiguration (required) │ │ ├type TextPromptTemplateConfiguration │ │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` . │ │ ││ name: TextPromptTemplateConfiguration │ │ │└ properties │ │ │ ├Text: string (required) │ │ │ └InputVariables: Array │ │ ├type PromptInputVariable │ │ │├ documentation: Contains information about a variable in the prompt. │ │ ││ name: PromptInputVariable │ │ │└ properties │ │ │ └Name: string │ │ ├type PromptInferenceConfiguration │ │ │├ documentation: Contains inference configurations for the prompt. │ │ ││ name: PromptInferenceConfiguration │ │ │└ properties │ │ │ └Text: PromptModelInferenceConfiguration (required) │ │ ├type PromptModelInferenceConfiguration │ │ │├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) . │ │ ││ name: PromptModelInferenceConfiguration │ │ │└ properties │ │ │ ├Temperature: number │ │ │ ├TopP: number │ │ │ ├TopK: number │ │ │ ├MaxTokens: number │ │ │ └StopSequences: Array │ │ ├type LambdaFunctionFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a Lambda function node in the flow. You specify the Lambda function to invoke and the inputs into the function. The output is the response that is defined in the Lambda function. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: LambdaFunctionFlowNodeConfiguration │ │ │└ properties │ │ │ └LambdaArn: string (required) │ │ ├type FlowNodeInput │ │ │├ documentation: Contains configurations for an input to a node. │ │ ││ name: FlowNodeInput │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ ├Type: string (required) │ │ │ └Expression: string (required) │ │ ├type FlowNodeOutput │ │ │├ documentation: Contains configurations for an output from a node. │ │ ││ name: FlowNodeOutput │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ └Type: string (required) │ │ ├type FlowConnection │ │ │├ documentation: Contains information about a connection between two nodes in the flow. │ │ ││ name: FlowConnection │ │ │└ properties │ │ │ ├Type: string (required) │ │ │ ├Name: string (required) │ │ │ ├Source: string (required) │ │ │ ├Target: string (required) │ │ │ └Configuration: FlowConnectionConfiguration │ │ ├type FlowConnectionConfiguration │ │ │├ documentation: The configuration of the connection. │ │ ││ name: FlowConnectionConfiguration │ │ │└ properties │ │ │ ├Data: FlowDataConnectionConfiguration │ │ │ └Conditional: FlowConditionalConnectionConfiguration │ │ ├type FlowDataConnectionConfiguration │ │ │├ documentation: The configuration of a connection originating from a node that isn't a Condition node. │ │ ││ name: FlowDataConnectionConfiguration │ │ │└ properties │ │ │ ├SourceOutput: string (required) │ │ │ └TargetInput: string (required) │ │ ├type FlowConditionalConnectionConfiguration │ │ │├ documentation: The configuration of a connection between a condition node and another node. │ │ ││ name: FlowConditionalConnectionConfiguration │ │ │└ properties │ │ │ └Condition: string (required) │ │ └type S3Location │ │ ├ documentation: The S3 location of the flow definition. │ │ │ name: S3Location │ │ └ properties │ │ ├Bucket: string (required) │ │ ├Key: string (required) │ │ └Version: string │ ├[+] resource AWS::Bedrock::FlowAlias │ │ ├ name: FlowAlias │ │ │ cloudFormationType: AWS::Bedrock::FlowAlias │ │ │ documentation: Creates an alias of a flow for deployment. For more information, see [Deploy a flow in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-deploy.html) in the Amazon Bedrock User Guide. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │ ├ properties │ │ │ ├FlowArn: string (required, immutable) │ │ │ ├Description: string │ │ │ ├Name: string (required) │ │ │ ├RoutingConfiguration: Array (required) │ │ │ └Tags: Map │ │ ├ attributes │ │ │ ├Arn: string │ │ │ ├CreatedAt: string │ │ │ ├FlowId: string │ │ │ ├Id: string │ │ │ └UpdatedAt: string │ │ └ types │ │ └type FlowAliasRoutingConfigurationListItem │ │ ├ documentation: Contains information about a version that the alias maps to. │ │ │ name: FlowAliasRoutingConfigurationListItem │ │ └ properties │ │ └FlowVersion: string │ ├[+] resource AWS::Bedrock::FlowVersion │ │ ├ name: FlowVersion │ │ │ cloudFormationType: AWS::Bedrock::FlowVersion │ │ │ documentation: Creates a version of the flow that you can deploy. For more information, see [Deploy a flow in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-deploy.html) in the Amazon Bedrock User Guide. │ │ ├ properties │ │ │ ├FlowArn: string (required, immutable) │ │ │ └Description: string (immutable) │ │ ├ attributes │ │ │ ├CreatedAt: string │ │ │ ├Definition: FlowDefinition │ │ │ ├ExecutionRoleArn: string │ │ │ ├FlowId: string │ │ │ ├Name: string │ │ │ ├Status: string │ │ │ └Version: string │ │ └ types │ │ ├type FlowDefinition │ │ │├ documentation: The definition of the nodes and connections between nodes in the flow. │ │ ││ name: FlowDefinition │ │ │└ properties │ │ │ ├Nodes: Array │ │ │ └Connections: Array │ │ ├type FlowNode │ │ │├ documentation: Contains configurations about a node in the flow. │ │ ││ name: FlowNode │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ ├Type: string (required) │ │ │ ├Configuration: FlowNodeConfiguration │ │ │ ├Inputs: Array │ │ │ └Outputs: Array │ │ ├type FlowNodeConfiguration │ │ │├ documentation: Contains configurations for a node in your flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: FlowNodeConfiguration │ │ │└ properties │ │ │ ├Input: json │ │ │ ├Output: json │ │ │ ├KnowledgeBase: KnowledgeBaseFlowNodeConfiguration │ │ │ ├Condition: ConditionFlowNodeConfiguration │ │ │ ├Lex: LexFlowNodeConfiguration │ │ │ ├Prompt: PromptFlowNodeConfiguration │ │ │ └LambdaFunction: LambdaFunctionFlowNodeConfiguration │ │ ├type KnowledgeBaseFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a knowledge base node in a flow. This node takes a query as the input and returns, as the output, the retrieved responses directly (as an array) or a response generated based on the retrieved responses. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: KnowledgeBaseFlowNodeConfiguration │ │ │└ properties │ │ │ ├KnowledgeBaseId: string (required) │ │ │ └ModelId: string │ │ ├type ConditionFlowNodeConfiguration │ │ │├ documentation: Defines a condition node in your flow. You can specify conditions that determine which node comes next in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: ConditionFlowNodeConfiguration │ │ │└ properties │ │ │ └Conditions: Array (required) │ │ ├type FlowCondition │ │ │├ documentation: Defines a condition in the condition node. │ │ ││ name: FlowCondition │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ └Expression: string │ │ ├type LexFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a Lex node in the flow. You specify a Amazon Lex bot to invoke. This node takes an utterance as the input and returns as the output the intent identified by the Amazon Lex bot. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: LexFlowNodeConfiguration │ │ │└ properties │ │ │ ├BotAliasArn: string (required) │ │ │ └LocaleId: string (required) │ │ ├type PromptFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a prompt node in the flow. You can use a prompt from Prompt management or you can define one in this node. If the prompt contains variables, the inputs into this node will fill in the variables. The output from this node is the response generated by the model. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: PromptFlowNodeConfiguration │ │ │└ properties │ │ │ └SourceConfiguration: PromptFlowNodeSourceConfiguration (required) │ │ ├type PromptFlowNodeSourceConfiguration │ │ │├ documentation: Contains configurations for a prompt and whether it is from Prompt management or defined inline. │ │ ││ name: PromptFlowNodeSourceConfiguration │ │ │└ properties │ │ │ ├Resource: PromptFlowNodeResourceConfiguration │ │ │ └Inline: PromptFlowNodeInlineConfiguration │ │ ├type PromptFlowNodeResourceConfiguration │ │ │├ documentation: Contains configurations for a prompt from Prompt management to use in a node. │ │ ││ name: PromptFlowNodeResourceConfiguration │ │ │└ properties │ │ │ └PromptArn: string (required) │ │ ├type PromptFlowNodeInlineConfiguration │ │ │├ documentation: Contains configurations for a prompt defined inline in the node. │ │ ││ name: PromptFlowNodeInlineConfiguration │ │ │└ properties │ │ │ ├TemplateType: string (required) │ │ │ ├TemplateConfiguration: PromptTemplateConfiguration (required) │ │ │ ├ModelId: string (required) │ │ │ └InferenceConfiguration: PromptInferenceConfiguration │ │ ├type PromptTemplateConfiguration │ │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) . │ │ ││ name: PromptTemplateConfiguration │ │ │└ properties │ │ │ └Text: TextPromptTemplateConfiguration (required) │ │ ├type TextPromptTemplateConfiguration │ │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` . │ │ ││ name: TextPromptTemplateConfiguration │ │ │└ properties │ │ │ ├Text: string (required) │ │ │ └InputVariables: Array │ │ ├type PromptInputVariable │ │ │├ documentation: Contains information about a variable in the prompt. │ │ ││ name: PromptInputVariable │ │ │└ properties │ │ │ └Name: string │ │ ├type PromptInferenceConfiguration │ │ │├ documentation: Contains inference configurations for the prompt. │ │ ││ name: PromptInferenceConfiguration │ │ │└ properties │ │ │ └Text: PromptModelInferenceConfiguration (required) │ │ ├type PromptModelInferenceConfiguration │ │ │├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) . │ │ ││ name: PromptModelInferenceConfiguration │ │ │└ properties │ │ │ ├Temperature: number │ │ │ ├TopP: number │ │ │ ├TopK: number │ │ │ ├MaxTokens: number │ │ │ └StopSequences: Array │ │ ├type LambdaFunctionFlowNodeConfiguration │ │ │├ documentation: Contains configurations for a Lambda function node in the flow. You specify the Lambda function to invoke and the inputs into the function. The output is the response that is defined in the Lambda function. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ ││ name: LambdaFunctionFlowNodeConfiguration │ │ │└ properties │ │ │ └LambdaArn: string (required) │ │ ├type FlowNodeInput │ │ │├ documentation: Contains configurations for an input to a node. │ │ ││ name: FlowNodeInput │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ ├Type: string (required) │ │ │ └Expression: string (required) │ │ ├type FlowNodeOutput │ │ │├ documentation: Contains configurations for an output from a node. │ │ ││ name: FlowNodeOutput │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ └Type: string (required) │ │ ├type FlowConnection │ │ │├ documentation: Contains information about a connection between two nodes in the flow. │ │ ││ name: FlowConnection │ │ │└ properties │ │ │ ├Type: string (required) │ │ │ ├Name: string (required) │ │ │ ├Source: string (required) │ │ │ ├Target: string (required) │ │ │ └Configuration: FlowConnectionConfiguration │ │ ├type FlowConnectionConfiguration │ │ │├ documentation: The configuration of the connection. │ │ ││ name: FlowConnectionConfiguration │ │ │└ properties │ │ │ ├Data: FlowDataConnectionConfiguration │ │ │ └Conditional: FlowConditionalConnectionConfiguration │ │ ├type FlowDataConnectionConfiguration │ │ │├ documentation: The configuration of a connection originating from a node that isn't a Condition node. │ │ ││ name: FlowDataConnectionConfiguration │ │ │└ properties │ │ │ ├SourceOutput: string (required) │ │ │ └TargetInput: string (required) │ │ └type FlowConditionalConnectionConfiguration │ │ ├ documentation: The configuration of a connection between a condition node and another node. │ │ │ name: FlowConditionalConnectionConfiguration │ │ └ properties │ │ └Condition: string (required) │ ├[~] resource AWS::Bedrock::Guardrail │ │ ├ properties │ │ │ └[+] ContextualGroundingPolicyConfig: ContextualGroundingPolicyConfig │ │ └ types │ │ ├[+] type ContextualGroundingFilterConfig │ │ │ ├ documentation: A config for grounding filter. │ │ │ │ name: ContextualGroundingFilterConfig │ │ │ └ properties │ │ │ ├Type: string (required) │ │ │ └Threshold: number (required) │ │ └[+] type ContextualGroundingPolicyConfig │ │ ├ documentation: Contextual grounding policy config for a guardrail. │ │ │ name: ContextualGroundingPolicyConfig │ │ └ properties │ │ └FiltersConfig: Array (required) │ ├[~] resource AWS::Bedrock::KnowledgeBase │ │ └ types │ │ ├[+] type BedrockEmbeddingModelConfiguration │ │ │ ├ documentation: The vector configuration details for the Bedrock embeddings model. │ │ │ │ name: BedrockEmbeddingModelConfiguration │ │ │ └ properties │ │ │ └Dimensions: integer │ │ ├[+] type EmbeddingModelConfiguration │ │ │ ├ documentation: The configuration details for the embeddings model. │ │ │ │ name: EmbeddingModelConfiguration │ │ │ └ properties │ │ │ └BedrockEmbeddingModelConfiguration: BedrockEmbeddingModelConfiguration │ │ └[~] type VectorKnowledgeBaseConfiguration │ │ └ properties │ │ └[+] EmbeddingModelConfiguration: EmbeddingModelConfiguration │ ├[+] resource AWS::Bedrock::Prompt │ │ ├ name: Prompt │ │ │ cloudFormationType: AWS::Bedrock::Prompt │ │ │ documentation: Creates a prompt in your prompt library that you can add to a flow. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) , [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) and [Prompt flows in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows.html) in the Amazon Bedrock User Guide. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │ ├ properties │ │ │ ├DefaultVariant: string │ │ │ ├Description: string │ │ │ ├Name: string (required) │ │ │ ├Variants: Array │ │ │ ├Tags: Map │ │ │ └CustomerEncryptionKeyArn: string │ │ ├ attributes │ │ │ ├Arn: string │ │ │ ├CreatedAt: string │ │ │ ├Id: string │ │ │ ├UpdatedAt: string │ │ │ └Version: string │ │ └ types │ │ ├type PromptVariant │ │ │├ documentation: Contains details about a variant of the prompt. │ │ ││ name: PromptVariant │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ ├TemplateType: string (required) │ │ │ ├TemplateConfiguration: PromptTemplateConfiguration │ │ │ ├ModelId: string │ │ │ └InferenceConfiguration: PromptInferenceConfiguration │ │ ├type PromptTemplateConfiguration │ │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) . │ │ ││ name: PromptTemplateConfiguration │ │ │└ properties │ │ │ └Text: TextPromptTemplateConfiguration (required) │ │ ├type TextPromptTemplateConfiguration │ │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` . │ │ ││ name: TextPromptTemplateConfiguration │ │ │└ properties │ │ │ ├Text: string │ │ │ ├TextS3Location: TextS3Location │ │ │ └InputVariables: Array │ │ ├type TextS3Location │ │ │├ documentation: The Amazon S3 location of the prompt text. │ │ ││ name: TextS3Location │ │ │└ properties │ │ │ ├Bucket: string (required) │ │ │ ├Key: string (required) │ │ │ └Version: string │ │ ├type PromptInputVariable │ │ │├ documentation: Contains information about a variable in the prompt. │ │ ││ name: PromptInputVariable │ │ │└ properties │ │ │ └Name: string │ │ ├type PromptInferenceConfiguration │ │ │├ documentation: Contains inference configurations for the prompt. │ │ ││ name: PromptInferenceConfiguration │ │ │└ properties │ │ │ └Text: PromptModelInferenceConfiguration (required) │ │ └type PromptModelInferenceConfiguration │ │ ├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) . │ │ │ name: PromptModelInferenceConfiguration │ │ └ properties │ │ ├Temperature: number │ │ ├TopP: number │ │ ├TopK: number │ │ ├MaxTokens: number │ │ └StopSequences: Array │ └[+] resource AWS::Bedrock::PromptVersion │ ├ name: PromptVersion │ │ cloudFormationType: AWS::Bedrock::PromptVersion │ │ documentation: Creates a static snapshot of your prompt that can be deployed to production. For more information, see [Deploy prompts using Prompt management by creating versions](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-deploy.html) in the Amazon Bedrock User Guide. │ ├ properties │ │ ├PromptArn: string (required, immutable) │ │ └Description: string (immutable) │ ├ attributes │ │ ├Arn: string │ │ ├CreatedAt: string │ │ ├PromptId: string │ │ ├UpdatedAt: string │ │ ├Version: string │ │ ├Name: string │ │ ├DefaultVariant: string │ │ └Variants: Array │ └ types │ ├type PromptVariant │ │├ documentation: Contains details about a variant of the prompt. │ ││ name: PromptVariant │ │└ properties │ │ ├Name: string (required) │ │ ├TemplateType: string (required) │ │ ├TemplateConfiguration: PromptTemplateConfiguration │ │ ├ModelId: string │ │ └InferenceConfiguration: PromptInferenceConfiguration │ ├type PromptTemplateConfiguration │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) . │ ││ name: PromptTemplateConfiguration │ │└ properties │ │ └Text: TextPromptTemplateConfiguration (required) │ ├type TextPromptTemplateConfiguration │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` . │ ││ name: TextPromptTemplateConfiguration │ │└ properties │ │ ├Text: string (required) │ │ └InputVariables: Array │ ├type PromptInputVariable │ │├ documentation: Contains information about a variable in the prompt. │ ││ name: PromptInputVariable │ │└ properties │ │ └Name: string │ ├type PromptInferenceConfiguration │ │├ documentation: Contains inference configurations for the prompt. │ ││ name: PromptInferenceConfiguration │ │└ properties │ │ └Text: PromptModelInferenceConfiguration (required) │ └type PromptModelInferenceConfiguration │ ├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) . │ │ name: PromptModelInferenceConfiguration │ └ properties │ ├Temperature: number │ ├TopP: number │ ├TopK: number │ ├MaxTokens: number │ └StopSequences: Array ├[~] service aws-cleanrooms │ └ resources │ ├[~] resource AWS::CleanRooms::ConfiguredTable │ │ ├ properties │ │ │ └ AnalysisRules: (documentation changed) │ │ └ types │ │ ├[~] type AnalysisRuleAggregation │ │ │ └ properties │ │ │ └[+] AdditionalAnalyses: string │ │ ├[~] type AnalysisRuleCustom │ │ │ └ properties │ │ │ ├[+] AdditionalAnalyses: string │ │ │ └[+] DisallowedOutputColumns: Array │ │ └[~] type AnalysisRuleList │ │ └ properties │ │ └[+] AdditionalAnalyses: string │ ├[~] resource AWS::CleanRooms::ConfiguredTableAssociation │ │ ├ properties │ │ │ └[+] ConfiguredTableAssociationAnalysisRules: Array │ │ └ types │ │ ├[+] type ConfiguredTableAssociationAnalysisRule │ │ │ ├ documentation: An analysis rule for a configured table association. This analysis rule specifies how data from the table can be used within its associated collaboration. In the console, the `ConfiguredTableAssociationAnalysisRule` is referred to as the *collaboration analysis rule* . │ │ │ │ name: ConfiguredTableAssociationAnalysisRule │ │ │ └ properties │ │ │ ├Type: string (required) │ │ │ └Policy: ConfiguredTableAssociationAnalysisRulePolicy (required) │ │ ├[+] type ConfiguredTableAssociationAnalysisRuleAggregation │ │ │ ├ documentation: The configured table association analysis rule applied to a configured table with the aggregation analysis rule. │ │ │ │ name: ConfiguredTableAssociationAnalysisRuleAggregation │ │ │ └ properties │ │ │ ├AllowedResultReceivers: Array │ │ │ └AllowedAdditionalAnalyses: Array │ │ ├[+] type ConfiguredTableAssociationAnalysisRuleCustom │ │ │ ├ documentation: The configured table association analysis rule applied to a configured table with the custom analysis rule. │ │ │ │ name: ConfiguredTableAssociationAnalysisRuleCustom │ │ │ └ properties │ │ │ ├AllowedResultReceivers: Array │ │ │ └AllowedAdditionalAnalyses: Array │ │ ├[+] type ConfiguredTableAssociationAnalysisRuleList │ │ │ ├ documentation: The configured table association analysis rule applied to a configured table with the list analysis rule. │ │ │ │ name: ConfiguredTableAssociationAnalysisRuleList │ │ │ └ properties │ │ │ ├AllowedResultReceivers: Array │ │ │ └AllowedAdditionalAnalyses: Array │ │ ├[+] type ConfiguredTableAssociationAnalysisRulePolicy │ │ │ ├ documentation: Controls on the query specifications that can be run on an associated configured table. │ │ │ │ name: ConfiguredTableAssociationAnalysisRulePolicy │ │ │ └ properties │ │ │ └V1: ConfiguredTableAssociationAnalysisRulePolicyV1 (required) │ │ └[+] type ConfiguredTableAssociationAnalysisRulePolicyV1 │ │ ├ documentation: Controls on the query specifications that can be run on an associated configured table. │ │ │ name: ConfiguredTableAssociationAnalysisRulePolicyV1 │ │ └ properties │ │ ├List: ConfiguredTableAssociationAnalysisRuleList │ │ ├Aggregation: ConfiguredTableAssociationAnalysisRuleAggregation │ │ └Custom: ConfiguredTableAssociationAnalysisRuleCustom │ ├[+] resource AWS::CleanRooms::IdMappingTable │ │ ├ name: IdMappingTable │ │ │ cloudFormationType: AWS::CleanRooms::IdMappingTable │ │ │ documentation: Describes information about the ID mapping table. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├InputReferenceConfig: IdMappingTableInputReferenceConfig (required, immutable) │ │ │ ├MembershipIdentifier: string (required, immutable) │ │ │ ├Description: string │ │ │ ├Name: string (required, immutable) │ │ │ ├KmsKeyArn: string │ │ │ └Tags: Array │ │ ├ attributes │ │ │ ├IdMappingTableIdentifier: string │ │ │ ├Arn: string │ │ │ ├MembershipArn: string │ │ │ ├CollaborationIdentifier: string │ │ │ ├CollaborationArn: string │ │ │ └InputReferenceProperties: IdMappingTableInputReferenceProperties │ │ └ types │ │ ├type IdMappingTableInputReferenceConfig │ │ │├ documentation: Provides the input reference configuration for the ID mapping table. │ │ ││ name: IdMappingTableInputReferenceConfig │ │ │└ properties │ │ │ ├InputReferenceArn: string (required) │ │ │ └ManageResourcePolicies: boolean (required) │ │ ├type IdMappingTableInputReferenceProperties │ │ │├ documentation: The input reference properties for the ID mapping table. │ │ ││ name: IdMappingTableInputReferenceProperties │ │ │└ properties │ │ │ └IdMappingTableInputSource: Array (required) │ │ └type IdMappingTableInputSource │ │ ├ documentation: The input source of the ID mapping table. │ │ │ name: IdMappingTableInputSource │ │ └ properties │ │ ├IdNamespaceAssociationId: string (required) │ │ └Type: string (required) │ ├[+] resource AWS::CleanRooms::IdNamespaceAssociation │ │ ├ name: IdNamespaceAssociation │ │ │ cloudFormationType: AWS::CleanRooms::IdNamespaceAssociation │ │ │ documentation: Provides information to create the ID namespace association. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├MembershipIdentifier: string (required, immutable) │ │ │ ├InputReferenceConfig: IdNamespaceAssociationInputReferenceConfig (required, immutable) │ │ │ ├Tags: Array │ │ │ ├Name: string (required) │ │ │ ├Description: string │ │ │ └IdMappingConfig: IdMappingConfig │ │ ├ attributes │ │ │ ├IdNamespaceAssociationIdentifier: string │ │ │ ├Arn: string │ │ │ ├MembershipArn: string │ │ │ ├CollaborationIdentifier: string │ │ │ ├CollaborationArn: string │ │ │ └InputReferenceProperties: IdNamespaceAssociationInputReferenceProperties │ │ └ types │ │ ├type IdNamespaceAssociationInputReferenceConfig │ │ │├ documentation: Provides the information for the ID namespace association input reference configuration. │ │ ││ name: IdNamespaceAssociationInputReferenceConfig │ │ │└ properties │ │ │ ├InputReferenceArn: string (required) │ │ │ └ManageResourcePolicies: boolean (required) │ │ ├type IdMappingConfig │ │ │├ documentation: The configuration settings for the ID mapping table. │ │ ││ name: IdMappingConfig │ │ │└ properties │ │ │ └AllowUseAsDimensionColumn: boolean (required) │ │ └type IdNamespaceAssociationInputReferenceProperties │ │ ├ documentation: Provides the information for the ID namespace association input reference properties. │ │ │ name: IdNamespaceAssociationInputReferenceProperties │ │ └ properties │ │ ├IdNamespaceType: string │ │ └IdMappingWorkflowsSupported: Array │ └[~] resource AWS::CleanRooms::Membership │ └ types │ └[~] type MembershipProtectedQueryOutputConfiguration │ └ properties │ └ S3: (documentation changed) ├[~] service aws-cloudformation │ └ resources │ └[~] resource AWS::CloudFormation::StackSet │ └ types │ └[~] type OperationPreferences │ └ properties │ └[+] ConcurrencyMode: string ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type AdvancedFieldSelector │ └ properties │ └ Field: (documentation changed) ├[~] service aws-cloudwatch │ └ resources │ └[~] resource AWS::CloudWatch::Dashboard │ └ attributes │ └[-] Id: string ├[~] service aws-codepipeline │ └ resources │ ├[~] resource AWS::CodePipeline::Pipeline │ │ ├ properties │ │ │ └ ExecutionMode: - string │ │ │ + string (default="SUPERSEDED") │ │ ├ attributes │ │ │ └[-] Id: string │ │ └ types │ │ └[~] type FailureConditions │ │ └ properties │ │ └ Result: - string (required) │ │ + string │ └[~] resource AWS::CodePipeline::Webhook │ ├ properties │ │ └ Authentication: (documentation changed) │ └ types │ └[~] type WebhookAuthConfiguration │ └ properties │ └ SecretToken: (documentation changed) ├[~] service aws-cognito │ └ resources │ └[~] resource AWS::Cognito::UserPoolUICustomizationAttachment │ └ attributes │ └[-] Id: string ├[~] service aws-connect │ └ resources │ └[~] resource AWS::Connect::SecurityProfile │ └ - documentation: Creates a security profile. │ + documentation: Creates a security profile. │ For information about security profiles, see [Security Profiles](https://docs.aws.amazon.com/connect/latest/adminguide/connect-security-profiles.html) in the *Amazon Connect Administrator Guide* . For a mapping of the API name and user interface name of the security profile permissions, see [List of security profile permissions](https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-list.html) . ├[~] service aws-deadline │ └ resources │ ├[~] resource AWS::Deadline::Farm │ │ └ properties │ │ └ DisplayName: (documentation changed) │ ├[~] resource AWS::Deadline::Fleet │ │ └ properties │ │ ├ DisplayName: (documentation changed) │ │ └ FarmId: - string (immutable) │ │ + string (required, immutable) │ ├[~] resource AWS::Deadline::MeteredProduct │ │ ├ properties │ │ │ ├[-] Family: string │ │ │ ├[-] Port: integer │ │ │ └[-] Vendor: string │ │ └ attributes │ │ ├[+] Family: string │ │ ├[+] Port: integer │ │ └[+] Vendor: string │ ├[~] resource AWS::Deadline::Monitor │ │ └ properties │ │ └ DisplayName: (documentation changed) │ ├[~] resource AWS::Deadline::Queue │ │ └ properties │ │ ├ DisplayName: (documentation changed) │ │ └ FarmId: - string (immutable) │ │ + string (required, immutable) │ └[~] resource AWS::Deadline::StorageProfile │ └ properties │ ├ DisplayName: (documentation changed) │ └ FarmId: - string (immutable) │ + string (required, immutable) ├[~] service aws-dms │ └ resources │ └[~] resource AWS::DMS::ReplicationConfig │ └ properties │ ├ ComputeConfig: - ComputeConfig │ │ + ComputeConfig (required) │ ├ ReplicationConfigIdentifier: - string │ │ + string (required) │ ├ ReplicationType: - string │ │ + string (required) │ ├ SourceEndpointArn: - string │ │ + string (required) │ ├ TableMappings: - json │ │ + json (required) │ └ TargetEndpointArn: - string │ + string (required) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::EIPAssociation │ │ └ properties │ │ └ EIP: (documentation changed) │ ├[~] resource AWS::EC2::Subnet │ │ └ properties │ │ └ EnableDns64: (documentation changed) │ ├[~] resource AWS::EC2::TrafficMirrorFilterRule │ │ ├ - tagInformation: undefined │ │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ └ properties │ │ └[+] Tags: Array │ └[~] resource AWS::EC2::VPNConnection │ └ properties │ └[+] EnableAcceleration: boolean (immutable) ├[~] service aws-ecr │ └ resources │ ├[~] resource AWS::ECR::Repository │ │ └ types │ │ └[~] type EncryptionConfiguration │ │ ├ - documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. │ │ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. │ │ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* . │ │ │ + documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. │ │ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part. │ │ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* . │ │ └ properties │ │ └ EncryptionType: (documentation changed) │ └[~] resource AWS::ECR::RepositoryCreationTemplate │ ├ - documentation: AWS::ECR::RepositoryCreationTemplate is used to create repository with configuration from a pre-defined template. │ │ + documentation: The details of the repository creation template associated with the request. │ ├ properties │ │ ├ AppliedFor: (documentation changed) │ │ ├[+] CustomRoleArn: string │ │ ├ Description: (documentation changed) │ │ ├ EncryptionConfiguration: (documentation changed) │ │ ├ ImageTagMutability: (documentation changed) │ │ ├ LifecyclePolicy: (documentation changed) │ │ ├ Prefix: (documentation changed) │ │ ├ RepositoryPolicy: (documentation changed) │ │ └ ResourceTags: (documentation changed) │ ├ attributes │ │ ├ CreatedAt: (documentation changed) │ │ └ UpdatedAt: (documentation changed) │ └ types │ └[~] type EncryptionConfiguration │ ├ - documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. │ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. │ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* . │ │ + documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. │ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part. │ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* . │ └ properties │ └ EncryptionType: (documentation changed) ├[~] service aws-eks │ └ resources │ └[~] resource AWS::EKS::Cluster │ ├ properties │ │ └[+] UpgradePolicy: UpgradePolicy │ └ types │ └[+] type UpgradePolicy │ ├ documentation: An object representing the Upgrade Policy to use for the cluster. │ │ name: UpgradePolicy │ └ properties │ └SupportType: string ├[~] service aws-elasticache │ └ resources │ ├[~] resource AWS::ElastiCache::CacheCluster │ │ ├ properties │ │ │ ├ AutoMinorVersionUpgrade: (documentation changed) │ │ │ ├ CacheNodeType: (documentation changed) │ │ │ ├ IpDiscovery: (documentation changed) │ │ │ ├ NetworkType: (documentation changed) │ │ │ ├ SnapshotArns: (documentation changed) │ │ │ └ SnapshotName: (documentation changed) │ │ └ attributes │ │ ├ ConfigurationEndpoint.Address: (documentation changed) │ │ ├ ConfigurationEndpoint.Port: (documentation changed) │ │ ├ RedisEndpoint.Address: (documentation changed) │ │ └ RedisEndpoint.Port: (documentation changed) │ ├[~] resource AWS::ElastiCache::GlobalReplicationGroup │ │ ├ properties │ │ │ ├ AutomaticFailoverEnabled: (documentation changed) │ │ │ └ EngineVersion: (documentation changed) │ │ └ types │ │ └[~] type ReshardingConfiguration │ │ └ properties │ │ └ NodeGroupId: (documentation changed) │ ├[~] resource AWS::ElastiCache::ParameterGroup │ │ └ attributes │ │ └[-] Id: string │ ├[~] resource AWS::ElastiCache::ReplicationGroup │ │ ├ - documentation: The `AWS::ElastiCache::ReplicationGroup` resource creates an Amazon ElastiCache Redis replication group. A Redis (cluster mode disabled) replication group is a collection of cache clusters, where one of the clusters is a primary read-write cluster and the others are read-only replicas. │ │ │ A Redis (cluster mode enabled) cluster is comprised of from 1 to 90 shards (API/CLI: node groups). Each shard has a primary node and up to 5 read-only replica nodes. The configuration can range from 90 shards and 0 replicas to 15 shards and 5 replicas, which is the maximum number or replicas allowed. │ │ │ The node or shard limit can be increased to a maximum of 500 per cluster if the Redis engine version is 5.0.6 or higher. For example, you can choose to configure a 500 node cluster that ranges between 83 shards (one primary and 5 replicas per shard) and 500 shards (single primary and no replicas). Make sure there are enough available IP addresses to accommodate the increase. Common pitfalls include the subnets in the subnet group have too small a CIDR range or the subnets are shared and heavily used by other clusters. For more information, see [Creating a Subnet Group](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.Creating.html) . For versions below 5.0.6, the limit is 250 per cluster. │ │ │ To request a limit increase, see [Amazon Service Limits](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) and choose the limit type *Nodes per cluster per instance type* . │ │ │ + documentation: The `AWS::ElastiCache::ReplicationGroup` resource creates an Amazon ElastiCache (Redis OSS) replication group. A Redis OSS (cluster mode disabled) replication group is a collection of cache clusters, where one of the clusters is a primary read-write cluster and the others are read-only replicas. │ │ │ A Redis OSS (cluster mode enabled) cluster is comprised of from 1 to 90 shards (API/CLI: node groups). Each shard has a primary node and up to 5 read-only replica nodes. The configuration can range from 90 shards and 0 replicas to 15 shards and 5 replicas, which is the maximum number or replicas allowed. │ │ │ The node or shard limit can be increased to a maximum of 500 per cluster if the Redis OSS engine version is 5.0.6 or higher. For example, you can choose to configure a 500 node cluster that ranges between 83 shards (one primary and 5 replicas per shard) and 500 shards (single primary and no replicas). Make sure there are enough available IP addresses to accommodate the increase. Common pitfalls include the subnets in the subnet group have too small a CIDR range or the subnets are shared and heavily used by other clusters. For more information, see [Creating a Subnet Group](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.Creating.html) . For versions below 5.0.6, the limit is 250 per cluster. │ │ │ To request a limit increase, see [Amazon Service Limits](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) and choose the limit type *Nodes per cluster per instance type* . │ │ ├ properties │ │ │ ├ AtRestEncryptionEnabled: (documentation changed) │ │ │ ├ AuthToken: (documentation changed) │ │ │ ├ AutomaticFailoverEnabled: (documentation changed) │ │ │ ├ AutoMinorVersionUpgrade: (documentation changed) │ │ │ ├ CacheParameterGroupName: (documentation changed) │ │ │ ├ ClusterMode: (documentation changed) │ │ │ ├ IpDiscovery: (documentation changed) │ │ │ ├ NetworkType: (documentation changed) │ │ │ ├ NodeGroupConfiguration: (documentation changed) │ │ │ ├ NumNodeGroups: (documentation changed) │ │ │ ├ SnapshotArns: (documentation changed) │ │ │ ├ SnapshottingClusterId: (documentation changed) │ │ │ ├ TransitEncryptionEnabled: (documentation changed) │ │ │ └ TransitEncryptionMode: (documentation changed) │ │ ├ attributes │ │ │ └ ConfigurationEndPoint.Address: (documentation changed) │ │ └ types │ │ └[~] type NodeGroupConfiguration │ │ ├ - documentation: `NodeGroupConfiguration` is a property of the `AWS::ElastiCache::ReplicationGroup` resource that configures an Amazon ElastiCache (ElastiCache) Redis cluster node group. │ │ │ + documentation: `NodeGroupConfiguration` is a property of the `AWS::ElastiCache::ReplicationGroup` resource that configures an Amazon ElastiCache (ElastiCache) Redis OSS cluster node group. │ │ └ properties │ │ └ NodeGroupId: (documentation changed) │ ├[~] resource AWS::ElastiCache::ServerlessCache │ │ └ properties │ │ ├ DailySnapshotTime: (documentation changed) │ │ ├ SnapshotRetentionLimit: (documentation changed) │ │ └ UserGroupId: (documentation changed) │ ├[~] resource AWS::ElastiCache::User │ │ └ - documentation: For Redis engine version 6.0 onwards: Creates a Redis user. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) . │ │ + documentation: For Redis OSS engine version 6.0 onwards: Creates a Redis OSS user. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) . │ └[~] resource AWS::ElastiCache::UserGroup │ └ - documentation: For Redis engine version 6.0 onwards: Creates a Redis user group. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) │ + documentation: For Redis OSS engine version 6.0 onwards: Creates a Redis user group. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) ├[~] service aws-emrserverless │ └ resources │ └[~] resource AWS::EMRServerless::Application │ ├ properties │ │ └[+] InteractiveConfiguration: InteractiveConfiguration │ └ types │ └[+] type InteractiveConfiguration │ ├ documentation: The configuration to use to enable the different types of interactive use cases in an application. │ │ name: InteractiveConfiguration │ └ properties │ ├LivyEndpointEnabled: boolean (default=false) │ └StudioEnabled: boolean (default=false) ├[~] service aws-entityresolution │ └ resources │ ├[~] resource AWS::EntityResolution::IdMappingWorkflow │ │ └ types │ │ ├[+] type IdMappingRuleBasedProperties │ │ │ ├ documentation: An object that defines the list of matching rules to run in an ID mapping workflow. │ │ │ │ name: IdMappingRuleBasedProperties │ │ │ └ properties │ │ │ ├AttributeMatchingModel: string (required) │ │ │ ├RuleDefinitionType: string │ │ │ ├Rules: Array │ │ │ └RecordMatchingModel: string (required) │ │ ├[~] type IdMappingTechniques │ │ │ └ properties │ │ │ └[+] RuleBasedProperties: IdMappingRuleBasedProperties │ │ └[+] type Rule │ │ ├ documentation: An object containing `RuleName` , and `MatchingKeys` . │ │ │ name: Rule │ │ └ properties │ │ ├MatchingKeys: Array (required) │ │ └RuleName: string (required) │ ├[~] resource AWS::EntityResolution::IdNamespace │ │ └ types │ │ ├[~] type IdNamespaceIdMappingWorkflowProperties │ │ │ └ properties │ │ │ └[+] RuleBasedProperties: NamespaceRuleBasedProperties │ │ ├[+] type NamespaceRuleBasedProperties │ │ │ ├ documentation: The rule-based properties of an ID namespace. These properties define how the ID namespace can be used in an ID mapping workflow. │ │ │ │ name: NamespaceRuleBasedProperties │ │ │ └ properties │ │ │ ├Rules: Array │ │ │ ├RuleDefinitionTypes: Array │ │ │ ├AttributeMatchingModel: string │ │ │ └RecordMatchingModels: Array │ │ └[+] type Rule │ │ ├ documentation: An object containing `RuleName` , and `MatchingKeys` . │ │ │ name: Rule │ │ └ properties │ │ ├RuleName: string (required) │ │ └MatchingKeys: Array (required) │ ├[~] resource AWS::EntityResolution::MatchingWorkflow │ │ └ types │ │ └[~] type RuleBasedProperties │ │ └ properties │ │ └[+] MatchPurpose: string │ └[~] resource AWS::EntityResolution::SchemaMapping │ └ types │ └[~] type SchemaInputAttribute │ └ properties │ └[+] Hashed: boolean ├[~] service aws-gamelift │ └ resources │ ├[~] resource AWS::GameLift::Fleet │ │ ├ properties │ │ │ └ Locations: (documentation changed) │ │ └ types │ │ └[~] type LocationConfiguration │ │ └ properties │ │ └ Location: (documentation changed) │ └[~] resource AWS::GameLift::Location │ └ properties │ └ Tags: (documentation changed) ├[~] service aws-globalaccelerator │ └ resources │ └[~] resource AWS::GlobalAccelerator::CrossAccountAttachment │ └ types │ └[~] type Resource │ └ properties │ └[+] Cidr: string ├[~] service aws-glue │ └ resources │ └[~] resource AWS::Glue::Trigger │ └ attributes │ └ Id: (documentation changed) ├[~] service aws-iam │ └ resources │ └[~] resource AWS::IAM::OIDCProvider │ └ properties │ └ ThumbprintList: - Array (required) │ + Array ├[~] service aws-inspectorv2 │ └ resources │ └[~] resource AWS::InspectorV2::CisScanConfiguration │ └ properties │ ├ ScanName: - string │ │ + string (required) │ ├ Schedule: - Schedule │ │ + Schedule (required) │ ├ SecurityLevel: - string │ │ + string (required) │ └ Targets: - CisTargets │ + CisTargets (required) ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ ├ properties │ │ └[+] IcebergDestinationConfiguration: IcebergDestinationConfiguration (immutable) │ └ types │ ├[+] type CatalogConfiguration │ │ ├ documentation: Describes the containers where the destination Apache Iceberg Tables are persisted. │ │ │ Amazon Data Firehose is in preview release and is subject to change. │ │ │ name: CatalogConfiguration │ │ └ properties │ │ └CatalogArn: string │ ├[+] type DestinationTableConfiguration │ │ ├ documentation: Describes the configuration of a destination in Apache Iceberg Tables. │ │ │ Amazon Data Firehose is in preview release and is subject to change. │ │ │ name: DestinationTableConfiguration │ │ └ properties │ │ ├DestinationTableName: string (required) │ │ ├DestinationDatabaseName: string (required) │ │ ├S3ErrorOutputPrefix: string │ │ └UniqueKeys: Array │ ├[+] type IcebergDestinationConfiguration │ │ ├ documentation: Specifies the destination configure settings for Apache Iceberg Table. │ │ │ Amazon Data Firehose is in preview release and is subject to change. │ │ │ name: IcebergDestinationConfiguration │ │ └ properties │ │ ├DestinationTableConfigurationList: Array │ │ ├ProcessingConfiguration: ProcessingConfiguration │ │ ├CloudWatchLoggingOptions: CloudWatchLoggingOptions │ │ ├CatalogConfiguration: CatalogConfiguration (required) │ │ ├RoleARN: string (required) │ │ ├RetryOptions: RetryOptions │ │ ├s3BackupMode: string │ │ ├BufferingHints: BufferingHints │ │ └S3Configuration: S3DestinationConfiguration (required) │ ├[+] type SnowflakeBufferingHints │ │ ├ documentation: Describes the buffering to perform before delivering data to the Snowflake destination. If you do not specify any value, Firehose uses the default values. │ │ │ name: SnowflakeBufferingHints │ │ └ properties │ │ ├IntervalInSeconds: integer │ │ └SizeInMBs: integer │ └[~] type SnowflakeDestinationConfiguration │ └ properties │ ├[+] BufferingHints: SnowflakeBufferingHints │ └ ProcessingConfiguration: (documentation changed) ├[~] service aws-lambda │ └ resources │ └[~] resource AWS::Lambda::Alias │ ├ attributes │ │ ├[+] AliasArn: string │ │ └[-] Id: string │ └ types │ └[~] type AliasRoutingConfiguration │ └ properties │ └ AdditionalVersionWeights: - Array (required) │ + Array ├[+] service aws-launchwizard │ ├ capitalized: LaunchWizard │ │ cloudFormationNamespace: AWS::LaunchWizard │ │ name: aws-launchwizard │ │ shortName: launchwizard │ └ resources │ └resource AWS::LaunchWizard::Deployment │ ├ name: Deployment │ │ cloudFormationType: AWS::LaunchWizard::Deployment --- .../@aws-cdk/cloudformation-diff/package.json | 4 +- packages/@aws-cdk/integ-runner/package.json | 2 +- .../aws-cdk-lib/aws-launchwizard/.jsiirc.json | 13 +++++++ .../aws-cdk-lib/aws-launchwizard/README.md | 39 +++++++++++++++++++ .../aws-cdk-lib/aws-launchwizard/index.ts | 1 + .../aws-cdk-lib/aws-launchwizard/lib/index.ts | 2 + packages/aws-cdk-lib/index.ts | 1 + packages/aws-cdk-lib/package.json | 3 +- packages/aws-cdk-lib/scripts/scope-map.json | 3 ++ tools/@aws-cdk/spec2cdk/package.json | 6 +-- yarn.lock | 35 ++++++++++------- 11 files changed, 88 insertions(+), 21 deletions(-) create mode 100644 packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json create mode 100644 packages/aws-cdk-lib/aws-launchwizard/README.md create mode 100644 packages/aws-cdk-lib/aws-launchwizard/index.ts create mode 100644 packages/aws-cdk-lib/aws-launchwizard/lib/index.ts diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index f3da670dd7c2a..d1e4c41c3e161 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.13", - "@aws-cdk/service-spec-types": "^0.0.81", + "@aws-cdk/aws-service-spec": "^0.1.15", + "@aws-cdk/service-spec-types": "^0.0.83", "chalk": "^4", "diff": "^5.2.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 5ae178aea5333..4891fc574f029 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.1.13", + "@aws-cdk/aws-service-spec": "^0.1.15", "cdk-assets": "0.0.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json b/packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json new file mode 100644 index 0000000000000..1d6677d65b503 --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.launchwizard" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.LaunchWizard" + }, + "python": { + "module": "aws_cdk.aws_launchwizard" + } + } +} diff --git a/packages/aws-cdk-lib/aws-launchwizard/README.md b/packages/aws-cdk-lib/aws-launchwizard/README.md new file mode 100644 index 0000000000000..155cd2b2ac970 --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/README.md @@ -0,0 +1,39 @@ +# AWS::LaunchWizard Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as launchwizard from 'aws-cdk-lib/aws-launchwizard'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for LaunchWizard construct libraries](https://constructs.dev/search?q=launchwizard) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::LaunchWizard resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_LaunchWizard.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::LaunchWizard](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_LaunchWizard.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-launchwizard/index.ts b/packages/aws-cdk-lib/aws-launchwizard/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-launchwizard/lib/index.ts b/packages/aws-cdk-lib/aws-launchwizard/lib/index.ts new file mode 100644 index 0000000000000..d3242316c0ad0 --- /dev/null +++ b/packages/aws-cdk-lib/aws-launchwizard/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::LaunchWizard Cloudformation Resources +export * from './launchwizard.generated'; diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts index 01fd49c9c2ea7..3c6c45b5de2f2 100644 --- a/packages/aws-cdk-lib/index.ts +++ b/packages/aws-cdk-lib/index.ts @@ -157,6 +157,7 @@ export * as aws_lambda from './aws-lambda'; export * as aws_lambda_destinations from './aws-lambda-destinations'; export * as aws_lambda_event_sources from './aws-lambda-event-sources'; export * as aws_lambda_nodejs from './aws-lambda-nodejs'; +export * as aws_launchwizard from './aws-launchwizard'; export * as aws_lex from './aws-lex'; export * as aws_licensemanager from './aws-licensemanager'; export * as aws_lightsail from './aws-lightsail'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 2d3b00e5b87f7..37210abcc99f6 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -135,7 +135,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.1.13", + "@aws-cdk/aws-service-spec": "^0.1.15", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", @@ -373,6 +373,7 @@ "./aws-lambda-destinations": "./aws-lambda-destinations/index.js", "./aws-lambda-event-sources": "./aws-lambda-event-sources/index.js", "./aws-lambda-nodejs": "./aws-lambda-nodejs/index.js", + "./aws-launchwizard": "./aws-launchwizard/index.js", "./aws-lex": "./aws-lex/index.js", "./aws-licensemanager": "./aws-licensemanager/index.js", "./aws-lightsail": "./aws-lightsail/index.js", diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json index d3a778f9552b4..d3a316063c252 100644 --- a/packages/aws-cdk-lib/scripts/scope-map.json +++ b/packages/aws-cdk-lib/scripts/scope-map.json @@ -423,6 +423,9 @@ "aws-lambda": [ "AWS::Lambda" ], + "aws-launchwizard": [ + "AWS::LaunchWizard" + ], "aws-lex": [ "AWS::Lex" ], diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index 0ce2d7e2475b5..20ade16f95420 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.13", - "@aws-cdk/service-spec-importers": "^0.0.42", - "@aws-cdk/service-spec-types": "^0.0.81", + "@aws-cdk/aws-service-spec": "^0.1.15", + "@aws-cdk/service-spec-importers": "^0.0.43", + "@aws-cdk/service-spec-types": "^0.0.83", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index faf55a9c8ec6f..daba47a532a73 100644 --- a/yarn.lock +++ b/yarn.lock @@ -51,12 +51,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523" integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg== -"@aws-cdk/aws-service-spec@^0.1.13": - version "0.1.13" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.13.tgz#bd7904550b581b4ce93ed8145d5ca33f42c0d406" - integrity sha512-n8jDKzKx8SQzeF2HLZ4RG1PyhXKgUaS+Vn8Gk4LjRKmQDSPfDy1ZGLjzu3Po0Z6fLgJEgFG/jdl3ENZwZJ4u1w== +"@aws-cdk/aws-service-spec@^0.1.15": + version "0.1.15" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.15.tgz#2d4ab7b847ddc255e5d3a300bb91905c513ffac4" + integrity sha512-r5hNmHKqsuY+Y3bh0TLOTla0yORh3e6o79pOUkDRwyL1tdcds2ziY1Kc967KJDcET5Tn1zvoxTuksD40abmKhw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.81" + "@aws-cdk/service-spec-types" "^0.0.83" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": @@ -74,12 +74,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v30/-/lambda-layer-kubectl-v30-2.0.0.tgz#97c40d31e5350ce7170be5d188361118b1e39231" integrity sha512-yES6NfrJ3QV1372lAZ2FLXp/no4bqDWBXeSREJdrpWjQzD0wvL/hCpHEyjZrzHhOi27YbMxFTQ3g9isKAul8+A== -"@aws-cdk/service-spec-importers@^0.0.42": - version "0.0.42" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.42.tgz#554ade2437b6a15b68aad5f827b125fe517095cf" - integrity sha512-D8Sb2f8RkoJF+UVet7mVhXbio6LYEesS5JlALbHS4Z4JQtWxhrrRbpjYy/Ke5xnee5Fgnc7UGU/hntah/wJ/Vw== +"@aws-cdk/service-spec-importers@^0.0.43": + version "0.0.43" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.43.tgz#94de14d9d21243c213de448edf14f3b83db76086" + integrity sha512-iu1uOGyzI/MF5y3WL/7txu81Bw9KoxgD+dO+M1yLhwKY7zJR6HulQ2FCZCAAU4CDHpXXbpdEz3vY5G692a8uBA== dependencies: - "@aws-cdk/service-spec-types" "^0.0.81" + "@aws-cdk/service-spec-types" "^0.0.82" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -90,10 +90,17 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.81": - version "0.0.81" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.81.tgz#0ce955d293e69b56ae578581d3034d7dcdee2372" - integrity sha512-6gHHE75SUwsnglXMBR9SZP+waUwDoM/PCDqxNvhH0IJ4HrLUFNGvo3iLV/ZzKkxd1IJP+kmUZA8CbRnSSnJiMg== +"@aws-cdk/service-spec-types@^0.0.82": + version "0.0.82" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.82.tgz#f677f017fd54b311092af7721946b6464ae100f6" + integrity sha512-8vdhrkYq3p1kg7WY4thblhin8djcKCf1MfcESFoYa5dG8zu9DmdBNXUFx8GiXjkHXADGrPK2/jaL1XhK4qkLpw== + dependencies: + "@cdklabs/tskb" "^0.0.3" + +"@aws-cdk/service-spec-types@^0.0.83": + version "0.0.83" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.83.tgz#20337cb6adde4627ffbcc624fc43e3ae042e746c" + integrity sha512-M3G0UiTKm81SCK9tTSfzmnojg5Mx/NQ3nsIQUIYNmlYHaw/EM9A933sjSv02lJt42fIqnzNjWOH1wiwQFnX28Q== dependencies: "@cdklabs/tskb" "^0.0.3" From 9fd9b4b556938895fc98df939f3aa1635e7ffd5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 14:44:45 +0000 Subject: [PATCH 04/40] chore(deps): bump certifi from 2023.7.22 to 2024.7.4 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda (#31026) Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2023.7.22&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-project/lambda/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt index b1fe59f163280..e57512c4102d5 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt @@ -1,5 +1,5 @@ # Lock versions of pip packages -certifi==2023.7.22 +certifi==2024.7.4 chardet==3.0.4 idna==3.7 urllib3==1.26.18 From 6f88876536ffeebd23c90c161347efdbf7506cd2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 15:14:20 +0000 Subject: [PATCH 05/40] chore(deps): bump fast-xml-parser and @aws-sdk/client-s3 in /packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115 (#31027) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) to 4.4.1 and updates ancestor dependency [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3). These dependencies need to be updated together. Updates `fast-xml-parser` from 4.2.5 to 4.4.1
Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.1 / 2024-07-28

  • v5 fix: maximum length limit to currency value
  • fix #634: build attributes with oneListGroup and attributesGroupName (#653)(By Andreas Naziris)
  • fix: get oneListGroup to work as expected for array of strings (#662)(By Andreas Naziris)

4.4.0 / 2024-05-18

  • fix #654: parse attribute list correctly for self closing stop node.
  • fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
  • fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

4.3.5 / 2024-02-24

  • code for v5 is added for experimental use

4.3.4 / 2024-01-10

  • fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

  • Remove unnecessary regex

4.3.2 / 2023-10-02

4.3.1 / 2023-09-24

  • revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

4.2.7 / 2023-07-30

  • Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
  • Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

4.2.5 / 2023-06-22

  • change code implementation

4.2.4 / 2023-06-06

  • fix security bug

4.2.3 / 2023-06-05

  • fix security bug

... (truncated)

Commits
  • d40e29c update package detail and browser bundles
  • d0bfe8a fix maxlength for currency value
  • 2c14fcf Update bug-report-or-unexpected-output.md
  • acf610f fix #634: build attributes with oneListGroup and attributesGroupName (#653)
  • 931e910 fix: get oneListGroup to work as expected for array of strings (#662)
  • b8e40c8 Update ISSUE_TEMPLATE.md
  • a6265ba chore: add trend image (#658)
  • db1c548 redesign README.md
  • 338a2c6 Rename 1.Getting Started.md to 1.GettingStarted.md
  • c762537 Rename v5 docs filenames (#659)
  • Additional commits viewable in compare view

Updates `@aws-sdk/client-s3` from 3.421.0 to 3.623.0
Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.623.0

3.623.0(2024-08-02)

Chores
  • id-auth-sra: sigv4a compatibility for id-auth sra (#6342) (9836a09e)
  • lib-dynamodb: use pagination factory from core (#6345) (922292b6)
New Features
  • client-ivschat: updates cloudtrail event source for SDKs (deeea907)
  • client-ecs: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (21bdf2a9)
  • client-cloudwatch: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (51a8423c)
  • client-glue: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (be78cf63)
  • client-route-53: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (39096d9a)
  • client-ivs-realtime: updates cloudtrail event source for SDKs (6e9c35b3)
  • client-ssm: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (ae83e779)
  • client-kinesis: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (86c28e0e)
  • client-waf-regional: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (52b9cf43)
  • client-resiliencehub: Customers are presented with the grouping recommendations and can determine if the recommendations are accurate and apply to their case. This feature simplifies onboarding by organizing resources into appropriate AppComponents. (b8d8c647)
  • client-ivs: updates cloudtrail event source for SDKs (00374d58)
Bug Fixes
  • client-transcribe-streaming: add plugin only for operations with streaming trait (#6349) (6043d799)

For list of updated packages, view updated-packages.md in assets-3.623.0.zip

v3.622.0

3.622.0(2024-08-01)

Chores
Documentation Changes
  • client-memorydb: Doc only update for changes to deletion API. (bd90490b)
  • client-support: Doc only updates to CaseDetails (c28e9390)
  • client-controltower: Updated Control Tower service documentation for controlcatalog control ARN support with existing Control Tower public APIs (2f7a9651)
  • supplemental-docs: add documentation for using queue names with SQS Client (#6337) (9f4b6df4)
New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.623.0 (2024-08-02)

Note: Version bump only for package @​aws-sdk/client-s3

3.622.0 (2024-08-01)

Note: Version bump only for package @​aws-sdk/client-s3

3.621.0 (2024-07-30)

Note: Version bump only for package @​aws-sdk/client-s3

3.620.1 (2024-07-29)

Note: Version bump only for package @​aws-sdk/client-s3

3.620.0 (2024-07-25)

Note: Version bump only for package @​aws-sdk/client-s3

3.617.0 (2024-07-22)

Note: Version bump only for package @​aws-sdk/client-s3

3.616.0 (2024-07-18)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../package-lock.json | 4119 ++++++++--------- .../package.json | 2 +- 2 files changed, 1891 insertions(+), 2230 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json index 28ecb25ccfeed..df5670060ea0f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package-lock.json @@ -6,1014 +6,850 @@ "": { "name": "eks-service-account-sdk-call-integ-test", "dependencies": { - "@aws-sdk/client-s3": "3.421.0" + "@aws-sdk/client-s3": "3.623.0" } }, "node_modules/@aws-crypto/crc32": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", - "integrity": "sha512-IzSgsrxUcsrejQbPVilIKy16kAT52EwB6zSaI+M3xxIhKh5+aldEyvI+z6erM7TCLB2BJsFrtHjp6/4/sr+3dA==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-5.2.0.tgz", + "integrity": "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==", "dependencies": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, - "node_modules/@aws-crypto/crc32/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, "node_modules/@aws-crypto/crc32c": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", - "integrity": "sha512-ENNPPManmnVJ4BTXlOjAgD7URidbAznURqD0KvfREyc4o20DPYdEldU1f5cQ7Jbj0CJJSPaMIk/9ZshdB3210w==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-5.2.0.tgz", + "integrity": "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag==", "dependencies": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/crc32c/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/ie11-detection": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", - "integrity": "sha512-341lBBkiY1DfDNKai/wXM3aujNBkXR7tq1URPQDL9wi3AUbI80NR74uF1TXHMm7po1AcnFk8iu2S2IeU/+/A+Q==", - "dependencies": { - "tslib": "^1.11.1" + "tslib": "^2.6.2" } }, - "node_modules/@aws-crypto/ie11-detection/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, "node_modules/@aws-crypto/sha1-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", - "integrity": "sha512-NJth5c997GLHs6nOYTzFKTbYdMNA6/1XlKVgnZoaZcQ7z7UJlOgj2JdbHE8tiYLS3fzXNCguct77SPGat2raSw==", - "dependencies": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", - "@aws-sdk/types": "^3.222.0", - "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/sha1-browser/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/sha256-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", - "integrity": "sha512-8VLmW2B+gjFbU5uMeqtQM6Nj0/F1bro80xQXCW6CQBWgosFWXTx77aeOF5CAIAmbOK64SdMBJdNr6J41yP5mvQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-5.2.0.tgz", + "integrity": "sha512-OH6lveCFfcDjX4dbAvCFSYUjJZjDr/3XJ3xHtjn3Oj5b9RjojQo8npoLeA/bNwkOkrSQ0wgrHzXk4tDRxGKJeg==", "dependencies": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/sha256-js": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/sha256-browser/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/sha256-js": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", - "integrity": "sha512-PnNN7os0+yd1XvXAy23CFOmTbMaDxgxXtTKHybrJ39Y8kGzBATgBFibWJKH6BhytLI/Zyszs87xCOBNyBig6vQ==", - "dependencies": { - "@aws-crypto/util": "^3.0.0", - "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/sha256-js/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/supports-web-crypto": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", - "integrity": "sha512-06hBdMwUAb2WFTuGG73LSC0wfPu93xWwo5vL2et9eymgmu3Id5vFAHBbajVWiGhPO37qcsdCap/FqXvJGJWPIg==", - "dependencies": { - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-crypto/util": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", - "integrity": "sha512-2OJlpeJpCR48CC8r+uKVChzs9Iungj9wkZrl8Z041DWEWvyIHILYKCPNzJghKsivj+S3mLo6BVc7mBNzdxA46w==", - "dependencies": { - "@aws-sdk/types": "^3.222.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - } - }, - "node_modules/@aws-crypto/util/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@aws-sdk/client-s3": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.421.0.tgz", - "integrity": "sha512-vUXTY4toeHDf5EY2kOn04Ww9vTW2IVGy4+cymFp1cz5QT7g9KKj4Okj5DMdPld2y7wjgc+J/viTWEf26By49vw==", - "dependencies": { - "@aws-crypto/sha1-browser": "3.0.0", - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/client-sts": "3.421.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-bucket-endpoint": "3.418.0", - "@aws-sdk/middleware-expect-continue": "3.418.0", - "@aws-sdk/middleware-flexible-checksums": "3.418.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-location-constraint": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-s3": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-ssec": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/signature-v4-multi-region": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@aws-sdk/xml-builder": "3.310.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/eventstream-serde-browser": "^2.0.9", - "@smithy/eventstream-serde-config-resolver": "^2.0.9", - "@smithy/eventstream-serde-node": "^2.0.9", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-blob-browser": "^2.0.9", - "@smithy/hash-node": "^2.0.9", - "@smithy/hash-stream-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/md5-js": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-stream": "^2.0.12", "@smithy/util-utf8": "^2.0.0", - "@smithy/util-waiter": "^2.0.9", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/client-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.421.0.tgz", - "integrity": "sha512-40CmW7K2/FZEn3CbOjbpRYeVjKu6aJQlpRHcAgEJGNoVEAnRA3YNH4H0BN2iWWITfYg3B7sIjMm5VE9fCIK1Ng==", - "dependencies": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "dependencies": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/client-sso/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/client-sts": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.421.0.tgz", - "integrity": "sha512-/92NOZMcdkBcvGrINk5B/l+6DGcVzYE4Ab3ME4vcY9y//u2gd0yNn5YYRSzzjVBLvhDP3u6CbTfLX2Bm4qihPw==", - "dependencies": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-sts": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", + "node_modules/@aws-crypto/sha256-browser": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz", + "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==", + "dependencies": { + "@aws-crypto/sha256-js": "^5.2.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", + "@aws-sdk/types": "^3.222.0", + "@aws-sdk/util-locate-window": "^3.0.0", "@smithy/util-utf8": "^2.0.0", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-env": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.418.0.tgz", - "integrity": "sha512-e74sS+x63EZUBO+HaI8zor886YdtmULzwKdctsZp5/37Xho1CVUNtEC+fYa69nigBD9afoiH33I4JggaHgrekQ==", + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-env/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/credential-provider-ini": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.421.0.tgz", - "integrity": "sha512-J5yH/gkpAk6FMeH5F9u5Nr6oG+97tj1kkn5q49g3XMbtWw7GiynadxdtoRBCeIg1C7o2LOQx4B1AnhNhIw1z/g==", - "dependencies": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-ini/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/sha256-js": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz", + "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/credential-provider-node": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.421.0.tgz", - "integrity": "sha512-g1dvdvfDj0u8B/gOsHR3o1arP4O4QE/dFm2IJBYr/eUdKISMUgbQULWtg4zdtAf0Oz4xN0723i7fpXAF1gTnRA==", - "dependencies": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-ini": "3.421.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-crypto/util": "^5.2.0", + "@aws-sdk/types": "^3.222.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/credential-provider-node/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/supports-web-crypto": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz", + "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/credential-provider-process": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.418.0.tgz", - "integrity": "sha512-xPbdm2WKz1oH6pTkrJoUmr3OLuqvvcPYTQX0IIlc31tmDwDWPQjXGGFD/vwZGIZIkKaFpFxVMgAzfFScxox7dw==", + "node_modules/@aws-crypto/util": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz", + "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "@aws-sdk/types": "^3.222.0", + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" } }, - "node_modules/@aws-sdk/credential-provider-process/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/util/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.421.0.tgz", - "integrity": "sha512-f8T3L5rhImL6T6RTSvbOxaWw9k2fDOT2DZbNjcPz9ITWmwXj2NNbdHGWuRi3dv2HoY/nW2IJdNxnhdhbn6Fc1A==", + "node_modules/@aws-crypto/util/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", "dependencies": { - "@aws-sdk/client-sso": "3.421.0", - "@aws-sdk/token-providers": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-sso/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-crypto/util/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=14.0.0" } }, - "node_modules/@aws-sdk/credential-provider-web-identity": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.418.0.tgz", - "integrity": "sha512-do7ang565n9p3dS1JdsQY01rUfRx8vkxQqz5M8OlcEHBNiCdi2PvSjNwcBdrv/FKkyIxZb0TImOfBSt40hVdxQ==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node_modules/@aws-sdk/client-s3": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.623.0.tgz", + "integrity": "sha512-vEroSYEtbp5n289xsQnnAhKxg3R5NGkbhKXWpW1m7GGDsFihwVT9CVsDHpIW2Hvezz5ob65gB4ZAYMnJWZuUpA==", + "dependencies": { + "@aws-crypto/sha1-browser": "5.2.0", + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/client-sts": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-bucket-endpoint": "3.620.0", + "@aws-sdk/middleware-expect-continue": "3.620.0", + "@aws-sdk/middleware-flexible-checksums": "3.620.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-location-constraint": "3.609.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/middleware-signing": "3.620.0", + "@aws-sdk/middleware-ssec": "3.609.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/signature-v4-multi-region": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@aws-sdk/xml-builder": "3.609.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/eventstream-serde-browser": "^3.0.5", + "@smithy/eventstream-serde-config-resolver": "^3.0.3", + "@smithy/eventstream-serde-node": "^3.0.4", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-blob-browser": "^3.1.2", + "@smithy/hash-node": "^3.0.3", + "@smithy/hash-stream-node": "^3.1.2", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/md5-js": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "@smithy/util-waiter": "^3.1.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/credential-provider-web-identity/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "node_modules/@aws-sdk/client-sso": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.623.0.tgz", + "integrity": "sha512-oEACriysQMnHIVcNp7TD6D1nzgiHfYK0tmMBMbUxgoFuCBkW9g9QYvspHN+S9KgoePfMEXHuPUe9mtG9AH9XeA==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@aws-sdk/client-sso-oidc": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.623.0.tgz", + "integrity": "sha512-lMFEXCa6ES/FGV7hpyrppT1PiAkqQb51AbG0zVU3TIgI2IO4XX02uzMUXImRSRqRpGymRCbJCaCs9LtKvS/37Q==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" }, - "engines": { - "node": ">=14.0.0" + "peerDependencies": { + "@aws-sdk/client-sts": "^3.623.0" } }, - "node_modules/@aws-sdk/middleware-bucket-endpoint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.418.0.tgz", - "integrity": "sha512-gj/mj1UfbKkGbQ1N4YUvjTTp8BVs5fO1QAL2AjFJ+jfJOToLReX72aNEkm7sPGbHML0TqOY4cQbJuWYy+zdD5g==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node_modules/@aws-sdk/client-sts": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.623.0.tgz", + "integrity": "sha512-iJNdx76SOw0YjHAUv8aj3HXzSu3TKI7qSGuR+OGATwA/kpJZDd+4+WYBdGtr8YK+hPrGGqhfecuCkEg805O5iA==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@aws-sdk/core": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.623.0.tgz", + "integrity": "sha512-8Toq3X6trX/67obSdh4K0MFQY4f132bEbr1i0YPDWk/O3KdBt12mLC/sW3aVRnlIs110XMuX9yrWWqJ8fDW10g==", + "dependencies": { + "@smithy/core": "^2.3.2", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "fast-xml-parser": "4.4.1", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-bucket-endpoint/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-env": { + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.620.1.tgz", + "integrity": "sha512-ExuILJ2qLW5ZO+rgkNRj0xiAipKT16Rk77buvPP8csR7kkCflT/gXTyzRe/uzIiETTxM7tr8xuO9MP/DQXqkfg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-expect-continue": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.418.0.tgz", - "integrity": "sha512-6x4rcIj685EmqDLQkbWoCur3Dg5DRClHMen6nHXmD3CR5Xyt3z1Gk/+jmZICxyJo9c6M4AeZht8o95BopkmYAQ==", + "node_modules/@aws-sdk/credential-provider-http": { + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.622.0.tgz", + "integrity": "sha512-VUHbr24Oll1RK3WR8XLUugLpgK9ZuxEm/NVeVqyFts1Ck9gsKpRg1x4eH7L7tW3SJ4TDEQNMbD7/7J+eoL2svg==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-expect-continue/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-ini": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.623.0.tgz", + "integrity": "sha512-kvXA1SwGneqGzFwRZNpESitnmaENHGFFuuTvgGwtMe7mzXWuA/LkXdbiHmdyAzOo0iByKTCD8uetuwh3CXy4Pw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-flexible-checksums": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.418.0.tgz", - "integrity": "sha512-3O203dqS2JU5P1TAAbo7p1qplXQh59pevw9nqzPVb3EG8B+mSucVf2kKmF7kGHqKSk+nK/mB/4XGSsZBzGt6Wg==", - "dependencies": { - "@aws-crypto/crc32": "3.0.0", - "@aws-crypto/crc32c": "3.0.0", - "@aws-sdk/types": "3.418.0", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "node": ">=16.0.0" }, - "engines": { - "node": ">=14.0.0" + "peerDependencies": { + "@aws-sdk/client-sts": "^3.623.0" } }, - "node_modules/@aws-sdk/middleware-flexible-checksums/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-node": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.623.0.tgz", + "integrity": "sha512-qDwCOkhbu5PfaQHyuQ+h57HEx3+eFhKdtIw7aISziWkGdFrMe07yIBd7TJqGe4nxXnRF1pfkg05xeOlMId997g==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-ini": "3.623.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-host-header": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.418.0.tgz", - "integrity": "sha512-LrMTdzalkPw/1ujLCKPLwCGvPMCmT4P+vOZQRbSEVZPnlZk+Aj++aL/RaHou0jL4kJH3zl8iQepriBt4a7UvXQ==", + "node_modules/@aws-sdk/credential-provider-process": { + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.620.1.tgz", + "integrity": "sha512-hWqFMidqLAkaV9G460+1at6qa9vySbjQKKc04p59OT7lZ5cO5VH5S4aI05e+m4j364MBROjjk2ugNvfNf/8ILg==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-host-header/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/credential-provider-sso": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.623.0.tgz", + "integrity": "sha512-70LZhUb3l7cttEsg4A0S4Jq3qrCT/v5Jfyl8F7w1YZJt5zr3oPPcvDJxo/UYckFz4G4/5BhGa99jK8wMlNE9QA==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/client-sso": "3.623.0", + "@aws-sdk/token-providers": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-location-constraint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.418.0.tgz", - "integrity": "sha512-cc8M3VEaESHJhDsDV8tTpt2QYUprDWhvAVVSlcL43cTdZ54Quc0W+toDiaVOUlwrAZz2Y7g5NDj22ibJGFbOvw==", + "node_modules/@aws-sdk/credential-provider-web-identity": { + "version": "3.621.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.621.0.tgz", + "integrity": "sha512-w7ASSyfNvcx7+bYGep3VBgC3K6vEdLmlpjT7nSIHxxQf+WSdvy+HynwJosrpZax0sK5q0D1Jpn/5q+r5lwwW6w==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-location-constraint/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "node": ">=16.0.0" }, - "engines": { - "node": ">=14.0.0" + "peerDependencies": { + "@aws-sdk/client-sts": "^3.621.0" } }, - "node_modules/@aws-sdk/middleware-logger": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.418.0.tgz", - "integrity": "sha512-StKGmyPVfoO/wdNTtKemYwoJsqIl4l7oqarQY7VSf2Mp3mqaa+njLViHsQbirYpyqpgUEusOnuTlH5utxJ1NsQ==", + "node_modules/@aws-sdk/middleware-bucket-endpoint": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.620.0.tgz", + "integrity": "sha512-eGLL0W6L3HDb3OACyetZYOWpHJ+gLo0TehQKeQyy2G8vTYXqNTeqYhuI6up9HVjBzU9eQiULVQETmgQs7TFaRg==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-logger/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-expect-continue": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.620.0.tgz", + "integrity": "sha512-QXeRFMLfyQ31nAHLbiTLtk0oHzG9QLMaof5jIfqcUwnOkO8YnQdeqzakrg1Alpy/VQ7aqzIi8qypkBe2KXZz0A==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-recursion-detection": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.418.0.tgz", - "integrity": "sha512-kKFrIQglBLUFPbHSDy1+bbe3Na2Kd70JSUC3QLMbUHmqipXN8KeXRfAj7vTv97zXl0WzG0buV++WcNwOm1rFjg==", + "node_modules/@aws-sdk/middleware-flexible-checksums": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.620.0.tgz", + "integrity": "sha512-ftz+NW7qka2sVuwnnO1IzBku5ccP+s5qZGeRTPgrKB7OzRW85gthvIo1vQR2w+OwHFk7WJbbhhWwbCbktnP4UA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-crypto/crc32": "5.2.0", + "@aws-crypto/crc32c": "5.2.0", + "@aws-sdk/types": "3.609.0", + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-recursion-detection/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-host-header": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.620.0.tgz", + "integrity": "sha512-VMtPEZwqYrII/oUkffYsNWY9PZ9xpNJpMgmyU0rlDQ25O1c0Hk3fJmZRe6pEkAJ0omD7kLrqGl1DUjQVxpd/Rg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-s3": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.418.0.tgz", - "integrity": "sha512-rei32LF45SyqL3NlWDjEOfMwAca9A5F4QgUyXJqvASc43oWC1tJnLIhiCxNh8qkWAiRyRzFpcanTeqyaRSsZpA==", + "node_modules/@aws-sdk/middleware-location-constraint": { + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.609.0.tgz", + "integrity": "sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-logger": { + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.609.0.tgz", + "integrity": "sha512-S62U2dy4jMDhDFDK5gZ4VxFdWzCtLzwbYyFZx2uvPYTECkepLUfzLic2BHg2Qvtu4QjX+oGE3P/7fwaGIsGNuQ==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-sts": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.418.0.tgz", - "integrity": "sha512-cW8ijrCTP+mgihvcq4+TbhAcE/we5lFl4ydRqvTdtcSnYQAVQADg47rnTScQiFsPFEB3NKq7BGeyTJF9MKolPA==", + "node_modules/@aws-sdk/middleware-recursion-detection": { + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.620.0.tgz", + "integrity": "sha512-nh91S7aGK3e/o1ck64sA/CyoFw+gAYj2BDOnoNa6ouyCrVJED96ZXWbhye/fz9SgmNUZR2g7GdVpiLpMKZoI5w==", "dependencies": { - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, - "node_modules/@aws-sdk/middleware-sdk-sts/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "node_modules/@aws-sdk/middleware-sdk-s3": { + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.622.0.tgz", + "integrity": "sha512-tX9wZ2ALx5Ez4bkY+SvSj6DpNZ6TmY4zlsVsdgV95LZFLjNwqnZkKkS+uKnsIyLBiBp6g92JVQwnUEIp7ov2Zw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/middleware-signing": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.418.0.tgz", - "integrity": "sha512-onvs5KoYQE8OlOE740RxWBGtsUyVIgAo0CzRKOQO63ZEYqpL1Os+MS1CGzdNhvQnJgJruE1WW+Ix8fjN30zKPA==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.620.0.tgz", + "integrity": "sha512-gxI7rubiaanUXaLfJ4NybERa9MGPNg2Ycl/OqANsozrBnR3Pw8vqy3EuVImQOyn2pJ2IFvl8ZPoSMHf4pX56FQ==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-signing/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/middleware-ssec": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.418.0.tgz", - "integrity": "sha512-J7K+5h6aP7IYMlu/NwHEIjb0+WDu1eFvO8TCPo6j1H9xYRi8B/6h+6pa9Rk9IgRUzFnrdlDu9FazG8Tp0KKLyg==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-ssec/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.609.0.tgz", + "integrity": "sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/middleware-user-agent": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.418.0.tgz", - "integrity": "sha512-Jdcztg9Tal9SEAL0dKRrnpKrm6LFlWmAhvuwv0dQ7bNTJxIxyEFbpqdgy7mpQHsLVZgq1Aad/7gT/72c9igyZw==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.620.0.tgz", + "integrity": "sha512-bvS6etn+KsuL32ubY5D3xNof1qkenpbJXf/ugGXbg0n98DvDFQ/F+SMLxHgbnER5dsKYchNnhmtI6/FC3HFu/A==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/middleware-user-agent/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/region-config-resolver": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.418.0.tgz", - "integrity": "sha512-lJRZ/9TjZU6yLz+mAwxJkcJZ6BmyYoIJVo1p5+BN//EFdEmC8/c0c9gXMRzfISV/mqWSttdtccpAyN4/goHTYA==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.614.0.tgz", + "integrity": "sha512-vDCeMXvic/LU0KFIUjpC3RiSTIkkvESsEfbVHiHH0YINfl8HnEqR5rj+L8+phsCeVg2+LmYwYxd5NRz4PHxt5g==", "dependencies": { - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/signature-v4-multi-region": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.418.0.tgz", - "integrity": "sha512-LeVYMZeUQUURFqDf4yZxTEv016g64hi0LqYBjU0mjwd8aPc0k6hckwvshezc80jCNbuLyjNfQclvlg3iFliItQ==", + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.622.0.tgz", + "integrity": "sha512-K7ddofVNzwTFRjmLZLfs/v+hiE9m5LguajHk8WULxXQgkcDI3nPgOfmMMGuslYohaQhRwW+ic+dzYlateLUudQ==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/token-providers": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.418.0.tgz", - "integrity": "sha512-9P7Q0VN0hEzTngy3Sz5eya2qEOEf0Q8qf1vB3um0gE6ID6EVAdz/nc/DztfN32MFxk8FeVBrCP5vWdoOzmd72g==", - "dependencies": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.614.0.tgz", + "integrity": "sha512-okItqyY6L9IHdxqs+Z116y5/nda7rHxLvROxtAJdLavWTYDydxrZstImNgGWTeVdmc0xX2gJCI77UYUTQWnhRw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" + }, + "peerDependencies": { + "@aws-sdk/client-sso-oidc": "^3.614.0" } }, "node_modules/@aws-sdk/types": { - "version": "3.433.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.433.0.tgz", - "integrity": "sha512-0jEE2mSrNDd8VGFjTc1otYrwYPIkzZJEIK90ZxisKvQ/EURGBhNzWn7ejWB9XCMFT6XumYLBR0V9qq5UPisWtA==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.609.0.tgz", + "integrity": "sha512-+Tqnh9w0h2LcrUsdXyT1F8mNhXz+tVYBtP19LpeEGntmvHwa2XzvLUCWpoIAIVsHp5+HdB2X9Sn0KAtmbFXc2Q==", "dependencies": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-arn-parser": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.310.0.tgz", - "integrity": "sha512-jL8509owp/xB9+Or0pvn3Fe+b94qfklc2yPowZZIFAkFcCSIdkIglz18cPDWnYAcy9JGewpMS1COXKIUhZkJsA==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "integrity": "sha512-XUKJWWo+KOB7fbnPP0+g/o5Ulku/X53t7i/h+sPHr5xxYTJJ9CYnbToo95mzxe7xWvkLrsNtJ8L+MnNn9INs2w==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-endpoints": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.418.0.tgz", - "integrity": "sha512-sYSDwRTl7yE7LhHkPzemGzmIXFVHSsi3AQ1KeNEk84eBqxMHHcCc2kqklaBk2roXWe50QDgRMy1ikZUxvtzNHQ==", - "dependencies": { - "@aws-sdk/types": "3.418.0", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/util-endpoints/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.614.0.tgz", + "integrity": "sha512-wK2cdrXHH4oz4IomV/yrGkftU9A+ITB6nFL+rxxyO78is2ifHJpFdV4aqk4LSkXYPi6CXWNru/Dqc7yiKXgJPw==", "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "@smithy/util-endpoints": "^2.0.5", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-locate-window": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.310.0.tgz", - "integrity": "sha512-qo2t/vBTnoXpjKxlsC2e1gBrRm80M3bId27r0BRB2VniSSe7bL1mmzM+/HFtujm0iAxtPM+aLEflLJlJeDPg0w==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.568.0.tgz", + "integrity": "sha512-3nh4TINkXYr+H41QaPelCceEB2FXP3fxp93YZXB/kqJvX0U9j0N0Uk45gvsjmEPzG8XxkPEeLIfT2I1M7A6Lig==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@aws-sdk/util-user-agent-browser": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.418.0.tgz", - "integrity": "sha512-c4p4mc0VV/jIeNH0lsXzhJ1MpWRLuboGtNEpqE4s1Vl9ck2amv9VdUUZUmHbg+bVxlMgRQ4nmiovA4qIrqGuyg==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.609.0.tgz", + "integrity": "sha512-fojPU+mNahzQ0YHYBsx0ZIhmMA96H+ZIZ665ObU9tl+SGdbLneVZVikGve+NmHTQwHzwkFsZYYnVKAkreJLAtA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" - } - }, - "node_modules/@aws-sdk/util-user-agent-browser/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" + "tslib": "^2.6.2" } }, "node_modules/@aws-sdk/util-user-agent-node": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.418.0.tgz", - "integrity": "sha512-BXMskXFtg+dmzSCgmnWOffokxIbPr1lFqa1D9kvM3l3IFRiFGx2IyDg+8MAhq11aPDLvoa/BDuQ0Yqma5izOhg==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.614.0.tgz", + "integrity": "sha512-15ElZT88peoHnq5TEoEtZwoXTXRxNrk60TZNdpl/TUBJ5oNJ9Dqb5Z4ryb8ofN6nm9aFf59GVAerFDz8iUoHBA==", "dependencies": { - "@aws-sdk/types": "3.418.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" }, "peerDependencies": { "aws-crt": ">=1.0.0" @@ -1024,641 +860,654 @@ } } }, - "node_modules/@aws-sdk/util-user-agent-node/node_modules/@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "dependencies": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/@aws-sdk/util-utf8-browser": { - "version": "3.259.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", - "integrity": "sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw==", - "dependencies": { - "tslib": "^2.3.1" - } - }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.310.0.tgz", - "integrity": "sha512-TqELu4mOuSIKQCqj63fGVs86Yh+vBx5nHRpWKNUNhB2nPTpfbziTs5c1X358be3peVWA4wPxW7Nt53KIg1tnNw==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.609.0.tgz", + "integrity": "sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==", "dependencies": { - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/abort-controller": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-2.0.16.tgz", - "integrity": "sha512-4foO7738k8kM9flMHu3VLabqu7nPgvIj8TB909S0CnKx0YZz/dcDH3pZ/4JHdatfxlZdKF1JWOYCw9+v3HVVsw==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.1.tgz", + "integrity": "sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/chunked-blob-reader": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-2.0.0.tgz", - "integrity": "sha512-k+J4GHJsMSAIQPChGBrjEmGS+WbPonCXesoqP9fynIqjn7rdOThdH8FAeCmokP9mxTYKQAKoHCLPzNlm6gh7Wg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "integrity": "sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "node_modules/@smithy/chunked-blob-reader-native": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-2.0.0.tgz", - "integrity": "sha512-HM8V2Rp1y8+1343tkZUKZllFhEQPNmpNdgFAncbTsxkZ18/gqjk23XXv3qGyXWp412f3o43ZZ1UZHVcHrpRnCQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "integrity": "sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==", "dependencies": { - "@smithy/util-base64": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/config-resolver": { - "version": "2.0.23", - "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-2.0.23.tgz", - "integrity": "sha512-XakUqgtP2YY8Mi+Nlif5BiqJgWdvfxJafSpOSQeCOMizu+PUhE4fBQSy6xFcR+eInrwVadaABNxoJyGUMn15ew==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.5.tgz", + "integrity": "sha512-SkW5LxfkSI1bUC74OtfBbdz+grQXYiPYolyu8VfpLIjEoN/sHVBlLeGXMQ1vX4ejkgfv6sxVbQJ32yF2cl1veA==", "dependencies": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/types": "^2.8.0", - "@smithy/util-config-provider": "^2.1.0", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" + } + }, + "node_modules/@smithy/core": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.3.2.tgz", + "integrity": "sha512-in5wwt6chDBcUv1Lw1+QzZxN9fBffi+qOixfb65yK4sDuKG7zAUO9HAFqmVzsZM3N+3tTyvZjtnDXePpvp007Q==", + "dependencies": { + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" } }, "node_modules/@smithy/credential-provider-imds": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-2.1.5.tgz", - "integrity": "sha512-VfvE6Wg1MUWwpTZFBnUD7zxvPhLY8jlHCzu6bCjlIYoWgXCDzZAML76IlZUEf45nib3rjehnFgg0s1rgsuN/bg==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.0.tgz", + "integrity": "sha512-0SCIzgd8LYZ9EJxUjLXBmEKSZR/P/w6l7Rz/pab9culE/RWuqelAKGJvn5qUOl8BgX8Yj5HWM50A5hiB/RzsgA==", "dependencies": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-codec": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-2.0.16.tgz", - "integrity": "sha512-umYh5pdCE9GHgiMAH49zu9wXWZKNHHdKPm/lK22WYISTjqu29SepmpWNmPiBLy/yUu4HFEGJHIFrDWhbDlApaw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.2.tgz", + "integrity": "sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==", "dependencies": { - "@aws-crypto/crc32": "3.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "tslib": "^2.5.0" + "@aws-crypto/crc32": "5.2.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/eventstream-serde-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-2.0.12.tgz", - "integrity": "sha512-0pi8QlU/pwutNshoeJcbKR1p7Ie5STd8UFAMX5xhSoSJjNlxIv/OsHbF023jscMRN2Prrqd6ToGgdCnsZVQjvg==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.5.tgz", + "integrity": "sha512-dEyiUYL/ekDfk+2Ra4GxV+xNnFoCmk1nuIXg+fMChFTrM2uI/1r9AdiTYzPqgb72yIv/NtAj6C3dG//1wwgakQ==", "dependencies": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-serde-config-resolver": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-2.0.12.tgz", - "integrity": "sha512-I0XfwQkIX3gAnbrU5rLMkBSjTM9DHttdbLwf12CXmj7SSI5dT87PxtKLRrZGanaCMbdf2yCep+MW5/4M7IbvQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.3.tgz", + "integrity": "sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==", "dependencies": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-serde-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-2.0.12.tgz", - "integrity": "sha512-vf1vMHGOkG3uqN9x1zKOhnvW/XgvhJXWqjV6zZiT2FMjlEayugQ1mzpSqr7uf89+BzjTzuZKERmOsEAmewLbxw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.4.tgz", + "integrity": "sha512-mjlG0OzGAYuUpdUpflfb9zyLrBGgmQmrobNT8b42ZTsGv/J03+t24uhhtVEKG/b2jFtPIHF74Bq+VUtbzEKOKg==", "dependencies": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/eventstream-serde-universal": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-2.0.12.tgz", - "integrity": "sha512-xZ3ZNpCxIND+q+UCy7y1n1/5VQEYicgSTNCcPqsKawX+Vd+6OcFX7gUHMyPzL8cZr+GdmJuxNleqHlH4giK2tw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.4.tgz", + "integrity": "sha512-Od9dv8zh3PgOD7Vj4T3HSuox16n0VG8jJIM2gvKASL6aCtcS8CfHZDWe1Ik3ZXW6xBouU+45Q5wgoliWDZiJ0A==", "dependencies": { - "@smithy/eventstream-codec": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-codec": "^3.1.2", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/fetch-http-handler": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-2.3.2.tgz", - "integrity": "sha512-O9R/OlnAOTsnysuSDjt0v2q6DcSvCz5cCFC/CFAWWcLyBwJDeFyGTCTszgpQTb19+Fi8uRwZE5/3ziAQBFeDMQ==", + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.4.tgz", + "integrity": "sha512-kBprh5Gs5h7ug4nBWZi1FZthdqSM+T7zMmsZxx0IBvWUn7dK3diz2SHn7Bs4dQGFDk8plDv375gzenDoNwrXjg==", "dependencies": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/hash-blob-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-2.0.12.tgz", - "integrity": "sha512-riLnV16f27yyePX8UF0deRHAeccUK8SrOxyTykSTrnVkgS3DsjNapZtTbd8OGNKEbI60Ncdb5GwN3rHZudXvog==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.2.tgz", + "integrity": "sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==", "dependencies": { - "@smithy/chunked-blob-reader": "^2.0.0", - "@smithy/chunked-blob-reader-native": "^2.0.0", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/chunked-blob-reader": "^3.0.0", + "@smithy/chunked-blob-reader-native": "^3.0.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/hash-node": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-2.0.18.tgz", - "integrity": "sha512-gN2JFvAgnZCyDN9rJgcejfpK0uPPJrSortVVVVWsru9whS7eQey6+gj2eM5ln2i6rHNntIXzal1Fm9XOPuoaKA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.3.tgz", + "integrity": "sha512-2ctBXpPMG+B3BtWSGNnKELJ7SH9e4TNefJS0cd2eSkOOROeBnnVBnAy9LtJ8tY4vUEoe55N4CNPxzbWvR39iBw==", "dependencies": { - "@smithy/types": "^2.8.0", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/hash-stream-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-2.0.12.tgz", - "integrity": "sha512-x/DrSynPKrW0k00q7aZ/vy531a3mRw79mOajHp+cIF0TrA1SqEMFoy/B8X0XtoAtlJWt/vvgeDNqt/KAeaAqMw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.2.tgz", + "integrity": "sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==", "dependencies": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/invalid-dependency": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-2.0.16.tgz", - "integrity": "sha512-apEHakT/kmpNo1VFHP4W/cjfeP9U0x5qvfsLJubgp7UM/gq4qYp0GbqdE7QhsjUaYvEnrftRqs7+YrtWreV0wA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.3.tgz", + "integrity": "sha512-ID1eL/zpDULmHJbflb864k72/SNOZCADRc9i7Exq3RUNJw6raWUSlFEQ+3PX3EYs++bTxZB2dE9mEHTQLv61tw==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/is-array-buffer": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.0.0.tgz", - "integrity": "sha512-z3PjFjMyZNI98JFRJi/U0nGoLWMSJlDjAW4QUX2WNZLas5C0CmVV6LJ01JI0k90l7FvpmixjWxPFmENSClQ7ug==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/md5-js": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-2.0.12.tgz", - "integrity": "sha512-OgDt+Xnrw+W5z3MSl5KZZzebqmXrYl9UdbCiBYnnjErmNywwSjV6QB/Oic3/7hnsPniSU81n7Rvlhz2kH4EREQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.3.tgz", + "integrity": "sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==", "dependencies": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/middleware-content-length": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-2.0.18.tgz", - "integrity": "sha512-ZJ9uKPTfxYheTKSKYB+GCvcj+izw9WGzRLhjn8n254q0jWLojUzn7Vw0l4R/Gq7Wdpf/qmk/ptD+6CCXHNVCaw==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.5.tgz", + "integrity": "sha512-ILEzC2eyxx6ncej3zZSwMpB5RJ0zuqH7eMptxC4KN3f+v9bqT8ohssKbhNR78k/2tWW+KS5Spw+tbPF4Ejyqvw==", "dependencies": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-endpoint": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-2.3.0.tgz", - "integrity": "sha512-VsOAG2YQ8ykjSmKO+CIXdJBIWFo6AAvG6Iw95BakBTqk66/4BI7XyqLevoNSq/lZ6NgZv24sLmrcIN+fLDWBCg==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.1.0.tgz", + "integrity": "sha512-5y5aiKCEwg9TDPB4yFE7H6tYvGFf1OJHNczeY10/EFF8Ir8jZbNntQJxMWNfeQjC1mxPsaQ6mR9cvQbf+0YeMw==", "dependencies": { - "@smithy/middleware-serde": "^2.0.16", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/middleware-serde": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-retry": { - "version": "2.0.26", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-2.0.26.tgz", - "integrity": "sha512-Qzpxo0U5jfNiq9iD38U3e2bheXwvTEX4eue9xruIvEgh+UKq6dKuGqcB66oBDV7TD/mfoJi9Q/VmaiqwWbEp7A==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.14.tgz", + "integrity": "sha512-7ZaWZJOjUxa5hgmuMspyt8v/zVsh0GXYuF7OvCmdcbVa/xbnKQoYC+uYKunAqRGTkxjOyuOCw9rmFUFOqqC0eQ==", "dependencies": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/protocol-http": "^3.0.12", - "@smithy/service-error-classification": "^2.0.9", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-retry": "^2.0.9", - "tslib": "^2.5.0", - "uuid": "^8.3.2" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/service-error-classification": "^3.0.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "tslib": "^2.6.2", + "uuid": "^9.0.1" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-serde": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-2.0.16.tgz", - "integrity": "sha512-5EAd4t30pcc4M8TSSGq7q/x5IKrxfXR5+SrU4bgxNy7RPHQo2PSWBUco9C+D9Tfqp/JZvprRpK42dnupZafk2g==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz", + "integrity": "sha512-puUbyJQBcg9eSErFXjKNiGILJGtiqmuuNKEYNYfUD57fUl4i9+mfmThtQhvFXU0hCVG0iEJhvQUipUf+/SsFdA==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/middleware-stack": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-2.0.10.tgz", - "integrity": "sha512-I2rbxctNq9FAPPEcuA1ntZxkTKOPQFy7YBPOaD/MLg1zCvzv21CoNxR0py6J8ZVC35l4qE4nhxB0f7TF5/+Ldw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.3.tgz", + "integrity": "sha512-r4klY9nFudB0r9UdSMaGSyjyQK5adUyPnQN/ZM6M75phTxOdnc/AhpvGD1fQUvgmqjQEBGCwpnPbDm8pH5PapA==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/node-config-provider": { - "version": "2.1.9", - "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-2.1.9.tgz", - "integrity": "sha512-tUyW/9xrRy+s7RXkmQhgYkAPMpTIF8izK4orhHjNFEKR3QZiOCbWB546Y8iB/Fpbm3O9+q0Af9rpywLKJOwtaQ==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.4.tgz", + "integrity": "sha512-YvnElQy8HR4vDcAjoy7Xkx9YT8xZP4cBXcbJSgm/kxmiQu08DwUwj8rkGnyoJTpfl/3xYHH+d8zE+eHqoDCSdQ==", "dependencies": { - "@smithy/property-provider": "^2.0.17", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/node-http-handler": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-2.2.2.tgz", - "integrity": "sha512-XO58TO/Eul/IBQKFKaaBtXJi0ItEQQCT+NI4IiKHCY/4KtqaUT6y/wC1EvDqlA9cP7Dyjdj7FdPs4DyynH3u7g==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.1.4.tgz", + "integrity": "sha512-+UmxgixgOr/yLsUxcEKGH0fMNVteJFGkmRltYFHnBMlogyFdpzn2CwqWmxOrfJELhV34v0WSlaqG1UtE1uXlJg==", "dependencies": { - "@smithy/abort-controller": "^2.0.16", - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/property-provider": { - "version": "2.0.17", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-2.0.17.tgz", - "integrity": "sha512-+VkeZbVu7qtQ2DjI48Qwaf9fPOr3gZIwxQpuLJgRRSkWsdSvmaTCxI3gzRFKePB63Ts9r4yjn4HkxSCSkdWmcQ==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.3.tgz", + "integrity": "sha512-zahyOVR9Q4PEoguJ/NrFP4O7SMAfYO1HLhB18M+q+Z4KFd4V2obiMnlVoUFzFLSPeVt1POyNWneHHrZaTMoc/g==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/protocol-http": { - "version": "3.0.12", - "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-3.0.12.tgz", - "integrity": "sha512-Xz4iaqLiaBfbQpB9Hgi3VcZYbP7xRDXYhd8XWChh4v94uw7qwmvlxdU5yxzfm6ACJM66phHrTbS5TVvj5uQ72w==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.0.tgz", + "integrity": "sha512-dPVoHYQ2wcHooGXg3LQisa1hH0e4y0pAddPMeeUPipI1tEOqL6A4N0/G7abeq+K8wrwSgjk4C0wnD1XZpJm5aA==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/querystring-builder": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-2.0.16.tgz", - "integrity": "sha512-Q/GsJT0C0mijXMRs7YhZLLCP5FcuC4797lYjKQkME5CZohnLC4bEhylAd2QcD3gbMKNjCw8+T2I27WKiV/wToA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz", + "integrity": "sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw==", "dependencies": { - "@smithy/types": "^2.8.0", - "@smithy/util-uri-escape": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-uri-escape": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/querystring-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-2.0.16.tgz", - "integrity": "sha512-c4ueAuL6BDYKWpkubjrQthZKoC3L5kql5O++ovekNxiexRXTlLIVlCR4q3KziOktLIw66EU9SQljPXd/oN6Okg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.3.tgz", + "integrity": "sha512-zahM1lQv2YjmznnfQsWbYojFe55l0SLG/988brlLv1i8z3dubloLF+75ATRsqPBboUXsW6I9CPGE5rQgLfY0vQ==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/service-error-classification": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-2.0.9.tgz", - "integrity": "sha512-0K+8GvtwI7VkGmmInPydM2XZyBfIqLIbfR7mDQ+oPiz8mIinuHbV6sxOLdvX1Jv/myk7XTK9orgt3tuEpBu/zg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.3.tgz", + "integrity": "sha512-Jn39sSl8cim/VlkLsUhRFq/dKDnRUFlfRkvhOJaUbLBXUsLRLNf9WaxDv/z9BjuQ3A6k/qE8af1lsqcwm7+DaQ==", "dependencies": { - "@smithy/types": "^2.8.0" + "@smithy/types": "^3.3.0" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/shared-ini-file-loader": { - "version": "2.2.8", - "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-2.2.8.tgz", - "integrity": "sha512-E62byatbwSWrtq9RJ7xN40tqrRKDGrEL4EluyNpaIDvfvet06a/QC58oHw2FgVaEgkj0tXZPjZaKrhPfpoU0qw==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.4.tgz", + "integrity": "sha512-qMxS4hBGB8FY2GQqshcRUy1K6k8aBWP5vwm8qKkCT3A9K2dawUwOIJfqh9Yste/Bl0J2lzosVyrXDj68kLcHXQ==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/signature-v4": { - "version": "2.0.19", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-2.0.19.tgz", - "integrity": "sha512-nwc3JihdM+kcJjtORv/n7qRHN2Kfh7S2RJI2qr8pz9UcY5TD8rSCRGQ0g81HgyS3jZ5X9U/L4p014P3FonBPhg==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.1.0.tgz", + "integrity": "sha512-aRryp2XNZeRcOtuJoxjydO6QTaVhxx/vjaR+gx7ZjaFgrgPRyZ3HCTbfwqYj6ZWEBHkCSUfcaymKPURaByukag==", "dependencies": { - "@smithy/eventstream-codec": "^2.0.16", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-uri-escape": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-uri-escape": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/smithy-client": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-2.2.1.tgz", - "integrity": "sha512-SpD7FLK92XV2fon2hMotaNDa2w5VAy5/uVjP9WFmjGSgWM8pTPVkHcDl1yFs5Z8LYbij0FSz+DbCBK6i+uXXUA==", + "version": "3.1.12", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.12.tgz", + "integrity": "sha512-wtm8JtsycthkHy1YA4zjIh2thJgIQ9vGkoR639DBx5lLlLNU0v4GARpQZkr2WjXue74nZ7MiTSWfVrLkyD8RkA==", "dependencies": { - "@smithy/middleware-endpoint": "^2.3.0", - "@smithy/middleware-stack": "^2.0.10", - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "@smithy/util-stream": "^2.0.24", - "tslib": "^2.5.0" + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/types": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-2.8.0.tgz", - "integrity": "sha512-h9sz24cFgt/W1Re22OlhQKmUZkNh244ApgRsUDYinqF8R+QgcsBIX344u2j61TPshsTz3CvL6HYU1DnQdsSrHA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.3.0.tgz", + "integrity": "sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/url-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-2.0.16.tgz", - "integrity": "sha512-Wfz5WqAoRT91TjRy1JeLR0fXtkIXHGsMbgzKFTx7E68SrZ55TB8xoG+vm11Ru4gheFTMXjAjwAxv1jQdC+pAQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.3.tgz", + "integrity": "sha512-pw3VtZtX2rg+s6HMs6/+u9+hu6oY6U7IohGhVNnjbgKy86wcIsSZwgHrFR+t67Uyxvp4Xz3p3kGXXIpTNisq8A==", "dependencies": { - "@smithy/querystring-parser": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/querystring-parser": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "node_modules/@smithy/util-base64": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-2.0.1.tgz", - "integrity": "sha512-DlI6XFYDMsIVN+GH9JtcRp3j02JEVuWIn/QOZisVzpIAprdsxGveFed0bjbMRCqmIFe8uetn5rxzNrBtIGrPIQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "integrity": "sha512-Kxvoh5Qtt0CDsfajiZOCpJxgtPHXOKwmM+Zy4waD43UoEMA+qPxxa98aE/7ZhdnBFZFXMOiBR5xbcaMhLtznQQ==", "dependencies": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-body-length-browser": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-2.0.1.tgz", - "integrity": "sha512-NXYp3ttgUlwkaug4bjBzJ5+yIbUbUx8VsSLuHZROQpoik+gRkIBeEG9MPVYfvPNpuXb/puqodeeUXcKFe7BLOQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "integrity": "sha512-cbjJs2A1mLYmqmyVl80uoLTJhAcfzMOyPgjwAYusWKMdLeNtzmMz9YxNl3/jRLoxSS3wkqkf0jwNdtXWtyEBaQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "node_modules/@smithy/util-body-length-node": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-2.1.0.tgz", - "integrity": "sha512-/li0/kj/y3fQ3vyzn36NTLGmUwAICb7Jbe/CsWCktW363gh1MOcpEcSO3mJ344Gv2dqz8YJCLQpb6hju/0qOWw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "integrity": "sha512-Tj7pZ4bUloNUP6PzwhN7K386tmSmEET9QtQg0TgdNOnxhZvCssHji+oZTUIuzxECRfG8rdm2PMw2WCFs6eIYkA==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-buffer-from": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.0.0.tgz", - "integrity": "sha512-/YNnLoHsR+4W4Vf2wL5lGv0ksg8Bmk3GEGxn2vEQt52AQaPSCuaO5PM5VM7lP1K9qHRKHwrPGktqVoAHKWHxzw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==", "dependencies": { - "@smithy/is-array-buffer": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-config-provider": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-2.1.0.tgz", - "integrity": "sha512-S6V0JvvhQgFSGLcJeT1CBsaTR03MM8qTuxMH9WPCCddlSo2W0V5jIHimHtIQALMLEDPGQ0ROSRr/dU0O+mxiQg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "integrity": "sha512-pbjk4s0fwq3Di/ANL+rCvJMKM5bzAQdE5S/6RL5NXgMExFAi6UgQMPOm5yPaIWPpr+EOXKXRonJ3FoxKf4mCJQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-defaults-mode-browser": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-2.0.24.tgz", - "integrity": "sha512-TsP5mBuLgO2C21+laNG2nHYZEyUdkbGURv2tHvSuQQxLz952MegX95uwdxOY2jR2H4GoKuVRfdJq7w4eIjGYeg==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.14.tgz", + "integrity": "sha512-0iwTgKKmAIf+vFLV8fji21Jb2px11ktKVxbX6LIDPAUJyWQqGqBVfwba7xwa1f2FZUoolYQgLvxQEpJycXuQ5w==", "dependencies": { - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { "node": ">= 10.0.0" } }, "node_modules/@smithy/util-defaults-mode-node": { - "version": "2.0.32", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-2.0.32.tgz", - "integrity": "sha512-d0S33dXA2cq1NyorVMroMrEtqKMr3MlyLITcfTBf9pXiigYiPMOtbSI7czHIfDbuVuM89Cg0urAgpt73QV9mPQ==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.14.tgz", + "integrity": "sha512-e9uQarJKfXApkTMMruIdxHprhcXivH1flYCe8JRDTzkkLx8dA3V5J8GZlST9yfDiRWkJpZJlUXGN9Rc9Ade3OQ==", "dependencies": { - "@smithy/config-resolver": "^2.0.23", - "@smithy/credential-provider-imds": "^2.1.5", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/config-resolver": "^3.0.5", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { "node": ">= 10.0.0" } }, + "node_modules/@smithy/util-endpoints": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.5.tgz", + "integrity": "sha512-ReQP0BWihIE68OAblC/WQmDD40Gx+QY1Ez8mTdFMXpmjfxSyz2fVQu3A4zXRfQU9sZXtewk3GmhfOHswvX+eNg==", + "dependencies": { + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, "node_modules/@smithy/util-hex-encoding": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-2.0.0.tgz", - "integrity": "sha512-c5xY+NUnFqG6d7HFh1IFfrm3mGl29lC+vF+geHv4ToiuJCBmIfzx6IeHLg+OgRdPFKDXIw6pvi+p3CsscaMcMA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "integrity": "sha512-eFndh1WEK5YMUYvy3lPlVmYY/fZcQE1D8oSf41Id2vCeIkKJXPcYDCZD+4+xViI6b1XSd7tE+s5AmXzz5ilabQ==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-middleware": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-2.0.9.tgz", - "integrity": "sha512-PnCnBJ07noMX1lMDTEefmxSlusWJUiLfrme++MfK5TD0xz8NYmakgoXy5zkF/16zKGmiwOeKAztWT/Vjk1KRIQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.3.tgz", + "integrity": "sha512-l+StyYYK/eO3DlVPbU+4Bi06Jjal+PFLSMmlWM1BEwyLxZ3aKkf1ROnoIakfaA7mC6uw3ny7JBkau4Yc+5zfWw==", "dependencies": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-retry": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-2.0.9.tgz", - "integrity": "sha512-46BFWe9RqB6g7f4mxm3W3HlqknqQQmWHKlhoqSFZuGNuiDU5KqmpebMbvC3tjTlUkqn4xa2Z7s3Hwb0HNs5scw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.3.tgz", + "integrity": "sha512-AFw+hjpbtVApzpNDhbjNG5NA3kyoMs7vx0gsgmlJF4s+yz1Zlepde7J58zpIRIsdjc+emhpAITxA88qLkPF26w==", "dependencies": { - "@smithy/service-error-classification": "^2.0.9", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/service-error-classification": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">= 14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-stream": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-2.0.24.tgz", - "integrity": "sha512-hRpbcRrOxDriMVmbya+Mv77VZVupxRAsfxVDKS54XuiURhdiwCUXJP0X1iJhHinuUf6n8pBF0MkG9C8VooMnWw==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.1.3.tgz", + "integrity": "sha512-FIv/bRhIlAxC0U7xM1BCnF2aDRPq0UaelqBHkM2lsCp26mcBbgI0tCVTv+jGdsQLUmAMybua/bjDsSu8RQHbmw==", "dependencies": { - "@smithy/fetch-http-handler": "^2.3.2", - "@smithy/node-http-handler": "^2.2.2", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-uri-escape": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-2.0.0.tgz", - "integrity": "sha512-ebkxsqinSdEooQduuk9CbKcI+wheijxEb3utGXkCoYQkJnwTnLbH1JXGimJtUkQwNQbsbuYwG2+aFVyZf5TLaw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "integrity": "sha512-LqR7qYLgZTD7nWLBecUi4aqolw8Mhza9ArpNEQ881MJJIU2sE5iHCK6TdyqqzcDLy0OPe10IY4T8ctVdtynubg==", "dependencies": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-utf8": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.0.2.tgz", - "integrity": "sha512-qOiVORSPm6Ce4/Yu6hbSgNHABLP2VMv8QOC3tTDNHHlWY19pPyc++fBTbZPtx6egPXi4HQxKDnMxVxpbtX2GoA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==", "dependencies": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/@smithy/util-waiter": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-2.0.12.tgz", - "integrity": "sha512-3sENmyVa1NnOPoiT2NCApPmu7ukP7S/v7kL9IxNmnygkDldn7/yK0TP42oPJLwB2k3mospNsSePIlqdXEUyPHA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.2.tgz", + "integrity": "sha512-4pP0EV3iTsexDx+8PPGAKCQpd/6hsQBaQhqWzU4hqKPHN5epPsxKbvUTIiYIHTxaKt6/kEaqPBpu/ufvfbrRzw==", "dependencies": { - "@smithy/abort-controller": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" }, "engines": { - "node": ">=14.0.0" + "node": ">=16.0.0" } }, "node_modules/bowser": { @@ -1667,17 +1516,17 @@ "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==" }, "node_modules/fast-xml-parser": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "integrity": "sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz", + "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==", "funding": [ - { - "type": "paypal", - "url": "https://paypal.me/naturalintelligence" - }, { "type": "github", "url": "https://github.com/sponsors/NaturalIntelligence" + }, + { + "type": "paypal", + "url": "https://paypal.me/naturalintelligence" } ], "dependencies": { @@ -1693,14 +1542,18 @@ "integrity": "sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==" }, "node_modules/tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" }, "node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], "bin": { "uuid": "dist/bin/uuid" } @@ -1708,1430 +1561,1238 @@ }, "dependencies": { "@aws-crypto/crc32": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", - "integrity": "sha512-IzSgsrxUcsrejQbPVilIKy16kAT52EwB6zSaI+M3xxIhKh5+aldEyvI+z6erM7TCLB2BJsFrtHjp6/4/sr+3dA==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-5.2.0.tgz", + "integrity": "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==", "requires": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/crc32c": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", - "integrity": "sha512-ENNPPManmnVJ4BTXlOjAgD7URidbAznURqD0KvfREyc4o20DPYdEldU1f5cQ7Jbj0CJJSPaMIk/9ZshdB3210w==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-5.2.0.tgz", + "integrity": "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag==", "requires": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } - } - }, - "@aws-crypto/ie11-detection": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", - "integrity": "sha512-341lBBkiY1DfDNKai/wXM3aujNBkXR7tq1URPQDL9wi3AUbI80NR74uF1TXHMm7po1AcnFk8iu2S2IeU/+/A+Q==", - "requires": { - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/sha1-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", - "integrity": "sha512-NJth5c997GLHs6nOYTzFKTbYdMNA6/1XlKVgnZoaZcQ7z7UJlOgj2JdbHE8tiYLS3fzXNCguct77SPGat2raSw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-5.2.0.tgz", + "integrity": "sha512-OH6lveCFfcDjX4dbAvCFSYUjJZjDr/3XJ3xHtjn3Oj5b9RjojQo8npoLeA/bNwkOkrSQ0wgrHzXk4tDRxGKJeg==", "requires": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" }, "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "requires": { + "tslib": "^2.6.2" + } + }, + "@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "requires": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", + "requires": { + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" + } } } }, "@aws-crypto/sha256-browser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", - "integrity": "sha512-8VLmW2B+gjFbU5uMeqtQM6Nj0/F1bro80xQXCW6CQBWgosFWXTx77aeOF5CAIAmbOK64SdMBJdNr6J41yP5mvQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz", + "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==", "requires": { - "@aws-crypto/ie11-detection": "^3.0.0", - "@aws-crypto/sha256-js": "^3.0.0", - "@aws-crypto/supports-web-crypto": "^3.0.0", - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/sha256-js": "^5.2.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" }, "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "requires": { + "tslib": "^2.6.2" + } + }, + "@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "requires": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", + "requires": { + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" + } } } }, "@aws-crypto/sha256-js": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", - "integrity": "sha512-PnNN7os0+yd1XvXAy23CFOmTbMaDxgxXtTKHybrJ39Y8kGzBATgBFibWJKH6BhytLI/Zyszs87xCOBNyBig6vQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz", + "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==", "requires": { - "@aws-crypto/util": "^3.0.0", + "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/supports-web-crypto": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", - "integrity": "sha512-06hBdMwUAb2WFTuGG73LSC0wfPu93xWwo5vL2et9eymgmu3Id5vFAHBbajVWiGhPO37qcsdCap/FqXvJGJWPIg==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz", + "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==", "requires": { - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } + "tslib": "^2.6.2" } }, "@aws-crypto/util": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", - "integrity": "sha512-2OJlpeJpCR48CC8r+uKVChzs9Iungj9wkZrl8Z041DWEWvyIHILYKCPNzJghKsivj+S3mLo6BVc7mBNzdxA46w==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz", + "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==", "requires": { "@aws-sdk/types": "^3.222.0", - "@aws-sdk/util-utf8-browser": "^3.0.0", - "tslib": "^1.11.1" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - } - } - }, - "@aws-sdk/client-s3": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.421.0.tgz", - "integrity": "sha512-vUXTY4toeHDf5EY2kOn04Ww9vTW2IVGy4+cymFp1cz5QT7g9KKj4Okj5DMdPld2y7wjgc+J/viTWEf26By49vw==", - "requires": { - "@aws-crypto/sha1-browser": "3.0.0", - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/client-sts": "3.421.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-bucket-endpoint": "3.418.0", - "@aws-sdk/middleware-expect-continue": "3.418.0", - "@aws-sdk/middleware-flexible-checksums": "3.418.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-location-constraint": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-s3": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-ssec": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/signature-v4-multi-region": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@aws-sdk/xml-builder": "3.310.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/eventstream-serde-browser": "^2.0.9", - "@smithy/eventstream-serde-config-resolver": "^2.0.9", - "@smithy/eventstream-serde-node": "^2.0.9", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-blob-browser": "^2.0.9", - "@smithy/hash-node": "^2.0.9", - "@smithy/hash-stream-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/md5-js": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-stream": "^2.0.12", "@smithy/util-utf8": "^2.0.0", - "@smithy/util-waiter": "^2.0.9", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" + "tslib": "^2.6.2" }, "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", + "@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "requires": { + "tslib": "^2.6.2" + } + }, + "@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "requires": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" } } } }, + "@aws-sdk/client-s3": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.623.0.tgz", + "integrity": "sha512-vEroSYEtbp5n289xsQnnAhKxg3R5NGkbhKXWpW1m7GGDsFihwVT9CVsDHpIW2Hvezz5ob65gB4ZAYMnJWZuUpA==", + "requires": { + "@aws-crypto/sha1-browser": "5.2.0", + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/client-sts": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-bucket-endpoint": "3.620.0", + "@aws-sdk/middleware-expect-continue": "3.620.0", + "@aws-sdk/middleware-flexible-checksums": "3.620.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-location-constraint": "3.609.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/middleware-signing": "3.620.0", + "@aws-sdk/middleware-ssec": "3.609.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/signature-v4-multi-region": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@aws-sdk/xml-builder": "3.609.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/eventstream-serde-browser": "^3.0.5", + "@smithy/eventstream-serde-config-resolver": "^3.0.3", + "@smithy/eventstream-serde-node": "^3.0.4", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-blob-browser": "^3.1.2", + "@smithy/hash-node": "^3.0.3", + "@smithy/hash-stream-node": "^3.1.2", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/md5-js": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "@smithy/util-waiter": "^3.1.2", + "tslib": "^2.6.2" + } + }, "@aws-sdk/client-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.421.0.tgz", - "integrity": "sha512-40CmW7K2/FZEn3CbOjbpRYeVjKu6aJQlpRHcAgEJGNoVEAnRA3YNH4H0BN2iWWITfYg3B7sIjMm5VE9fCIK1Ng==", - "requires": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.623.0.tgz", + "integrity": "sha512-oEACriysQMnHIVcNp7TD6D1nzgiHfYK0tmMBMbUxgoFuCBkW9g9QYvspHN+S9KgoePfMEXHuPUe9mtG9AH9XeA==", + "requires": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + } + }, + "@aws-sdk/client-sso-oidc": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.623.0.tgz", + "integrity": "sha512-lMFEXCa6ES/FGV7hpyrppT1PiAkqQb51AbG0zVU3TIgI2IO4XX02uzMUXImRSRqRpGymRCbJCaCs9LtKvS/37Q==", + "requires": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/client-sts": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.421.0.tgz", - "integrity": "sha512-/92NOZMcdkBcvGrINk5B/l+6DGcVzYE4Ab3ME4vcY9y//u2gd0yNn5YYRSzzjVBLvhDP3u6CbTfLX2Bm4qihPw==", - "requires": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/credential-provider-node": "3.421.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-sdk-sts": "3.418.0", - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/region-config-resolver": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "fast-xml-parser": "4.2.5", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.623.0.tgz", + "integrity": "sha512-iJNdx76SOw0YjHAUv8aj3HXzSu3TKI7qSGuR+OGATwA/kpJZDd+4+WYBdGtr8YK+hPrGGqhfecuCkEg805O5iA==", + "requires": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/client-sso-oidc": "3.623.0", + "@aws-sdk/core": "3.623.0", + "@aws-sdk/credential-provider-node": "3.623.0", + "@aws-sdk/middleware-host-header": "3.620.0", + "@aws-sdk/middleware-logger": "3.609.0", + "@aws-sdk/middleware-recursion-detection": "3.620.0", + "@aws-sdk/middleware-user-agent": "3.620.0", + "@aws-sdk/region-config-resolver": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@aws-sdk/util-user-agent-browser": "3.609.0", + "@aws-sdk/util-user-agent-node": "3.614.0", + "@smithy/config-resolver": "^3.0.5", + "@smithy/core": "^2.3.2", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/hash-node": "^3.0.3", + "@smithy/invalid-dependency": "^3.0.3", + "@smithy/middleware-content-length": "^3.0.5", + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-body-length-browser": "^3.0.0", + "@smithy/util-body-length-node": "^3.0.0", + "@smithy/util-defaults-mode-browser": "^3.0.14", + "@smithy/util-defaults-mode-node": "^3.0.14", + "@smithy/util-endpoints": "^2.0.5", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" + } + }, + "@aws-sdk/core": { + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.623.0.tgz", + "integrity": "sha512-8Toq3X6trX/67obSdh4K0MFQY4f132bEbr1i0YPDWk/O3KdBt12mLC/sW3aVRnlIs110XMuX9yrWWqJ8fDW10g==", + "requires": { + "@smithy/core": "^2.3.2", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "fast-xml-parser": "4.4.1", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-env": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.418.0.tgz", - "integrity": "sha512-e74sS+x63EZUBO+HaI8zor886YdtmULzwKdctsZp5/37Xho1CVUNtEC+fYa69nigBD9afoiH33I4JggaHgrekQ==", + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.620.1.tgz", + "integrity": "sha512-ExuILJ2qLW5ZO+rgkNRj0xiAipKT16Rk77buvPP8csR7kkCflT/gXTyzRe/uzIiETTxM7tr8xuO9MP/DQXqkfg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" + } + }, + "@aws-sdk/credential-provider-http": { + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.622.0.tgz", + "integrity": "sha512-VUHbr24Oll1RK3WR8XLUugLpgK9ZuxEm/NVeVqyFts1Ck9gsKpRg1x4eH7L7tW3SJ4TDEQNMbD7/7J+eoL2svg==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-ini": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.421.0.tgz", - "integrity": "sha512-J5yH/gkpAk6FMeH5F9u5Nr6oG+97tj1kkn5q49g3XMbtWw7GiynadxdtoRBCeIg1C7o2LOQx4B1AnhNhIw1z/g==", - "requires": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.623.0.tgz", + "integrity": "sha512-kvXA1SwGneqGzFwRZNpESitnmaENHGFFuuTvgGwtMe7mzXWuA/LkXdbiHmdyAzOo0iByKTCD8uetuwh3CXy4Pw==", + "requires": { + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-node": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.421.0.tgz", - "integrity": "sha512-g1dvdvfDj0u8B/gOsHR3o1arP4O4QE/dFm2IJBYr/eUdKISMUgbQULWtg4zdtAf0Oz4xN0723i7fpXAF1gTnRA==", - "requires": { - "@aws-sdk/credential-provider-env": "3.418.0", - "@aws-sdk/credential-provider-ini": "3.421.0", - "@aws-sdk/credential-provider-process": "3.418.0", - "@aws-sdk/credential-provider-sso": "3.421.0", - "@aws-sdk/credential-provider-web-identity": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/credential-provider-imds": "^2.0.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.623.0.tgz", + "integrity": "sha512-qDwCOkhbu5PfaQHyuQ+h57HEx3+eFhKdtIw7aISziWkGdFrMe07yIBd7TJqGe4nxXnRF1pfkg05xeOlMId997g==", + "requires": { + "@aws-sdk/credential-provider-env": "3.620.1", + "@aws-sdk/credential-provider-http": "3.622.0", + "@aws-sdk/credential-provider-ini": "3.623.0", + "@aws-sdk/credential-provider-process": "3.620.1", + "@aws-sdk/credential-provider-sso": "3.623.0", + "@aws-sdk/credential-provider-web-identity": "3.621.0", + "@aws-sdk/types": "3.609.0", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-process": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.418.0.tgz", - "integrity": "sha512-xPbdm2WKz1oH6pTkrJoUmr3OLuqvvcPYTQX0IIlc31tmDwDWPQjXGGFD/vwZGIZIkKaFpFxVMgAzfFScxox7dw==", + "version": "3.620.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.620.1.tgz", + "integrity": "sha512-hWqFMidqLAkaV9G460+1at6qa9vySbjQKKc04p59OT7lZ5cO5VH5S4aI05e+m4j364MBROjjk2ugNvfNf/8ILg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-sso": { - "version": "3.421.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.421.0.tgz", - "integrity": "sha512-f8T3L5rhImL6T6RTSvbOxaWw9k2fDOT2DZbNjcPz9ITWmwXj2NNbdHGWuRi3dv2HoY/nW2IJdNxnhdhbn6Fc1A==", - "requires": { - "@aws-sdk/client-sso": "3.421.0", - "@aws-sdk/token-providers": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.623.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.623.0.tgz", + "integrity": "sha512-70LZhUb3l7cttEsg4A0S4Jq3qrCT/v5Jfyl8F7w1YZJt5zr3oPPcvDJxo/UYckFz4G4/5BhGa99jK8wMlNE9QA==", + "requires": { + "@aws-sdk/client-sso": "3.623.0", + "@aws-sdk/token-providers": "3.614.0", + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/credential-provider-web-identity": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.418.0.tgz", - "integrity": "sha512-do7ang565n9p3dS1JdsQY01rUfRx8vkxQqz5M8OlcEHBNiCdi2PvSjNwcBdrv/FKkyIxZb0TImOfBSt40hVdxQ==", + "version": "3.621.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.621.0.tgz", + "integrity": "sha512-w7ASSyfNvcx7+bYGep3VBgC3K6vEdLmlpjT7nSIHxxQf+WSdvy+HynwJosrpZax0sK5q0D1Jpn/5q+r5lwwW6w==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-bucket-endpoint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.418.0.tgz", - "integrity": "sha512-gj/mj1UfbKkGbQ1N4YUvjTTp8BVs5fO1QAL2AjFJ+jfJOToLReX72aNEkm7sPGbHML0TqOY4cQbJuWYy+zdD5g==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.620.0.tgz", + "integrity": "sha512-eGLL0W6L3HDb3OACyetZYOWpHJ+gLo0TehQKeQyy2G8vTYXqNTeqYhuI6up9HVjBzU9eQiULVQETmgQs7TFaRg==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-expect-continue": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.418.0.tgz", - "integrity": "sha512-6x4rcIj685EmqDLQkbWoCur3Dg5DRClHMen6nHXmD3CR5Xyt3z1Gk/+jmZICxyJo9c6M4AeZht8o95BopkmYAQ==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.620.0.tgz", + "integrity": "sha512-QXeRFMLfyQ31nAHLbiTLtk0oHzG9QLMaof5jIfqcUwnOkO8YnQdeqzakrg1Alpy/VQ7aqzIi8qypkBe2KXZz0A==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-flexible-checksums": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.418.0.tgz", - "integrity": "sha512-3O203dqS2JU5P1TAAbo7p1qplXQh59pevw9nqzPVb3EG8B+mSucVf2kKmF7kGHqKSk+nK/mB/4XGSsZBzGt6Wg==", - "requires": { - "@aws-crypto/crc32": "3.0.0", - "@aws-crypto/crc32c": "3.0.0", - "@aws-sdk/types": "3.418.0", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.620.0.tgz", + "integrity": "sha512-ftz+NW7qka2sVuwnnO1IzBku5ccP+s5qZGeRTPgrKB7OzRW85gthvIo1vQR2w+OwHFk7WJbbhhWwbCbktnP4UA==", + "requires": { + "@aws-crypto/crc32": "5.2.0", + "@aws-crypto/crc32c": "5.2.0", + "@aws-sdk/types": "3.609.0", + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-host-header": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.418.0.tgz", - "integrity": "sha512-LrMTdzalkPw/1ujLCKPLwCGvPMCmT4P+vOZQRbSEVZPnlZk+Aj++aL/RaHou0jL4kJH3zl8iQepriBt4a7UvXQ==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.620.0.tgz", + "integrity": "sha512-VMtPEZwqYrII/oUkffYsNWY9PZ9xpNJpMgmyU0rlDQ25O1c0Hk3fJmZRe6pEkAJ0omD7kLrqGl1DUjQVxpd/Rg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-location-constraint": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.418.0.tgz", - "integrity": "sha512-cc8M3VEaESHJhDsDV8tTpt2QYUprDWhvAVVSlcL43cTdZ54Quc0W+toDiaVOUlwrAZz2Y7g5NDj22ibJGFbOvw==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.609.0.tgz", + "integrity": "sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-logger": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.418.0.tgz", - "integrity": "sha512-StKGmyPVfoO/wdNTtKemYwoJsqIl4l7oqarQY7VSf2Mp3mqaa+njLViHsQbirYpyqpgUEusOnuTlH5utxJ1NsQ==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.609.0.tgz", + "integrity": "sha512-S62U2dy4jMDhDFDK5gZ4VxFdWzCtLzwbYyFZx2uvPYTECkepLUfzLic2BHg2Qvtu4QjX+oGE3P/7fwaGIsGNuQ==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-recursion-detection": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.418.0.tgz", - "integrity": "sha512-kKFrIQglBLUFPbHSDy1+bbe3Na2Kd70JSUC3QLMbUHmqipXN8KeXRfAj7vTv97zXl0WzG0buV++WcNwOm1rFjg==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.620.0.tgz", + "integrity": "sha512-nh91S7aGK3e/o1ck64sA/CyoFw+gAYj2BDOnoNa6ouyCrVJED96ZXWbhye/fz9SgmNUZR2g7GdVpiLpMKZoI5w==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-sdk-s3": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.418.0.tgz", - "integrity": "sha512-rei32LF45SyqL3NlWDjEOfMwAca9A5F4QgUyXJqvASc43oWC1tJnLIhiCxNh8qkWAiRyRzFpcanTeqyaRSsZpA==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-arn-parser": "3.310.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } - } - }, - "@aws-sdk/middleware-sdk-sts": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.418.0.tgz", - "integrity": "sha512-cW8ijrCTP+mgihvcq4+TbhAcE/we5lFl4ydRqvTdtcSnYQAVQADg47rnTScQiFsPFEB3NKq7BGeyTJF9MKolPA==", - "requires": { - "@aws-sdk/middleware-signing": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.622.0.tgz", + "integrity": "sha512-tX9wZ2ALx5Ez4bkY+SvSj6DpNZ6TmY4zlsVsdgV95LZFLjNwqnZkKkS+uKnsIyLBiBp6g92JVQwnUEIp7ov2Zw==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-arn-parser": "3.568.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-stream": "^3.1.3", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-signing": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.418.0.tgz", - "integrity": "sha512-onvs5KoYQE8OlOE740RxWBGtsUyVIgAo0CzRKOQO63ZEYqpL1Os+MS1CGzdNhvQnJgJruE1WW+Ix8fjN30zKPA==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.620.0.tgz", + "integrity": "sha512-gxI7rubiaanUXaLfJ4NybERa9MGPNg2Ycl/OqANsozrBnR3Pw8vqy3EuVImQOyn2pJ2IFvl8ZPoSMHf4pX56FQ==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-ssec": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.418.0.tgz", - "integrity": "sha512-J7K+5h6aP7IYMlu/NwHEIjb0+WDu1eFvO8TCPo6j1H9xYRi8B/6h+6pa9Rk9IgRUzFnrdlDu9FazG8Tp0KKLyg==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.609.0.tgz", + "integrity": "sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/middleware-user-agent": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.418.0.tgz", - "integrity": "sha512-Jdcztg9Tal9SEAL0dKRrnpKrm6LFlWmAhvuwv0dQ7bNTJxIxyEFbpqdgy7mpQHsLVZgq1Aad/7gT/72c9igyZw==", + "version": "3.620.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.620.0.tgz", + "integrity": "sha512-bvS6etn+KsuL32ubY5D3xNof1qkenpbJXf/ugGXbg0n98DvDFQ/F+SMLxHgbnER5dsKYchNnhmtI6/FC3HFu/A==", "requires": { - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@aws-sdk/util-endpoints": "3.614.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/region-config-resolver": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.418.0.tgz", - "integrity": "sha512-lJRZ/9TjZU6yLz+mAwxJkcJZ6BmyYoIJVo1p5+BN//EFdEmC8/c0c9gXMRzfISV/mqWSttdtccpAyN4/goHTYA==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.614.0.tgz", + "integrity": "sha512-vDCeMXvic/LU0KFIUjpC3RiSTIkkvESsEfbVHiHH0YINfl8HnEqR5rj+L8+phsCeVg2+LmYwYxd5NRz4PHxt5g==", "requires": { - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "@smithy/util-config-provider": "^2.0.0", - "@smithy/util-middleware": "^2.0.2", - "tslib": "^2.5.0" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@aws-sdk/signature-v4-multi-region": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.418.0.tgz", - "integrity": "sha512-LeVYMZeUQUURFqDf4yZxTEv016g64hi0LqYBjU0mjwd8aPc0k6hckwvshezc80jCNbuLyjNfQclvlg3iFliItQ==", + "version": "3.622.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.622.0.tgz", + "integrity": "sha512-K7ddofVNzwTFRjmLZLfs/v+hiE9m5LguajHk8WULxXQgkcDI3nPgOfmMMGuslYohaQhRwW+ic+dzYlateLUudQ==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/signature-v4": "^2.0.0", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/middleware-sdk-s3": "3.622.0", + "@aws-sdk/types": "3.609.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/signature-v4": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/token-providers": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.418.0.tgz", - "integrity": "sha512-9P7Q0VN0hEzTngy3Sz5eya2qEOEf0Q8qf1vB3um0gE6ID6EVAdz/nc/DztfN32MFxk8FeVBrCP5vWdoOzmd72g==", - "requires": { - "@aws-crypto/sha256-browser": "3.0.0", - "@aws-crypto/sha256-js": "3.0.0", - "@aws-sdk/middleware-host-header": "3.418.0", - "@aws-sdk/middleware-logger": "3.418.0", - "@aws-sdk/middleware-recursion-detection": "3.418.0", - "@aws-sdk/middleware-user-agent": "3.418.0", - "@aws-sdk/types": "3.418.0", - "@aws-sdk/util-endpoints": "3.418.0", - "@aws-sdk/util-user-agent-browser": "3.418.0", - "@aws-sdk/util-user-agent-node": "3.418.0", - "@smithy/config-resolver": "^2.0.10", - "@smithy/fetch-http-handler": "^2.1.5", - "@smithy/hash-node": "^2.0.9", - "@smithy/invalid-dependency": "^2.0.9", - "@smithy/middleware-content-length": "^2.0.11", - "@smithy/middleware-endpoint": "^2.0.9", - "@smithy/middleware-retry": "^2.0.12", - "@smithy/middleware-serde": "^2.0.9", - "@smithy/middleware-stack": "^2.0.2", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/node-http-handler": "^2.1.5", - "@smithy/property-provider": "^2.0.0", - "@smithy/protocol-http": "^3.0.5", - "@smithy/shared-ini-file-loader": "^2.0.6", - "@smithy/smithy-client": "^2.1.6", - "@smithy/types": "^2.3.3", - "@smithy/url-parser": "^2.0.9", - "@smithy/util-base64": "^2.0.0", - "@smithy/util-body-length-browser": "^2.0.0", - "@smithy/util-body-length-node": "^2.1.0", - "@smithy/util-defaults-mode-browser": "^2.0.10", - "@smithy/util-defaults-mode-node": "^2.0.12", - "@smithy/util-retry": "^2.0.2", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.614.0.tgz", + "integrity": "sha512-okItqyY6L9IHdxqs+Z116y5/nda7rHxLvROxtAJdLavWTYDydxrZstImNgGWTeVdmc0xX2gJCI77UYUTQWnhRw==", + "requires": { + "@aws-sdk/types": "3.609.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/types": { - "version": "3.433.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.433.0.tgz", - "integrity": "sha512-0jEE2mSrNDd8VGFjTc1otYrwYPIkzZJEIK90ZxisKvQ/EURGBhNzWn7ejWB9XCMFT6XumYLBR0V9qq5UPisWtA==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.609.0.tgz", + "integrity": "sha512-+Tqnh9w0h2LcrUsdXyT1F8mNhXz+tVYBtP19LpeEGntmvHwa2XzvLUCWpoIAIVsHp5+HdB2X9Sn0KAtmbFXc2Q==", "requires": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/util-arn-parser": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.310.0.tgz", - "integrity": "sha512-jL8509owp/xB9+Or0pvn3Fe+b94qfklc2yPowZZIFAkFcCSIdkIglz18cPDWnYAcy9JGewpMS1COXKIUhZkJsA==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "integrity": "sha512-XUKJWWo+KOB7fbnPP0+g/o5Ulku/X53t7i/h+sPHr5xxYTJJ9CYnbToo95mzxe7xWvkLrsNtJ8L+MnNn9INs2w==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@aws-sdk/util-endpoints": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.418.0.tgz", - "integrity": "sha512-sYSDwRTl7yE7LhHkPzemGzmIXFVHSsi3AQ1KeNEk84eBqxMHHcCc2kqklaBk2roXWe50QDgRMy1ikZUxvtzNHQ==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.614.0.tgz", + "integrity": "sha512-wK2cdrXHH4oz4IomV/yrGkftU9A+ITB6nFL+rxxyO78is2ifHJpFdV4aqk4LSkXYPi6CXWNru/Dqc7yiKXgJPw==", "requires": { - "@aws-sdk/types": "3.418.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", + "@smithy/util-endpoints": "^2.0.5", + "tslib": "^2.6.2" } }, "@aws-sdk/util-locate-window": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.310.0.tgz", - "integrity": "sha512-qo2t/vBTnoXpjKxlsC2e1gBrRm80M3bId27r0BRB2VniSSe7bL1mmzM+/HFtujm0iAxtPM+aLEflLJlJeDPg0w==", + "version": "3.568.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.568.0.tgz", + "integrity": "sha512-3nh4TINkXYr+H41QaPelCceEB2FXP3fxp93YZXB/kqJvX0U9j0N0Uk45gvsjmEPzG8XxkPEeLIfT2I1M7A6Lig==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@aws-sdk/util-user-agent-browser": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.418.0.tgz", - "integrity": "sha512-c4p4mc0VV/jIeNH0lsXzhJ1MpWRLuboGtNEpqE4s1Vl9ck2amv9VdUUZUmHbg+bVxlMgRQ4nmiovA4qIrqGuyg==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.609.0.tgz", + "integrity": "sha512-fojPU+mNahzQ0YHYBsx0ZIhmMA96H+ZIZ665ObU9tl+SGdbLneVZVikGve+NmHTQwHzwkFsZYYnVKAkreJLAtA==", "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/types": "^2.3.3", + "@aws-sdk/types": "3.609.0", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } + "tslib": "^2.6.2" } }, "@aws-sdk/util-user-agent-node": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.418.0.tgz", - "integrity": "sha512-BXMskXFtg+dmzSCgmnWOffokxIbPr1lFqa1D9kvM3l3IFRiFGx2IyDg+8MAhq11aPDLvoa/BDuQ0Yqma5izOhg==", - "requires": { - "@aws-sdk/types": "3.418.0", - "@smithy/node-config-provider": "^2.0.12", - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - }, - "dependencies": { - "@aws-sdk/types": { - "version": "3.418.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.418.0.tgz", - "integrity": "sha512-y4PQSH+ulfFLY0+FYkaK4qbIaQI9IJNMO2xsxukW6/aNoApNymN1D2FSi2la8Qbp/iPjNDKsG8suNPm9NtsWXQ==", - "requires": { - "@smithy/types": "^2.3.3", - "tslib": "^2.5.0" - } - } - } - }, - "@aws-sdk/util-utf8-browser": { - "version": "3.259.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", - "integrity": "sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw==", + "version": "3.614.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.614.0.tgz", + "integrity": "sha512-15ElZT88peoHnq5TEoEtZwoXTXRxNrk60TZNdpl/TUBJ5oNJ9Dqb5Z4ryb8ofN6nm9aFf59GVAerFDz8iUoHBA==", "requires": { - "tslib": "^2.3.1" + "@aws-sdk/types": "3.609.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@aws-sdk/xml-builder": { - "version": "3.310.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.310.0.tgz", - "integrity": "sha512-TqELu4mOuSIKQCqj63fGVs86Yh+vBx5nHRpWKNUNhB2nPTpfbziTs5c1X358be3peVWA4wPxW7Nt53KIg1tnNw==", + "version": "3.609.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.609.0.tgz", + "integrity": "sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==", "requires": { - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/abort-controller": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-2.0.16.tgz", - "integrity": "sha512-4foO7738k8kM9flMHu3VLabqu7nPgvIj8TB909S0CnKx0YZz/dcDH3pZ/4JHdatfxlZdKF1JWOYCw9+v3HVVsw==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.1.tgz", + "integrity": "sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/chunked-blob-reader": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-2.0.0.tgz", - "integrity": "sha512-k+J4GHJsMSAIQPChGBrjEmGS+WbPonCXesoqP9fynIqjn7rdOThdH8FAeCmokP9mxTYKQAKoHCLPzNlm6gh7Wg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "integrity": "sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/chunked-blob-reader-native": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-2.0.0.tgz", - "integrity": "sha512-HM8V2Rp1y8+1343tkZUKZllFhEQPNmpNdgFAncbTsxkZ18/gqjk23XXv3qGyXWp412f3o43ZZ1UZHVcHrpRnCQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "integrity": "sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==", "requires": { - "@smithy/util-base64": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/config-resolver": { - "version": "2.0.23", - "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-2.0.23.tgz", - "integrity": "sha512-XakUqgtP2YY8Mi+Nlif5BiqJgWdvfxJafSpOSQeCOMizu+PUhE4fBQSy6xFcR+eInrwVadaABNxoJyGUMn15ew==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.5.tgz", + "integrity": "sha512-SkW5LxfkSI1bUC74OtfBbdz+grQXYiPYolyu8VfpLIjEoN/sHVBlLeGXMQ1vX4ejkgfv6sxVbQJ32yF2cl1veA==", + "requires": { + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-config-provider": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" + } + }, + "@smithy/core": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.3.2.tgz", + "integrity": "sha512-in5wwt6chDBcUv1Lw1+QzZxN9fBffi+qOixfb65yK4sDuKG7zAUO9HAFqmVzsZM3N+3tTyvZjtnDXePpvp007Q==", "requires": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/types": "^2.8.0", - "@smithy/util-config-provider": "^2.1.0", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-retry": "^3.0.14", + "@smithy/middleware-serde": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@smithy/credential-provider-imds": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-2.1.5.tgz", - "integrity": "sha512-VfvE6Wg1MUWwpTZFBnUD7zxvPhLY8jlHCzu6bCjlIYoWgXCDzZAML76IlZUEf45nib3rjehnFgg0s1rgsuN/bg==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.0.tgz", + "integrity": "sha512-0SCIzgd8LYZ9EJxUjLXBmEKSZR/P/w6l7Rz/pab9culE/RWuqelAKGJvn5qUOl8BgX8Yj5HWM50A5hiB/RzsgA==", "requires": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "tslib": "^2.6.2" } }, "@smithy/eventstream-codec": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-2.0.16.tgz", - "integrity": "sha512-umYh5pdCE9GHgiMAH49zu9wXWZKNHHdKPm/lK22WYISTjqu29SepmpWNmPiBLy/yUu4HFEGJHIFrDWhbDlApaw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.2.tgz", + "integrity": "sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==", "requires": { - "@aws-crypto/crc32": "3.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "tslib": "^2.5.0" + "@aws-crypto/crc32": "5.2.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-2.0.12.tgz", - "integrity": "sha512-0pi8QlU/pwutNshoeJcbKR1p7Ie5STd8UFAMX5xhSoSJjNlxIv/OsHbF023jscMRN2Prrqd6ToGgdCnsZVQjvg==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.5.tgz", + "integrity": "sha512-dEyiUYL/ekDfk+2Ra4GxV+xNnFoCmk1nuIXg+fMChFTrM2uI/1r9AdiTYzPqgb72yIv/NtAj6C3dG//1wwgakQ==", "requires": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-config-resolver": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-2.0.12.tgz", - "integrity": "sha512-I0XfwQkIX3gAnbrU5rLMkBSjTM9DHttdbLwf12CXmj7SSI5dT87PxtKLRrZGanaCMbdf2yCep+MW5/4M7IbvQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.3.tgz", + "integrity": "sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==", "requires": { - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-2.0.12.tgz", - "integrity": "sha512-vf1vMHGOkG3uqN9x1zKOhnvW/XgvhJXWqjV6zZiT2FMjlEayugQ1mzpSqr7uf89+BzjTzuZKERmOsEAmewLbxw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.4.tgz", + "integrity": "sha512-mjlG0OzGAYuUpdUpflfb9zyLrBGgmQmrobNT8b42ZTsGv/J03+t24uhhtVEKG/b2jFtPIHF74Bq+VUtbzEKOKg==", "requires": { - "@smithy/eventstream-serde-universal": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-serde-universal": "^3.0.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/eventstream-serde-universal": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-2.0.12.tgz", - "integrity": "sha512-xZ3ZNpCxIND+q+UCy7y1n1/5VQEYicgSTNCcPqsKawX+Vd+6OcFX7gUHMyPzL8cZr+GdmJuxNleqHlH4giK2tw==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.4.tgz", + "integrity": "sha512-Od9dv8zh3PgOD7Vj4T3HSuox16n0VG8jJIM2gvKASL6aCtcS8CfHZDWe1Ik3ZXW6xBouU+45Q5wgoliWDZiJ0A==", "requires": { - "@smithy/eventstream-codec": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/eventstream-codec": "^3.1.2", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/fetch-http-handler": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-2.3.2.tgz", - "integrity": "sha512-O9R/OlnAOTsnysuSDjt0v2q6DcSvCz5cCFC/CFAWWcLyBwJDeFyGTCTszgpQTb19+Fi8uRwZE5/3ziAQBFeDMQ==", + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.4.tgz", + "integrity": "sha512-kBprh5Gs5h7ug4nBWZi1FZthdqSM+T7zMmsZxx0IBvWUn7dK3diz2SHn7Bs4dQGFDk8plDv375gzenDoNwrXjg==", "requires": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/hash-blob-browser": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-2.0.12.tgz", - "integrity": "sha512-riLnV16f27yyePX8UF0deRHAeccUK8SrOxyTykSTrnVkgS3DsjNapZtTbd8OGNKEbI60Ncdb5GwN3rHZudXvog==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.2.tgz", + "integrity": "sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==", "requires": { - "@smithy/chunked-blob-reader": "^2.0.0", - "@smithy/chunked-blob-reader-native": "^2.0.0", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/chunked-blob-reader": "^3.0.0", + "@smithy/chunked-blob-reader-native": "^3.0.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/hash-node": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-2.0.18.tgz", - "integrity": "sha512-gN2JFvAgnZCyDN9rJgcejfpK0uPPJrSortVVVVWsru9whS7eQey6+gj2eM5ln2i6rHNntIXzal1Fm9XOPuoaKA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.3.tgz", + "integrity": "sha512-2ctBXpPMG+B3BtWSGNnKELJ7SH9e4TNefJS0cd2eSkOOROeBnnVBnAy9LtJ8tY4vUEoe55N4CNPxzbWvR39iBw==", "requires": { - "@smithy/types": "^2.8.0", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/hash-stream-node": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-2.0.12.tgz", - "integrity": "sha512-x/DrSynPKrW0k00q7aZ/vy531a3mRw79mOajHp+cIF0TrA1SqEMFoy/B8X0XtoAtlJWt/vvgeDNqt/KAeaAqMw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.2.tgz", + "integrity": "sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==", "requires": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/invalid-dependency": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-2.0.16.tgz", - "integrity": "sha512-apEHakT/kmpNo1VFHP4W/cjfeP9U0x5qvfsLJubgp7UM/gq4qYp0GbqdE7QhsjUaYvEnrftRqs7+YrtWreV0wA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.3.tgz", + "integrity": "sha512-ID1eL/zpDULmHJbflb864k72/SNOZCADRc9i7Exq3RUNJw6raWUSlFEQ+3PX3EYs++bTxZB2dE9mEHTQLv61tw==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/is-array-buffer": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.0.0.tgz", - "integrity": "sha512-z3PjFjMyZNI98JFRJi/U0nGoLWMSJlDjAW4QUX2WNZLas5C0CmVV6LJ01JI0k90l7FvpmixjWxPFmENSClQ7ug==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/md5-js": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-2.0.12.tgz", - "integrity": "sha512-OgDt+Xnrw+W5z3MSl5KZZzebqmXrYl9UdbCiBYnnjErmNywwSjV6QB/Oic3/7hnsPniSU81n7Rvlhz2kH4EREQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.3.tgz", + "integrity": "sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==", "requires": { - "@smithy/types": "^2.4.0", - "@smithy/util-utf8": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/middleware-content-length": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-2.0.18.tgz", - "integrity": "sha512-ZJ9uKPTfxYheTKSKYB+GCvcj+izw9WGzRLhjn8n254q0jWLojUzn7Vw0l4R/Gq7Wdpf/qmk/ptD+6CCXHNVCaw==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.5.tgz", + "integrity": "sha512-ILEzC2eyxx6ncej3zZSwMpB5RJ0zuqH7eMptxC4KN3f+v9bqT8ohssKbhNR78k/2tWW+KS5Spw+tbPF4Ejyqvw==", "requires": { - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/middleware-endpoint": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-2.3.0.tgz", - "integrity": "sha512-VsOAG2YQ8ykjSmKO+CIXdJBIWFo6AAvG6Iw95BakBTqk66/4BI7XyqLevoNSq/lZ6NgZv24sLmrcIN+fLDWBCg==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.1.0.tgz", + "integrity": "sha512-5y5aiKCEwg9TDPB4yFE7H6tYvGFf1OJHNczeY10/EFF8Ir8jZbNntQJxMWNfeQjC1mxPsaQ6mR9cvQbf+0YeMw==", "requires": { - "@smithy/middleware-serde": "^2.0.16", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "@smithy/url-parser": "^2.0.16", - "@smithy/util-middleware": "^2.0.9", - "tslib": "^2.5.0" + "@smithy/middleware-serde": "^3.0.3", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/url-parser": "^3.0.3", + "@smithy/util-middleware": "^3.0.3", + "tslib": "^2.6.2" } }, "@smithy/middleware-retry": { - "version": "2.0.26", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-2.0.26.tgz", - "integrity": "sha512-Qzpxo0U5jfNiq9iD38U3e2bheXwvTEX4eue9xruIvEgh+UKq6dKuGqcB66oBDV7TD/mfoJi9Q/VmaiqwWbEp7A==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.14.tgz", + "integrity": "sha512-7ZaWZJOjUxa5hgmuMspyt8v/zVsh0GXYuF7OvCmdcbVa/xbnKQoYC+uYKunAqRGTkxjOyuOCw9rmFUFOqqC0eQ==", "requires": { - "@smithy/node-config-provider": "^2.1.9", - "@smithy/protocol-http": "^3.0.12", - "@smithy/service-error-classification": "^2.0.9", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-retry": "^2.0.9", - "tslib": "^2.5.0", - "uuid": "^8.3.2" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/protocol-http": "^4.1.0", + "@smithy/service-error-classification": "^3.0.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-retry": "^3.0.3", + "tslib": "^2.6.2", + "uuid": "^9.0.1" } }, "@smithy/middleware-serde": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-2.0.16.tgz", - "integrity": "sha512-5EAd4t30pcc4M8TSSGq7q/x5IKrxfXR5+SrU4bgxNy7RPHQo2PSWBUco9C+D9Tfqp/JZvprRpK42dnupZafk2g==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz", + "integrity": "sha512-puUbyJQBcg9eSErFXjKNiGILJGtiqmuuNKEYNYfUD57fUl4i9+mfmThtQhvFXU0hCVG0iEJhvQUipUf+/SsFdA==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/middleware-stack": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-2.0.10.tgz", - "integrity": "sha512-I2rbxctNq9FAPPEcuA1ntZxkTKOPQFy7YBPOaD/MLg1zCvzv21CoNxR0py6J8ZVC35l4qE4nhxB0f7TF5/+Ldw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.3.tgz", + "integrity": "sha512-r4klY9nFudB0r9UdSMaGSyjyQK5adUyPnQN/ZM6M75phTxOdnc/AhpvGD1fQUvgmqjQEBGCwpnPbDm8pH5PapA==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/node-config-provider": { - "version": "2.1.9", - "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-2.1.9.tgz", - "integrity": "sha512-tUyW/9xrRy+s7RXkmQhgYkAPMpTIF8izK4orhHjNFEKR3QZiOCbWB546Y8iB/Fpbm3O9+q0Af9rpywLKJOwtaQ==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.4.tgz", + "integrity": "sha512-YvnElQy8HR4vDcAjoy7Xkx9YT8xZP4cBXcbJSgm/kxmiQu08DwUwj8rkGnyoJTpfl/3xYHH+d8zE+eHqoDCSdQ==", "requires": { - "@smithy/property-provider": "^2.0.17", - "@smithy/shared-ini-file-loader": "^2.2.8", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/property-provider": "^3.1.3", + "@smithy/shared-ini-file-loader": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/node-http-handler": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-2.2.2.tgz", - "integrity": "sha512-XO58TO/Eul/IBQKFKaaBtXJi0ItEQQCT+NI4IiKHCY/4KtqaUT6y/wC1EvDqlA9cP7Dyjdj7FdPs4DyynH3u7g==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.1.4.tgz", + "integrity": "sha512-+UmxgixgOr/yLsUxcEKGH0fMNVteJFGkmRltYFHnBMlogyFdpzn2CwqWmxOrfJELhV34v0WSlaqG1UtE1uXlJg==", "requires": { - "@smithy/abort-controller": "^2.0.16", - "@smithy/protocol-http": "^3.0.12", - "@smithy/querystring-builder": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/protocol-http": "^4.1.0", + "@smithy/querystring-builder": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/property-provider": { - "version": "2.0.17", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-2.0.17.tgz", - "integrity": "sha512-+VkeZbVu7qtQ2DjI48Qwaf9fPOr3gZIwxQpuLJgRRSkWsdSvmaTCxI3gzRFKePB63Ts9r4yjn4HkxSCSkdWmcQ==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.3.tgz", + "integrity": "sha512-zahyOVR9Q4PEoguJ/NrFP4O7SMAfYO1HLhB18M+q+Z4KFd4V2obiMnlVoUFzFLSPeVt1POyNWneHHrZaTMoc/g==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/protocol-http": { - "version": "3.0.12", - "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-3.0.12.tgz", - "integrity": "sha512-Xz4iaqLiaBfbQpB9Hgi3VcZYbP7xRDXYhd8XWChh4v94uw7qwmvlxdU5yxzfm6ACJM66phHrTbS5TVvj5uQ72w==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.0.tgz", + "integrity": "sha512-dPVoHYQ2wcHooGXg3LQisa1hH0e4y0pAddPMeeUPipI1tEOqL6A4N0/G7abeq+K8wrwSgjk4C0wnD1XZpJm5aA==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/querystring-builder": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-2.0.16.tgz", - "integrity": "sha512-Q/GsJT0C0mijXMRs7YhZLLCP5FcuC4797lYjKQkME5CZohnLC4bEhylAd2QcD3gbMKNjCw8+T2I27WKiV/wToA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz", + "integrity": "sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw==", "requires": { - "@smithy/types": "^2.8.0", - "@smithy/util-uri-escape": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "@smithy/util-uri-escape": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/querystring-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-2.0.16.tgz", - "integrity": "sha512-c4ueAuL6BDYKWpkubjrQthZKoC3L5kql5O++ovekNxiexRXTlLIVlCR4q3KziOktLIw66EU9SQljPXd/oN6Okg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.3.tgz", + "integrity": "sha512-zahM1lQv2YjmznnfQsWbYojFe55l0SLG/988brlLv1i8z3dubloLF+75ATRsqPBboUXsW6I9CPGE5rQgLfY0vQ==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/service-error-classification": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-2.0.9.tgz", - "integrity": "sha512-0K+8GvtwI7VkGmmInPydM2XZyBfIqLIbfR7mDQ+oPiz8mIinuHbV6sxOLdvX1Jv/myk7XTK9orgt3tuEpBu/zg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.3.tgz", + "integrity": "sha512-Jn39sSl8cim/VlkLsUhRFq/dKDnRUFlfRkvhOJaUbLBXUsLRLNf9WaxDv/z9BjuQ3A6k/qE8af1lsqcwm7+DaQ==", "requires": { - "@smithy/types": "^2.8.0" + "@smithy/types": "^3.3.0" } }, "@smithy/shared-ini-file-loader": { - "version": "2.2.8", - "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-2.2.8.tgz", - "integrity": "sha512-E62byatbwSWrtq9RJ7xN40tqrRKDGrEL4EluyNpaIDvfvet06a/QC58oHw2FgVaEgkj0tXZPjZaKrhPfpoU0qw==", + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.4.tgz", + "integrity": "sha512-qMxS4hBGB8FY2GQqshcRUy1K6k8aBWP5vwm8qKkCT3A9K2dawUwOIJfqh9Yste/Bl0J2lzosVyrXDj68kLcHXQ==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/signature-v4": { - "version": "2.0.19", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-2.0.19.tgz", - "integrity": "sha512-nwc3JihdM+kcJjtORv/n7qRHN2Kfh7S2RJI2qr8pz9UcY5TD8rSCRGQ0g81HgyS3jZ5X9U/L4p014P3FonBPhg==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.1.0.tgz", + "integrity": "sha512-aRryp2XNZeRcOtuJoxjydO6QTaVhxx/vjaR+gx7ZjaFgrgPRyZ3HCTbfwqYj6ZWEBHkCSUfcaymKPURaByukag==", "requires": { - "@smithy/eventstream-codec": "^2.0.16", - "@smithy/is-array-buffer": "^2.0.0", - "@smithy/types": "^2.8.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-middleware": "^2.0.9", - "@smithy/util-uri-escape": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-middleware": "^3.0.3", + "@smithy/util-uri-escape": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/smithy-client": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-2.2.1.tgz", - "integrity": "sha512-SpD7FLK92XV2fon2hMotaNDa2w5VAy5/uVjP9WFmjGSgWM8pTPVkHcDl1yFs5Z8LYbij0FSz+DbCBK6i+uXXUA==", + "version": "3.1.12", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.12.tgz", + "integrity": "sha512-wtm8JtsycthkHy1YA4zjIh2thJgIQ9vGkoR639DBx5lLlLNU0v4GARpQZkr2WjXue74nZ7MiTSWfVrLkyD8RkA==", "requires": { - "@smithy/middleware-endpoint": "^2.3.0", - "@smithy/middleware-stack": "^2.0.10", - "@smithy/protocol-http": "^3.0.12", - "@smithy/types": "^2.8.0", - "@smithy/util-stream": "^2.0.24", - "tslib": "^2.5.0" + "@smithy/middleware-endpoint": "^3.1.0", + "@smithy/middleware-stack": "^3.0.3", + "@smithy/protocol-http": "^4.1.0", + "@smithy/types": "^3.3.0", + "@smithy/util-stream": "^3.1.3", + "tslib": "^2.6.2" } }, "@smithy/types": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-2.8.0.tgz", - "integrity": "sha512-h9sz24cFgt/W1Re22OlhQKmUZkNh244ApgRsUDYinqF8R+QgcsBIX344u2j61TPshsTz3CvL6HYU1DnQdsSrHA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.3.0.tgz", + "integrity": "sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/url-parser": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-2.0.16.tgz", - "integrity": "sha512-Wfz5WqAoRT91TjRy1JeLR0fXtkIXHGsMbgzKFTx7E68SrZ55TB8xoG+vm11Ru4gheFTMXjAjwAxv1jQdC+pAQA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.3.tgz", + "integrity": "sha512-pw3VtZtX2rg+s6HMs6/+u9+hu6oY6U7IohGhVNnjbgKy86wcIsSZwgHrFR+t67Uyxvp4Xz3p3kGXXIpTNisq8A==", "requires": { - "@smithy/querystring-parser": "^2.0.16", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/querystring-parser": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-base64": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-2.0.1.tgz", - "integrity": "sha512-DlI6XFYDMsIVN+GH9JtcRp3j02JEVuWIn/QOZisVzpIAprdsxGveFed0bjbMRCqmIFe8uetn5rxzNrBtIGrPIQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "integrity": "sha512-Kxvoh5Qtt0CDsfajiZOCpJxgtPHXOKwmM+Zy4waD43UoEMA+qPxxa98aE/7ZhdnBFZFXMOiBR5xbcaMhLtznQQ==", "requires": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-body-length-browser": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-2.0.1.tgz", - "integrity": "sha512-NXYp3ttgUlwkaug4bjBzJ5+yIbUbUx8VsSLuHZROQpoik+gRkIBeEG9MPVYfvPNpuXb/puqodeeUXcKFe7BLOQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "integrity": "sha512-cbjJs2A1mLYmqmyVl80uoLTJhAcfzMOyPgjwAYusWKMdLeNtzmMz9YxNl3/jRLoxSS3wkqkf0jwNdtXWtyEBaQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-body-length-node": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-2.1.0.tgz", - "integrity": "sha512-/li0/kj/y3fQ3vyzn36NTLGmUwAICb7Jbe/CsWCktW363gh1MOcpEcSO3mJ344Gv2dqz8YJCLQpb6hju/0qOWw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "integrity": "sha512-Tj7pZ4bUloNUP6PzwhN7K386tmSmEET9QtQg0TgdNOnxhZvCssHji+oZTUIuzxECRfG8rdm2PMw2WCFs6eIYkA==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-buffer-from": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.0.0.tgz", - "integrity": "sha512-/YNnLoHsR+4W4Vf2wL5lGv0ksg8Bmk3GEGxn2vEQt52AQaPSCuaO5PM5VM7lP1K9qHRKHwrPGktqVoAHKWHxzw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==", "requires": { - "@smithy/is-array-buffer": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/is-array-buffer": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-config-provider": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-2.1.0.tgz", - "integrity": "sha512-S6V0JvvhQgFSGLcJeT1CBsaTR03MM8qTuxMH9WPCCddlSo2W0V5jIHimHtIQALMLEDPGQ0ROSRr/dU0O+mxiQg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "integrity": "sha512-pbjk4s0fwq3Di/ANL+rCvJMKM5bzAQdE5S/6RL5NXgMExFAi6UgQMPOm5yPaIWPpr+EOXKXRonJ3FoxKf4mCJQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-defaults-mode-browser": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-2.0.24.tgz", - "integrity": "sha512-TsP5mBuLgO2C21+laNG2nHYZEyUdkbGURv2tHvSuQQxLz952MegX95uwdxOY2jR2H4GoKuVRfdJq7w4eIjGYeg==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.14.tgz", + "integrity": "sha512-0iwTgKKmAIf+vFLV8fji21Jb2px11ktKVxbX6LIDPAUJyWQqGqBVfwba7xwa1f2FZUoolYQgLvxQEpJycXuQ5w==", "requires": { - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", "bowser": "^2.11.0", - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-defaults-mode-node": { - "version": "2.0.32", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-2.0.32.tgz", - "integrity": "sha512-d0S33dXA2cq1NyorVMroMrEtqKMr3MlyLITcfTBf9pXiigYiPMOtbSI7czHIfDbuVuM89Cg0urAgpt73QV9mPQ==", + "version": "3.0.14", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.14.tgz", + "integrity": "sha512-e9uQarJKfXApkTMMruIdxHprhcXivH1flYCe8JRDTzkkLx8dA3V5J8GZlST9yfDiRWkJpZJlUXGN9Rc9Ade3OQ==", + "requires": { + "@smithy/config-resolver": "^3.0.5", + "@smithy/credential-provider-imds": "^3.2.0", + "@smithy/node-config-provider": "^3.1.4", + "@smithy/property-provider": "^3.1.3", + "@smithy/smithy-client": "^3.1.12", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" + } + }, + "@smithy/util-endpoints": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.5.tgz", + "integrity": "sha512-ReQP0BWihIE68OAblC/WQmDD40Gx+QY1Ez8mTdFMXpmjfxSyz2fVQu3A4zXRfQU9sZXtewk3GmhfOHswvX+eNg==", "requires": { - "@smithy/config-resolver": "^2.0.23", - "@smithy/credential-provider-imds": "^2.1.5", - "@smithy/node-config-provider": "^2.1.9", - "@smithy/property-provider": "^2.0.17", - "@smithy/smithy-client": "^2.2.1", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/node-config-provider": "^3.1.4", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-hex-encoding": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-2.0.0.tgz", - "integrity": "sha512-c5xY+NUnFqG6d7HFh1IFfrm3mGl29lC+vF+geHv4ToiuJCBmIfzx6IeHLg+OgRdPFKDXIw6pvi+p3CsscaMcMA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "integrity": "sha512-eFndh1WEK5YMUYvy3lPlVmYY/fZcQE1D8oSf41Id2vCeIkKJXPcYDCZD+4+xViI6b1XSd7tE+s5AmXzz5ilabQ==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-middleware": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-2.0.9.tgz", - "integrity": "sha512-PnCnBJ07noMX1lMDTEefmxSlusWJUiLfrme++MfK5TD0xz8NYmakgoXy5zkF/16zKGmiwOeKAztWT/Vjk1KRIQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.3.tgz", + "integrity": "sha512-l+StyYYK/eO3DlVPbU+4Bi06Jjal+PFLSMmlWM1BEwyLxZ3aKkf1ROnoIakfaA7mC6uw3ny7JBkau4Yc+5zfWw==", "requires": { - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-retry": { - "version": "2.0.9", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-2.0.9.tgz", - "integrity": "sha512-46BFWe9RqB6g7f4mxm3W3HlqknqQQmWHKlhoqSFZuGNuiDU5KqmpebMbvC3tjTlUkqn4xa2Z7s3Hwb0HNs5scw==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.3.tgz", + "integrity": "sha512-AFw+hjpbtVApzpNDhbjNG5NA3kyoMs7vx0gsgmlJF4s+yz1Zlepde7J58zpIRIsdjc+emhpAITxA88qLkPF26w==", "requires": { - "@smithy/service-error-classification": "^2.0.9", - "@smithy/types": "^2.8.0", - "tslib": "^2.5.0" + "@smithy/service-error-classification": "^3.0.3", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "@smithy/util-stream": { - "version": "2.0.24", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-2.0.24.tgz", - "integrity": "sha512-hRpbcRrOxDriMVmbya+Mv77VZVupxRAsfxVDKS54XuiURhdiwCUXJP0X1iJhHinuUf6n8pBF0MkG9C8VooMnWw==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.1.3.tgz", + "integrity": "sha512-FIv/bRhIlAxC0U7xM1BCnF2aDRPq0UaelqBHkM2lsCp26mcBbgI0tCVTv+jGdsQLUmAMybua/bjDsSu8RQHbmw==", "requires": { - "@smithy/fetch-http-handler": "^2.3.2", - "@smithy/node-http-handler": "^2.2.2", - "@smithy/types": "^2.8.0", - "@smithy/util-base64": "^2.0.1", - "@smithy/util-buffer-from": "^2.0.0", - "@smithy/util-hex-encoding": "^2.0.0", - "@smithy/util-utf8": "^2.0.2", - "tslib": "^2.5.0" + "@smithy/fetch-http-handler": "^3.2.4", + "@smithy/node-http-handler": "^3.1.4", + "@smithy/types": "^3.3.0", + "@smithy/util-base64": "^3.0.0", + "@smithy/util-buffer-from": "^3.0.0", + "@smithy/util-hex-encoding": "^3.0.0", + "@smithy/util-utf8": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-uri-escape": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-2.0.0.tgz", - "integrity": "sha512-ebkxsqinSdEooQduuk9CbKcI+wheijxEb3utGXkCoYQkJnwTnLbH1JXGimJtUkQwNQbsbuYwG2+aFVyZf5TLaw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "integrity": "sha512-LqR7qYLgZTD7nWLBecUi4aqolw8Mhza9ArpNEQ881MJJIU2sE5iHCK6TdyqqzcDLy0OPe10IY4T8ctVdtynubg==", "requires": { - "tslib": "^2.5.0" + "tslib": "^2.6.2" } }, "@smithy/util-utf8": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.0.2.tgz", - "integrity": "sha512-qOiVORSPm6Ce4/Yu6hbSgNHABLP2VMv8QOC3tTDNHHlWY19pPyc++fBTbZPtx6egPXi4HQxKDnMxVxpbtX2GoA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==", "requires": { - "@smithy/util-buffer-from": "^2.0.0", - "tslib": "^2.5.0" + "@smithy/util-buffer-from": "^3.0.0", + "tslib": "^2.6.2" } }, "@smithy/util-waiter": { - "version": "2.0.12", - "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-2.0.12.tgz", - "integrity": "sha512-3sENmyVa1NnOPoiT2NCApPmu7ukP7S/v7kL9IxNmnygkDldn7/yK0TP42oPJLwB2k3mospNsSePIlqdXEUyPHA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.2.tgz", + "integrity": "sha512-4pP0EV3iTsexDx+8PPGAKCQpd/6hsQBaQhqWzU4hqKPHN5epPsxKbvUTIiYIHTxaKt6/kEaqPBpu/ufvfbrRzw==", "requires": { - "@smithy/abort-controller": "^2.0.12", - "@smithy/types": "^2.4.0", - "tslib": "^2.5.0" + "@smithy/abort-controller": "^3.1.1", + "@smithy/types": "^3.3.0", + "tslib": "^2.6.2" } }, "bowser": { @@ -3140,9 +2801,9 @@ "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==" }, "fast-xml-parser": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", - "integrity": "sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz", + "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==", "requires": { "strnum": "^1.0.5" } @@ -3153,14 +2814,14 @@ "integrity": "sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==" }, "tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" }, "uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==" } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json index f565aa9f233ba..9399afd0396ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115/package.json @@ -2,6 +2,6 @@ "name": "eks-service-account-sdk-call-integ-test", "private": "true", "dependencies": { - "@aws-sdk/client-s3": "3.421.0" + "@aws-sdk/client-s3": "3.623.0" } } From 7eae4d1358762d72d96b08c6cd020628d3cb77f2 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Wed, 7 Aug 2024 02:43:31 +0900 Subject: [PATCH 06/40] feat(elasticloadbalancingv2): support Mutual Authentication with TLS for Application Load Balancer (#30784) ### Issue # (if applicable) Closes #28206. ### Reason for this change To support mTLS for ALB ### Description of changes * Add `TrustStore` and `TrustStoreRevocation` class * Add `MutualAuthentication` property for `ApplicationListener` ### Description of how you validated changes add unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../alb-mtls-test-stack.assets.json | 84 + .../alb-mtls-test-stack.template.json | 1352 ++++++++++++ ...efaultTestDeployAssert30225695.assets.json | 19 + ...aultTestDeployAssert30225695.template.json | 36 + .../test/integ.alb-mtls.js.snapshot/cdk.out | 1 + .../integ.alb-mtls.js.snapshot/integ.json | 14 + .../integ.alb-mtls.js.snapshot/manifest.json | 431 ++++ .../test/integ.alb-mtls.js.snapshot/tree.json | 1872 +++++++++++++++++ .../test/integ.alb-mtls.ts | 162 ++ .../test/mtls/crl.pem | 1 + .../test/mtls/rootCA_cert.pem | 1 + .../aws-elasticloadbalancingv2/README.md | 53 + .../lib/alb/application-listener.ts | 92 + .../lib/alb/trust-store-revocation.ts | 80 + .../lib/alb/trust-store.ts | 132 ++ .../aws-elasticloadbalancingv2/lib/index.ts | 2 + .../test/alb/listener.test.ts | 159 ++ .../test/alb/trust-store-revocation.test.ts | 79 + .../test/alb/trust-store.test.ts | 77 + packages/aws-cdk-lib/awslint.json | 1 + 20 files changed, 4648 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem create mode 100644 packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts create mode 100644 packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts create mode 100644 packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts create mode 100644 packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json new file mode 100644 index 0000000000000..96376cfedf68a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.assets.json @@ -0,0 +1,84 @@ +{ + "version": "36.0.0", + "files": { + "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { + "source": { + "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961": { + "source": { + "path": "asset.3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d": { + "source": { + "path": "asset.2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295": { + "source": { + "path": "asset.3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "0a87c14e32369e6154b50e10726881c54b3ea07abefb1b01a8ebd0388b64e857": { + "source": { + "path": "alb-mtls-test-stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0a87c14e32369e6154b50e10726881c54b3ea07abefb1b01a8ebd0388b64e857.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json new file mode 100644 index 0000000000000..4d59bd91353a1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/alb-mtls-test-stack.template.json @@ -0,0 +1,1352 @@ +{ + "Resources": { + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "Properties": { + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + }, + { + "Key": "aws-cdk:cr-owned:987d6a23", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "BucketPolicyE9A3008A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "Bucket83908E77" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "BucketAutoDeleteObjectsCustomResourceBAFD23C2": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "Bucket83908E77" + } + }, + "DependsOn": [ + "BucketPolicyE9A3008A" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "Bucket83908E77" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, + "DeployCaCertAwsCliLayer0CCD78B3": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip" + }, + "Description": "/opt/awscli/aws" + } + }, + "DeployCaCertCustomResourceCDD68C79": { + "Type": "Custom::CDKBucketDeployment", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", + "Arn" + ] + }, + "SourceBucketNames": [ + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ], + "SourceObjectKeys": [ + "3641a095d2059a31d1fc859958f71b8ee5d665fa3b7657263b5d2607e63fa295.zip" + ], + "DestinationBucketName": { + "Ref": "Bucket83908E77" + }, + "Prune": true + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "Roles": [ + { + "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + } + ] + } + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip" + }, + "Environment": { + "Variables": { + "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" + } + }, + "Handler": "index.handler", + "Layers": [ + { + "Ref": "DeployCaCertAwsCliLayer0CCD78B3" + } + ], + "Role": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + "Arn" + ] + }, + "Runtime": "python3.9", + "Timeout": 900 + }, + "DependsOn": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + ] + }, + "Stack8A423254": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "StackPublicSubnet1Subnet0AD81D22": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet1RouteTable5057189D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet1RouteTableAssociation74F1C1B6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + }, + "SubnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + } + } + }, + "StackPublicSubnet1DefaultRoute16154E3D": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "RouteTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + } + }, + "DependsOn": [ + "StackVPCGWFFCB6290" + ] + }, + "StackPublicSubnet1EIPBDAAB2A5": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + } + }, + "StackPublicSubnet1NATGatewayD2E1ABF7": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet1EIPBDAAB2A5", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "StackPublicSubnet1DefaultRoute16154E3D", + "StackPublicSubnet1RouteTableAssociation74F1C1B6" + ] + }, + "StackPublicSubnet2Subnet3C7D2288": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet2RouteTableCD306445": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet2RouteTableAssociation5E8F73F1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + }, + "SubnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + } + } + }, + "StackPublicSubnet2DefaultRoute0319539B": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "RouteTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + } + }, + "DependsOn": [ + "StackVPCGWFFCB6290" + ] + }, + "StackPublicSubnet2EIP8CDBC8C2": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + } + }, + "StackPublicSubnet2NATGatewayA8E03AB3": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet2EIP8CDBC8C2", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "StackPublicSubnet2DefaultRoute0319539B", + "StackPublicSubnet2RouteTableAssociation5E8F73F1" + ] + }, + "StackPublicSubnet3SubnetCC1055D9": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet3RouteTable44D8F838": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPublicSubnet3RouteTableAssociationD026A62D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + }, + "SubnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + } + }, + "StackPublicSubnet3DefaultRouteBC0DA152": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "RouteTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + } + }, + "DependsOn": [ + "StackVPCGWFFCB6290" + ] + }, + "StackPublicSubnet3EIP3201E7C8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + } + }, + "StackPublicSubnet3NATGatewayAB6A10EF": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet3EIP3201E7C8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + }, + "DependsOn": [ + "StackPublicSubnet3DefaultRouteBC0DA152", + "StackPublicSubnet3RouteTableAssociationD026A62D" + ] + }, + "StackPrivateSubnet1Subnet47AC2BC7": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet1RouteTable8ADA6A0C": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet1RouteTableAssociationFFE38495": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + }, + "SubnetId": { + "Ref": "StackPrivateSubnet1Subnet47AC2BC7" + } + } + }, + "StackPrivateSubnet1DefaultRouteFBF81BA5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "StackPublicSubnet1NATGatewayD2E1ABF7" + }, + "RouteTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + } + } + }, + "StackPrivateSubnet2SubnetA2F8EDD8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet2RouteTableA5546697": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet2RouteTableAssociation68ACB8C1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + }, + "SubnetId": { + "Ref": "StackPrivateSubnet2SubnetA2F8EDD8" + } + } + }, + "StackPrivateSubnet2DefaultRoute22004492": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "StackPublicSubnet2NATGatewayA8E03AB3" + }, + "RouteTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + } + } + }, + "StackPrivateSubnet3Subnet28548F2E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet3RouteTable9B1F2842": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackPrivateSubnet3RouteTableAssociationC9C6644E": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + }, + "SubnetId": { + "Ref": "StackPrivateSubnet3Subnet28548F2E" + } + } + }, + "StackPrivateSubnet3DefaultRoute361AE708": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "StackPublicSubnet3NATGatewayAB6A10EF" + }, + "RouteTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + } + } + }, + "StackIGW2F0A1126": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "StackVPCGWFFCB6290": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "StackRestrictDefaultSecurityGroupCustomResource804DC9E2": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Stack8A423254", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Stack8A423254", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Certificate4E7ABB08": { + "Type": "AWS::CertificateManager::Certificate", + "Properties": { + "DomainName": "*.example.com", + "DomainValidationOptions": [ + { + "DomainName": "*.example.com", + "HostedZoneId": "Z23ABC4XYZL05B" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "alb-mtls-test-stack/Certificate" + } + ], + "ValidationMethod": "DNS" + } + }, + "LB8A12904C": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "LoadBalancerAttributes": [ + { + "Key": "deletion_protection.enabled", + "Value": "false" + } + ], + "Scheme": "internet-facing", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "LBSecurityGroup8A41EA2B", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + ], + "Type": "application" + }, + "DependsOn": [ + "StackPublicSubnet1DefaultRoute16154E3D", + "StackPublicSubnet1RouteTableAssociation74F1C1B6", + "StackPublicSubnet2DefaultRoute0319539B", + "StackPublicSubnet2RouteTableAssociation5E8F73F1", + "StackPublicSubnet3DefaultRouteBC0DA152", + "StackPublicSubnet3RouteTableAssociationD026A62D" + ] + }, + "LBSecurityGroup8A41EA2B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatically created Security Group for ELB albmtlsteststackLBDC4031A8", + "SecurityGroupEgress": [ + { + "CidrIp": "255.255.255.255/32", + "Description": "Disallow all traffic", + "FromPort": 252, + "IpProtocol": "icmp", + "ToPort": 86 + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow from anyone on port 443", + "FromPort": 443, + "IpProtocol": "tcp", + "ToPort": 443 + } + ], + "VpcId": { + "Ref": "Stack8A423254" + } + } + }, + "LBListener49E825B4": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "Certificates": [ + { + "CertificateArn": { + "Ref": "Certificate4E7ABB08" + } + } + ], + "DefaultActions": [ + { + "FixedResponseConfig": { + "ContentType": "text/plain", + "MessageBody": "Success mTLS", + "StatusCode": "200" + }, + "Type": "fixed-response" + } + ], + "LoadBalancerArn": { + "Ref": "LB8A12904C" + }, + "MutualAuthentication": { + "IgnoreClientCertificateExpiry": false, + "Mode": "verify", + "TrustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + }, + "Port": 443, + "Protocol": "HTTPS" + } + }, + "Store1D2A845B": { + "Type": "AWS::ElasticLoadBalancingV2::TrustStore", + "Properties": { + "CaCertificatesBundleS3Bucket": { + "Ref": "Bucket83908E77" + }, + "CaCertificatesBundleS3Key": "rootCA_cert.pem", + "Name": "albmtlsteststackStore63864577" + }, + "DependsOn": [ + "DeployCaCertAwsCliLayer0CCD78B3", + "DeployCaCertCustomResourceCDD68C79" + ] + }, + "Revocation2857AF0C": { + "Type": "AWS::ElasticLoadBalancingV2::TrustStoreRevocation", + "Properties": { + "RevocationContents": [ + { + "S3Bucket": { + "Ref": "Bucket83908E77" + }, + "S3Key": "crl.pem" + } + ], + "TrustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + }, + "DependsOn": [ + "DeployCaCertAwsCliLayer0CCD78B3", + "DeployCaCertCustomResourceCDD68C79" + ] + }, + "ARecordE7B57761": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "AliasTarget": { + "DNSName": { + "Fn::Join": [ + "", + [ + "dualstack.", + { + "Fn::GetAtt": [ + "LB8A12904C", + "DNSName" + ] + } + ] + ] + }, + "HostedZoneId": { + "Fn::GetAtt": [ + "LB8A12904C", + "CanonicalHostedZoneID" + ] + } + }, + "HostedZoneId": "Z23ABC4XYZL05B", + "Name": "example.com.", + "Type": "A" + } + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json new file mode 100644 index 0000000000000..2cdadacf0eb8c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "albmtlsintegDefaultTestDeployAssert30225695.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/albmtlsintegDefaultTestDeployAssert30225695.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json new file mode 100644 index 0000000000000..a9e3fe653cba5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/integ.json @@ -0,0 +1,14 @@ +{ + "enableLookups": true, + "version": "36.0.0", + "testCases": { + "alb-mtls-integ/DefaultTest": { + "stacks": [ + "alb-mtls-test-stack" + ], + "stackUpdateWorkflow": false, + "assertionStack": "alb-mtls-integ/DefaultTest/DeployAssert", + "assertionStackName": "albmtlsintegDefaultTestDeployAssert30225695" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json new file mode 100644 index 0000000000000..32e54f1dad29c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/manifest.json @@ -0,0 +1,431 @@ +{ + "version": "36.0.0", + "artifacts": { + "alb-mtls-test-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "alb-mtls-test-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "alb-mtls-test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "alb-mtls-test-stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0a87c14e32369e6154b50e10726881c54b3ea07abefb1b01a8ebd0388b64e857.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "alb-mtls-test-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "alb-mtls-test-stack.assets" + ], + "metadata": { + "/alb-mtls-test-stack/Bucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Bucket83908E77" + } + ], + "/alb-mtls-test-stack/Bucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BucketPolicyE9A3008A" + } + ], + "/alb-mtls-test-stack/Bucket/AutoDeleteObjectsCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "BucketAutoDeleteObjectsCustomResourceBAFD23C2" + } + ], + "/alb-mtls-test-stack/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + } + ], + "/alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" + } + ], + "/alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DeployCaCertAwsCliLayer0CCD78B3" + } + ], + "/alb-mtls-test-stack/DeployCaCert/CustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "DeployCaCertCustomResourceCDD68C79" + } + ], + "/alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + } + ], + "/alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF" + } + ], + "/alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536" + } + ], + "/alb-mtls-test-stack/Stack/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Stack8A423254" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1Subnet0AD81D22" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1RouteTable5057189D" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1RouteTableAssociation74F1C1B6" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1DefaultRoute16154E3D" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1EIPBDAAB2A5" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet1NATGatewayD2E1ABF7" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2Subnet3C7D2288" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2RouteTableCD306445" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2RouteTableAssociation5E8F73F1" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2DefaultRoute0319539B" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2EIP8CDBC8C2" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet2NATGatewayA8E03AB3" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3SubnetCC1055D9" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3RouteTable44D8F838" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3RouteTableAssociationD026A62D" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3DefaultRouteBC0DA152" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3EIP3201E7C8" + } + ], + "/alb-mtls-test-stack/Stack/PublicSubnet3/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPublicSubnet3NATGatewayAB6A10EF" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1Subnet47AC2BC7" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1RouteTable8ADA6A0C" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1RouteTableAssociationFFE38495" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet1DefaultRouteFBF81BA5" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2SubnetA2F8EDD8" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2RouteTableA5546697" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2RouteTableAssociation68ACB8C1" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet2DefaultRoute22004492" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3Subnet28548F2E" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3RouteTable9B1F2842" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3RouteTableAssociationC9C6644E" + } + ], + "/alb-mtls-test-stack/Stack/PrivateSubnet3/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "StackPrivateSubnet3DefaultRoute361AE708" + } + ], + "/alb-mtls-test-stack/Stack/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "StackIGW2F0A1126" + } + ], + "/alb-mtls-test-stack/Stack/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "StackVPCGWFFCB6290" + } + ], + "/alb-mtls-test-stack/Stack/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "StackRestrictDefaultSecurityGroupCustomResource804DC9E2" + } + ], + "/alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/alb-mtls-test-stack/Certificate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Certificate4E7ABB08" + } + ], + "/alb-mtls-test-stack/LB/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LB8A12904C" + } + ], + "/alb-mtls-test-stack/LB/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBSecurityGroup8A41EA2B" + } + ], + "/alb-mtls-test-stack/LB/Listener/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBListener49E825B4" + } + ], + "/alb-mtls-test-stack/Store/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Store1D2A845B" + } + ], + "/alb-mtls-test-stack/Revocation/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Revocation2857AF0C" + } + ], + "/alb-mtls-test-stack/ARecord/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ARecordE7B57761" + } + ], + "/alb-mtls-test-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/alb-mtls-test-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "alb-mtls-test-stack" + }, + "albmtlsintegDefaultTestDeployAssert30225695.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "albmtlsintegDefaultTestDeployAssert30225695.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "albmtlsintegDefaultTestDeployAssert30225695": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "albmtlsintegDefaultTestDeployAssert30225695.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "albmtlsintegDefaultTestDeployAssert30225695.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "albmtlsintegDefaultTestDeployAssert30225695.assets" + ], + "metadata": { + "/alb-mtls-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/alb-mtls-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "alb-mtls-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json new file mode 100644 index 0000000000000..868262d5007a3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.js.snapshot/tree.json @@ -0,0 +1,1872 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "alb-mtls-test-stack": { + "id": "alb-mtls-test-stack", + "path": "alb-mtls-test-stack", + "children": { + "Bucket": { + "id": "Bucket", + "path": "alb-mtls-test-stack/Bucket", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Bucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "aws-cdk:auto-delete-objects", + "value": "true" + }, + { + "key": "aws-cdk:cr-owned:987d6a23", + "value": "true" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "alb-mtls-test-stack/Bucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Bucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "Bucket83908E77" + }, + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + }, + "AutoDeleteObjectsCustomResource": { + "id": "AutoDeleteObjectsCustomResource", + "path": "alb-mtls-test-stack/Bucket/AutoDeleteObjectsCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-test-stack/Bucket/AutoDeleteObjectsCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "alb-mtls-test-stack/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "Custom::S3AutoDeleteObjectsCustomResourceProvider": { + "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "alb-mtls-test-stack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "DeployCaCert": { + "id": "DeployCaCert", + "path": "alb-mtls-test-stack/DeployCaCert", + "children": { + "AwsCliLayer": { + "id": "AwsCliLayer", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer", + "children": { + "Code": { + "id": "Code", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/DeployCaCert/AwsCliLayer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "3322b7049fb0ed2b7cbb644a2ada8d1116ff80c32dca89e6ada846b5de26f961.zip" + }, + "description": "/opt/awscli/aws" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.lambda_layer_awscli.AwsCliLayer", + "version": "0.0.0" + } + }, + "CustomResourceHandler": { + "id": "CustomResourceHandler", + "path": "alb-mtls-test-stack/DeployCaCert/CustomResourceHandler", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "0.0.0" + } + }, + "Asset1": { + "id": "Asset1", + "path": "alb-mtls-test-stack/DeployCaCert/Asset1", + "children": { + "Stage": { + "id": "Stage", + "path": "alb-mtls-test-stack/DeployCaCert/Asset1/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "alb-mtls-test-stack/DeployCaCert/Asset1/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "CustomResource": { + "id": "CustomResource", + "path": "alb-mtls-test-stack/DeployCaCert/CustomResource", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-test-stack/DeployCaCert/CustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_deployment.BucketDeployment", + "version": "0.0.0" + } + }, + "Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C": { + "id": "Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "roles": [ + { + "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip" + }, + "environment": { + "variables": { + "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" + } + }, + "handler": "index.handler", + "layers": [ + { + "Ref": "DeployCaCertAwsCliLayer0CCD78B3" + } + ], + "role": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + "Arn" + ] + }, + "runtime": "python3.9", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "Stack": { + "id": "Stack", + "path": "alb-mtls-test-stack/Stack", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Stack/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1a", + "cidrBlock": "10.0.0.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + }, + "subnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "routeTableId": { + "Ref": "StackPublicSubnet1RouteTable5057189D" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "alb-mtls-test-stack/Stack/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet1EIPBDAAB2A5", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1b", + "cidrBlock": "10.0.32.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + }, + "subnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "routeTableId": { + "Ref": "StackPublicSubnet2RouteTableCD306445" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "alb-mtls-test-stack/Stack/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet2EIP8CDBC8C2", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet3": { + "id": "PublicSubnet3", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1c", + "cidrBlock": "10.0.64.0/19", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + }, + "subnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "routeTableId": { + "Ref": "StackPublicSubnet3RouteTable44D8F838" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "alb-mtls-test-stack/Stack/PublicSubnet3/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "StackPublicSubnet3EIP3201E7C8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + }, + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PublicSubnet3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1a", + "cidrBlock": "10.0.96.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + }, + "subnetId": { + "Ref": "StackPrivateSubnet1Subnet47AC2BC7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "StackPublicSubnet1NATGatewayD2E1ABF7" + }, + "routeTableId": { + "Ref": "StackPrivateSubnet1RouteTable8ADA6A0C" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1b", + "cidrBlock": "10.0.128.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + }, + "subnetId": { + "Ref": "StackPrivateSubnet2SubnetA2F8EDD8" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "StackPublicSubnet2NATGatewayA8E03AB3" + }, + "routeTableId": { + "Ref": "StackPrivateSubnet2RouteTableA5546697" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet3": { + "id": "PrivateSubnet3", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3", + "children": { + "Subnet": { + "id": "Subnet", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": "test-region-1c", + "cidrBlock": "10.0.160.0/19", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack/PrivateSubnet3" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + }, + "subnetId": { + "Ref": "StackPrivateSubnet3Subnet28548F2E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "alb-mtls-test-stack/Stack/PrivateSubnet3/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "StackPublicSubnet3NATGatewayAB6A10EF" + }, + "routeTableId": { + "Ref": "StackPrivateSubnet3RouteTable9B1F2842" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "alb-mtls-test-stack/Stack/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Stack" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "alb-mtls-test-stack/Stack/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "StackIGW2F0A1126" + }, + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "alb-mtls-test-stack/Stack/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-test-stack/Stack/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "alb-mtls-test-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "HostedZone": { + "id": "HostedZone", + "path": "alb-mtls-test-stack/HostedZone", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Certificate": { + "id": "Certificate", + "path": "alb-mtls-test-stack/Certificate", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Certificate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CertificateManager::Certificate", + "aws:cdk:cloudformation:props": { + "domainName": "*.example.com", + "domainValidationOptions": [ + { + "domainName": "*.example.com", + "hostedZoneId": "Z23ABC4XYZL05B" + } + ], + "tags": [ + { + "key": "Name", + "value": "alb-mtls-test-stack/Certificate" + } + ], + "validationMethod": "DNS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.CfnCertificate", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.Certificate", + "version": "0.0.0" + } + }, + "LB": { + "id": "LB", + "path": "alb-mtls-test-stack/LB", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/LB/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "aws:cdk:cloudformation:props": { + "loadBalancerAttributes": [ + { + "key": "deletion_protection.enabled", + "value": "false" + } + ], + "scheme": "internet-facing", + "securityGroups": [ + { + "Fn::GetAtt": [ + "LBSecurityGroup8A41EA2B", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "StackPublicSubnet1Subnet0AD81D22" + }, + { + "Ref": "StackPublicSubnet2Subnet3C7D2288" + }, + { + "Ref": "StackPublicSubnet3SubnetCC1055D9" + } + ], + "type": "application" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnLoadBalancer", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "alb-mtls-test-stack/LB/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/LB/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatically created Security Group for ELB albmtlsteststackLBDC4031A8", + "securityGroupEgress": [ + { + "cidrIp": "255.255.255.255/32", + "description": "Disallow all traffic", + "ipProtocol": "icmp", + "fromPort": 252, + "toPort": 86 + } + ], + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 443, + "toPort": 443, + "description": "Allow from anyone on port 443" + } + ], + "vpcId": { + "Ref": "Stack8A423254" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Listener": { + "id": "Listener", + "path": "alb-mtls-test-stack/LB/Listener", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/LB/Listener/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::Listener", + "aws:cdk:cloudformation:props": { + "certificates": [ + { + "certificateArn": { + "Ref": "Certificate4E7ABB08" + } + } + ], + "defaultActions": [ + { + "type": "fixed-response", + "fixedResponseConfig": { + "statusCode": "200", + "contentType": "text/plain", + "messageBody": "Success mTLS" + } + } + ], + "loadBalancerArn": { + "Ref": "LB8A12904C" + }, + "mutualAuthentication": { + "ignoreClientCertificateExpiry": false, + "mode": "verify", + "trustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + }, + "port": 443, + "protocol": "HTTPS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListener", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer", + "version": "0.0.0" + } + }, + "Store": { + "id": "Store", + "path": "alb-mtls-test-stack/Store", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Store/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::TrustStore", + "aws:cdk:cloudformation:props": { + "caCertificatesBundleS3Bucket": { + "Ref": "Bucket83908E77" + }, + "caCertificatesBundleS3Key": "rootCA_cert.pem", + "name": "albmtlsteststackStore63864577" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnTrustStore", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.TrustStore", + "version": "0.0.0" + } + }, + "Revocation": { + "id": "Revocation", + "path": "alb-mtls-test-stack/Revocation", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/Revocation/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::TrustStoreRevocation", + "aws:cdk:cloudformation:props": { + "revocationContents": [ + { + "s3Bucket": { + "Ref": "Bucket83908E77" + }, + "s3Key": "crl.pem" + } + ], + "trustStoreArn": { + "Fn::GetAtt": [ + "Store1D2A845B", + "TrustStoreArn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnTrustStoreRevocation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.TrustStoreRevocation", + "version": "0.0.0" + } + }, + "ARecord": { + "id": "ARecord", + "path": "alb-mtls-test-stack/ARecord", + "children": { + "Resource": { + "id": "Resource", + "path": "alb-mtls-test-stack/ARecord/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "aliasTarget": { + "hostedZoneId": { + "Fn::GetAtt": [ + "LB8A12904C", + "CanonicalHostedZoneID" + ] + }, + "dnsName": { + "Fn::Join": [ + "", + [ + "dualstack.", + { + "Fn::GetAtt": [ + "LB8A12904C", + "DNSName" + ] + } + ] + ] + } + }, + "hostedZoneId": "Z23ABC4XYZL05B", + "name": "example.com.", + "type": "A" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnRecordSet", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.ARecord", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "alb-mtls-test-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "alb-mtls-test-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "alb-mtls-integ": { + "id": "alb-mtls-integ", + "path": "alb-mtls-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "alb-mtls-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "alb-mtls-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "alb-mtls-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "alb-mtls-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "alb-mtls-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts new file mode 100644 index 0000000000000..90a634fc2cc89 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb-mtls.ts @@ -0,0 +1,162 @@ +import * as path from 'path'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import * as route53targets from 'aws-cdk-lib/aws-route53-targets'; +import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; +import { Construct } from 'constructs'; + +/** + * In order to test this you must create certificates, keys and Certificate Revocation List (CRL). + * + * 1. Generate root Certificate Authority (CA) certificate and private key (valid for 7 days): + * `openssl req -x509 -new -days 7 -keyout rootCA_key.pem -out rootCA_cert.pem` + * + * 2. Generate client certificate and private key (valid for 7 days): + * `openssl req -x509 -CA rootCA_cert.pem -CAkey rootCA_key.pem -days 7 -new -nodes -keyout client_key.pem -out client_cert.pem` + * + * 3. Create OpenSSL configuration file (openssl.cnf): +``` +cat << EOF > openssl.cnf +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = . +database = \$dir/index.txt +new_certs_dir = \$dir/newcerts +certificate = \$dir/rootCA_cert.pem +serial = \$dir/serial +private_key = \$dir/rootCA_key.pem +RANDFILE = \$dir/private/.rand +default_crl_days = 30 +default_md = sha256 +preserve = no +policy = policy_match +crl_extensions = crl_ext + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ crl_ext ] +authorityKeyIdentifier=keyid:always +EOF +``` + * + * 4. Generate Certificate Revocation List (CRL) (valid for 30 days): + * `openssl ca -config openssl.cnf -gencrl -out crl.pem -crldays 30 -md sha256` + * + * 5. Place `rootCA_cert.pem` and `crl.pem` into the `mtls` directory. + * + * 6. Perform an HTTPS request using the generated client key and certificate: + * `curl https://YOUR-DOMAIN --key client_key.pem --cert client_cert.pem -v` + */ + +interface MutualTlsStackProps extends StackProps { + hostedZoneId: string; + hostedZoneName: string; + domainName: string; +} + +class MutualTls extends Stack { + constructor(scope: Construct, id: string, props: MutualTlsStackProps) { + super(scope, id); + + const bucket = new s3.Bucket(this, 'Bucket', { + autoDeleteObjects: true, + removalPolicy: RemovalPolicy.DESTROY, + }); + + const deploy = new s3deploy.BucketDeployment(this, 'DeployCaCert', { + sources: [s3deploy.Source.asset(path.join(__dirname, 'mtls'))], + destinationBucket: bucket, + }); + + const vpc = new ec2.Vpc(this, 'Stack'); + + const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', { + hostedZoneId: props.hostedZoneId, + zoneName: props.hostedZoneName, + }); + const certificate = new acm.Certificate(this, 'Certificate', { + domainName: props.domainName, + validation: acm.CertificateValidation.fromDns(hostedZone), + }); + + const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', { + vpc, + internetFacing: true, + }); + + const trustStore = new elbv2.TrustStore(this, 'Store', { + bucket, + key: 'rootCA_cert.pem', + }); + + trustStore.node.addDependency(deploy); + + const trustStoreRevocation = new elbv2.TrustStoreRevocation(this, 'Revocation', { + trustStore, + revocationContents: [ + { + bucket, + key: 'crl.pem', + }, + ], + }); + + trustStoreRevocation.node.addDependency(deploy); + + lb.addListener('Listener', { + port: 443, + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [certificate], + mutualAuthentication: { + ignoreClientCertificateExpiry: false, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + new route53.ARecord(this, 'ARecord', { + target: route53.RecordTarget.fromAlias(new route53targets.LoadBalancerTarget(lb)), + zone: hostedZone, + }); + } +} + +/** + * In order to test this you need to have a valid public hosted zone that you can use + * to request certificates for. + * +*/ +const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID; +if (!hostedZoneId) throw new Error('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.'); +const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME; +if (!hostedZoneName) throw new Error('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.'); +const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME; +if (!domainName) throw new Error('For this test you must provide your own DomainName as an env var "DOMAIN_NAME". See framework-integ/README.md for details.'); + +const app = new App(); +const stack = new MutualTls(app, 'alb-mtls-test-stack', { + hostedZoneId, + hostedZoneName, + domainName, +}); + +new IntegTest(app, 'alb-mtls-integ', { + testCases: [stack], + enableLookups: true, + stackUpdateWorkflow: false, +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem new file mode 100644 index 0000000000000..2995a4d0e7491 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/crl.pem @@ -0,0 +1 @@ +dummy \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem new file mode 100644 index 0000000000000..2995a4d0e7491 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/mtls/rootCA_cert.pem @@ -0,0 +1 @@ +dummy \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md index 6803aff67073b..0f16e99b08917 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md @@ -798,3 +798,56 @@ then you will need to enable the `removeRuleSuffixFromLogicalId: true` property `ListenerRule`s have a unique `priority` for a given `Listener`. Because the `priority` must be unique, CloudFormation will always fail when creating a new `ListenerRule` to replace the existing one, unless you change the `priority` as well as the logicalId. + +## Configuring Mutual authentication with TLS in Application Load Balancer + +You can configure Mutual authentication with TLS (mTLS) for Application Load Balancer. + +To set mTLS, you must create an instance of `TrustStore` and set it to `ApplicationListener`. + +For more information, see [Mutual authentication with TLS in Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html) + +```ts +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; + +declare const certificate: acm.Certificate; +declare const lb: elbv2.ApplicationLoadBalancer; +declare const bucket: s3.Bucket; + +const trustStore = new elbv2.TrustStore(this, 'Store', { + bucket, + key: 'rootCA_cert.pem', +}); + +lb.addListener('Listener', { + port: 443, + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [certificate], + // mTLS settings + mutualAuthentication: { + ignoreClientCertificateExpiry: false, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), +}); +``` + +Optionally, you can create a certificate revocation list for a trust store by creating an instance of `TrustStoreRevocation`. + +```ts +declare const trustStore: elbv2.TrustStore; +declare const bucket: s3.Bucket; + +new elbv2.TrustStoreRevocation(this, 'Revocation', { + trustStore, + revocationContents: [ + { + revocationType: elbv2.RevocationType.CRL, + bucket, + key: 'crl.pem', + }, + ], +}); +``` diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index e01dd5b83f29e..c4c75ea0c8fda 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -5,6 +5,7 @@ import { ApplicationListenerRule, FixedResponse, RedirectResponse } from './appl import { IApplicationLoadBalancer } from './application-load-balancer'; import { ApplicationTargetGroup, IApplicationLoadBalancerTarget, IApplicationTargetGroup } from './application-target-group'; import { ListenerCondition } from './conditions'; +import { ITrustStore } from './trust-store'; import * as ec2 from '../../../aws-ec2'; import * as cxschema from '../../../cloud-assembly-schema'; import { Duration, Lazy, Resource, Token } from '../../../core'; @@ -96,6 +97,66 @@ export interface BaseApplicationListenerProps { * @default true */ readonly open?: boolean; + + /** + * The mutual authentication configuration information + * + * @default - No mutual authentication configuration + * + * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html + */ + readonly mutualAuthentication?: MutualAuthentication; +} + +/** + * The mutual authentication configuration information + * + */ +export interface MutualAuthentication { + /** + * The client certificate handling method + * + * @default MutualAuthenticationMode.OFF + */ + readonly mutualAuthenticationMode?: MutualAuthenticationMode; + + /** + * The trust store + * + * Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH + * + * @default - no trust store + */ + readonly trustStore?: ITrustStore; + + /** + * Indicates whether expired client certificates are ignored + * + * Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH + * + * @default false + */ + readonly ignoreClientCertificateExpiry?: boolean; +} + +/** + * The client certificate handling method + */ +export enum MutualAuthenticationMode { + /** + * Off + */ + OFF = 'off', + + /** + * Application Load Balancer sends the whole client certificate chain to the target using HTTP headers + */ + PASS_THROUGH = 'passthrough', + + /** + * Application Load Balancer performs X.509 client certificate authentication for clients when a load balancer negotiates TLS connections + */ + VERIFY = 'verify', } /** @@ -188,12 +249,19 @@ export class ApplicationListener extends BaseListener implements IApplicationLis throw new Error('At least one of \'port\' or \'protocol\' is required'); } + validateMutualAuthentication(props.mutualAuthentication); + super(scope, id, { loadBalancerArn: props.loadBalancer.loadBalancerArn, certificates: Lazy.any({ produce: () => this.certificateArns.map(certificateArn => ({ certificateArn })) }, { omitEmptyArray: true }), protocol, port, sslPolicy: props.sslPolicy, + mutualAuthentication: props.mutualAuthentication ? { + ignoreClientCertificateExpiry: props.mutualAuthentication?.ignoreClientCertificateExpiry, + mode: props.mutualAuthentication?.mutualAuthenticationMode, + trustStoreArn: props.mutualAuthentication?.trustStore?.trustStoreArn, + } : undefined, }); this.loadBalancer = props.loadBalancer; @@ -969,3 +1037,27 @@ function checkAddRuleProps(props: AddRuleProps) { throw new Error('Setting \'conditions\', \'pathPattern\' or \'hostHeader\' also requires \'priority\', and vice versa'); } } + +function validateMutualAuthentication(mutualAuthentication?: MutualAuthentication): void { + if (!mutualAuthentication) { + return; + } + + const currentMode = mutualAuthentication.mutualAuthenticationMode; + + if (currentMode === MutualAuthenticationMode.VERIFY) { + if (!mutualAuthentication.trustStore) { + throw new Error(`You must set 'trustStore' when 'mode' is '${MutualAuthenticationMode.VERIFY}'`); + } + } + + if (currentMode === MutualAuthenticationMode.OFF || currentMode === MutualAuthenticationMode.PASS_THROUGH) { + if (mutualAuthentication.trustStore) { + throw new Error(`You cannot set 'trustStore' when 'mode' is '${MutualAuthenticationMode.OFF}' or '${MutualAuthenticationMode.PASS_THROUGH}'`); + } + + if (mutualAuthentication.ignoreClientCertificateExpiry !== undefined) { + throw new Error(`You cannot set 'ignoreClientCertificateExpiry' when 'mode' is '${MutualAuthenticationMode.OFF}' or '${MutualAuthenticationMode.PASS_THROUGH}'`); + } + } +} diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts new file mode 100644 index 0000000000000..67cd5f7eda79d --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store-revocation.ts @@ -0,0 +1,80 @@ +import { Construct } from 'constructs'; +import { ITrustStore } from './trust-store'; +import { IBucket } from '../../../aws-s3'; +import { Resource } from '../../../core'; +import { CfnTrustStoreRevocation } from '../elasticloadbalancingv2.generated'; + +/** + * Properties for the trust store revocation + */ +export interface TrustStoreRevocationProps { + + /** + * The trust store + */ + readonly trustStore: ITrustStore; + + /** + * The revocation file to add + */ + readonly revocationContents: RevocationContent[]; +} + +/** + * Information about a revocation file + */ +export interface RevocationContent { + /** + * The type of revocation file + * + * @default RevocationType.CRL + */ + readonly revocationType?: RevocationType; + + /** + * The Amazon S3 bucket for the revocation file + */ + readonly bucket: IBucket; + + /** + * The Amazon S3 path for the revocation file + */ + readonly key: string; + + /** + * The Amazon S3 object version of the revocation file + * + * @default - latest version + */ + readonly version?: string; +} + +/** + * The type of revocation file + */ +export enum RevocationType { + /** + * A signed list of revoked certificates + */ + CRL = 'CRL', +} + +/** + * A new Trust Store Revocation + */ +export class TrustStoreRevocation extends Resource { + + constructor(scope: Construct, id: string, props: TrustStoreRevocationProps) { + super(scope, id); + + new CfnTrustStoreRevocation(this, 'Resource', { + trustStoreArn: props.trustStore.trustStoreArn, + revocationContents: props.revocationContents?.map(content => ({ + revocationType: content.revocationType, + s3Bucket: content.bucket.bucketName, + s3Key: content.key, + s3ObjectVersion: content.version, + })), + }); + } +} diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts new file mode 100644 index 0000000000000..75a0841f1b45e --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/trust-store.ts @@ -0,0 +1,132 @@ +import { Construct } from 'constructs'; +import { IBucket } from '../../../aws-s3'; +import { IResource, Resource, Fn, Names, Lazy, Token } from '../../../core'; +import { CfnTrustStore } from '../elasticloadbalancingv2.generated'; + +/** + * Represents a Trust Store + */ +export interface ITrustStore extends IResource { + /** + * The name of the trust store + * @attribute + */ + readonly trustStoreName: string; + + /** + * The ARN of the trust store + * @attribute + */ + readonly trustStoreArn: string; +} + +/** + * Properties used for the Trust Store + */ +export interface TrustStoreProps { + + /** + * The name of the trust store + * + * @default - Auto generated + */ + readonly trustStoreName?: string; + + /** + * The bucket that the trust store is hosted in + */ + readonly bucket: IBucket; + + /** + * The key in S3 to look at for the trust store + */ + readonly key: string; + + /** + * The version of the S3 object that contains your truststore. + * To specify a version, you must have versioning enabled for the S3 bucket. + * + * @default - latest version + */ + readonly version?: string; +} + +/** + * A new Trust Store + */ +export class TrustStore extends Resource implements ITrustStore { + /** + * Import from ARN + */ + public static fromTrustStoreArn(scope: Construct, id: string, trustStoreArn: string): ITrustStore { + const resourceParts = Fn.split('/', trustStoreArn); + + const trustStoreName = Fn.select(0, resourceParts); + + class Import extends Resource implements ITrustStore { + public readonly trustStoreArn = trustStoreArn; + public readonly trustStoreName = trustStoreName; + } + return new Import(scope, id); + } + + /** + * The name of the trust store + * + * @attribute + */ + public readonly trustStoreName: string; + + /** + * The number of CA certificates in the trust store + * + * @attribute + */ + public readonly numberOfCaCertificates: number; + + /** + * The status of the trust store + * + * @attribute + */ + public readonly status: string; + + /** + * The ARN of the trust store + * + * @attribute + */ + public readonly trustStoreArn: string; + + constructor(scope: Construct, id: string, props: TrustStoreProps) { + super(scope, id, { + physicalName: props.trustStoreName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 32 }), + }), + }); + + if (props.trustStoreName !== undefined && !Token.isUnresolved(props.trustStoreName)) { + + if (props.trustStoreName.length < 1 || props.trustStoreName.length > 32) { + throw new Error(`trustStoreName '${props.trustStoreName}' must be 1-32 characters long.`); + } + const validNameRegex = /^([a-zA-Z0-9]+-)*[a-zA-Z0-9]+$/; + if (!validNameRegex.test(props.trustStoreName)) { + throw new Error(`trustStoreName '${props.trustStoreName}' must contain only alphanumeric characters and hyphens, and cannot begin or end with a hyphen.`); + } + + } + + const resource = new CfnTrustStore(this, 'Resource', { + name: this.physicalName, + caCertificatesBundleS3Bucket: props.bucket.bucketName, + caCertificatesBundleS3Key: props.key, + caCertificatesBundleS3ObjectVersion: props.version, + }); + + this.trustStoreName = resource.ref; + this.numberOfCaCertificates = resource.attrNumberOfCaCertificates; + this.status = resource.attrStatus; + this.trustStoreArn = resource.attrTrustStoreArn; + } +} diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts index 9f8833b15bfda..575c30b5dfe9d 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/index.ts @@ -8,6 +8,8 @@ export * from './alb/application-load-balancer'; export * from './alb/application-target-group'; export * from './alb/application-listener-action'; export * from './alb/conditions'; +export * from './alb/trust-store'; +export * from './alb/trust-store-revocation'; export * from './nlb/network-listener'; export * from './nlb/network-load-balancer'; diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts index 4c59f89c674d5..4399b50a4ec72 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts @@ -4,6 +4,7 @@ import { Match, Template } from '../../../assertions'; import * as acm from '../../../aws-certificatemanager'; import { Metric } from '../../../aws-cloudwatch'; import * as ec2 from '../../../aws-ec2'; +import * as s3 from '../../../aws-s3'; import * as cdk from '../../../core'; import { SecretValue } from '../../../core'; import * as elbv2 from '../../lib'; @@ -1933,6 +1934,164 @@ describe('tests', () => { }); }); + + describe('Mutual Authentication', () => { + test('Mutual Authentication settings with all properties when mutualAuthenticationMode is verify', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + ignoreClientCertificateExpiry: true, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + MutualAuthentication: { + IgnoreClientCertificateExpiry: true, + Mode: 'verify', + TrustStoreArn: stack.resolve(trustStore.trustStoreArn), + }, + }); + }); + + test.each([elbv2.MutualAuthenticationMode.OFF, elbv2.MutualAuthenticationMode.PASS_THROUGH])('Mutual Authentication settings with all properties when mutualAuthenticationMode is %s', (mutualAuthenticationMode) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + mutualAuthenticationMode, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + MutualAuthentication: { + Mode: mutualAuthenticationMode, + }, + }); + }); + + test('Mutual Authentication settings without all properties', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + MutualAuthentication: { + IgnoreClientCertificateExpiry: Match.absent(), + Mode: Match.absent(), + TrustStoreArn: Match.absent(), + }, + }); + }); + + test('Throw an error when mode is verify without TrustStore', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + expect(() => { + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + ignoreClientCertificateExpiry: true, + mutualAuthenticationMode: elbv2.MutualAuthenticationMode.VERIFY, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + }).toThrow('You must set \'trustStore\' when \'mode\' is \'verify\''); + }); + + test.each([elbv2.MutualAuthenticationMode.OFF, elbv2.MutualAuthenticationMode.PASS_THROUGH])('Throw an error when mode is %s with trustStore', (mutualAuthenticationMode) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + expect(() => { + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + mutualAuthenticationMode, + trustStore, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + }).toThrow('You cannot set \'trustStore\' when \'mode\' is \'off\' or \'passthrough\''); + }); + + test.each([elbv2.MutualAuthenticationMode.OFF, elbv2.MutualAuthenticationMode.PASS_THROUGH])('Throw an error when mode is %s with ignoreClientCertificateExpiry', (mutualAuthenticationMode) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + + // WHEN + expect(() => { + lb.addListener('Listener', { + protocol: elbv2.ApplicationProtocol.HTTPS, + certificates: [importedCertificate(stack)], + mutualAuthentication: { + mutualAuthenticationMode, + ignoreClientCertificateExpiry: true, + }, + defaultAction: elbv2.ListenerAction.fixedResponse(200, + { contentType: 'text/plain', messageBody: 'Success mTLS' }), + }); + }).toThrow('You cannot set \'ignoreClientCertificateExpiry\' when \'mode\' is \'off\' or \'passthrough\''); + }); + }); + }); class ResourceWithLBDependency extends cdk.CfnResource { diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts new file mode 100644 index 0000000000000..0fc003de5b1ed --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store-revocation.test.ts @@ -0,0 +1,79 @@ +import { Match, Template } from '../../../assertions'; +import * as s3 from '../../../aws-s3'; +import * as cdk from '../../../core'; +import * as elbv2 from '../../lib'; + +let stack: cdk.Stack; +beforeEach(() => { + stack = new cdk.Stack(); +}); + +test('Trust Store Revocation with all properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + new elbv2.TrustStoreRevocation(stack, 'Revocation', { + trustStore, + revocationContents: [ + { + revocationType: elbv2.RevocationType.CRL, + bucket, + key: 'crl.pem', + version: 'test-version', + }, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStoreRevocation', { + TrustStoreArn: stack.resolve(trustStore.trustStoreArn), + RevocationContents: [ + { + RevocationType: 'CRL', + S3Bucket: stack.resolve(bucket.bucketName), + S3Key: 'crl.pem', + S3ObjectVersion: 'test-version', + }, + ], + }); +}); + +test('Trust Store Revocation with required properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + const trustStore = new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // WHEN + new elbv2.TrustStoreRevocation(stack, 'Revocation', { + trustStore, + revocationContents: [ + { + bucket, + key: 'crl.pem', + }, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStoreRevocation', { + TrustStoreArn: stack.resolve(trustStore.trustStoreArn), + RevocationContents: [ + { + RevocationType: Match.absent(), + S3Bucket: stack.resolve(bucket.bucketName), + S3Key: 'crl.pem', + S3ObjectVersion: Match.absent(), + }, + ], + }); +}); diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts new file mode 100644 index 0000000000000..52649f273ca81 --- /dev/null +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/trust-store.test.ts @@ -0,0 +1,77 @@ +import { Match, Template } from '../../../assertions'; +import * as s3 from '../../../aws-s3'; +import * as cdk from '../../../core'; +import * as elbv2 from '../../lib'; + +let stack: cdk.Stack; +beforeEach(() => { + stack = new cdk.Stack(); +}); + +test('Trust Store with all properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + new elbv2.TrustStore(stack, 'TrustStore', { + trustStoreName: 'MyTrustStore', + bucket, + key: 'dummy.pem', + version: 'test-version', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStore', { + CaCertificatesBundleS3Bucket: stack.resolve(bucket.bucketName), + CaCertificatesBundleS3Key: 'dummy.pem', + CaCertificatesBundleS3ObjectVersion: 'test-version', + Name: 'MyTrustStore', + }); +}); + +test('Trust Store with required properties', () => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::TrustStore', { + CaCertificatesBundleS3Bucket: stack.resolve(bucket.bucketName), + CaCertificatesBundleS3Key: 'dummy.pem', + CaCertificatesBundleS3ObjectVersion: Match.absent(), + Name: 'TrustStore', + }); +}); + +test.each(['', 'a'.repeat(33)])('Throw an error when trustStoreName length is invalid, trustStoreName: %s', (trustStoreName) => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + expect(() => { + new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + trustStoreName, + }); + }).toThrow(`trustStoreName '${trustStoreName}' must be 1-32 characters long.`); +}); + +test.each(['-test', 'test-', '$test'])('Throw an error when trustStoreName has invalid patten, trustStoreName: %s', (trustStoreName) => { + // GIVEN + const bucket = new s3.Bucket(stack, 'Bucket'); + + // WHEN + expect(() => { + new elbv2.TrustStore(stack, 'TrustStore', { + bucket, + key: 'dummy.pem', + trustStoreName, + }); + }).toThrow(`trustStoreName '${trustStoreName}' must contain only alphanumeric characters and hyphens, and cannot begin or end with a hyphen.`); +}); diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index 8db48224a89b1..c90adb9837fe1 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -115,6 +115,7 @@ "props-physical-name:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancerProps", "props-physical-name:aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListenerProps", "props-physical-name:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListenerProps", + "props-physical-name:aws-cdk-lib.aws_elasticloadbalancingv2.TrustStoreRevocationProps", "props-physical-name:aws-cdk-lib.aws_events.EventBusPolicyProps", "props-physical-name:aws-cdk-lib.aws_fsx.LustreFileSystemProps", "props-physical-name:aws-cdk-lib.aws_iam.AccessKeyProps", From d45bf08c3fa6d342cf06fe26b748b5e367c3e5e3 Mon Sep 17 00:00:00 2001 From: WinterYukky <49480575+WinterYukky@users.noreply.github.com> Date: Wed, 7 Aug 2024 06:22:03 +0900 Subject: [PATCH 07/40] feat(batch): add ECS_AL2023 (#30928) ### Issue # (if applicable) None. ### Reason for this change Because, currently AWS Batch support Amazon Linux 2023, However, we can't use Amazon Linux 2023 for `ManagedEc2EcsComputeEnvironment`. https://docs.aws.amazon.com/batch/latest/APIReference/API_Ec2Configuration.html ### Description of changes Add the `EcsMachineImageType.ECS_AL2023`. ### Description of how you validated changes I could deploy ComputeEnvironment via integ-tests. Also, when I deploy with invalid ImageType, then I got the following error message. ``` Resource handler returned message: "Error executing request, Exception : Inva lid imageType in ComputeResources.ec2Configuration ``` ### Other We may should set `EcsMachineImageType.ECS_AL2023` as default under a feature flag. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssertD4528F80.assets.json | 2 +- .../batch-stack.assets.json | 6 +- .../batch-stack.template.json | 102 ++++++++++ .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 30 ++- .../tree.json | 176 +++++++++++++++++- .../test/integ.managed-compute-environment.ts | 9 +- packages/aws-cdk-lib/aws-batch/README.md | 17 ++ .../lib/managed-compute-environment.ts | 14 +- .../test/managed-compute-environment.test.ts | 46 +++++ 11 files changed, 394 insertions(+), 12 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json index db4752252f4fa..de953f1e34aad 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json index e2d86bf155bda..7fbccde788f96 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33": { + "29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d": { "source": { "path": "batch-stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33.json", + "objectKey": "29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json index 1ef8be9489013..c99047b447f4b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/batch-stack.template.json @@ -1118,6 +1118,108 @@ "Type": "managed", "UpdatePolicy": {} } + }, + "ECSAL2023SecurityGroup7AE4A1D4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "batch-stack/ECS_AL2023/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "ECSAL2023InstanceProfileRoleEBA7FF23": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "ECSAL2023InstanceProfile14B35A51": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ] + } + }, + "ECSAL20239DA0188B": { + "Type": "AWS::Batch::ComputeEnvironment", + "Properties": { + "ComputeResources": { + "AllocationStrategy": "BEST_FIT_PROGRESSIVE", + "Ec2Configuration": [ + { + "ImageType": "ECS_AL2023" + } + ], + "InstanceRole": { + "Fn::GetAtt": [ + "ECSAL2023InstanceProfile14B35A51", + "Arn" + ] + }, + "InstanceTypes": [ + "optimal" + ], + "MaxvCpus": 256, + "MinvCpus": 0, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ECSAL2023SecurityGroup7AE4A1D4", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "Type": "EC2" + }, + "ReplaceComputeEnvironment": false, + "State": "ENABLED", + "Type": "managed", + "UpdatePolicy": {} + } } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json index 824bd984c00e7..1d97ef0a4308e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "BatchManagedComputeEnvironmentTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json index 7fff489e95068..9ec827b896504 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "batch-stack.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "batch-stack.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/812e218c9fa33c5b8c6c8a71d1d566887aff3be3858e7aaa8c3412b5446dbe33.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/29532266ce5c96c372f99765edc76d90da88dd7316798a6e86946bc0ffa1802d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -339,6 +340,30 @@ "data": "taggedCE5029E6F8" } ], + "/batch-stack/ECS_AL2023/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023SecurityGroup7AE4A1D4" + } + ], + "/batch-stack/ECS_AL2023/InstanceProfileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ], + "/batch-stack/ECS_AL2023/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL2023InstanceProfile14B35A51" + } + ], + "/batch-stack/ECS_AL2023/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSAL20239DA0188B" + } + ], "/batch-stack/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -367,6 +392,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "BatchManagedComputeEnvironmentTestDefaultTestDeployAssertD4528F80.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json index 029a5cd85e503..7d665f06bcdc1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.js.snapshot/tree.json @@ -1880,6 +1880,178 @@ "version": "0.0.0" } }, + "ECS_AL2023": { + "id": "ECS_AL2023", + "path": "batch-stack/ECS_AL2023", + "children": { + "SecurityGroup": { + "id": "SecurityGroup", + "path": "batch-stack/ECS_AL2023/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "batch-stack/ECS_AL2023/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceProfileRole": { + "id": "InstanceProfileRole", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole", + "children": { + "ImportInstanceProfileRole": { + "id": "ImportInstanceProfileRole", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole/ImportInstanceProfileRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/InstanceProfileRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "batch-stack/ECS_AL2023/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "ECSAL2023InstanceProfileRoleEBA7FF23" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "batch-stack/ECS_AL2023/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Batch::ComputeEnvironment", + "aws:cdk:cloudformation:props": { + "computeResources": { + "maxvCpus": 256, + "type": "EC2", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ECSAL2023SecurityGroup7AE4A1D4", + "GroupId" + ] + } + ], + "subnets": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ], + "minvCpus": 0, + "instanceRole": { + "Fn::GetAtt": [ + "ECSAL2023InstanceProfile14B35A51", + "Arn" + ] + }, + "instanceTypes": [ + "optimal" + ], + "allocationStrategy": "BEST_FIT_PROGRESSIVE", + "ec2Configuration": [ + { + "imageType": "ECS_AL2023" + } + ] + }, + "replaceComputeEnvironment": false, + "state": "ENABLED", + "type": "managed", + "updatePolicy": {} + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.CfnComputeEnvironment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_batch.ManagedEc2EcsComputeEnvironment", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "batch-stack/BootstrapVersion", @@ -1915,7 +2087,7 @@ "path": "BatchManagedComputeEnvironmentTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -1961,7 +2133,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts index 61de496afa32c..0d71b9cfbff4e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.managed-compute-environment.ts @@ -3,7 +3,7 @@ import { LaunchTemplate } from 'aws-cdk-lib/aws-ec2'; import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import { App, Duration, Stack, Tags } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; -import { AllocationStrategy, FargateComputeEnvironment, ManagedEc2EcsComputeEnvironment } from 'aws-cdk-lib/aws-batch'; +import { AllocationStrategy, FargateComputeEnvironment, ManagedEc2EcsComputeEnvironment, EcsMachineImageType } from 'aws-cdk-lib/aws-batch'; const app = new App(); const stack = new Stack(app, 'batch-stack'); @@ -79,6 +79,13 @@ const taggedEc2Ecs = new ManagedEc2EcsComputeEnvironment(stack, 'taggedCE', { Tags.of(taggedEc2Ecs).add('foo', 'bar'); Tags.of(taggedEc2Ecs).add('super', 'salamander'); +new ManagedEc2EcsComputeEnvironment(stack, 'ECS_AL2023', { + vpc, + images: [{ + imageType: EcsMachineImageType.ECS_AL2023, + }], +}); + new integ.IntegTest(app, 'BatchManagedComputeEnvironmentTest', { testCases: [stack], }); diff --git a/packages/aws-cdk-lib/aws-batch/README.md b/packages/aws-cdk-lib/aws-batch/README.md index 6b7e3eeb89a99..7528e426bb45b 100644 --- a/packages/aws-cdk-lib/aws-batch/README.md +++ b/packages/aws-cdk-lib/aws-batch/README.md @@ -111,6 +111,23 @@ computeEnv.addInstanceClass(ec2.InstanceClass.M4); computeEnv.addInstanceClass(ec2.InstanceClass.R4); ``` +#### Configure AMIs + +You can configure Amazon Machine Images (AMIs). This example configures your `ComputeEnvironment` to use Amazon Linux 2023. + +```ts +declare const vpc: ec2.IVpc; + +new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', { + vpc, + images: [ + { + imageType: batch.EcsMachineImageType.ECS_AL2023, + }, + ], +}); +``` + #### Allocation Strategies | Allocation Strategy | Optimized for | Downsides | diff --git a/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts b/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts index 64746104333ce..c9f03e9f0dd73 100644 --- a/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts +++ b/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts @@ -395,10 +395,16 @@ export interface EksMachineImage extends MachineImage{ */ export enum EcsMachineImageType { /** - * Tells Batch that this machine image runs on non-GPU instances + * Tells Batch that this machine image runs on non-GPU AL2 instances */ ECS_AL2 = 'ECS_AL2', + /** + * Tells Batch that this machine image runs on non-GPU AL2023 instances. + * Amazon Linux 2023 does not support A1 instances. + */ + ECS_AL2023 = 'ECS_AL2023', + /** * Tells Batch that this machine image runs on GPU instances */ @@ -652,6 +658,12 @@ export class ManagedEc2EcsComputeEnvironment extends ManagedComputeEnvironmentBa this.instanceTypes = props.instanceTypes ?? []; this.instanceClasses = props.instanceClasses ?? []; + if (this.images?.find(image => image.imageType === EcsMachineImageType.ECS_AL2023) && + (this.instanceClasses.includes(ec2.InstanceClass.A1) || + this.instanceTypes.find(instanceType => instanceType.sameInstanceClassAs(ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.LARGE)))) + ) { + throw new Error('Amazon Linux 2023 does not support A1 instances.'); + } const { instanceRole, instanceProfile } = createInstanceRoleAndProfile(this, props.instanceRole); this.instanceRole = instanceRole; diff --git a/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts b/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts index d20c9677d97c3..b2d572fd8de37 100644 --- a/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts +++ b/packages/aws-cdk-lib/aws-batch/test/managed-compute-environment.test.ts @@ -794,6 +794,52 @@ describe('ManagedEc2EcsComputeEnvironment', () => { }); }); + test('Amazon Linux 2023 does not support A1 instances.', () => { + expect(() => new ManagedEc2EcsComputeEnvironment(stack, 'Al2023A1InstanceClass', { + ...defaultEcsProps, + instanceClasses: [ec2.InstanceClass.A1], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2023, + }, + ], + })).toThrow('Amazon Linux 2023 does not support A1 instances.'); + + expect(() => new ManagedEc2EcsComputeEnvironment(stack, 'Al2023A1XlargeInstance', { + ...defaultEcsProps, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.XLARGE2)], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2023, + }, + ], + })).toThrow('Amazon Linux 2023 does not support A1 instances.'); + + new ManagedEc2EcsComputeEnvironment(stack, 'Al2A1InstanceClass', { + ...defaultEcsProps, + instanceClasses: [ec2.InstanceClass.A1], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2, + }, + ], + }); + + new ManagedEc2EcsComputeEnvironment(stack, 'Al2A1XlargeInstance', { + ...defaultEcsProps, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.A1, ec2.InstanceSize.XLARGE2)], + vpc, + images: [ + { + imageType: EcsMachineImageType.ECS_AL2, + }, + ], + }); + }); + test('can use non-default allocation strategy', () => { // WHEN new ManagedEc2EcsComputeEnvironment(stack, 'MyCE', { From 292846ef2a0c9362a9a47d17eb9f4b1cf135b3b8 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Wed, 7 Aug 2024 07:36:46 +0900 Subject: [PATCH 08/40] chore(ec2): add missing interface vpc endpoints (#30807) Add Eventbridge's missing VPC endpoints. I identified the missing VPC endpoints using the following procedure: 1. Retrieved a list of interface endpoints using the command below ```sh % aws ec2 describe-vpc-endpoint-services \ --filter Name=service-type,Values=Interface \ --query 'ServiceDetails[].[ServiceName,BaseEndpointDnsNames[0]]' \ --output json --region us-east-1| jq -r '.[] | @csv' // result "aws.api.us-east-1.bcm-data-exports","bcm-data-exports.us-east-1.vpce.amazonaws.com" "aws.api.us-east-1.freetier","freetier.us-east-1.vpce.amazonaws.com" "aws.api.us-east-1.kendra-ranking","kendra-ranking.us-east-1.vpce.amazonaws.com" "aws.api.us-east-1.qbusiness","qbusiness.us-east-1.vpce.amazonaws.com" // omit ``` 2. Obtained the differences by comparing the implementation with the list 3. Verified the differing endpoints exist in the documentation and added them to the implementation Ref: * https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html Note: * This PR doesn't include DynamoDB interface endpoint because #30162 already opened. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index dbd4fae1752b1..ad76046aba257 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -303,9 +303,12 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly BEDROCK_AGENT = new InterfaceVpcEndpointAwsService('bedrock-agent'); public static readonly BEDROCK_AGENT_RUNTIME = new InterfaceVpcEndpointAwsService('bedrock-agent-runtime'); public static readonly BEDROCK_RUNTIME = new InterfaceVpcEndpointAwsService('bedrock-runtime'); + public static readonly BILLING_AND_COST_MANAGEMENT_FREETIER = new InterfaceVpcEndpointAwsService('freetier'); + public static readonly BILLING_AND_COST_MANAGEMENT_TAX = new InterfaceVpcEndpointAwsService('tax'); public static readonly BILLING_CONDUCTOR = new InterfaceVpcEndpointAwsService('billingconductor'); public static readonly BRAKET = new InterfaceVpcEndpointAwsService('braket'); public static readonly CLEAN_ROOMS = new InterfaceVpcEndpointAwsService('cleanrooms'); + public static readonly CLEAN_ROOMS_ML = new InterfaceVpcEndpointAwsService('cleanrooms-ml'); public static readonly CLOUD_CONTROL_API = new InterfaceVpcEndpointAwsService('cloudcontrolapi'); public static readonly CLOUD_CONTROL_API_FIPS = new InterfaceVpcEndpointAwsService('cloudcontrolapi-fips'); public static readonly CLOUD_DIRECTORY = new InterfaceVpcEndpointAwsService('clouddirectory'); @@ -316,9 +319,11 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CLOUDFORMATION = new InterfaceVpcEndpointAwsService('cloudformation'); public static readonly CLOUDHSM = new InterfaceVpcEndpointAwsService('cloudhsmv2'); public static readonly CLOUDTRAIL = new InterfaceVpcEndpointAwsService('cloudtrail'); + /** @deprecated Use InterfaceVpcEndpointAwsService.Q_DEVELOPER_CODE_WHISPERER instead.*/ public static readonly CODEWHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); /** @deprecated - Use InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING instead. */ public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring'); + public static readonly CLOUDWATCH_APPLICATION_SIGNALS = new InterfaceVpcEndpointAwsService('application-signals'); /** @deprecated - Use InterfaceVpcEndpointAwsService.EVENTBRIDGE instead. */ public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events'); public static readonly CLOUDWATCH_EVIDENTLY = new InterfaceVpcEndpointAwsService('evidently'); @@ -344,6 +349,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CODEGURU_REVIEWER = new InterfaceVpcEndpointAwsService('codeguru-reviewer'); public static readonly CODEPIPELINE = new InterfaceVpcEndpointAwsService('codepipeline'); public static readonly CODESTAR_CONNECTIONS = new InterfaceVpcEndpointAwsService('codestar-connections.api'); + public static readonly CODE_CONNECTIONS = new InterfaceVpcEndpointAwsService('codeconnections.api'); public static readonly COMPREHEND = new InterfaceVpcEndpointAwsService('comprehend'); public static readonly COMPREHEND_MEDICAL = new InterfaceVpcEndpointAwsService('comprehendmedical'); public static readonly CONFIG = new InterfaceVpcEndpointAwsService('config'); @@ -353,11 +359,16 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CONNECT_PROFILE = new InterfaceVpcEndpointAwsService('profile'); public static readonly CONNECT_VOICEID = new InterfaceVpcEndpointAwsService('voiceid'); public static readonly CONNECT_WISDOM = new InterfaceVpcEndpointAwsService('wisdom'); + public static readonly CONTROL_CATALOG = new InterfaceVpcEndpointAwsService('controlcatalog'); + public static readonly COST_EXPLORER = new InterfaceVpcEndpointAwsService('ce'); public static readonly DATA_EXCHANGE = new InterfaceVpcEndpointAwsService('dataexchange'); + public static readonly DATA_EXPORTS = new InterfaceVpcEndpointAwsService('bcm-data-exports'); public static readonly DATASYNC = new InterfaceVpcEndpointAwsService('datasync'); public static readonly DATAZONE = new InterfaceVpcEndpointAwsService('datazone'); public static readonly DATABASE_MIGRATION_SERVICE = new InterfaceVpcEndpointAwsService('dms'); public static readonly DATABASE_MIGRATION_SERVICE_FIPS = new InterfaceVpcEndpointAwsService('dms-fips'); + public static readonly DEADLINE_CLOUD_MANAGEMENT = new InterfaceVpcEndpointAwsService('deadline.management'); + public static readonly DEADLINE_CLOUD_SCHEDULING = new InterfaceVpcEndpointAwsService('deadline.scheduling'); public static readonly DEVOPS_GURU = new InterfaceVpcEndpointAwsService('devops-guru'); public static readonly DIRECTORY_SERVICE = new InterfaceVpcEndpointAwsService('ds'); public static readonly EBS_DIRECT = new InterfaceVpcEndpointAwsService('ebs'); @@ -387,6 +398,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly EMR_WAL = new InterfaceVpcEndpointAwsService('emrwal.prod'); public static readonly ENTITY_RESOLUTION = new InterfaceVpcEndpointAwsService('entityresolution'); public static readonly EVENTBRIDGE = new InterfaceVpcEndpointAwsService('events'); + public static readonly EVENTBRIDGE_SCHEMA_REGISTRY = new InterfaceVpcEndpointAwsService('schemas'); public static readonly FAULT_INJECTION_SIMULATOR = new InterfaceVpcEndpointAwsService('fis'); public static readonly FINSPACE = new InterfaceVpcEndpointAwsService('finspace'); public static readonly FINSPACE_API = new InterfaceVpcEndpointAwsService('finspace-api'); @@ -408,6 +420,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly GUARDDUTY_DATA_FIPS = new InterfaceVpcEndpointAwsService('guardduty-data-fips'); public static readonly HEALTH_IMAGING = new InterfaceVpcEndpointAwsService('medical-imaging'); public static readonly HEALTH_IMAGING_RUNTIME = new InterfaceVpcEndpointAwsService('runtime-medical-imaging'); + public static readonly HEALTH_IMAGING_DICOM = new InterfaceVpcEndpointAwsService('dicom-medical-imaging'); public static readonly HEALTHLAKE = new InterfaceVpcEndpointAwsService('healthlake'); public static readonly IAM_IDENTITY_CENTER = new InterfaceVpcEndpointAwsService('identitystore'); public static readonly IAM_ROLES_ANYWHERE = new InterfaceVpcEndpointAwsService('rolesanywhere'); @@ -442,11 +455,14 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly LEX_RUNTIME = new InterfaceVpcEndpointAwsService('runtime-v2-lex'); public static readonly LICENSE_MANAGER = new InterfaceVpcEndpointAwsService('license-manager'); public static readonly LICENSE_MANAGER_FIPS = new InterfaceVpcEndpointAwsService('license-manager-fips'); + public static readonly LICENSE_MANAGER_LINUX_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('license-manager-linux-subscriptions'); + public static readonly LICENSE_MANAGER_LINUX_SUBSCRIPTIONS_FIPS = new InterfaceVpcEndpointAwsService('license-manager-linux-subscriptions-fips'); public static readonly LICENSE_MANAGER_USER_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('license-manager-user-subscriptions'); public static readonly LOOKOUT_EQUIPMENT = new InterfaceVpcEndpointAwsService('lookoutequipment'); public static readonly LOOKOUT_METRICS = new InterfaceVpcEndpointAwsService('lookoutmetrics'); public static readonly LOOKOUT_VISION = new InterfaceVpcEndpointAwsService('lookoutvision'); public static readonly MAINFRAME_MODERNIZATION = new InterfaceVpcEndpointAwsService('m2'); + public static readonly MAINFRAME_MODERNIZATION_APP_TEST = new InterfaceVpcEndpointAwsService('apptest'); public static readonly MACIE = new InterfaceVpcEndpointAwsService('macie2'); public static readonly MANAGEMENT_CONSOLE = new InterfaceVpcEndpointAwsService('console'); public static readonly MANAGEMENT_CONSOLE_SIGNIN = new InterfaceVpcEndpointAwsService('signin'); @@ -460,6 +476,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly MIGRATIONHUB_STRATEGY = new InterfaceVpcEndpointAwsService('migrationhub-strategy'); public static readonly NEPTUNE_ANALYTICS = new InterfaceVpcEndpointAwsService('neptune-graph'); public static readonly NIMBLE_STUDIO = new InterfaceVpcEndpointAwsService('nimble'); + public static readonly OUTPOSTS = new InterfaceVpcEndpointAwsService('outposts'); public static readonly ORGANIZATIONS = new InterfaceVpcEndpointAwsService('organizations'); public static readonly ORGANIZATIONS_FIPS = new InterfaceVpcEndpointAwsService('organizations-fips'); public static readonly OMICS_ANALYTICS = new InterfaceVpcEndpointAwsService('analytics-omics'); @@ -477,7 +494,9 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ /** @deprecated - Use InterfaceVpcEndpointAwsService.PINPOINT_SMS_VOICE_V2 instead. */ public static readonly PINPOINT = new InterfaceVpcEndpointAwsService('pinpoint-sms-voice-v2'); public static readonly PINPOINT_SMS_VOICE_V2 = new InterfaceVpcEndpointAwsService('pinpoint-sms-voice-v2'); + public static readonly PIPES = new InterfaceVpcEndpointAwsService('pipes'); public static readonly PIPES_DATA = new InterfaceVpcEndpointAwsService('pipes-data'); + public static readonly PIPES_FIPS = new InterfaceVpcEndpointAwsService('pipes-fips'); public static readonly POLLY = new InterfaceVpcEndpointAwsService('polly'); public static readonly PRIVATE_5G = new InterfaceVpcEndpointAwsService('private-networks'); public static readonly PRIVATE_CERTIFICATE_AUTHORITY = new InterfaceVpcEndpointAwsService('acm-pca'); @@ -485,12 +504,17 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly PROMETHEUS = new InterfaceVpcEndpointAwsService('aps'); public static readonly PROMETHEUS_WORKSPACES = new InterfaceVpcEndpointAwsService('aps-workspaces'); public static readonly PROTON = new InterfaceVpcEndpointAwsService('proton'); + public static readonly Q_BUSSINESS = new InterfaceVpcEndpointAwsService('qbusiness', 'aws.api'); + public static readonly Q_DEVELOPER_CODE_WHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); + public static readonly Q_DEVELOPER_QAPPS = new InterfaceVpcEndpointAwsService('qapps'); public static readonly QLDB = new InterfaceVpcEndpointAwsService('qldb.session'); + public static readonly QUICKSIGHT_WEBSITE = new InterfaceVpcEndpointAwsService('quicksight-website'); public static readonly RDS = new InterfaceVpcEndpointAwsService('rds'); public static readonly RDS_DATA = new InterfaceVpcEndpointAwsService('rds-data'); public static readonly REDSHIFT = new InterfaceVpcEndpointAwsService('redshift'); public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips'); public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data'); + public static readonly REDSHIFT_DATA_FIPS = new InterfaceVpcEndpointAwsService('redshift-data-fips'); public static readonly REKOGNITION = new InterfaceVpcEndpointAwsService('rekognition'); public static readonly REKOGNITION_FIPS = new InterfaceVpcEndpointAwsService('rekognition-fips'); public static readonly REKOGNITION_STREAMING = new InterfaceVpcEndpointAwsService('streaming-rekognition'); From ae7d1814900fc10ab489bc7a4cfe8ccd1694e8f8 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 7 Aug 2024 02:35:35 +0300 Subject: [PATCH 09/40] feat(region-info): update Metadata regions (#31044) Update the list of regions where the CDK deploys the `AWS::CDK::Metadata` resource. --- packages/aws-cdk-lib/region-info/build-tools/metadata.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts index c97ef832bf8ad..eb74c7396da1d 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts @@ -12,6 +12,7 @@ export const AWS_CDK_METADATA = new Set([ 'ap-east-1', 'ap-northeast-1', 'ap-northeast-2', + 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', From 71f07e4511206f66d3c31216d11b8b56534ac626 Mon Sep 17 00:00:00 2001 From: Ali Servet Donmez Date: Wed, 7 Aug 2024 02:32:35 +0200 Subject: [PATCH 10/40] docs(opensearchservice): fix broken Markdown due to an invisible char (#31007) ### Issue # (if applicable) Closes #. ### Reason for this change For some invisible char in the Markdown, it wasn't rendered correctly. ### Description of changes I am unsure what was there, but replacing the "space" between `##` and `Enable` with a regular space (i.e., ' ') fixed it. ### Description of how you validated changes After this change, using the Markdown preview feature in my editor, as well as regular Markdown syntax highlighting, worked as expected. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-opensearchservice/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-opensearchservice/README.md b/packages/aws-cdk-lib/aws-opensearchservice/README.md index e24f2df325e25..dcff581a78857 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/README.md +++ b/packages/aws-cdk-lib/aws-opensearchservice/README.md @@ -464,7 +464,7 @@ const domain = new Domain(this, 'Domain', { }); ``` -## Enable support for Multi-AZ with Standby deployment +## Enable support for Multi-AZ with Standby deployment The domain can be configured to use [multi-AZ with standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby). From 6ec69b9184417c7fb5d4df808b57ae59c546753c Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 7 Aug 2024 04:13:24 +0300 Subject: [PATCH 11/40] feat(region-info): update Metadata regions (#31046) Update the list of regions where the CDK deploys the `AWS::CDK::Metadata` resource. --- packages/aws-cdk-lib/region-info/build-tools/metadata.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts index eb74c7396da1d..0ef7b18fb82a2 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts @@ -14,14 +14,19 @@ export const AWS_CDK_METADATA = new Set([ 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', + 'ap-south-2', 'ap-southeast-1', 'ap-southeast-2', + 'ap-southeast-3', + 'ap-southeast-4', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', + 'eu-central-2', 'eu-north-1', 'eu-south-1', + 'eu-south-2', 'eu-west-1', 'eu-west-2', 'eu-west-3', From 9025635e7401388a4192d34b9fbe2ae28d849587 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 7 Aug 2024 06:16:08 +0300 Subject: [PATCH 12/40] feat(region-info): update Metadata regions (#31047) Update the list of regions where the CDK deploys the `AWS::CDK::Metadata` resource. --- packages/aws-cdk-lib/region-info/build-tools/metadata.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts index 0ef7b18fb82a2..58a7436ec118b 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/metadata.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/metadata.ts @@ -20,6 +20,7 @@ export const AWS_CDK_METADATA = new Set([ 'ap-southeast-3', 'ap-southeast-4', 'ca-central-1', + 'ca-west-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', From e17fdd76959e8aafd07cfa1db34325f1c24b3acf Mon Sep 17 00:00:00 2001 From: shikha372 Date: Wed, 7 Aug 2024 08:21:02 -0700 Subject: [PATCH 13/40] feat(vpc): support custom route and subnet (#30538) ### Issue # (if applicable) Closes [RFC#507](https://github.com/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md). Issue#[5927](https://github.com/aws/aws-cdk/issues/5927) Tracking Ticket https://github.com/aws/aws-cdk/issues/30762 ### Reason for this change This PR implements below RFC for Full Control VPC configuration Implementing RFC [Full Control VPC](https://github.com/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md) ### Description of changes Experimental API for VPC Lifecycle Doc: https://github.com/cdklabs/team-internal/blob/main/docs/construct-library-lifecycle.md - Introduced a new alpha module for VPCV2 - Both new class VPCV2 and SubnetV2 implement IVPC and ISubnet for compatibility with other constructs - Introduced a new IPAM class to support IP address alllocation through IPAM pool. - Validations of IP ranges assigned to subnet. - L2 class(Route) to define custom routes under the subnet - L2s for gateways like Egress only IGW and NATGW. ### Next Steps: Iterate on the API with the feedback from community and team to make it ergonomic. Close on the features listed in [tracking ticket](https://github.com/aws/aws-cdk/issues/30762) Will follow the exit criteria for this experimental API as outlined in below doc: https://github.com/cdklabs/team-internal/blob/main/docs/construct-library-lifecycle.md ### Description of how you validated changes Added unit tests with current coverage ~70% Added integration tests for subnet, vpc and routing features. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js | 4 + packages/@aws-cdk/aws-ec2-alpha/.gitignore | 23 + packages/@aws-cdk/aws-ec2-alpha/.npmignore | 28 + packages/@aws-cdk/aws-ec2-alpha/LICENSE | 201 ++ packages/@aws-cdk/aws-ec2-alpha/NOTICE | 2 + packages/@aws-cdk/aws-ec2-alpha/README.md | 199 ++ packages/@aws-cdk/aws-ec2-alpha/awslint.json | 7 + .../@aws-cdk/aws-ec2-alpha/jest.config.js | 10 + packages/@aws-cdk/aws-ec2-alpha/lib/index.ts | 10 + packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts | 542 ++++ packages/@aws-cdk/aws-ec2-alpha/lib/route.ts | 587 ++++ .../@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts | 416 +++ packages/@aws-cdk/aws-ec2-alpha/lib/util.ts | 382 +++ .../@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts | 368 +++ packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 487 +++ packages/@aws-cdk/aws-ec2-alpha/package.json | 107 + .../aws-cdk-routev2-alpha.assets.json | 19 + .../aws-cdk-routev2-alpha.template.json | 115 + ...routev2-dynamodbendpoint-alpha.assets.json | 19 + ...utev2-dynamodbendpoint-alpha.template.json | 147 + ...dk-routev2-egressonlyigw-alpha.assets.json | 19 + ...-routev2-egressonlyigw-alpha.template.json | 134 + .../aws-cdk-routev2-igw-alpha.assets.json | 19 + .../aws-cdk-routev2-igw-alpha.template.json | 154 + ...ws-cdk-routev2-networkif-alpha.assets.json | 19 + ...-cdk-routev2-networkif-alpha.template.json | 115 + ...cdk-routev2-privatenatgw-alpha.assets.json | 19 + ...k-routev2-privatenatgw-alpha.template.json | 152 + ...-cdk-routev2-publicnatgw-alpha.assets.json | 19 + ...dk-routev2-publicnatgw-alpha.template.json | 204 ++ ...routev2-virtualprivategw-alpha.assets.json | 19 + ...utev2-virtualprivategw-alpha.template.json | 157 + ...outev2-vpcpeerconnection-alpha.assets.json | 19 + ...tev2-vpcpeerconnection-alpha.template.json | 115 + .../test/integ.route-v2.js.snapshot/cdk.out | 1 + .../integ.route-v2.js.snapshot/integ.json | 12 + ...efaultTestDeployAssertA16689B0.assets.json | 19 + ...aultTestDeployAssertA16689B0.template.json | 36 + ...efaultTestDeployAssert46FEDE40.assets.json | 19 + ...aultTestDeployAssert46FEDE40.template.json | 36 + ...efaultTestDeployAssert04E3783E.assets.json | 19 + ...aultTestDeployAssert04E3783E.template.json | 36 + ...efaultTestDeployAssertF3FA2F74.assets.json | 19 + ...aultTestDeployAssertF3FA2F74.template.json | 36 + ...efaultTestDeployAssert4B12233C.assets.json | 19 + ...aultTestDeployAssert4B12233C.template.json | 36 + ...efaultTestDeployAssertC0DDB875.assets.json | 19 + ...aultTestDeployAssertC0DDB875.template.json | 36 + ...efaultTestDeployAssert90B004F4.assets.json | 19 + ...aultTestDeployAssert90B004F4.template.json | 36 + ...efaultTestDeployAssert4C509DCE.assets.json | 19 + ...aultTestDeployAssert4C509DCE.template.json | 36 + ...efaultTestDeployAssert77221752.assets.json | 19 + ...aultTestDeployAssert77221752.template.json | 36 + .../integ.route-v2.js.snapshot/manifest.json | 1265 ++++++++ .../test/integ.route-v2.js.snapshot/tree.json | 2607 +++++++++++++++++ .../aws-ec2-alpha/test/integ.route-v2.ts | 160 + .../aws-cdk-vpcv2-alpha-new.assets.json | 19 + .../aws-cdk-vpcv2-alpha-new.template.json | 279 ++ .../test/integ.subnet-v2.js.snapshot/cdk.out | 1 + .../integ.subnet-v2.js.snapshot/integ.json | 12 + ...efaultTestDeployAssertCF40BD53.assets.json | 19 + ...aultTestDeployAssertCF40BD53.template.json | 36 + .../integ.subnet-v2.js.snapshot/manifest.json | 212 ++ .../integ.subnet-v2.js.snapshot/tree.json | 552 ++++ .../aws-ec2-alpha/test/integ.subnet-v2.ts | 80 + .../aws-cdk-vpcv2-alpha.assets.json | 19 + .../aws-cdk-vpcv2-alpha.template.json | 329 +++ .../integ.vpc-v2-alpha.js.snapshot/cdk.out | 1 + .../integ.vpc-v2-alpha.js.snapshot/integ.json | 12 + ...efaultTestDeployAssertCF40BD53.assets.json | 19 + ...aultTestDeployAssertCF40BD53.template.json | 36 + .../manifest.json | 272 ++ .../integ.vpc-v2-alpha.js.snapshot/tree.json | 608 ++++ .../aws-ec2-alpha/test/integ.vpc-v2-alpha.ts | 108 + .../@aws-cdk/aws-ec2-alpha/test/ipam.test.ts | 150 + .../@aws-cdk/aws-ec2-alpha/test/route.test.ts | 674 +++++ .../aws-ec2-alpha/test/subnet-v2.test.ts | 303 ++ packages/@aws-cdk/aws-ec2-alpha/test/util.ts | 27 + .../aws-ec2-alpha/test/vpc-v2.test.ts | 260 ++ .../cli-lib-alpha/THIRD_PARTY_LICENSES | 2 +- packages/@aws-cdk/cx-api/FEATURE_FLAGS.md | 2 +- yarn.lock | 2 +- 83 files changed, 13408 insertions(+), 3 deletions(-) create mode 100644 packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js create mode 100644 packages/@aws-cdk/aws-ec2-alpha/.gitignore create mode 100644 packages/@aws-cdk/aws-ec2-alpha/.npmignore create mode 100644 packages/@aws-cdk/aws-ec2-alpha/LICENSE create mode 100644 packages/@aws-cdk/aws-ec2-alpha/NOTICE create mode 100644 packages/@aws-cdk/aws-ec2-alpha/README.md create mode 100644 packages/@aws-cdk/aws-ec2-alpha/awslint.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/jest.config.js create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/index.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/route.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/util.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/package.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/util.ts create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts diff --git a/packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js b/packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js new file mode 100644 index 0000000000000..73d2505a85a7f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/.eslintrc.js @@ -0,0 +1,4 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; +baseConfig.rules['import/order'] = 'off'; +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-ec2-alpha/.gitignore b/packages/@aws-cdk/aws-ec2-alpha/.gitignore new file mode 100644 index 0000000000000..3e895fc51317c --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/.gitignore @@ -0,0 +1,23 @@ +*.js +*.js.map +*.d.ts +tsconfig.json +node_modules +*.generated.ts +dist +.jsii + +.LAST_BUILD +.nyc_output +coverage +nyc.config.js +.LAST_PACKAGE +*.snk +!.eslintrc.js +!jest.config.js + +junit.xml +!**/*.snapshot/**/asset.*/*.js +!**/*.snapshot/**/asset.*/*.d.ts + +!**/*.snapshot/**/asset.*/** diff --git a/packages/@aws-cdk/aws-ec2-alpha/.npmignore b/packages/@aws-cdk/aws-ec2-alpha/.npmignore new file mode 100644 index 0000000000000..b94897de6fcce --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/.npmignore @@ -0,0 +1,28 @@ +# Don't include original .ts files when doing `npm pack` +*.ts +!*.d.ts +coverage +.nyc_output +*.tgz + +dist +.LAST_PACKAGE +.LAST_BUILD +!*.js + +# Include .jsii +!.jsii + +*.snk + +*.tsbuildinfo + +tsconfig.json +.eslintrc.js +jest.config.js + +# exclude cdk artifacts +**/cdk.out +junit.xml +!*.lit.ts +**/*.snapshot diff --git a/packages/@aws-cdk/aws-ec2-alpha/LICENSE b/packages/@aws-cdk/aws-ec2-alpha/LICENSE new file mode 100644 index 0000000000000..dcf28b52a83af --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/@aws-cdk/aws-ec2-alpha/NOTICE b/packages/@aws-cdk/aws-ec2-alpha/NOTICE new file mode 100644 index 0000000000000..c0b1f046c881a --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md new file mode 100644 index 0000000000000..0de7e39d27d35 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -0,0 +1,199 @@ +# Amazon VpcV2 Construct Library + + + +--- + +![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) + +> The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package. + +--- + + + +## VpcV2 + +`VpcV2` is a re-write of the [`ec2.Vpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html) construct. This new construct enables higher level of customization +on the VPC being created. `VpcV2` implements the existing [`IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html), therefore, +`VpcV2` is compatible with other constructs that accepts `IVpc` (e.g. [`ApplicationLoadBalancer`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer.html#construct-props)). + +To create a VPC with both IPv4 and IPv6 support: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2'); +new vpc_v2.VpcV2(stack, 'Vpc', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/24'), + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.amazonProvidedIpv6({cidrBlockName: 'AmazonProvidedIpv6'}), + ], +}); +``` + +`VpcV2` does not automatically create subnets or allocate IP addresses, which is different from the `Vpc` construct. + +Importing existing VPC in an account into CDK as a `VpcV2` is not yet supported. + +## SubnetV2 + +`SubnetV2` is a re-write of the [`ec2.Subnet`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Subnet.html) construct. +This new construct can be used to add subnets to a `VpcV2` instance: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2'); +const vpc = new vpc_v2.VpcV2(stack, 'Vpc', { + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonProvidedIp'}), + ], +}); +const vpcFirstIpV6Cidr = Fn.select(0, vpc.ipv6CidrBlocks); +const subCidrs = Fn.cidr(vpcFirstIpV6Cidr, 3, 32); +new vpc_v2.SubnetV2(stack, 'subnetA', { + vpc, + availabilityZone: 'us-east-1a', + cidrBlock: new vpc_v2.IpCidr('10.0.0.0/24'), + ipv6CidrBlock: new vpc_v2.IpCidr(Fn.select(0, subCidrs)), + subnetType: ec2.SubnetType.PRIVATE_ISOLATED, +}) +``` + +Same as `VpcV2`, importing existing subnets is not yet supported. + +## IP Addresses Management + +By default `VpcV2` uses `10.0.0.0/16` as the primary CIDR if none is defined. +Additional CIDRs can be adding to the VPC via the `secondaryAddressBlocks` prop. +The following example illustrates the different options of defining the address blocks: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2'); +const ipam = new Ipam(stack, 'Ipam', { + operatingRegion: ['us-west-1'] +}); +const ipamPublicPool = ipam.publicScope.addPool('PublicPoolA', { + addressFamily: vpc_v2.AddressFamily.IP_V6, + awsService: 'ec2', + locale: 'us-west-1', + publicIpSource: vpc_v2.IpamPoolPublicIpSource.AMAZON, +}); +ipamPublicPool.provisionCidr('PublicPoolACidrA', { netmaskLength: 52 } ); + +const ipamPrivatePool = ipam.privateScope.addPool('PrivatePoolA', { + addressFamily: vpc_v2.AddressFamily.IP_V4, +}); +ipamPrivatePool.provisionCidr('PrivatePoolACidrA', { netmaskLength: 8 } ); + +new vpc_v2.VpcV2(stack, 'Vpc', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/24'), + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonIpv6' }), + vpc_v2.IpAddresses.ipv6Ipam({ + ipv6IpamPool: ipamPublicPool, + ipv6NetmaskLength: 52, + cidrBlockName: 'ipv6Ipam', + }), + vpc_v2.IpAddresses.ipv4Ipam({ + ipv6IpamPool: ipamPrivatePool, + ipv6NetmaskLength: 8, + cidrBlockName: 'ipv4Ipam', + }), + ], +}); +``` + +Since `VpcV2` does not create subnets automatically, users have full control over IP addresses allocation across subnets. + + +## Routing + +`RouteTable` is a new construct that allows for route tables to be customized in a variety of ways. For instance, the following example shows how a custom route table can be created and appended to a subnet: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpc: myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', { + vpc, + routeTable, + ..., +}); +``` + +`Route`s can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the `Route` construct. An example using the `InternetGateway` construct can be seen below: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpc: vpc.myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', {...}); + +const igw = new vpc_v2.InternetGateway(stack, 'IGW', { + vpcId: vpc.myVpc, +}); +new vpc_v2.Route(stack, 'IgwRoute', { + routeTable, + destination: vpc_v2.IpAddresses.ipv4('0.0.0.0/0'), + target: igw, +}); +``` + +Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a `NatGateway`: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpcId: vpc.myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', {...}); + +const natgw = new vpc_v2.NatGateway(stack, 'NatGW', { + subnet: subnet, + vpcId: vpc.myVpc, + connectivityType: 'private', + privateIpAddress: '10.0.0.42', +}); +new vpc_v2.Route(stack, 'NatGwRoute', { + routeTable, + destination: vpc_v2.IpAddresses.ipv4('0.0.0.0/0'), + target: natgw, +}); +``` + +It is also possible to set up endpoints connecting other AWS services. For instance, the example below illustrates the linking of a Dynamo DB endpoint via the existing `ec2.GatewayVpcEndpoint` construct as a route target: + +```ts +import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const myVpc = new vpc_v2.VpcV2(stack, 'Vpc', {...}); +const routeTable = new vpc_v2.RouteTable(stack, 'RouteTable', { + vpcId: vpc.myVpc, +}); +const subnet = new vpc_v2.SubnetV2(stack, 'Subnet', {...}); + +const dynamoEndpoint = new GatewayVpcEndpoint(stack, 'DynamoEndpoint', { + service: ec2.GatewayVpcEndpointAwsService.DYNAMODB, + vpc: vpc, + subnets: [subnet], +}); +new vpc_v2.Route(stack, 'DynamoDBRoute', { + routeTable, + destination: vpc_v2.IpAddresses.ipv4('0.0.0.0/0'), + target: dynamoEndpoint, +}); +``` diff --git a/packages/@aws-cdk/aws-ec2-alpha/awslint.json b/packages/@aws-cdk/aws-ec2-alpha/awslint.json new file mode 100644 index 0000000000000..35de7712d8ef5 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/awslint.json @@ -0,0 +1,7 @@ +{ + "exclude": [ + "from-method:@aws-cdk/aws-ec2-alpha.VpcV2", + "attribute-tag:@aws-cdk/aws-ec2-alpha.RouteTable.routeTableId", + "from-method:@aws-cdk/aws-ec2-alpha.SubnetV2" + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/jest.config.js b/packages/@aws-cdk/aws-ec2-alpha/jest.config.js new file mode 100644 index 0000000000000..4995208baf512 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/jest.config.js @@ -0,0 +1,10 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); +module.exports = { + ...baseConfig, + coverageThreshold: { + global: { + statements: 75, + branches: 63, + }, + }, +};; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/index.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/index.ts new file mode 100644 index 0000000000000..26f148f30b2aa --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/index.ts @@ -0,0 +1,10 @@ +// The index.ts files contains a list of files we want to +// include as part of the public API of this module. +// In general, all files including L2 classes will be listed here, +// while all files including only utility functions will be omitted from here. + +export * from './vpc-v2'; +export * from './ipam'; +export * from './vpc-v2-base'; +export * from './subnet-v2'; +export * from './route'; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts new file mode 100644 index 0000000000000..0d420603fee9d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts @@ -0,0 +1,542 @@ +import { CfnIPAM, CfnIPAMPool, CfnIPAMPoolCidr, CfnIPAMScope } from 'aws-cdk-lib/aws-ec2'; +import { Construct } from 'constructs'; +import { Lazy, Names, Resource, Stack } from 'aws-cdk-lib'; + +/** + * Represents the address family for IP addresses in an IPAM pool. + * IP_V4 - Represents the IPv4 address family. + * IP_V6 - Represents the IPv6 address family. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-addressfamily + */ +export enum AddressFamily { + /** + * Represents the IPv4 address family. + * Allowed under public and private pool. + */ + IP_V4 = 'ipv4', + + /** + * Represents the IPv6 address family. + * Only allowed under public pool. + */ + IP_V6 = 'ipv6', +} + +/** + * The IP address source for pools in the public scope. + * Only used for provisioning IP address CIDRs to pools in the public scope. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-publicipsource + */ +export enum IpamPoolPublicIpSource { + /** + * BYOIP Ipv6 to be registered under IPAM + */ + BYOIP = 'byoip', + + /** + * Amazon Provided Ipv6 range + */ + AMAZON = 'amazon', +} + +/** + * Limits which service in AWS that the pool can be used in + */ +export enum AwsServiceName { + /** + * Allows users to use space for Elastic IP addresses and VPCs + */ + EC2 = 'ec2', +} + +/** + * Options to create a new Ipam in the account + */ +export interface IpamProps{ + + /** + * The operating Regions for an IPAM. + * Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs + * For more information about operating Regions, see [Create an IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html) in the *Amazon VPC IPAM User Guide* . + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-operatingregions + * @default Stack.region if defined else [] + */ + readonly operatingRegion?: string[]; + + /** + * Name of IPAM that can be used for tagging resource + * @default none + */ + readonly ipamName?: string; +} + +/** + * Refers to two possible scope types under IPAM + */ +export enum IpamScopeType { + /** + * Default scopes created by IPAM + */ + DEFAULT = 'default', + + /** + * Custom scope created using method + */ + CUSTOM = 'custom', +} + +/** + * Options for configuring an IPAM pool. + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html + */ +export interface PoolOptions{ + + /** + * addressFamily - The address family of the pool (ipv4 or ipv6). + */ + readonly addressFamily: AddressFamily; + + /** + * Information about the CIDRs provisioned to the pool. + * @default - No CIDRs are provisioned + */ + readonly ipv4ProvisionedCidrs?: string[]; + + /** + * The locale (AWS Region) of the pool. Should be one of the IPAM operating region. + * Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. + * You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. + * Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-locale + * @default - Current operating region + */ + readonly locale?: string; + + /** + * The IP address source for pools in the public scope. + * Only used for IPv6 address + * Only allowed values to this are 'byoip' or 'amazon' + * @default amazon + */ + readonly publicIpSource?: IpamPoolPublicIpSource; + + /** + * Limits which service in AWS that the pool can be used in. + * + * "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-awsservice + * + * @default - No service + */ + readonly awsService?: AwsServiceName; +} + +/** + * Properties for creating an IPAM pool. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html + */ +interface IpamPoolProps extends PoolOptions { + /** + * Scope id where pool needs to be created + */ + readonly ipamScopeId: string; + + /** + * IPAM resource name + * @default autogenerated by CDK + */ + readonly ipamPoolName?: string; +} + +/** + * Options to provision CIDRs to an IPAM pool. + * Used to create a new IpamPoolCidr + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampoolcidr.html + */ +export interface IpamPoolCidrProvisioningOptions { + /** + * Ipv6 Netmask length for the CIDR + * @default none + */ + readonly netmaskLength?: number; + + /** + * Ipv6 CIDR block for the IPAM pool + * @default none + */ + readonly cidr?: string; +} + +/** + * Definition used to add or create a new IPAM pool + */ +export interface IIpamPool{ + /** + * Pool ID to be passed to the VPC construct + * @attribute IpamPoolId + */ + readonly ipamPoolId: string; + + /** + * Pool CIDR for IPv6 to be provisioned with Public IP source set to 'Amazon' + */ + readonly ipamCidrs: CfnIPAMPoolCidr[]; + + /** + * Function to associate a IPv6 address with IPAM pool + */ + provisionCidr(id: string, options: IpamPoolCidrProvisioningOptions): CfnIPAMPoolCidr; + +} + +/** + * IPAM scope is the highest-level container within IPAM. An IPAM contains two default scopes. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + */ +interface IpamScopeProps extends IpamScopeOptions{ + /** + * IPAM id to which scope needs to be added + */ + readonly ipamId: string; + + /** + * Operating regions for the Ipam + * Required in order to validate the locale being set on pool + */ + readonly ipamOperatingRegions: string[]; + + /** + * Custom ipam scope id to add a pool in order to support default scopes + * @default none + */ + readonly ipamScopeId?: string; + +} + +/** + * Being used in IPAM class to add pools to default scope created by IPAM. + */ +export interface IpamScopeOptions { + + /** + * IPAM scope name that will be used for tagging + * @default none + */ + readonly ipamScopeName?: string; +} + +/** + * Options for configuring an IP Address Manager (IPAM). + * + * For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html}. + */ +export interface IpamOptions { + + /** + * CIDR Mask for Vpc + * Only required when using AWS Ipam + * + * @default - None + */ + readonly netmaskLength?: number; + + /** + * Ipv4 or an Ipv6 IPAM pool + * Only required when using AWS Ipam + * + * @default - None + */ + readonly ipamPool?: IIpamPool; + + /** + * Required to set Secondary cidr block resource name + * in order to generate unique logical id for the resource. + */ + readonly cidrBlockName: string; +} + +/** + * Interface for IpamScope Class + */ +export interface IIpamScopeBase{ + + /** + * Reference to the current scope of stack to be passed in order to create + * a new IPAM pool + */ + readonly scope: Construct; + + /** + * Default Scope ids created by the IPAM or a new Resource id + */ + readonly scopeId: string; + + /** + * Defines scope type can be either default or custom + */ + readonly scopeType?: IpamScopeType; + + /** + * Function to add a new pool to an IPAM scope + */ + addPool(id: string, options: PoolOptions): IIpamPool; + +} + +/** + * Creates new IPAM Pool + * Pools enable you to organize your IP addresses according to your routing and security needs + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html + * @resource AWS::EC2::IPAMPool + * @internal + */ +class IpamPool extends Resource implements IIpamPool { + + /** + * Pool ID to be passed to the VPC construct + * @attribute IpamPoolId + */ + public readonly ipamPoolId: string; + + /** + * Pool CIDR for IPv6 to be provisioned with Public IP source set to 'Amazon' + */ + public readonly ipamCidrs: CfnIPAMPoolCidr[] = [] + + /** + * Reference to ipamPool resource created in this class + */ + private readonly _ipamPool: CfnIPAMPool; + + constructor(scope: Construct, id: string, props: IpamPoolProps) { + super(scope, id, { + physicalName: props.ipamPoolName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 128, allowedSpecialCharacters: '_' }), + }), + }); + + if (props.addressFamily === AddressFamily.IP_V6 && !props.awsService) { + throw new Error('awsService is required when addressFamily is set to ipv6'); + } + + this._ipamPool = new CfnIPAMPool(this, id, { + addressFamily: props.addressFamily, + provisionedCidrs: props.ipv4ProvisionedCidrs?.map(cidr => ({ cidr })), + locale: props.locale, + ipamScopeId: props.ipamScopeId, + publicIpSource: props.publicIpSource, + awsService: props.awsService, + }); + this.ipamPoolId = this._ipamPool.attrIpamPoolId; + this.node.defaultChild = this._ipamPool; + } + + /** + * A CIDR provisioned to an IPAM pool. + * @param id Name of Resource + * @param options Either a CIDR or netmask length must be provided + * @returns AWS::EC2::IPAMPoolCidr + */ + public provisionCidr(id: string, options: IpamPoolCidrProvisioningOptions): CfnIPAMPoolCidr { + const cidr = new CfnIPAMPoolCidr(this, id, { + ...options, + ipamPoolId: this.ipamPoolId, + }); + this.ipamCidrs.push(cidr); + return cidr; + } +} + +/** + * Creates custom Ipam Scope, custom IPAM scopes can only be private + * (can be used for adding custom scopes to an existing IPAM) + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + * @resource AWS::EC2::IPAMScope + */ +class IpamScope extends Resource implements IIpamScopeBase { + + /** + * Stores the reference to newly created Resource + */ + private readonly _ipamScope: CfnIPAMScope; + + /** + * ID for Resource IpamScope + * @attribute IpamScopeId + */ + public readonly scopeId: string; + + /** + * Properties to configure ipam scope + */ + private readonly props: IpamScopeProps; + + /** + * Reference to stack scope to be passed through addPool method inorder to create a new IpamPool + */ + public readonly scope: Construct; + + /** + * Defines scope type can be either default or custom + */ + public readonly scopeType: IpamScopeType; + + constructor(scope: Construct, id: string, props: IpamScopeProps) { + super(scope, id); + this._ipamScope = new CfnIPAMScope(scope, 'IpamScope', { + ipamId: props.ipamId, + }); + this.scopeId = this._ipamScope.attrIpamScopeId; + this.scopeType = IpamScopeType.CUSTOM; + this.scope = scope; + this.props = props; + } + + /** + * Adds a pool to the IPAM scope. + * @external + */ + addPool(id: string, options: PoolOptions): IIpamPool { + return createIpamPool(this.scope, id, this.props, options, this.scopeId); + } + +} + +/** + * Base class for IPAM default scopes. + */ +class IpamScopeBase implements IIpamScopeBase { + constructor( + readonly scope: Construct, + readonly scopeId: string, + private readonly props: IpamScopeProps, + readonly scopeType?: IpamScopeType, + ) { + this.scopeType = IpamScopeType.DEFAULT; + } + + /** + * Adds a pool to the IPAM scope. + * @external + */ + addPool(id: string, options: PoolOptions): IIpamPool { + return createIpamPool(this.scope, id, this.props, options, this.scopeId); + } +} + +/** + * Creates new IPAM with default public and private scope + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + * @resource AWS::EC2::IPAM + */ +export class Ipam extends Resource { + /** + * Provides access to default public IPAM scope through add pool method. + * Usage: To add an Ipam Pool to a default public scope + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + */ + public readonly publicScope: IIpamScopeBase; + + /** + * Provides access to default private IPAM scope through add pool method. + * Usage: To add an Ipam Pool to a default private scope + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html + * */ + public readonly privateScope: IIpamScopeBase; + + // Resource IPAM + private readonly _ipam: CfnIPAM; + /** + * Access to Ipam resource id that can be used later to add a custom private scope to this IPAM + * @attribute IpamId + */ + public readonly ipamId: string; + + /** + * List of operating regions for IPAM + */ + public readonly operatingRegions: string[]; + + /** + * List of scopes created under this IPAM + */ + public readonly scopes: IIpamScopeBase[] = []; + + constructor(scope: Construct, id: string, props?: IpamProps) { + super(scope, id); + + if (!props?.operatingRegion && !Stack.of(this).region) { + throw new Error('Please provide at least one operating region'); + } + + this.operatingRegions = props?.operatingRegion ?? [Stack.of(this).region]; + + this._ipam = new CfnIPAM(this, 'Ipam', { + operatingRegions: this.operatingRegions ? this.operatingRegions.map(region => ({ regionName: region })) : [], + }); + this.node.defaultChild = this._ipam; + + this.ipamId = this._ipam.attrIpamId; + this.publicScope = new IpamScopeBase(this, 'DefaultPublicScope', { + ipamOperatingRegions: this.operatingRegions, + ipamId: this._ipam.attrIpamId, + ipamScopeId: this._ipam.attrPublicDefaultScopeId, + }); + this.privateScope = new IpamScopeBase(this, 'DefaultPrivateScope', { + ipamOperatingRegions: this.operatingRegions, + ipamId: this._ipam.attrIpamId, + ipamScopeId: this._ipam.attrPrivateDefaultScopeId, + }); + + this.scopes.push(this.publicScope, this.privateScope); + + } + + /** + * Function to add custom scope to an existing IPAM + * Custom scopes can only be private + */ + public addScope(scope: Construct, id: string, options: IpamScopeOptions): IIpamScopeBase { + const ipamScope = new IpamScope(scope, id, { + ...options, + ipamId: this.ipamId, + ipamOperatingRegions: this.operatingRegions, + }); + this.scopes.push(ipamScope); + return ipamScope; + } +} + +/** + * Function to create IpamPool under scope + * @internal + */ +function createIpamPool( + scope: Construct, + id: string, + scopeOptions: IpamScopeProps, + poolOptions: PoolOptions, + scopeId: string, +): IpamPool { + const isLocaleInOperatingRegions = scopeOptions.ipamOperatingRegions + ? scopeOptions.ipamOperatingRegions.map(region => ({ regionName: region })) + .some(region => region.regionName === poolOptions.locale) + : false; + + if (!isLocaleInOperatingRegions) { + throw new Error(`The provided locale '${poolOptions.locale}' is not in the operating regions.`); + } + + return new IpamPool(scope, id, { + ipamPoolName: id, + addressFamily: poolOptions.addressFamily, + ipv4ProvisionedCidrs: poolOptions.ipv4ProvisionedCidrs, + ipamScopeId: scopeId, + locale: poolOptions.locale, + publicIpSource: poolOptions.publicIpSource, + awsService: poolOptions.awsService, + }); +} + diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts new file mode 100644 index 0000000000000..3a6a0ea5cd717 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts @@ -0,0 +1,587 @@ +import { CfnEIP, CfnEgressOnlyInternetGateway, CfnInternetGateway, CfnNatGateway, CfnRoute, CfnRouteTable, CfnVPCGatewayAttachment, CfnVPNGateway, GatewayVpcEndpoint, IRouteTable, ISubnet, IVpcEndpoint, RouterType, VpnConnectionType } from 'aws-cdk-lib/aws-ec2'; +import { Construct, IDependable } from 'constructs'; +import { Duration, Resource } from 'aws-cdk-lib/core'; +import { IVpcV2 } from './vpc-v2-base'; + +/** + * Indicates whether the NAT gateway supports public or private connectivity. + * The default is public connectivity. + * See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html#cfn-ec2-natgateway-connectivitytype + */ +export enum NatConnectivityType { + /** + * Sets Connectivity type to PUBLIC + */ + PUBLIC = 'public', + /** + * Sets Connectivity type to PRIVATE + */ + PRIVATE = 'private', +} + +/** + * Interface to define a routing target, such as an + * egress-only internet gateway or VPC endpoint. + */ +export interface IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; +} + +/** + * Properties to define an egress-only internet gateway. + */ +export interface EgressOnlyInternetGatewayProps { + /** + * The ID of the VPC for which to create the egress-only internet gateway. + */ + readonly vpc: IVpcV2; + + /** + * The resource name of the egress-only internet gateway. + * @default none + */ + readonly egressOnlyInternetGatewayName?: string; +} + +/** + * Properties to define an internet gateway. + */ +export interface InternetGatewayProps { + /** + * The ID of the VPC for which to create the internet gateway. + */ + readonly vpc: IVpcV2; + + /** + * The resource name of the internet gateway. + * @default none + */ + readonly internetGatewayName?: string; + +} + +/** + * Properties to define a VPN gateway. + */ +export interface VPNGatewayProps { + /** + * The type of VPN connection the virtual private gateway supports. + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type + */ + readonly type: VpnConnectionType; + + /** + * The ID of the VPC for which to create the VPN gateway. + */ + readonly vpc: IVpcV2; + + /** + * The private Autonomous System Number (ASN) for the Amazon side of a BGP session. + * @default none + */ + readonly amazonSideAsn?: number; + + /** + * The resource name of the VPN gateway. + * @default none + */ + readonly vpnGatewayName?: string; +} + +/** + * Properties to define a NAT gateway. + */ +export interface NatGatewayProps { + /** + * The subnet in which the NAT gateway is located. + */ + readonly subnet: ISubnet; + + /** + * The ID of the VPC in which the NAT gateway is located. + * @default none + */ + readonly vpc?: IVpcV2; + + /** + * AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT + * gateway and cannot be specified with a private NAT gateway. + * @default attr.allocationID of a new Elastic IP created by default + * //TODO: ADD L2 for elastic ip + */ + readonly allocationId?: string; + + /** + * Indicates whether the NAT gateway supports public or private connectivity. + * @default public + */ + readonly connectivityType?: NatConnectivityType; + + /** + * The maximum amount of time to wait before forcibly releasing the + * IP addresses if connections are still in progress. + * @default 350 seconds + */ + readonly maxDrainDuration?: Duration; + + /** + * The private IPv4 address to assign to the NAT gateway. If you don't provide an + * address, a private IPv4 address will be automatically assigned. + * @default none + */ + readonly privateIpAddress?: string; + + /** + * Secondary EIP allocation IDs. + * @default none + * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating + */ + readonly secondaryAllocationIds?: string[]; + + /** + * The number of secondary private IPv4 addresses you + * want to assign to the NAT gateway. + * + * `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be + * set at the same time. + * + * @default none + * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating + */ + readonly secondaryPrivateIpAddressCount?: number; + + /** + * Secondary private IPv4 addresses. + * + * `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be + * set at the same time. + * + * @default none + * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating + */ + readonly secondaryPrivateIpAddresses?: string[]; + + /** + * The resource name of the NAT gateway. + * @default none + */ + readonly natGatewayName?: string; + +} + +/** + * Creates an egress-only internet gateway + * @resource AWS::EC2::EgressOnlyInternetGateway + */ +export class EgressOnlyInternetGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * The egress-only internet gateway CFN resource. + */ + public readonly resource: CfnEgressOnlyInternetGateway; + + constructor(scope: Construct, id: string, props: EgressOnlyInternetGatewayProps) { + super(scope, id); + + this.routerType = RouterType.EGRESS_ONLY_INTERNET_GATEWAY; + + this.resource = new CfnEgressOnlyInternetGateway(this, 'EIGW', { + vpcId: props.vpc.vpcId, + }); + this.node.defaultChild = this.resource; + + this.routerTargetId = this.resource.attrId; + } +} + +/** + * Creates an internet gateway + * @resource AWS::EC2::InternetGateway + */ +export class InternetGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * The ID of the VPC for which to create the internet gateway. + */ + public readonly vpcId: string; + + /** + * The internet gateway CFN resource. + */ + public readonly resource: CfnInternetGateway; + + constructor(scope: Construct, id: string, props: InternetGatewayProps) { + super(scope, id); + + this.routerType = RouterType.GATEWAY; + + this.resource = new CfnInternetGateway(this, 'IGW', {}); + this.node.defaultChild = this.resource; + + this.routerTargetId = this.resource.attrInternetGatewayId; + this.vpcId = props.vpc.vpcId; + } +} + +/** + * Creates a virtual private gateway + * @resource AWS::EC2::VPNGateway + */ +export class VPNGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * The ID of the VPC for which to create the VPN gateway. + */ + public readonly vpcId: string; + + /** + * The VPN gateway CFN resource. + */ + public readonly resource: CfnVPNGateway; + + constructor(scope: Construct, id: string, props: VPNGatewayProps) { + super(scope, id); + + this.routerType = RouterType.GATEWAY; + + this.resource = new CfnVPNGateway(this, 'IGW', { + type: props.type, + amazonSideAsn: props.amazonSideAsn, + }); + this.node.defaultChild = this.resource; + + this.routerTargetId = this.resource.attrVpnGatewayId; + this.vpcId = props.vpc.vpcId; + } +} + +/** + * Creates a network address translation (NAT) gateway + * @resource AWS::EC2::NatGateway + */ +export class NatGateway extends Resource implements IRouteTarget { + /** + * The type of router used in the route. + */ + readonly routerType: RouterType; + + /** + * The ID of the route target. + */ + readonly routerTargetId: string; + + /** + * Indicates whether the NAT gateway supports public or private connectivity. + * @default public + */ + public readonly connectivityType?: string; + + /** + * The maximum amount of time to wait before forcibly releasing the + * IP addresses if connections are still in progress. + * @default 350 seconds + */ + public readonly maxDrainDuration?: Duration; + + /** + * The NAT gateway CFN resource. + */ + public readonly resource: CfnNatGateway; + + constructor(scope: Construct, id: string, props: NatGatewayProps) { + super(scope, id); + + this.routerType = RouterType.NAT_GATEWAY; + + this.connectivityType = props.connectivityType || NatConnectivityType.PUBLIC; + this.maxDrainDuration = props.maxDrainDuration || Duration.seconds(350); + + // If user does not provide EIP, generate one for them + var aId: string | undefined; + if (this.connectivityType == 'public') { + if (!props.allocationId) { + let eip = new CfnEIP(this, 'EIP', { + domain: props.vpc?.vpcId, + }); + aId = eip.attrAllocationId; + } else { + aId = props.allocationId; + } + } + + this.resource = new CfnNatGateway(this, 'NATGateway', { + subnetId: props.subnet.subnetId, + allocationId: aId, + maxDrainDurationSeconds: props.maxDrainDuration?.toSeconds(), + secondaryAllocationIds: props.secondaryAllocationIds, + ...props, + }); + + this.routerTargetId = this.resource.attrNatGatewayId; + this.node.defaultChild = this.resource; + this.node.addDependency(props.subnet.internetConnectivityEstablished); + } +} + +/** + * The type of endpoint or gateway being targeted by the route. + */ +export interface RouteTargetProps { + /** + * The gateway route target. This is used for targets such as + * egress-only internet gateway or VPC peering connection. + * @default none + */ + readonly gateway?: IRouteTarget; + + /** + * The endpoint route target. This is used for targets such as + * VPC endpoints. + * @default none + */ + readonly endpoint?: IVpcEndpoint; +} + +/** + * The gateway or endpoint targeted by the route. + */ +export class RouteTargetType { + /** + * The gateway route target. This is used for targets such as + * egress-only internet gateway or VPC peering connection. + * @default none + */ + readonly gateway?: IRouteTarget; + + /** + * The endpoint route target. This is used for targets such as + * VPC endpoints. + * @default none + */ + readonly endpoint?: IVpcEndpoint; + + constructor(props: RouteTargetProps) { + if (props.gateway && props.endpoint) { + throw new Error('Cannot specify both gateway and endpoint'); + } else { + this.gateway = props.gateway; + this.endpoint = props.endpoint; + } + } +} + +/** + * Interface to define a route. + */ +export interface IRouteV2 { + /** + * The ID of the route table for the route. + * @attribute routeTable + */ + readonly routeTable: IRouteTable; + + /** + * The IPv4 or IPv6 CIDR block used for the destination match. + * + * Routing decisions are based on the most specific match. + * TODO: Look for strong IP type implementation here. + */ + readonly destination: string; + + /** + * The gateway or endpoint targeted by the route. + */ + readonly target: RouteTargetType; +} + +/** + * Properties to define a route. + */ +export interface RouteProps { + /** + * The ID of the route table for the route. + * @attribute routeTable + */ + readonly routeTable: IRouteTable; + + /** + * The IPv4 or IPv6 CIDR block used for the destination match. + * + * Routing decisions are based on the most specific match. + */ + readonly destination: string; + + /** + * The gateway or endpoint targeted by the route. + */ + readonly target: RouteTargetType; + + /** + * The resource name of the route. + * @default none + */ + readonly routeName?: string; +} + +/** + * Creates a new route with added functionality. + * @resource AWS::EC2::Route + */ +export class Route extends Resource implements IRouteV2 { + /** + * The IPv4 or IPv6 CIDR block used for the destination match. + * + * Routing decisions are based on the most specific match. + */ + public readonly destination: string; + + /** + * The gateway or endpoint targeted by the route. + */ + public readonly target: RouteTargetType; + + /** + * The route table for the route. + * @attribute routeTable + */ + public readonly routeTable: IRouteTable; + + /** + * The type of router the route is targetting + */ + public readonly targetRouterType: RouterType + + /** + * The route CFN resource. + */ + public readonly resource?: CfnRoute; + + constructor(scope: Construct, id: string, props: RouteProps) { + super(scope, id); + + this.destination = props.destination; + this.target = props.target; + this.routeTable = props.routeTable; + + this.targetRouterType = this.target.gateway ? this.target.gateway.routerType : RouterType.VPC_ENDPOINT; + + // Gateway generates route automatically via its RouteTable, thus we don't need to generate the resource for it + if (!(this.target.endpoint instanceof GatewayVpcEndpoint)) { + this.resource = new CfnRoute(this, 'Route', { + routeTableId: this.routeTable.routeTableId, + destinationCidrBlock: this.destination, + destinationIpv6CidrBlock: this.destination, + [routerTypeToPropName(this.targetRouterType)]: this.target.gateway ? this.target.gateway.routerTargetId : + this.target.endpoint ? this.target.endpoint.vpcEndpointId : null, + }); + } + this.node.defaultChild = this.resource; + + if (this.targetRouterType == RouterType.GATEWAY) { + if (this.target.gateway instanceof InternetGateway) { + new CfnVPCGatewayAttachment(this, 'GWAttachment', { + vpcId: this.target.gateway.vpcId, + internetGatewayId: this.target.gateway.routerTargetId, + }); + } else if (this.target.gateway instanceof VPNGateway) { + new CfnVPCGatewayAttachment(this, 'GWAttachment', { + vpcId: this.target.gateway.vpcId, + vpnGatewayId: this.target.gateway.routerTargetId, + }); + } + } + } +} + +/** + * Properties to define a route table. + */ +export interface RouteTableProps { + /** + * The ID of the VPC. + */ + readonly vpc: IVpcV2; + + /** + * The resource name of the route table. + * @default none + */ + readonly routeTableName?: string; +} + +/** + * Creates a route table for the specified VPC + * @resource AWS::EC2::RouteTable + */ +export class RouteTable extends Resource implements IRouteTable, IDependable { + /** + * The ID of the route table. + */ + public readonly routeTableId: string; + + /** + * The route table CFN resource. + */ + public readonly resource: CfnRouteTable; + + constructor(scope: Construct, id: string, props: RouteTableProps) { + super(scope, id); + + this.resource = new CfnRouteTable(this, 'RouteTable', { + vpcId: props.vpc.vpcId, + }); + this.node.defaultChild = this.resource; + + this.routeTableId = this.resource.attrRouteTableId; + } +} + +function routerTypeToPropName(routerType: RouterType) { + return ({ + [RouterType.CARRIER_GATEWAY]: 'carrierGatewayId', + [RouterType.EGRESS_ONLY_INTERNET_GATEWAY]: 'egressOnlyInternetGatewayId', + [RouterType.GATEWAY]: 'gatewayId', + [RouterType.INSTANCE]: 'instanceId', + [RouterType.LOCAL_GATEWAY]: 'localGatewayId', + [RouterType.NAT_GATEWAY]: 'natGatewayId', + [RouterType.NETWORK_INTERFACE]: 'networkInterfaceId', + [RouterType.TRANSIT_GATEWAY]: 'transitGatewayId', + [RouterType.VPC_PEERING_CONNECTION]: 'vpcPeeringConnectionId', + [RouterType.VPC_ENDPOINT]: 'vpcEndpointId', + })[routerType]; +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts new file mode 100644 index 0000000000000..a71277d441cbc --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -0,0 +1,416 @@ +import { Resource, Names, Lazy } from 'aws-cdk-lib'; +import { CfnRouteTable, CfnSubnet, CfnSubnetRouteTableAssociation, INetworkAcl, IRouteTable, ISubnet, NetworkAcl, SubnetNetworkAclAssociation, SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { Construct, DependencyGroup, IDependable } from 'constructs'; +import { IVpcV2 } from './vpc-v2-base'; +import { CidrBlock, CidrBlockIpv6 } from './util'; + +/** + * Interface to define subnet CIDR + */ +interface ICidr { + readonly cidr: string; +} + +/** + * IPv4 or IPv6 CIDR range for the subnet + */ +export class IpCidr implements ICidr { + + /** + * IPv6 CIDR range for the subnet + * Allowed only if IPv6 is enabled on VPc + */ + public readonly cidr: string; + constructor(props: string ) { + this.cidr = props; + } +} + +/** + * Properties to define subnet for VPC. + */ +export interface SubnetV2Props { +/** + * VPC Prop + */ + readonly vpc: IVpcV2; + + /** + * ipv4 cidr to assign to this subnet. + * See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html#cfn-ec2-subnet-cidrblock + */ + readonly ipv4CidrBlock: IpCidr; + + /** + * Ipv6 CIDR Range for subnet + * @default No Ipv6 address + */ + readonly ipv6CidrBlock?: IpCidr; + + /** + * Custom AZ for the subnet + */ + readonly availabilityZone: string; + + /** + * Custom Route for subnet + * @default Default route table + */ + readonly routeTable?: IRouteTable; + + /** + * The type of Subnet to configure. + * + * The Subnet type will control the ability to route and connect to the + * Internet. + * + * TODO: Add validation check `subnetType` when adding resources (e.g. cannot add NatGateway to private) + */ + readonly subnetType: SubnetType; + + /** + * Subnet name + * @default none + */ + readonly subnetName?: string; + + /** + * Indicates whether a network interface created in this subnet receives an IPv6 address. + * + * If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock. + * + * @default false + */ + readonly assignIpv6AddressOnCreation?: boolean; + +} + +/** + * Interface with additional properties for SubnetV2 + */ +export interface ISubnetV2 extends ISubnet { + + /** + * The IPv6 CIDR block for this subnet + */ + readonly ipv6CidrBlock?: string; + +} + +/** + * The SubnetV2 class represents a subnet within a VPC (Virtual Private Cloud) in AWS. + * It extends the Resource class and implements the ISubnet interface. + * + * Instances of this class can be used to create and manage subnets within a VpcV2 instance. + * Subnets can be configured with specific IP address ranges (IPv4 and IPv6), availability zones, + * and subnet types (e.g., public, private, isolated). + * + * @resource AWS::EC2::Subnet + * + */ +export class SubnetV2 extends Resource implements ISubnetV2 { + + /** + * The Availability Zone the subnet is located in + */ + public readonly availabilityZone: string; + + /** + * The subnetId for this particular subnet + * @attribute + */ + public readonly subnetId: string; + + /** + * Dependencies for internet connectivity + * This Property exposes the RouteTable-Subnet association so that other resources can depend on it. + */ + public readonly internetConnectivityEstablished: IDependable; + + /** + * The variable name `internetConnectivityEstablished` does not reflect what it actually is. + * The naming is enforced by ISubnet. We need to keep it to maintain compatibility. + * It exposes the RouteTable-Subnet association so that other resources can depend on it. + * E.g. Resources in a subnet, when being deleted, may need the RouteTable to exist in order to delete properly + */ + private readonly _internetConnectivityEstablished = new DependencyGroup(); + + /** + * The IPv4 CIDR block for this subnet + */ + public readonly ipv4CidrBlock: string; + + /** + * The IPv6 CIDR Block for this subnet + */ + public readonly ipv6CidrBlock?: string; + + /** + * The route table for this subnet + */ + public readonly routeTable: IRouteTable; + + /** + * The type of subnet (public or private) that this subnet represents. + * @attribute SubnetType + */ + public readonly subnetType: SubnetType; + + private _networkAcl: INetworkAcl; + + /** + * Constructs a new SubnetV2 instance. + * @param scope The parent Construct that this resource will be part of. + * @param id The unique identifier for this resource. + * @param props The configuration properties for the subnet. + */ + constructor(scope: Construct, id: string, props: SubnetV2Props) { + super(scope, id, { + physicalName: props.subnetName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 128, allowedSpecialCharacters: '_' }), + }), + }); + + const ipv4CidrBlock = props.ipv4CidrBlock.cidr; + const ipv6CidrBlock = props.ipv6CidrBlock?.cidr; + + if (!checkCidrRanges(props.vpc, props.ipv4CidrBlock.cidr)) { + throw new Error('CIDR block should be within the range of VPC'); + }; + + let overlap: boolean = false; + let overlapIpv6: boolean = false; + + overlap = validateOverlappingCidrRanges(props.vpc, props.ipv4CidrBlock.cidr); + + //check whether VPC supports ipv6 + if (props.ipv6CidrBlock?.cidr) { + validateSupportIpv6(props.vpc); + overlapIpv6 = validateOverlappingCidrRangesipv6(props.vpc, props.ipv6CidrBlock?.cidr); + } + + if (overlap || overlapIpv6) { + throw new Error('CIDR block should not overlap with existing subnet blocks'); + } + + if (props.assignIpv6AddressOnCreation && !props.ipv6CidrBlock) { + throw new Error('IPv6 CIDR block is required when assigning IPv6 address on creation'); + } + + const subnet = new CfnSubnet(this, 'Subnet', { + vpcId: props.vpc.vpcId, + cidrBlock: ipv4CidrBlock, + ipv6CidrBlock: ipv6CidrBlock, + availabilityZone: props.availabilityZone, + assignIpv6AddressOnCreation: props.assignIpv6AddressOnCreation ?? false, + }); + + this.node.defaultChild = subnet; + this.ipv4CidrBlock = props.ipv4CidrBlock.cidr; + this.ipv6CidrBlock = props.ipv6CidrBlock?.cidr; + this.subnetId = subnet.ref; + this.availabilityZone = props.availabilityZone; + + this._networkAcl = NetworkAcl.fromNetworkAclId(this, 'Acl', subnet.attrNetworkAclAssociationId); + + if (props.routeTable) { + this.routeTable = props.routeTable; + } else { + const defaultTable = new CfnRouteTable(this, 'RouteTable', { + vpcId: props.vpc.vpcId, + }); + this.routeTable = { routeTableId: defaultTable.ref }; + } + + const routeAssoc = new CfnSubnetRouteTableAssociation(this, 'RouteTableAssociation', { + subnetId: this.subnetId, + routeTableId: this.routeTable.routeTableId, + }); + this._internetConnectivityEstablished.add(routeAssoc); + this.internetConnectivityEstablished = this._internetConnectivityEstablished; + + this.subnetType = props.subnetType; + storeSubnetToVpcByType(props.vpc, this, props.subnetType); + } + + /** + * Associate a Network ACL with this subnet + * + * @param id The unique identifier for this association. + * @param networkAcl The Network ACL to associate with this subnet. + * This allows controlling inbound and outbound traffic for instances in this subnet. + */ + public associateNetworkAcl(id: string, networkAcl: INetworkAcl) { + this._networkAcl = networkAcl; + + const scope = networkAcl instanceof Construct ? networkAcl : this; + const other = networkAcl instanceof Construct ? this : networkAcl; + new SubnetNetworkAclAssociation(scope, id + Names.nodeUniqueId(other.node), { + networkAcl, + subnet: this, + }); + } + /** + * Returns the Network ACL associated with this subnet. + */ + + public get networkAcl(): INetworkAcl { + return this._networkAcl; + } +} + +const subnetTypeMap = { + [SubnetType.PRIVATE_ISOLATED]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.isolatedSubnets.push(subnet), + [SubnetType.PUBLIC]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.publicSubnets.push(subnet), + [SubnetType.PRIVATE_WITH_EGRESS]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.privateSubnets.push(subnet), + [SubnetType.ISOLATED]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.isolatedSubnets.push(subnet), + [SubnetType.PRIVATE]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.privateSubnets.push(subnet), + [SubnetType.PRIVATE_WITH_NAT]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.privateSubnets.push(subnet), +}; + +/** + * Stores the provided subnet in the VPC's collection of subnets based on the specified subnet type. + * + * @param vpc The VPC instance to which the subnet belongs. + * @param subnet The subnet instance to be stored. + * @param type The type of the subnet (e.g., public, private, isolated). + * @internal + */ +function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType) { + const findFunctionType = subnetTypeMap[type]; + if (findFunctionType) { + findFunctionType(vpc, subnet); + } else { + throw new Error(`Unsupported subnet type: ${type}`); + } + + /** + * Need to set explicit dependency as during stack deletion, + * the cidr blocks may get deleted first and will fail as the subnets are still using the cidr blocks + */ + for (const cidr of vpc.secondaryCidrBlock) { + subnet.node.addDependency(cidr); + } +} + +/** + * Validates whether the provided VPC supports IPv6 addresses. + * + * @param vpc The VPC instance to be validated. + * @throws Error if the VPC does not support IPv6 addresses. + * @returns True if the VPC supports IPv6 addresses, false otherwise. + * @internal + */ +function validateSupportIpv6(vpc: IVpcV2) { + if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || + secondaryAddress.ipv6IpamPoolId != undefined)) { + return true; + } else { + throw new Error('To use IPv6, the VPC must enable IPv6 support.'); + } +} + +/** + * Checks if the provided CIDR range falls within the IP address ranges of the given VPC. + * + * @param vpc The VPC instance to check against. + * @param cidrRange The CIDR range to be checked. + * @returns True if the CIDR range falls within the VPC's IP address ranges, false otherwise. + * @internal + */ +function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { + + const vpcCidrBlock = [vpc.ipv4CidrBlock]; + + for (const ipAddress of vpc.secondaryCidrBlock) { + if (ipAddress.cidrBlock) { + vpcCidrBlock.push(ipAddress.cidrBlock); + } + } + const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); + + const subnetCidrBlock = new CidrBlock(cidrRange); + + return cidrs.some(c => c.containsCidr(subnetCidrBlock)); + +} + +/** + * Validates if the provided IPv4 CIDR block overlaps with existing subnet CIDR blocks within the given VPC. + * + * @param vpc The VPC instance to check against. + * @param ipv4CidrBlock The IPv4 CIDR block to be validated. + * @returns True if the IPv4 CIDR block overlaps with existing subnet CIDR blocks, false otherwise. + * @internal + */ + +function validateOverlappingCidrRanges(vpc: IVpcV2, ipv4CidrBlock: string): boolean { + + let allSubnets: ISubnetV2[]; + try { + allSubnets = vpc.selectSubnets().subnets; + } catch (e) { + 'No subnets in VPC'; + return false; + } + + const ipMap: [string, string][] = new Array(); + + const inputRange = new CidrBlock(ipv4CidrBlock); + + const inputIpMap: [string, string] = [inputRange.minIp(), inputRange.maxIp()]; + + for (const subnet of allSubnets) { + const cidrBlock = new CidrBlock(subnet.ipv4CidrBlock); + ipMap.push([cidrBlock.minIp(), cidrBlock.maxIp()]); + } + + for (const range of ipMap) { + if (inputRange.rangesOverlap(range, inputIpMap)) { + return true; + } + } + + return false; +} + +/** + * Validates if the provided IPv6 CIDR block overlaps with existing subnet CIDR blocks within the given VPC. + * + * @param vpc The VPC instance to check against. + * @param ipv6CidrBlock The IPv6 CIDR block to be validated. + * @returns True if the IPv6 CIDR block overlaps with existing subnet CIDR blocks, false otherwise. + * @throws Error if no subnets are found in the VPC. + * @internal + */ +function validateOverlappingCidrRangesipv6(vpc: IVpcV2, ipv6CidrBlock: string): boolean { + + let allSubnets: ISubnetV2[]; + try { + allSubnets = vpc.selectSubnets().subnets; + } catch (e) { + 'No subnets in VPC'; + return false; + } + + const ipv6Map: string[]= []; + + const inputRange = new CidrBlockIpv6(ipv6CidrBlock); + + let result : boolean = false; + + for (const subnet of allSubnets) { + if (subnet.ipv6CidrBlock) { + const cidrBlock = new CidrBlockIpv6(subnet.ipv6CidrBlock); + ipv6Map.push(cidrBlock.cidr); + } + } + + for (const range of ipv6Map) { + if (inputRange.rangesOverlap(range, inputRange.cidr)) { + result = true; + } + } + + return result; +} diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts new file mode 100644 index 0000000000000..ed8ae62342ded --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts @@ -0,0 +1,382 @@ +/*eslint no-bitwise: ["error", { "allow": ["~", "|", "<<", "&"] }] */ + +import { ISubnet } from 'aws-cdk-lib/aws-ec2'; + +/** + * Return a subnet name from its construct ID + * + * All subnet names look like NAME <> "Subnet" <> INDEX + */ +export function subnetGroupNameFromConstructId(subnet: ISubnet) { + return subnet.node.id.replace(/Subnet\d+$/, ''); +} + +/** + * Make the subnet construct ID from a name and number + */ +export function subnetId(name: string, i: number) { + return `${name}Subnet${i + 1}`; +} + +/** + * Return the union of table IDs from all selected subnets + */ +export function allRouteTableIds(subnets: ISubnet[]): string[] { + const ret = new Set(); + for (const subnet of subnets) { + if (subnet.routeTable && subnet.routeTable.routeTableId) { + ret.add(subnet.routeTable.routeTableId); + } + } + return Array.from(ret); +} + +export function flatten(xs: A[][]): A[] { + return Array.prototype.concat.apply([], xs); +} + +/** + * NetworkUtils contains helpers to work with network constructs (subnets/ranges) + */ +export class NetworkUtils { + + /** + * Validates an IPv4 address string. + * + * @param ipAddress The IPv4 address string to be validated. + * @returns True if the string is a valid IPv4 address, false otherwise. + * Validates an IPv4 string + * + * returns true of the string contains 4 numbers between 0-255 delimited by + * a `.` character + */ + public static validIp(ipAddress: string): boolean { + const octets = ipAddress.split('.'); + if (octets.length !== 4) { + return false; + } + return octets.map((octet: string) => parseInt(octet, 10)). + every((octet: number) => octet >= 0 && octet <= 255); + } + + /** + * Converts a string representation of an IPv4 address to its corresponding numerical value. + * + * Uses the formula: + * (first octet * 256³) + (second octet * 256²) + (third octet * 256) + + * (fourth octet) + * + * @param ipAddress the IP address (e.g. 174.66.173.168) + * @returns the integer value of the IP address (e.g 2923605416) + */ + public static ipToNum(ipAddress: string): number { + if (!this.validIp(ipAddress)) { + throw new Error(`${ipAddress} is not valid`); + } + + return ipAddress + .split('.') + .reduce( + (p: number, c: string, i: number) => p + parseInt(c, 10) * 256 ** (3 - i), + 0, + ); + } + + /** + * Takes number and converts it to IPv4 address string + * + * Takes a number (e.g 2923605416) and converts it to an IPv4 address string + * currently only supports IPv4 + * + * @param ipNum integer value of the IP address (e.g 2923605416) + * @returns IPv4 address (e.g. 174.66.173.168) + */ + public static numToIp(ipNum: number): string { + // this all because bitwise math is signed + let remaining = ipNum; + const address = new Array(); + for (let i = 0; i < 4; i++) { + if (remaining !== 0) { + address.push(Math.floor(remaining / 256 ** (3 - i))); + remaining = remaining % 256 ** (3 - i); + } else { + address.push(0); + } + } + const ipAddress: string = address.join('.'); + if ( !this.validIp(ipAddress) ) { + throw new Error(`${ipAddress} is not a valid IP Address`); + } + return ipAddress; + } +} + +/** + * Exported class from VPC to support subnet filtering + * and CIDR validation + */ +export class CidrBlock { + + /** + * Calculates the netmask for a given CIDR mask + * + * The netmask is a 32-bit binary value used to separate the network portion from the host portion of an IPv4 address. + * It is calculated based on the CIDR prefix length (the number of bits used to represent the network portion). + * + * For example: + * CidrBlock.calculateNetmask(24) returns '255.255.255.0' + * + * @param mask The CIDR prefix length (between 0 and 32) for which to calculate the netmask. + // Calculate the netmask by performing a bitwise NOT on the result of (2^32 - 2^(32 - mask)) + * @returns The netmask string in IPv4 address format. + */ + public static calculateNetmask(mask: number): string { + return NetworkUtils.numToIp(2 ** 32 - 2 ** (32 - mask)); + } + + /** + * Calculates the number IP addresses in a CIDR Mask + * + * For example: + * CidrBlock.calculateNetsize(16) returns 65536 + * + * @param mask The CIDR prefix length (between 0 and 32) for which to calculate the network size. + * CidrBlock.calculateNetsize(24) returns 256 + */ + public static calculateNetsize(mask: number): number { + return 2 ** (32 - mask); + } + + /** + * IP address in the CIDR block. + */ + public readonly cidr: string; + + /* + * The CIDR mask e.g. for CIDR '10.0.0.0/21' returns 21 + */ + public readonly mask: number; + + /* + * The total number of IP addresses in the CIDR + */ + public readonly networkSize: number; + + /* + * The network address provided in CIDR creation offset by the Netsize -1 + */ + private readonly networkAddress: number; + + /* + * Parses either CIDR notation String or two numbers representing the IP + * space + * + * cidr expects a string '10.0.0.0/16' + * ipAddress expects a number + * mask expects a number + * + * If the given `cidr` or `ipAddress` is not the beginning of the block, + * then the next available block will be returned. For example, if + * `10.0.3.1/28` is given the returned block will represent `10.0.3.16/28`. + */ + constructor(cidr: string) + constructor(ipAddress: number, mask: number) + constructor(ipAddressOrCidr: string | number, mask?: number) { + if (typeof ipAddressOrCidr === 'string') { + this.mask = parseInt(ipAddressOrCidr.split('/')[1], 10); + this.networkAddress = NetworkUtils.ipToNum(ipAddressOrCidr.split('/')[0]) + + CidrBlock.calculateNetsize(this.mask) - 1; + } else { + if (typeof mask === 'number') { + this.mask = mask; + } else { + // this should be impossible + this.mask = 16; + } + this.networkAddress = ipAddressOrCidr + CidrBlock.calculateNetsize(this.mask) - 1; + this.networkSize = 2 ** (32 - this.mask); + } + this.networkSize = 2 ** (32 - this.mask); + this.cidr = `${this.minIp()}/${this.mask}`; + } + + /* + * The maximum IP in the CIDR Block e.g. '10.0.8.255' + */ + public maxIp(): string { + // min + (2^(32-mask)) - 1 [zero needs to count] + return NetworkUtils.numToIp(this.maxAddress()); + } + + /* + * Checks if this CIDR block fully contains the provided CIDR block. + * + * @param other The CIDR block to check for containment. + * @returns True if this CIDR block fully contains the provided CIDR block, false otherwise. + * + * The minimum IP in the CIDR Block e.g. '10.0.0.0' + */ + public minIp(): string { + return NetworkUtils.numToIp(this.minAddress()); + } + + /* + * Returns the number representation for the minimum IPv4 address + */ + public minAddress(): number { + const div = this.networkAddress % this.networkSize; + return this.networkAddress - div; + } + + /* + * Returns the number representation for the maximum IPv4 address + */ + public maxAddress(): number { + /** + * The maximum IP address in the CIDR block is calculated as the minimum address + (2^(32-mask)) - 1. + * This is because the minimum address represents the network address, and the maximum address is the broadcast address. + */ + // min + (2^(32-mask)) - 1 [zero needs to count] + return this.minAddress() + this.networkSize - 1; + } + + /* + * Returns the next consecutive CIDR block of the same mask size following this CIDR block. + * + * For example, if this CIDR block is '10.0.0.0/24', the next block would be '10.0.1.0/24'. + * + * Returns the next CIDR Block of the same mask size + */ + public nextBlock(): CidrBlock { + return new CidrBlock(this.maxAddress() + 1, this.mask); + } + + /* + * Returns true if this CidrBlock fully contains the provided CidrBlock + */ + public containsCidr(other: CidrBlock): boolean { + return (this.maxAddress() >= other.maxAddress()) && + (this.minAddress() <= other.minAddress()); + } + + /** + * Checks if two IP address ranges overlap. + * + * @param range1 The first IP address range represented as an array [start, end]. + * @param range2 The second IP address range represented as an array [start, end]. + * @returns True if the two IP address ranges overlap, false otherwise. + * + * Note: This method assumes that the start and end addresses are valid IPv4 addresses. + */ + public rangesOverlap(range1: [string, string], range2: [string, string]): boolean { + const [start1, end1] = range1; + const [start2, end2] = range2; + + // Check if ranges overlap + return start1 <= end2 && start2 <= end1; + } + +} + +/** + * Class with helper functions to support + * Subnet Ipv6 Address Validation + * + * This class provides methods for working with IPv6 CIDR blocks, including calculating the minimum and maximum + * IP addresses in a CIDR block, and checking if two CIDR blocks overlap. + */ +export class CidrBlockIpv6 { + + /** + * Ipv6 CIDR range + */ + public cidr: string; + /** + * The CIDR prefix length (number of bits used for the network portion of the address). + */ + public cidrPrefix: number; + private ipParts: bigint[]; + private networkBits: number; + private networkPart: bigint[]; + + constructor(cidr: string) { + this.cidr = cidr; + const [ipAddress, prefix] = cidr.split('/'); + this.cidrPrefix = parseInt(prefix, 10); + this.ipParts = this.parseBigIntParts(ipAddress); + this.networkBits = this.cidrPrefix; + this.networkPart = this.ipParts.slice(0, Math.ceil(this.networkBits / 16)); + } + + private parseBigIntParts(ipAddress: string): bigint[] { + return ipAddress.split(':').map((part) => BigInt(`0x${part.padStart(4, '0')}` || '0')); + } + + /** + * @returns Minimum IPv6 address for a provided CIDR + */ + public minIp(): string { + const startIP = [...this.networkPart]; + for (let i = this.networkPart.length; i < 8; i++) { + startIP.push(BigInt(0)); + } + return startIP.map(this.formatIPv6Part).join(':'); + } + + /** + * @returns Maximum IPv6 address for a provided CIDR + */ + public maxIp(): string { + const endIP = [...this.networkPart]; + const hostPart = Array(8 - this.networkPart.length).fill(BigInt(0xffff)); + endIP.push(...hostPart); + + return endIP.map(this.formatIPv6Part).join(':'); + } + + private formatIPv6Part = (part: bigint) => part.toString(16).padStart(4, '0'); + + /** + * + * @param range1 Ipv6 CIDR range to compare + * @param range2 Ipv6 CIDR range to compare + * @returns true if two ranges overlap, false otherwise + */ + public rangesOverlap(range1: string, range2: string): boolean { + const [start1, end1] = this.getIPv6Range(range1); + const [start2, end2] = this.getIPv6Range(range2); + + return (start1 <= end2) && (start2 <= end1); + } + + /** + * + * @param cidr + * @returns Range in the from of big int number [start, end] + */ + private getIPv6Range(cidr: string): [bigint, bigint] { + const [ipv6Address, prefixLength] = cidr.split('/'); + const ipv6Number = this.ipv6ToNumber(ipv6Address); + const mask = (BigInt(1) << BigInt(128 - Number(prefixLength))) - BigInt(1); + const networkPrefix = ipv6Number & ~mask; + const start = networkPrefix; + const end = networkPrefix | mask; + + return [start, end]; + } + + /** + * @param ipv6Address + * @returns Converts given ipv6 address range to big int number + */ + private ipv6ToNumber(ipv6Address: string): bigint { + const blocks = this.parseBigIntParts(ipv6Address); + let ipv6Number = BigInt(0); + for (const block of blocks) { + /* tslint:disable:no-bitwise */ + ipv6Number = (ipv6Number << BigInt(16)) + block; + } + return ipv6Number; + } +} + diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts new file mode 100644 index 0000000000000..1be8c35744356 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -0,0 +1,368 @@ +import { Resource, Annotations } from 'aws-cdk-lib'; +import { IVpc, ISubnet, SubnetSelection, SelectedSubnets, EnableVpnGatewayOptions, VpnGateway, VpnConnectionType, CfnVPCGatewayAttachment, CfnVPNGatewayRoutePropagation, VpnConnectionOptions, VpnConnection, ClientVpnEndpointOptions, ClientVpnEndpoint, InterfaceVpcEndpointOptions, InterfaceVpcEndpoint, GatewayVpcEndpointOptions, GatewayVpcEndpoint, FlowLogOptions, FlowLog, FlowLogResourceType, SubnetType, SubnetFilter, CfnVPCCidrBlock } from 'aws-cdk-lib/aws-ec2'; +import { allRouteTableIds, flatten, subnetGroupNameFromConstructId } from './util'; +import { IDependable, Dependable, IConstruct } from 'constructs'; + +/** + * Placeholder to see what extra props we might need, + * will be added to original IVPC + */ +export interface IVpcV2 extends IVpc { + /** + * The secondary CIDR blocks associated with the VPC. + * + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. + */ + readonly secondaryCidrBlock: CfnVPCCidrBlock[]; + + /** + * The primary IPv4 CIDR block associated with the VPC. + * Needed in order to validate the vpc range of subnet + * current prop vpcCidrBlock refers to the token value + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}. + */ + readonly ipv4CidrBlock: string; + +} + +/** + * Base class for creating a VPC (Virtual Private Cloud) in AWS. + * + * For more information, see the {@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html|AWS CDK Documentation on VPCs}. + */ +export abstract class VpcV2Base extends Resource implements IVpcV2 { + + /** + * Identifier for this VPC + */ + public abstract readonly vpcId: string; + + /** + * Arn of this VPC + */ + public abstract readonly vpcArn: string; + + /** + * CIDR range for this VPC + */ + public abstract readonly vpcCidrBlock: string; + + /** + * List of public subnets in this VPC + */ + public readonly publicSubnets: ISubnet[] = []; + + /** + * List of private subnets in this VPC + */ + public readonly privateSubnets: ISubnet[] = []; + + /** + * List of isolated subnets in this VPC + */ + public abstract readonly isolatedSubnets: ISubnet[]; + + /** + * AZs for this VPC + */ + public readonly availabilityZones: string[] = []; + + /** + * Dependable that can be depended upon to force internet connectivity established on the VPC + */ + public abstract readonly internetConnectivityEstablished: IDependable; + + /** + * Secondary IPs for the VPC, can be multiple Ipv4 or Ipv6 + * Ipv4 should be within RFC#1918 range + */ + public abstract readonly secondaryCidrBlock: CfnVPCCidrBlock[]; + + /** + * The primary IPv4 CIDR block associated with the VPC. + * Needed in order to validate the vpc range of subnet + * current prop vpcCidrBlock refers to the token value + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}. + */ + public abstract readonly ipv4CidrBlock: string; + + /** + * If this is set to true, don't error out on trying to select subnets + */ + protected incompleteSubnetDefinition: boolean = false; + + /** + * Mutable private field for the vpnGatewayId + * + * @internal + */ + protected _vpnGatewayId?: string; + + /** + * Return information on the subnets appropriate for the given selection strategy + * + * Requires that at least one subnet is matched, throws a descriptive + * error message otherwise. + */ + public selectSubnets(selection: SubnetSelection = {}): SelectedSubnets { + const subnets = this.selectSubnetObjects(selection); + const pubs = new Set(this.publicSubnets); + + return { + subnetIds: subnets.map(s => s.subnetId), + get availabilityZones(): string[] { return subnets.map(s => s.availabilityZone); }, + internetConnectivityEstablished: tap(new CompositeDependable(), d => subnets.forEach(s => d.add(s.internetConnectivityEstablished))), + subnets, + hasPublic: subnets.some(s => pubs.has(s)), + isPendingLookup: this.incompleteSubnetDefinition, + }; + } + + /** + * Adds a VPN Gateway to this VPC + */ + public enableVpnGateway(options: EnableVpnGatewayOptions): void { + if (this.vpnGatewayId) { + throw new Error('The VPN Gateway has already been enabled.'); + } + + const vpnGateway = new VpnGateway(this, 'VpnGateway', { + amazonSideAsn: options.amazonSideAsn, + type: VpnConnectionType.IPSEC_1, + }); + + this._vpnGatewayId = vpnGateway.gatewayId; + + const attachment = new CfnVPCGatewayAttachment(this, 'VPCVPNGW', { + vpcId: this.vpcId, + vpnGatewayId: this._vpnGatewayId, + }); + + // Propagate routes on route tables associated with the right subnets + const vpnRoutePropagation = options.vpnRoutePropagation ?? [{}]; + const routeTableIds = allRouteTableIds(flatten(vpnRoutePropagation.map(s => this.selectSubnets(s).subnets))); + + if (routeTableIds.length === 0) { + Annotations.of(this).addError(`enableVpnGateway: no subnets matching selection: '${JSON.stringify(vpnRoutePropagation)}'. Select other subnets to add routes to.`); + } + + const routePropagation = new CfnVPNGatewayRoutePropagation(this, 'RoutePropagation', { + routeTableIds, + vpnGatewayId: this._vpnGatewayId, + }); + // The AWS::EC2::VPNGatewayRoutePropagation resource cannot use the VPN gateway + // until it has successfully attached to the VPC. + // See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-gatewayrouteprop.html + routePropagation.node.addDependency(attachment); + } + + /** + * Adds a new VPN connection to this VPC + */ + public addVpnConnection(id: string, options: VpnConnectionOptions): VpnConnection { + return new VpnConnection(this, id, { + vpc: this, + ...options, + }); + } + + /** + * Adds a new client VPN endpoint to this VPC + */ + public addClientVpnEndpoint(id: string, options: ClientVpnEndpointOptions): ClientVpnEndpoint { + return new ClientVpnEndpoint(this, id, { + ...options, + vpc: this, + }); + } + + /** + * Adds a new interface endpoint to this VPC + */ + public addInterfaceEndpoint(id: string, options: InterfaceVpcEndpointOptions): InterfaceVpcEndpoint { + return new InterfaceVpcEndpoint(this, id, { + vpc: this, + ...options, + }); + } + + /** + * Adds a new gateway endpoint to this VPC + */ + public addGatewayEndpoint(id: string, options: GatewayVpcEndpointOptions): GatewayVpcEndpoint { + return new GatewayVpcEndpoint(this, id, { + vpc: this, + ...options, + }); + } + + /** + * Adds a new flow log to this VPC + */ + public addFlowLog(id: string, options?: FlowLogOptions): FlowLog { + return new FlowLog(this, id, { + resourceType: FlowLogResourceType.fromVpc(this), + ...options, + }); + } + + /** + * Returns the id of the VPN Gateway (if enabled) + */ + public get vpnGatewayId(): string | undefined { + return this._vpnGatewayId; + } + + /** + * Return the subnets appropriate for the placement strategy + */ + protected selectSubnetObjects(selection: SubnetSelection = {}): ISubnet[] { + selection = this.reifySelectionDefaults(selection); + + if (selection.subnets !== undefined) { + return selection.subnets; + } + + let subnets; + + if (selection.subnetGroupName !== undefined) { // Select by name + subnets = this.selectSubnetObjectsByName(selection.subnetGroupName); + + } else { // Or specify by type + const type = selection.subnetType || SubnetType.PRIVATE_WITH_EGRESS; + subnets = this.selectSubnetObjectsByType(type); + } + + // Apply all the filters + subnets = this.applySubnetFilters(subnets, selection.subnetFilters ?? []); + + return subnets; + } + + private applySubnetFilters(subnets: ISubnet[], filters: SubnetFilter[]): ISubnet[] { + let filtered = subnets; + // Apply each filter in sequence + for (const filter of filters) { + filtered = filter.selectSubnets(filtered); + } + return filtered; + } + + private selectSubnetObjectsByName(groupName: string) { + const allSubnets = [...this.publicSubnets, ...this.privateSubnets, ...this.isolatedSubnets]; + const subnets = allSubnets.filter(s => subnetGroupNameFromConstructId(s) === groupName); + + if (subnets.length === 0 && !this.incompleteSubnetDefinition) { + const names = Array.from(new Set(allSubnets.map(subnetGroupNameFromConstructId))); + throw new Error(`There are no subnet groups with name '${groupName}' in this VPC. Available names: ${names}`); + } + + return subnets; + } + + private selectSubnetObjectsByType(subnetType: SubnetType) { + const allSubnets = { + [SubnetType.PRIVATE_ISOLATED]: this.isolatedSubnets, + [SubnetType.ISOLATED]: this.isolatedSubnets, + [SubnetType.PRIVATE_WITH_NAT]: this.privateSubnets, + [SubnetType.PRIVATE_WITH_EGRESS]: this.privateSubnets, + [SubnetType.PRIVATE]: this.privateSubnets, + [SubnetType.PUBLIC]: this.publicSubnets, + }; + + const subnets = allSubnets[subnetType]; + + // Force merge conflict here with https://github.com/aws/aws-cdk/pull/4089 + // see ImportedVpc + + if (subnets.length === 0 && !this.incompleteSubnetDefinition) { + const availableTypes = Object.entries(allSubnets).filter(([_, subs]) => subs.length > 0).map(([typeName, _]) => typeName); + throw new Error(`There are no '${subnetType}' subnet groups in this VPC. Available types: ${availableTypes}`); + } + + return subnets; + } + + /** + * Validate the fields in a SubnetSelection object, and reify defaults if necessary + * + * In case of default selection, select the first type of PRIVATE, ISOLATED, + * PUBLIC (in that order) that has any subnets. + */ + private reifySelectionDefaults(placement: SubnetSelection): SubnetSelection { + + // TODO: throw error as new VpcV2 cannot support subnetName or subnetGroupName anymore + if (placement.subnetName !== undefined) { + if (placement.subnetGroupName !== undefined) { + throw new Error('Please use only \'subnetGroupName\' (\'subnetName\' is deprecated and has the same behavior)'); + } else { + Annotations.of(this).addWarningV2('@aws-cdk/aws-ec2:subnetNameDeprecated', 'Usage of \'subnetName\' in SubnetSelection is deprecated, use \'subnetGroupName\' instead'); + } + placement = { ...placement, subnetGroupName: placement.subnetName }; + } + + const exclusiveSelections: Array = ['subnets', 'subnetType', 'subnetGroupName']; + const providedSelections = exclusiveSelections.filter(key => placement[key] !== undefined); + if (providedSelections.length > 1) { + throw new Error(`Only one of '${providedSelections}' can be supplied to subnet selection.`); + } + + if (placement.subnetType === undefined && placement.subnetGroupName === undefined && placement.subnets === undefined) { + // Return default subnet type based on subnets that actually exist + let subnetType = this.privateSubnets.length + ? SubnetType.PRIVATE_WITH_EGRESS : this.isolatedSubnets.length ? SubnetType.PRIVATE_ISOLATED : SubnetType.PUBLIC; + placement = { ...placement, subnetType: subnetType }; + } + + // Establish which subnet filters are going to be used + let subnetFilters = placement.subnetFilters ?? []; + + // Backwards compatibility with existing `availabilityZones` and `onePerAz` functionality + if (placement.availabilityZones !== undefined) { // Filter by AZs, if specified + subnetFilters.push(SubnetFilter.availabilityZones(placement.availabilityZones)); + } + if (!!placement.onePerAz) { // Ensure one per AZ if specified + subnetFilters.push(SubnetFilter.onePerAz()); + } + + // Overwrite the provided placement filters and remove the availabilityZones and onePerAz properties + placement = { ...placement, subnetFilters: subnetFilters, availabilityZones: undefined, onePerAz: undefined }; + const { availabilityZones, onePerAz, ...rest } = placement; + + return rest; + } + +} + +class CompositeDependable implements IDependable { + private readonly dependables = new Array(); + + constructor() { + const self = this; + Dependable.implement(this, { + get dependencyRoots() { + const ret = new Array(); + for (const dep of self.dependables) { + ret.push(...Dependable.of(dep).dependencyRoots); + } + return ret; + }, + }); + } + + /** + * Add a construct to the dependency roots + */ + public add(dep: IDependable) { + this.dependables.push(dep); + } +} + +/** +* Invoke a function on a value (for its side effect) and return the value +*/ +function tap(x: T, fn: (x: T) => void): T { + fn(x); + return x; + +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts new file mode 100644 index 0000000000000..76fc7c654921b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -0,0 +1,487 @@ +import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet } from 'aws-cdk-lib/aws-ec2'; +import { Arn, CfnResource, Lazy, Names } from 'aws-cdk-lib/core'; +import { Construct, DependencyGroup, IDependable } from 'constructs'; +import { IpamOptions, IIpamPool } from './ipam'; +import { VpcV2Base } from './vpc-v2-base'; + +/** + * Additional props needed for secondary Address + */ +export interface SecondaryAddressProps { + /** + * Required to set Secondary cidr block resource name + * in order to generate unique logical id for the resource. + */ + readonly cidrBlockName: string; +} + +/** + * IpAddress options to define VPC V2 + */ +export class IpAddresses { + + /** + * An IPv4 CIDR Range + */ + public static ipv4(ipv4Cidr: string, props?: SecondaryAddressProps): IIpAddresses { + return new ipv4CidrAllocation(ipv4Cidr, props); + } + + /** + * An Ipv4 Ipam Pool + */ + public static ipv4Ipam(ipv4IpamOptions: IpamOptions): IIpAddresses { + return new IpamIpv4(ipv4IpamOptions); + } + + /** + * An Ipv6 Ipam Pool + */ + public static ipv6Ipam(ipv6IpamOptions: IpamOptions): IIpAddresses { + return new IpamIpv6(ipv6IpamOptions); + } + + /** + * Amazon Provided Ipv6 range + */ + public static amazonProvidedIpv6(props: SecondaryAddressProps) : IIpAddresses { + return new AmazonProvided(props); + } +} + +/** + * Consolidated return parameters to pass to VPC construct + */ +export interface VpcCidrOptions { + + /** + * IPv4 CIDR Block + * @default - '10.0.0.0/16' + */ + readonly ipv4CidrBlock?: string; + + /** + * CIDR Mask for Vpc + * + * @default - Only required when using IPAM Ipv4 + */ + readonly ipv4NetmaskLength?: number; + + /** + * Ipv4 IPAM Pool + * + * @default - Only required when using IPAM Ipv4 + */ + readonly ipv4IpamPool?: IIpamPool; + + /** + * Implementing Ipv6 + * @default - No ipv6 address + */ + readonly ipv6CidrBlock?: string; + + /** + * CIDR Mask for Vpc + * + * @default - Only required when using AWS Ipam + */ + readonly ipv6NetmaskLength?: number; + + /** + * Ipv6 IPAM pool id for VPC range, can only be defined + * under public scope + * + * @default - no pool id + */ + readonly ipv6IpamPool?: IIpamPool; + + /** + * Use amazon provided IP range + * @default false + */ + readonly amazonProvided?: boolean; + + /** + * Dependency to associate Ipv6 CIDR block + * @default - No dependency + */ + readonly dependencies?: CfnResource[]; + + /** + * Required to set Secondary cidr block resource name + * in order to generate unique logical id for the resource. + * @default : no name for primary addresses + */ + readonly cidrBlockName?: string; +} + +/** + * Implements ip address allocation according to the IPAdress type + */ +export interface IIpAddresses { + + /** + * Method to define the implementation logic of + * IP address allocation + */ + allocateVpcCidr() : VpcCidrOptions; + +} + +/** + * Properties to define VPC + * [disable-awslint:from-method] + */ +export interface VpcV2Props { + + /** A must IPv4 CIDR block for the VPC + * https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html + * @default - Ipv4 CIDR Block ('10.0.0.0/16') + */ + readonly primaryAddressBlock?: IIpAddresses; + + /** + * The secondary CIDR blocks associated with the VPC. + * Can be IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention + * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. + * @default - No secondary IP address + */ + readonly secondaryAddressBlocks?: IIpAddresses[]; + + /** + * Indicates whether the instances launched in the VPC get DNS hostnames + * @default true + */ + readonly enableDnsHostnames?: boolean; + + /** + * Indicates whether the DNS resolution is supported for the VPC. + * @default true + */ + readonly enableDnsSupport?: boolean; + + /** + * The default tenancy of instances launched into the VPC. + * + * By setting this to dedicated tenancy, instances will be launched on + * hardware dedicated to a single AWS customer, unless specifically specified + * at instance launch time. Please note, not all instance types are usable + * with Dedicated tenancy. + * + * @default DefaultInstanceTenancy.Default (shared) tenancy + */ + readonly defaultInstanceTenancy?: DefaultInstanceTenancy; + + /** + * Physical name for the VPC + * @default: autogenerated by CDK + */ + readonly vpcName?: string; +} + +/** + * This class provides a foundation for creating and configuring a VPC with advanced features such as IPAM (IP Address Management) and IPv6 support. + * + * For more information, see the {@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html|AWS CDK Documentation on VPCs}. + * + * @resource AWS::EC2::VPC + */ +export class VpcV2 extends VpcV2Base { + + /** + * Identifier for this VPC + */ + public readonly vpcId: string; + + /** + * @attribute + */ + public readonly vpcArn: string; + + /** + * @attribute + */ + public readonly vpcCidrBlock: string; + /** + * The IPv6 CIDR blocks for the VPC. + * + * See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html#aws-resource-ec2-vpc-return-values + */ + public readonly ipv6CidrBlocks: string[]; + + /** + * The provider of ipv4 addresses + */ + public readonly ipAddresses: IIpAddresses; + + /** + * The AWS CloudFormation resource representing the VPC. + */ + public readonly resource: CfnVPC; + + /** + * Indicates if instances launched in this VPC will have public DNS hostnames. + */ + public readonly dnsHostnamesEnabled: boolean; + + /** + * Indicates if DNS support is enabled for this VPC. + */ + public readonly dnsSupportEnabled: boolean; + + /** + * Isolated Subnets that are part of this VPC. + */ + public readonly isolatedSubnets: ISubnet[]; + + /** + * Public Subnets that are part of this VPC. + */ + public readonly publicSubnets: ISubnet[]; + + /** + * Pbulic Subnets that are part of this VPC. + */ + public readonly privateSubnets: ISubnet[]; + + /** + * To define dependency on internet connectivity + */ + public readonly internetConnectivityEstablished: IDependable; + + /** + * To define dependency on internet connectivity + */ + private readonly _internetConnectivityEstablished = new DependencyGroup(); + + /** + * reference to all secondary blocks attached + */ + public readonly secondaryCidrBlock = new Array; + + /** + * For validation to define IPv6 subnets, set to true in case of + * Amazon Provided IPv6 cidr range + * IPv6 addresses can be attached to the subnets + * @default false + */ + public readonly useIpv6: boolean = false; + + public readonly ipv4CidrBlock: string = ''; + + constructor(scope: Construct, id: string, props: VpcV2Props = {}) { + super(scope, id, { + physicalName: props.vpcName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 128, allowedSpecialCharacters: '_' }), + }), + }); + + this.ipAddresses = props.primaryAddressBlock ?? IpAddresses.ipv4('10.0.0.0/16'); + const vpcOptions = this.ipAddresses.allocateVpcCidr(); + + this.dnsHostnamesEnabled = props.enableDnsHostnames == null ? true : props.enableDnsHostnames; + this.dnsSupportEnabled = props.enableDnsSupport == null ? true : props.enableDnsSupport; + const instanceTenancy = props.defaultInstanceTenancy || 'default'; + this.resource = new CfnVPC(this, 'Resource', { + cidrBlock: vpcOptions.ipv4CidrBlock, //for Ipv4 addresses CIDR block + enableDnsHostnames: this.dnsHostnamesEnabled, + enableDnsSupport: this.dnsSupportEnabled, + ipv4IpamPoolId: vpcOptions.ipv4IpamPool?.ipamPoolId, // for Ipv4 ipam option + ipv4NetmaskLength: vpcOptions.ipv4NetmaskLength, // for Ipv4 ipam option + instanceTenancy: instanceTenancy, + }); + + this.node.defaultChild = this.resource; + this.vpcCidrBlock = this.resource.attrCidrBlock; + if (vpcOptions.ipv4CidrBlock) { + this.ipv4CidrBlock = vpcOptions.ipv4CidrBlock; + } + this.ipv6CidrBlocks = this.resource.attrIpv6CidrBlocks; + this.vpcId = this.resource.attrVpcId; + this.vpcArn = Arn.format({ + service: 'ec2', + resource: 'vpc', + resourceName: this.vpcId, + }, this.stack); + + if (props.secondaryAddressBlocks) { + const secondaryAddressBlocks: IIpAddresses[] = props.secondaryAddressBlocks; + + for (const secondaryAddressBlock of secondaryAddressBlocks) { + + const secondaryVpcOptions: VpcCidrOptions = secondaryAddressBlock.allocateVpcCidr(); + if (!secondaryVpcOptions.cidrBlockName) { + throw new Error('Cidr Block Name is required to create secondary IP address'); + } + + if (secondaryVpcOptions.amazonProvided || secondaryVpcOptions.ipv6IpamPool) { + this.useIpv6 = true; + } + //validate CIDR ranges per RFC 1918 + if (secondaryVpcOptions.ipv4CidrBlock!) { + const ret = validateIpv4address(secondaryVpcOptions.ipv4CidrBlock, this.resource.cidrBlock); + if (ret === false) { + throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); + } + } + const cfnVpcCidrBlock = new CfnVPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { + vpcId: this.vpcId, + cidrBlock: secondaryVpcOptions.ipv4CidrBlock, + ipv4IpamPoolId: secondaryVpcOptions.ipv4IpamPool?.ipamPoolId, + ipv4NetmaskLength: secondaryVpcOptions.ipv4NetmaskLength, + ipv6NetmaskLength: secondaryVpcOptions.ipv6NetmaskLength, + ipv6IpamPoolId: secondaryVpcOptions.ipv6IpamPool?.ipamPoolId, + amazonProvidedIpv6CidrBlock: secondaryVpcOptions.amazonProvided, + }); + if (secondaryVpcOptions.dependencies) { + for (const dep of secondaryVpcOptions.dependencies) { + cfnVpcCidrBlock.addDependency(dep); + } + } + //Create secondary blocks for Ipv4 and Ipv6 + this.secondaryCidrBlock.push(cfnVpcCidrBlock); + } + } + + /** + * Empty array for isolated subnets + */ + this.isolatedSubnets = new Array; + + /** + * Empty array for public subnets + */ + this.publicSubnets = new Array; + + /** + * Empty array for private subnets + */ + this.privateSubnets = new Array; + + /** + * Dependable that can be depended upon to force internet connectivity established on the VPC + * Add igw to this if its a public subnet + */ + this.internetConnectivityEstablished = this._internetConnectivityEstablished; + } +} +/** + * Supports assigning IPv4 address to VPC + */ +class ipv4CidrAllocation implements IIpAddresses { + + constructor(private readonly cidrBlock: string, private readonly props?: { cidrBlockName: string}) { + } + + /** + * @returns CIDR block provided by the user to set IPv4 + */ + allocateVpcCidr(): VpcCidrOptions { + return { + ipv4CidrBlock: this.cidrBlock, + cidrBlockName: this.props?.cidrBlockName, + }; + } +} + +/** + * Supports Amazon Provided Ipv6 ranges + */ +class AmazonProvided implements IIpAddresses { + /** + * Represents an Amazon-provided IPv6 CIDR range for a VPC. + * + * This class implements the IIpAddresses interface and is used to allocate an Amazon-provided + * IPv6 CIDR range for a VPC. When an instance of this class is used to allocate the VPC CIDR, + * Amazon will automatically assign an IPv6 CIDR range from its pool of available addresses. + */ + + constructor(private readonly props: { cidrBlockName: string}) {}; + + allocateVpcCidr(): VpcCidrOptions { + return { + amazonProvided: true, + cidrBlockName: this.props.cidrBlockName, + }; + } + +} + +/** + * Represents an IPv4 address range managed by AWS IP Address Manager (IPAM). + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html + */ +class IpamIpv6 implements IIpAddresses { + + constructor(private readonly props: IpamOptions) { + } + + allocateVpcCidr(): VpcCidrOptions { + return { + ipv6NetmaskLength: this.props.netmaskLength, + ipv6IpamPool: this.props.ipamPool, + dependencies: this.props.ipamPool?.ipamCidrs.map(c => c as CfnResource), + cidrBlockName: this.props.cidrBlockName, + }; + } +} + +/** + * Represents an IPv4 address range managed by AWS IP Address Manager (IPAM). + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html + */ +class IpamIpv4 implements IIpAddresses { + + constructor(private readonly props: IpamOptions) { + } + allocateVpcCidr(): VpcCidrOptions { + + return { + ipv4NetmaskLength: this.props.netmaskLength, + ipv4IpamPool: this.props.ipamPool, + cidrBlockName: this.props?.cidrBlockName, + }; + } +} + +//@internal First two Octet to verify RFC 1918 +interface IPaddressConfig { + octet1: number; + octet2: number; +} + +/** + * Validates whether a secondary IPv4 address is within the same private IP address range as the primary IPv4 address. + * + * @param cidr1 The secondary IPv4 CIDR block to be validated. + * @param cidr2 The primary IPv4 CIDR block to validate against. + * @returns True if the secondary IPv4 CIDR block is within the same private IP address range as the primary IPv4 CIDR block, false otherwise. + * @internal + * The private IP address ranges are defined by RFC 1918 as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. + */ +function validateIpv4address(cidr1?: string, cidr2?: string): boolean { + if (!cidr1 || !cidr2) { + return false; // Handle cases where CIDR ranges are not provided + } + + const octetsCidr1: number[] = cidr1.split('.').map(octet => parseInt(octet, 10)); + const octetsCidr2: number[] = cidr2.split('.').map(octet => parseInt(octet, 10)); + + if (octetsCidr1.length !== 4 || octetsCidr2.length !== 4) { + return false; // Handle invalid CIDR ranges + } + + const ip1: IPaddressConfig = { + octet1: octetsCidr1[0], + octet2: octetsCidr1[1], + }; + + const ip2: IPaddressConfig = { + octet1: octetsCidr2[0], + octet2: octetsCidr2[1], + }; + + return (ip1.octet1 === 10 && ip2.octet1 === 10) || + (ip1.octet1 === 192 && ip1.octet2 === 168 && ip2.octet1 === 192 && ip2.octet2 === 168) || + (ip1.octet1 === 172 && ip1.octet2 === 16 && ip2.octet1 === 172 && ip2.octet2 === 16); // CIDR ranges belong to same private IP address ranges +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/package.json b/packages/@aws-cdk/aws-ec2-alpha/package.json new file mode 100644 index 0000000000000..be679d1fa77c6 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/package.json @@ -0,0 +1,107 @@ +{ + "name": "@aws-cdk/aws-ec2-alpha", + "private": true, + "version": "0.0.0", + "description": "The CDK construct library for VPC V2", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "jsii": { + "outdir": "dist", + "targets": { + "java": { + "package": "software.amazon.awscdk.services.ec2.alpha", + "maven": { + "groupId": "software.amazon.awscdk", + "artifactId": "ec2-alpha" + } + }, + "dotnet": { + "namespace": "Amazon.CDK.AWS.ec2.Alpha", + "packageId": "Amazon.CDK.AWS.ec2.Alpha", + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png" + }, + "python": { + "distName": "aws-cdk.aws-ec2-alpha", + "module": "aws_cdk.aws_ec2_alpha", + "classifiers": [ + "Framework :: AWS CDK", + "Framework :: AWS CDK :: 2" + ] + }, + "go": { + "moduleName": "github.com/aws/aws-cdk-go", + "packageName": "awsec2alpha" + } + }, + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } + }, + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "packages/@aws-cdk/aws-ec2-alpha" + }, + "scripts": { + "build": "cdk-build", + "watch": "cdk-watch", + "lint": "cdk-lint", + "test": "cdk-test", + "integ": "integ-runner --language javascript", + "pkglint": "pkglint -f", + "awslint": "cdk-awslint", + "package": "cdk-package", + "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", + "compat": "cdk-compat", + "rosetta:extract": "yarn --silent jsii-rosetta extract", + "build+extract": "yarn build && yarn rosetta:extract", + "build+test+extract": "yarn build+test && yarn rosetta:extract" + }, + "keywords": [ + "aws", + "cdk", + "example", + "construct", + "library" + ], + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "devDependencies": { + "@aws-cdk/cdk-build-tools": "0.0.0", + "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests-alpha": "^0.0.0", + "@aws-cdk/pkglint": "0.0.0", + "@types/jest": "^29.5.12", + "aws-cdk-lib": "0.0.0", + "jest": "^29.7.0" + }, + "homepage": "https://github.com/aws/aws-cdk", + "peerDependencies": { + "aws-cdk-lib": "^0.0.0", + "constructs": "^10.0.0" + }, + "separate-module": false, + "engines": { + "node": ">= 14.15.0" + }, + "stability": "experimental", + "maturity": "experimental", + "awscdkio": { + "announce": false + }, + "cdk-build": { + "env": { + "AWSLINT_BASE_CONSTRUCT": true + } + } +} diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json new file mode 100644 index 0000000000000..f61a2717f93a6 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "b3d06cef480a17aaf78379d18a13893141f2d689a23bcbbcf34b284e77752b0f": { + "source": { + "path": "aws-cdk-routev2-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b3d06cef480a17aaf78379d18a13893141f2d689a23bcbbcf34b284e77752b0f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json new file mode 100644 index 0000000000000..140f9ebf102e0 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json @@ -0,0 +1,115 @@ +{ + "Resources": { + "defaultC974F9E3": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "defaultAmazonIpv6C7A4D665": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "defaultSubnetDFB3A3B6": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "defaultC974F9E3", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + }, + "DependsOn": [ + "defaultAmazonIpv6C7A4D665" + ] + }, + "defaultSubnetRouteTableAssociationF1D85D29": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "defaultSubnetDFB3A3B6" + } + }, + "DependsOn": [ + "defaultAmazonIpv6C7A4D665" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json new file mode 100644 index 0000000000000..b9734dc366438 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "7711ae87a96bcf4e738e5904b6071f21ac59ee14247c420b0bf33d20a87348a3": { + "source": { + "path": "aws-cdk-routev2-dynamodbendpoint-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7711ae87a96bcf4e738e5904b6071f21ac59ee14247c420b0bf33d20a87348a3.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json new file mode 100644 index 0000000000000..1fc8a4ff1bbe3 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json @@ -0,0 +1,147 @@ +{ + "Resources": { + "dynamodbC0A56799": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "dynamodbAmazonIpv6698EF571": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "dynamodbSubnet81957A26": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + }, + "DependsOn": [ + "dynamodbAmazonIpv6698EF571" + ] + }, + "dynamodbSubnetRouteTableAssociationC38B30F3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "dynamodbSubnet81957A26" + } + }, + "DependsOn": [ + "dynamodbAmazonIpv6698EF571" + ] + }, + "testDynamoEndpoint03D5BDE5": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "RouteTableIds": [ + { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + ], + "ServiceName": { + "Fn::Join": [ + "", + [ + "com.amazonaws.", + { + "Ref": "AWS::Region" + }, + ".dynamodb" + ] + ] + }, + "VpcEndpointType": "Gateway", + "VpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json new file mode 100644 index 0000000000000..b27c0c57931d5 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "6cd56bb964ed1f90f0206d705f085aef381173834b50d5ba372fa2185156d51d": { + "source": { + "path": "aws-cdk-routev2-egressonlyigw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "6cd56bb964ed1f90f0206d705f085aef381173834b50d5ba372fa2185156d51d.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json new file mode 100644 index 0000000000000..1c4d9adad8e08 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json @@ -0,0 +1,134 @@ +{ + "Resources": { + "eigwC0F094EF": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "eigwAmazonIpv69E78211F": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "eigwSubnetCC28B9F9": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + }, + "DependsOn": [ + "eigwAmazonIpv69E78211F" + ] + }, + "eigwSubnetRouteTableAssociation887F4A97": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "eigwSubnetCC28B9F9" + } + }, + "DependsOn": [ + "eigwAmazonIpv69E78211F" + ] + }, + "testEOIGWEIGW54CCAD37": { + "Type": "AWS::EC2::EgressOnlyInternetGateway", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "testEIGWRouteEB4FE8D5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "EgressOnlyInternetGatewayId": { + "Fn::GetAtt": [ + "testEOIGWEIGW54CCAD37", + "Id" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json new file mode 100644 index 0000000000000..677f15417b1ed --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "44c69eec973961e184209d04e6e45c230320a2f7a110f0275431dc0587273038": { + "source": { + "path": "aws-cdk-routev2-igw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "44c69eec973961e184209d04e6e45c230320a2f7a110f0275431dc0587273038.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json new file mode 100644 index 0000000000000..1ddb6c3cc40d9 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json @@ -0,0 +1,154 @@ +{ + "Resources": { + "igw127F1970": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "igwAmazonIpv64026617C": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "igwSubnetF238E402": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "igw127F1970", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + }, + "DependsOn": [ + "igwAmazonIpv64026617C" + ] + }, + "igwSubnetRouteTableAssociationA48C27F3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "igwSubnetF238E402" + } + }, + "DependsOn": [ + "igwAmazonIpv64026617C" + ] + }, + "testIGW8D947AF2": { + "Type": "AWS::EC2::InternetGateway" + }, + "testIGWRoute7696715B": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "testIGWRouteGWAttachmentB0836D42": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json new file mode 100644 index 0000000000000..733952daae63f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "087e3b456bae228983dc7a31eea1570bfeccfd6b4f163b7e10a2af07dc31291f": { + "source": { + "path": "aws-cdk-routev2-networkif-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "087e3b456bae228983dc7a31eea1570bfeccfd6b4f163b7e10a2af07dc31291f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json new file mode 100644 index 0000000000000..d796497fc5388 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json @@ -0,0 +1,115 @@ +{ + "Resources": { + "nif44200315": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "nifAmazonIpv6CF4BF46B": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "nifSubnetAEB60456": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "nif44200315", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + }, + "DependsOn": [ + "nifAmazonIpv6CF4BF46B" + ] + }, + "nifSubnetRouteTableAssociationE4036B9F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "nifSubnetAEB60456" + } + }, + "DependsOn": [ + "nifAmazonIpv6CF4BF46B" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json new file mode 100644 index 0000000000000..591ec9e8d3066 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "89c945d2b4cb2aa79cca0e52ea8fa68849a586495b0a27b7de229ae44b3c5239": { + "source": { + "path": "aws-cdk-routev2-privatenatgw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "89c945d2b4cb2aa79cca0e52ea8fa68849a586495b0a27b7de229ae44b3c5239.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json new file mode 100644 index 0000000000000..f2ed7e0d44c03 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json @@ -0,0 +1,152 @@ +{ + "Resources": { + "natgwpriv081A7D93": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "natgwprivAmazonIpv6915E8E4F": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "natgwprivSubnetE547C5A0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + }, + "DependsOn": [ + "natgwprivAmazonIpv6915E8E4F" + ] + }, + "natgwprivSubnetRouteTableAssociation9E115869": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + }, + "DependsOn": [ + "natgwprivAmazonIpv6915E8E4F" + ] + }, + "testNATgwNATGateway1533420D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "ConnectivityType": "private", + "PrivateIpAddress": "10.0.0.42", + "SecondaryPrivateIpAddresses": [ + "10.0.0.43", + "10.0.0.44", + "10.0.0.45" + ], + "SubnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + }, + "DependsOn": [ + "natgwprivSubnetRouteTableAssociation9E115869" + ] + }, + "testNATGWRoute7A26EC80": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json new file mode 100644 index 0000000000000..29398ffe76faa --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "6592172436ea6af85dd73663ffd81cc1342c29574aa00f4dacf5179cf3054441": { + "source": { + "path": "aws-cdk-routev2-publicnatgw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "6592172436ea6af85dd73663ffd81cc1342c29574aa00f4dacf5179cf3054441.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json new file mode 100644 index 0000000000000..5f80cf56a0aa5 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json @@ -0,0 +1,204 @@ +{ + "Resources": { + "natgwpub2FB85986": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "natgwpubAmazonIpv625B947F8": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "natgwpubSubnet79D316E5": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + }, + "DependsOn": [ + "natgwpubAmazonIpv625B947F8" + ] + }, + "natgwpubSubnetRouteTableAssociation019CE26A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + }, + "DependsOn": [ + "natgwpubAmazonIpv625B947F8" + ] + }, + "testNATgwIGW6AC97E9A": { + "Type": "AWS::EC2::InternetGateway" + }, + "testnatgwigwRouteE8D2BF39": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "242.0.0.0/32", + "DestinationIpv6CidrBlock": "242.0.0.0/32", + "GatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "testnatgwigwRouteGWAttachmentB8E1033C": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "testNATgwEIP1C260FAD": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + }, + "DependsOn": [ + "natgwpubSubnetRouteTableAssociation019CE26A" + ] + }, + "testNATgwNATGateway1533420D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "testNATgwEIP1C260FAD", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + }, + "DependsOn": [ + "natgwpubSubnetRouteTableAssociation019CE26A" + ] + }, + "testNATGWRoute7A26EC80": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json new file mode 100644 index 0000000000000..601d17d534bb8 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "2318541485e9424ef1bba0f0bb0e0e91e2759dc53597436fb250a8605e5e0107": { + "source": { + "path": "aws-cdk-routev2-virtualprivategw-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2318541485e9424ef1bba0f0bb0e0e91e2759dc53597436fb250a8605e5e0107.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json new file mode 100644 index 0000000000000..f96743310fabe --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json @@ -0,0 +1,157 @@ +{ + "Resources": { + "vpgw2AB64B6B": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "vpgwAmazonIpv6C872FF1E": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "vpgwSubnet5E7F36AD": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + }, + "DependsOn": [ + "vpgwAmazonIpv6C872FF1E" + ] + }, + "vpgwSubnetRouteTableAssociation49921F90": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "vpgwSubnet5E7F36AD" + } + }, + "DependsOn": [ + "vpgwAmazonIpv6C872FF1E" + ] + }, + "testVPGWIGW816C7C4F": { + "Type": "AWS::EC2::VPNGateway", + "Properties": { + "Type": "ipsec.1" + } + }, + "testVPGWRouteA169B1AA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "DestinationIpv6CidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "testVPGWRouteGWAttachment01E74575": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + }, + "VpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json new file mode 100644 index 0000000000000..fa96e660e9d19 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "7b04eb9c84a61a91a957fceb96a85b38336f8b5999d1c0b5b972cd191926c473": { + "source": { + "path": "aws-cdk-routev2-vpcpeerconnection-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7b04eb9c84a61a91a957fceb96a85b38336f8b5999d1c0b5b972cd191926c473.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json new file mode 100644 index 0000000000000..804f7b179ac91 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json @@ -0,0 +1,115 @@ +{ + "Resources": { + "vpcpc6CAE1A04": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "vpcpcAmazonIpv66504EEB2": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "TestRoottableRouteTableFA28AA38": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "vpcpcSubnet1DD6CE35": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-1a", + "CidrBlock": "10.0.0.0/24", + "Ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "Ipv6CidrBlocks" + ] + } + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + }, + "DependsOn": [ + "vpcpcAmazonIpv66504EEB2" + ] + }, + "vpcpcSubnetRouteTableAssociation8531BF5C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "vpcpcSubnet1DD6CE35" + } + }, + "DependsOn": [ + "vpcpcAmazonIpv66504EEB2" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json new file mode 100644 index 0000000000000..4ba304a14b0f1 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integtest-model-8/DefaultTest": { + "stacks": [ + "aws-cdk-routev2-dynamodbendpoint-alpha" + ], + "assertionStack": "integtest-model-8/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodel8DefaultTestDeployAssert77221752" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json new file mode 100644 index 0000000000000..db0c4fcd06799 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel0DefaultTestDeployAssertA16689B0.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json new file mode 100644 index 0000000000000..494dbc93fd34d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel1DefaultTestDeployAssert46FEDE40.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json new file mode 100644 index 0000000000000..063e77bfac0d8 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel2DefaultTestDeployAssert04E3783E.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json new file mode 100644 index 0000000000000..3b7039646f51f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json new file mode 100644 index 0000000000000..a760a50f08dc1 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel4DefaultTestDeployAssert4B12233C.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json new file mode 100644 index 0000000000000..34f6c443f8be6 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel5DefaultTestDeployAssertC0DDB875.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json new file mode 100644 index 0000000000000..933d02b8072da --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel6DefaultTestDeployAssert90B004F4.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json new file mode 100644 index 0000000000000..57cecd7995331 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel7DefaultTestDeployAssert4C509DCE.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json new file mode 100644 index 0000000000000..c9d2f2fc69193 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodel8DefaultTestDeployAssert77221752.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json new file mode 100644 index 0000000000000..2dec0815f28b0 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json @@ -0,0 +1,1265 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-routev2-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b3d06cef480a17aaf78379d18a13893141f2d689a23bcbbcf34b284e77752b0f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "DefaultVpcDeploy" + }, + "dependencies": [ + "aws-cdk-routev2-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-alpha/default/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultC974F9E3" + } + ], + "/aws-cdk-routev2-alpha/default/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultAmazonIpv6C7A4D665" + } + ], + "/aws-cdk-routev2-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-alpha/defaultSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultSubnetDFB3A3B6" + } + ], + "/aws-cdk-routev2-alpha/defaultSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultSubnetRouteTableAssociationF1D85D29" + } + ], + "/aws-cdk-routev2-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-alpha" + }, + "aws-cdk-routev2-egressonlyigw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-egressonlyigw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-egressonlyigw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-egressonlyigw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6cd56bb964ed1f90f0206d705f085aef381173834b50d5ba372fa2185156d51d.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-egressonlyigw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "EgressOnlyIgwVpc" + }, + "dependencies": [ + "aws-cdk-routev2-egressonlyigw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-egressonlyigw-alpha/eigw/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwC0F094EF" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwAmazonIpv69E78211F" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwSubnetCC28B9F9" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "eigwSubnetRouteTableAssociation887F4A97" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/testEOIGW/EIGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testEOIGWEIGW54CCAD37" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/testEIGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testEIGWRouteEB4FE8D5" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-egressonlyigw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-egressonlyigw-alpha" + }, + "aws-cdk-routev2-igw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-igw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-igw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-igw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/44c69eec973961e184209d04e6e45c230320a2f7a110f0275431dc0587273038.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-igw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "InternetGatewayVpc" + }, + "dependencies": [ + "aws-cdk-routev2-igw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-igw-alpha/igw/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "igw127F1970" + } + ], + "/aws-cdk-routev2-igw-alpha/igw/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "igwAmazonIpv64026617C" + } + ], + "/aws-cdk-routev2-igw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-igw-alpha/igwSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "igwSubnetF238E402" + } + ], + "/aws-cdk-routev2-igw-alpha/igwSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "igwSubnetRouteTableAssociationA48C27F3" + } + ], + "/aws-cdk-routev2-igw-alpha/testIGW/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGW8D947AF2" + } + ], + "/aws-cdk-routev2-igw-alpha/testIGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGWRoute7696715B" + } + ], + "/aws-cdk-routev2-igw-alpha/testIGWRoute/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGWRouteGWAttachmentB0836D42" + } + ], + "/aws-cdk-routev2-igw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-igw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-igw-alpha" + }, + "aws-cdk-routev2-virtualprivategw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-virtualprivategw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-virtualprivategw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-virtualprivategw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2318541485e9424ef1bba0f0bb0e0e91e2759dc53597436fb250a8605e5e0107.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-virtualprivategw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "VirtualPrivateGwVpc" + }, + "dependencies": [ + "aws-cdk-routev2-virtualprivategw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-virtualprivategw-alpha/vpgw/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgw2AB64B6B" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgwAmazonIpv6C872FF1E" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgwSubnet5E7F36AD" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpgwSubnetRouteTableAssociation49921F90" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGW/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWIGW816C7C4F" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWRouteA169B1AA" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWRouteGWAttachment01E74575" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-virtualprivategw-alpha" + }, + "aws-cdk-routev2-publicnatgw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-publicnatgw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-publicnatgw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-publicnatgw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6592172436ea6af85dd73663ffd81cc1342c29574aa00f4dacf5179cf3054441.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-publicnatgw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "NatGwPubVpc" + }, + "dependencies": [ + "aws-cdk-routev2-publicnatgw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pub/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpub2FB85986" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpubAmazonIpv625B947F8" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpubSubnet79D316E5" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpubSubnetRouteTableAssociation019CE26A" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwIGW6AC97E9A" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testnatgwigwRouteE8D2BF39" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testnatgwigwRouteGWAttachmentB8E1033C" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgw/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwEIP1C260FAD" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgw/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwNATGateway1533420D" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATGWRoute7A26EC80" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-publicnatgw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-publicnatgw-alpha" + }, + "aws-cdk-routev2-privatenatgw-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-privatenatgw-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-privatenatgw-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-privatenatgw-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/89c945d2b4cb2aa79cca0e52ea8fa68849a586495b0a27b7de229ae44b3c5239.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-privatenatgw-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "NatGwPrivVpc" + }, + "dependencies": [ + "aws-cdk-routev2-privatenatgw-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-privatenatgw-alpha/natgw_priv/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwpriv081A7D93" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwprivAmazonIpv6915E8E4F" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwprivSubnetE547C5A0" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "natgwprivSubnetRouteTableAssociation9E115869" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/testNATgw/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwNATGateway1533420D" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/testNATGWRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATGWRoute7A26EC80" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-privatenatgw-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-privatenatgw-alpha" + }, + "aws-cdk-routev2-networkif-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-networkif-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-networkif-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-networkif-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/087e3b456bae228983dc7a31eea1570bfeccfd6b4f163b7e10a2af07dc31291f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-networkif-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "NetworkInterfaceVpc" + }, + "dependencies": [ + "aws-cdk-routev2-networkif-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-networkif-alpha/nif/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "nif44200315" + } + ], + "/aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "nifAmazonIpv6CF4BF46B" + } + ], + "/aws-cdk-routev2-networkif-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-networkif-alpha/nifSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "nifSubnetAEB60456" + } + ], + "/aws-cdk-routev2-networkif-alpha/nifSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "nifSubnetRouteTableAssociationE4036B9F" + } + ], + "/aws-cdk-routev2-networkif-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-networkif-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-networkif-alpha" + }, + "aws-cdk-routev2-vpcpeerconnection-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-vpcpeerconnection-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-vpcpeerconnection-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-vpcpeerconnection-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7b04eb9c84a61a91a957fceb96a85b38336f8b5999d1c0b5b972cd191926c473.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-vpcpeerconnection-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "VpcPeerConnection" + }, + "dependencies": [ + "aws-cdk-routev2-vpcpeerconnection-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpc6CAE1A04" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpcAmazonIpv66504EEB2" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpcSubnet1DD6CE35" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "vpcpcSubnetRouteTableAssociation8531BF5C" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-vpcpeerconnection-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-routev2-vpcpeerconnection-alpha" + }, + "aws-cdk-routev2-dynamodbendpoint-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-routev2-dynamodbendpoint-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-routev2-dynamodbendpoint-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-routev2-dynamodbendpoint-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7711ae87a96bcf4e738e5904b6071f21ac59ee14247c420b0bf33d20a87348a3.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-routev2-dynamodbendpoint-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "DynamodbEndpointVpc" + }, + "dependencies": [ + "aws-cdk-routev2-dynamodbendpoint-alpha.assets" + ], + "metadata": { + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbC0A56799" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbAmazonIpv6698EF571" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "TestRoottableRouteTableFA28AA38" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbSubnet81957A26" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbSubnetRouteTableAssociationC38B30F3" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoEndpoint/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testDynamoEndpoint03D5BDE5" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-routev2-dynamodbendpoint-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "dynamodbSecondaryIp4EEF58BFBEFB": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbSecondaryIp4EEF58BFBEFB", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ] + }, + "displayName": "aws-cdk-routev2-dynamodbendpoint-alpha" + }, + "integtestmodel0DefaultTestDeployAssertA16689B0.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel0DefaultTestDeployAssertA16689B0.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel0DefaultTestDeployAssertA16689B0": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel0DefaultTestDeployAssertA16689B0.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel0DefaultTestDeployAssertA16689B0.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel0DefaultTestDeployAssertA16689B0.assets" + ], + "metadata": { + "/integtest-model-0/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-0/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-0/DefaultTest/DeployAssert" + }, + "integtestmodel1DefaultTestDeployAssert46FEDE40.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel1DefaultTestDeployAssert46FEDE40": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel1DefaultTestDeployAssert46FEDE40.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel1DefaultTestDeployAssert46FEDE40.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel1DefaultTestDeployAssert46FEDE40.assets" + ], + "metadata": { + "/integtest-model-1/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-1/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-1/DefaultTest/DeployAssert" + }, + "integtestmodel2DefaultTestDeployAssert04E3783E.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel2DefaultTestDeployAssert04E3783E.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel2DefaultTestDeployAssert04E3783E": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel2DefaultTestDeployAssert04E3783E.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel2DefaultTestDeployAssert04E3783E.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel2DefaultTestDeployAssert04E3783E.assets" + ], + "metadata": { + "/integtest-model-2/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-2/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-2/DefaultTest/DeployAssert" + }, + "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel3DefaultTestDeployAssertF3FA2F74": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel3DefaultTestDeployAssertF3FA2F74.assets" + ], + "metadata": { + "/integtest-model-3/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-3/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-3/DefaultTest/DeployAssert" + }, + "integtestmodel4DefaultTestDeployAssert4B12233C.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel4DefaultTestDeployAssert4B12233C.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel4DefaultTestDeployAssert4B12233C": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel4DefaultTestDeployAssert4B12233C.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel4DefaultTestDeployAssert4B12233C.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel4DefaultTestDeployAssert4B12233C.assets" + ], + "metadata": { + "/integtest-model-4/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-4/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-4/DefaultTest/DeployAssert" + }, + "integtestmodel5DefaultTestDeployAssertC0DDB875.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel5DefaultTestDeployAssertC0DDB875": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel5DefaultTestDeployAssertC0DDB875.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel5DefaultTestDeployAssertC0DDB875.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel5DefaultTestDeployAssertC0DDB875.assets" + ], + "metadata": { + "/integtest-model-5/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-5/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-5/DefaultTest/DeployAssert" + }, + "integtestmodel6DefaultTestDeployAssert90B004F4.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel6DefaultTestDeployAssert90B004F4.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel6DefaultTestDeployAssert90B004F4": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel6DefaultTestDeployAssert90B004F4.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel6DefaultTestDeployAssert90B004F4.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel6DefaultTestDeployAssert90B004F4.assets" + ], + "metadata": { + "/integtest-model-6/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-6/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-6/DefaultTest/DeployAssert" + }, + "integtestmodel7DefaultTestDeployAssert4C509DCE.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel7DefaultTestDeployAssert4C509DCE": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel7DefaultTestDeployAssert4C509DCE.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel7DefaultTestDeployAssert4C509DCE.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel7DefaultTestDeployAssert4C509DCE.assets" + ], + "metadata": { + "/integtest-model-7/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-7/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-7/DefaultTest/DeployAssert" + }, + "integtestmodel8DefaultTestDeployAssert77221752.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodel8DefaultTestDeployAssert77221752.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodel8DefaultTestDeployAssert77221752": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodel8DefaultTestDeployAssert77221752.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodel8DefaultTestDeployAssert77221752.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodel8DefaultTestDeployAssert77221752.assets" + ], + "metadata": { + "/integtest-model-8/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model-8/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model-8/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json new file mode 100644 index 0000000000000..7adf7f1621505 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json @@ -0,0 +1,2607 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-routev2-alpha": { + "id": "aws-cdk-routev2-alpha", + "path": "aws-cdk-routev2-alpha", + "children": { + "default": { + "id": "default", + "path": "aws-cdk-routev2-alpha/default", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-alpha/default/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-alpha/default/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "defaultSubnet": { + "id": "defaultSubnet", + "path": "aws-cdk-routev2-alpha/defaultSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-alpha/defaultSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "defaultC974F9E3", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-alpha/defaultSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-alpha/defaultSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "defaultSubnetDFB3A3B6" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-egressonlyigw-alpha": { + "id": "aws-cdk-routev2-egressonlyigw-alpha", + "path": "aws-cdk-routev2-egressonlyigw-alpha", + "children": { + "eigw": { + "id": "eigw", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-egressonlyigw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-egressonlyigw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "eigwSubnet": { + "id": "eigwSubnet", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigwSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "eigwSubnetCC28B9F9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testEOIGW": { + "id": "testEOIGW", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEOIGW", + "children": { + "EIGW": { + "id": "EIGW", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEOIGW/EIGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EgressOnlyInternetGateway", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEgressOnlyInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.EgressOnlyInternetGateway", + "version": "0.0.0" + } + }, + "testEIGWRoute": { + "id": "testEIGWRoute", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEIGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-egressonlyigw-alpha/testEIGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "egressOnlyInternetGatewayId": { + "Fn::GetAtt": [ + "testEOIGWEIGW54CCAD37", + "Id" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-egressonlyigw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-egressonlyigw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-igw-alpha": { + "id": "aws-cdk-routev2-igw-alpha", + "path": "aws-cdk-routev2-igw-alpha", + "children": { + "igw": { + "id": "igw", + "path": "aws-cdk-routev2-igw-alpha/igw", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-igw-alpha/igw/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-igw-alpha/igw/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-igw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-igw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "igwSubnet": { + "id": "igwSubnet", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "igw127F1970", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-igw-alpha/igwSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "igwSubnetF238E402" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testIGW": { + "id": "testIGW", + "path": "aws-cdk-routev2-igw-alpha/testIGW", + "children": { + "IGW": { + "id": "IGW", + "path": "aws-cdk-routev2-igw-alpha/testIGW/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.InternetGateway", + "version": "0.0.0" + } + }, + "testIGWRoute": { + "id": "testIGWRoute", + "path": "aws-cdk-routev2-igw-alpha/testIGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-igw-alpha/testIGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-igw-alpha/testIGWRoute/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-igw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-igw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-virtualprivategw-alpha": { + "id": "aws-cdk-routev2-virtualprivategw-alpha", + "path": "aws-cdk-routev2-virtualprivategw-alpha", + "children": { + "vpgw": { + "id": "vpgw", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-virtualprivategw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "vpgwSubnet": { + "id": "vpgwSubnet", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "vpgwSubnet5E7F36AD" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testVPGW": { + "id": "testVPGW", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGW", + "children": { + "IGW": { + "id": "IGW", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGW/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGateway", + "aws:cdk:cloudformation:props": { + "type": "ipsec.1" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VPNGateway", + "version": "0.0.0" + } + }, + "testVPGWRoute": { + "id": "testVPGWRoute", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGWRoute/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + }, + "vpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-virtualprivategw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-virtualprivategw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-publicnatgw-alpha": { + "id": "aws-cdk-routev2-publicnatgw-alpha", + "path": "aws-cdk-routev2-publicnatgw-alpha", + "children": { + "natgw_pub": { + "id": "natgw_pub", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-publicnatgw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-publicnatgw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "natgw_pubSubnet": { + "id": "natgw_pubSubnet", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pubSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testNATgwIGW": { + "id": "testNATgwIGW", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW", + "children": { + "IGW": { + "id": "IGW", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.InternetGateway", + "version": "0.0.0" + } + }, + "testnatgwigwRoute": { + "id": "testnatgwigwRoute", + "path": "aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "242.0.0.0/32", + "destinationIpv6CidrBlock": "242.0.0.0/32", + "gatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-publicnatgw-alpha/testnatgwigwRoute/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "testNATgw": { + "id": "testNATgw", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgw", + "children": { + "EIP": { + "id": "EIP", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgw/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgw/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "testNATgwEIP1C260FAD", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "natgwpubSubnet79D316E5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.NatGateway", + "version": "0.0.0" + } + }, + "testNATGWRoute": { + "id": "testNATGWRoute", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-publicnatgw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-publicnatgw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-privatenatgw-alpha": { + "id": "aws-cdk-routev2-privatenatgw-alpha", + "path": "aws-cdk-routev2-privatenatgw-alpha", + "children": { + "natgw_priv": { + "id": "natgw_priv", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-privatenatgw-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-privatenatgw-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "natgw_privSubnet": { + "id": "natgw_privSubnet", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_privSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testNATgw": { + "id": "testNATgw", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATgw", + "children": { + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATgw/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "connectivityType": "private", + "privateIpAddress": "10.0.0.42", + "secondaryPrivateIpAddresses": [ + "10.0.0.43", + "10.0.0.44", + "10.0.0.45" + ], + "subnetId": { + "Ref": "natgwprivSubnetE547C5A0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.NatGateway", + "version": "0.0.0" + } + }, + "testNATGWRoute": { + "id": "testNATGWRoute", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATGWRoute", + "children": { + "Route": { + "id": "Route", + "path": "aws-cdk-routev2-privatenatgw-alpha/testNATGWRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "destinationIpv6CidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Fn::GetAtt": [ + "testNATgwNATGateway1533420D", + "NatGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-privatenatgw-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-privatenatgw-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-networkif-alpha": { + "id": "aws-cdk-routev2-networkif-alpha", + "path": "aws-cdk-routev2-networkif-alpha", + "children": { + "nif": { + "id": "nif", + "path": "aws-cdk-routev2-networkif-alpha/nif", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-networkif-alpha/nif/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-networkif-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-networkif-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "nifSubnet": { + "id": "nifSubnet", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "nif44200315", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-networkif-alpha/nifSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "nifSubnetAEB60456" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-networkif-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-networkif-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-vpcpeerconnection-alpha": { + "id": "aws-cdk-routev2-vpcpeerconnection-alpha", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha", + "children": { + "vpcpc": { + "id": "vpcpc", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "vpcpcSubnet": { + "id": "vpcpcSubnet", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpcSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "vpcpcSubnet1DD6CE35" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-routev2-dynamodbendpoint-alpha": { + "id": "aws-cdk-routev2-dynamodbendpoint-alpha", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha", + "children": { + "dynamodb": { + "id": "dynamodb", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "TestRoottable": { + "id": "TestRoottable", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "dynamodbSubnet": { + "id": "dynamodbSubnet", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-1a", + "cidrBlock": "10.0.0.0/24", + "ipv6CidrBlock": { + "Fn::Select": [ + 0, + { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "Ipv6CidrBlocks" + ] + } + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodbSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "dynamodbSubnet81957A26" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testDynamoEndpoint": { + "id": "testDynamoEndpoint", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoEndpoint", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoEndpoint/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpoint", + "aws:cdk:cloudformation:props": { + "routeTableIds": [ + { + "Fn::GetAtt": [ + "TestRoottableRouteTableFA28AA38", + "RouteTableId" + ] + } + ], + "serviceName": { + "Fn::Join": [ + "", + [ + "com.amazonaws.", + { + "Ref": "AWS::Region" + }, + ".dynamodb" + ] + ] + }, + "vpcEndpointType": "Gateway", + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpoint", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.GatewayVpcEndpoint", + "version": "0.0.0" + } + }, + "testDynamoRoute": { + "id": "testDynamoRoute", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/testDynamoRoute", + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Route", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model-0": { + "id": "integtest-model-0", + "path": "integtest-model-0", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-0/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-0/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-0/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-0/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-0/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-1": { + "id": "integtest-model-1", + "path": "integtest-model-1", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-1/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-1/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-1/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-1/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-1/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-2": { + "id": "integtest-model-2", + "path": "integtest-model-2", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-2/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-2/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-2/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-2/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-2/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-3": { + "id": "integtest-model-3", + "path": "integtest-model-3", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-3/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-3/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-3/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-3/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-3/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-4": { + "id": "integtest-model-4", + "path": "integtest-model-4", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-4/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-4/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-4/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-4/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-4/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-5": { + "id": "integtest-model-5", + "path": "integtest-model-5", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-5/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-5/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-5/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-5/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-5/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-6": { + "id": "integtest-model-6", + "path": "integtest-model-6", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-6/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-6/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-6/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-6/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-6/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-7": { + "id": "integtest-model-7", + "path": "integtest-model-7", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-7/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-7/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-7/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-7/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-7/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "integtest-model-8": { + "id": "integtest-model-8", + "path": "integtest-model-8", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model-8/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model-8/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model-8/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model-8/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model-8/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts new file mode 100644 index 0000000000000..579800e7dfcb3 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.ts @@ -0,0 +1,160 @@ +// /* +// * Our integration tests act as snapshot tests to make sure the rendered template is stable. +// * If any changes to the result are required, +// * you need to perform an actual CloudFormation deployment of this application, +// * and, if it is successful, a new snapshot will be written out. +// * +// * For more information on CDK integ tests, +// * see the main CONTRIBUTING.md file. +// */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { IpCidr, SubnetV2 } from '../lib/subnet-v2'; +// import { CarrierGateway, TransitGateway } from '../lib/route'; +import { EgressOnlyInternetGateway, InternetGateway, NatConnectivityType, NatGateway, Route, RouteTable, VPNGateway } from '../lib/route'; +import { GatewayVpcEndpoint, GatewayVpcEndpointAwsService, SubnetType, VpnConnectionType } from 'aws-cdk-lib/aws-ec2'; +import { Fn } from 'aws-cdk-lib'; +//import { log } from 'console'; + +// as in unit tests, we use a qualified import, +// not bring in individual classes +//import * as er from '../lib'; + +const app = new cdk.App(); + +const stacks: {[id: string] : cdk.Stack} = { + default: new cdk.Stack(app, 'aws-cdk-routev2-alpha', { stackName: 'DefaultVpcDeploy' }), + // 'cgw': new cdk.Stack(app, 'aws-cdk-routev2-carriergw-alpha', {stackName: 'CarrierGatewayVpc'}), + eigw: new cdk.Stack(app, 'aws-cdk-routev2-egressonlyigw-alpha', { stackName: 'EgressOnlyIgwVpc' }), + igw: new cdk.Stack(app, 'aws-cdk-routev2-igw-alpha', { stackName: 'InternetGatewayVpc' }), + vpgw: new cdk.Stack(app, 'aws-cdk-routev2-virtualprivategw-alpha', { stackName: 'VirtualPrivateGwVpc' }), + natgw_pub: new cdk.Stack(app, 'aws-cdk-routev2-publicnatgw-alpha', { stackName: 'NatGwPubVpc' }), + natgw_priv: new cdk.Stack(app, 'aws-cdk-routev2-privatenatgw-alpha', { stackName: 'NatGwPrivVpc' }), + nif: new cdk.Stack(app, 'aws-cdk-routev2-networkif-alpha', { stackName: 'NetworkInterfaceVpc' }), + // 'tgw': new cdk.Stack(app, 'aws-cdk-routev2-transitgw-alpha', {stackName: 'TransitGwVpc'}), + vpcpc: new cdk.Stack(app, 'aws-cdk-routev2-vpcpeerconnection-alpha', { stackName: 'VpcPeerConnection' }), + dynamodb: new cdk.Stack(app, 'aws-cdk-routev2-dynamodbendpoint-alpha', { stackName: 'DynamodbEndpointVpc' }), +}; + +var vpcs: {[id: string] : vpc_v2.VpcV2} = {}; +var subnets: {[id: string]: SubnetV2} = {}; +var routeTables: {[id: string]: RouteTable} = {}; + +for (const stackName in stacks) { + const vpc = new vpc_v2.VpcV2(stacks[stackName], stackName, { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [vpc_v2.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }); + vpcs[stackName] = vpc; + const routeTable = new RouteTable(stacks[stackName], 'TestRoottable', { + vpc: vpcs[stackName], + }); + routeTables[stackName] = routeTable; + if (stackName == 'eigw') { + const subnet = new SubnetV2(stacks[stackName], stackName + 'Subnet', { + vpc: vpc, + availabilityZone: 'us-west-1a', + ipv4CidrBlock: new IpCidr('10.0.0.0/24'), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + routeTable: routeTables[stackName], + }); + subnets[stackName] = subnet; + } else { + // use empty ipv6 that doesn't overlap + const subnet = new SubnetV2(stacks[stackName], stackName + 'Subnet', { + vpc: vpc, + availabilityZone: 'us-west-1a', + ipv4CidrBlock: new IpCidr('10.0.0.0/24'), + ipv6CidrBlock: new IpCidr(Fn.select(0, vpc.ipv6CidrBlocks)), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + routeTable: routeTables[stackName], + }); + subnets[stackName] = subnet; + } +} + +const eigw = new EgressOnlyInternetGateway(stacks.eigw, 'testEOIGW', { + vpc: vpcs.eigw, +}); +new Route(stacks.eigw, 'testEIGWRoute', { + routeTable: routeTables.eigw, + destination: '0.0.0.0/0', + target: { gateway: eigw }, +}); + +const igw = new InternetGateway(stacks.igw, 'testIGW', { + vpc: vpcs.igw, +}); +new Route(stacks.igw, 'testIGWRoute', { + routeTable: routeTables.igw, + destination: '0.0.0.0/0', + target: { gateway: igw }, +}); + +const vpgw = new VPNGateway(stacks.vpgw, 'testVPGW', { + type: VpnConnectionType.IPSEC_1, + vpc: vpcs.vpgw, +}); +new Route(stacks.vpgw, 'testVPGWRoute', { + routeTable: routeTables.vpgw, + destination: '0.0.0.0/0', + target: { gateway: vpgw }, +}); + +const natGwIgw = new InternetGateway(stacks.natgw_pub, 'testNATgwIGW', { + vpc: vpcs.natgw_pub, +}); +new Route(stacks.natgw_pub, 'testnatgwigwRoute', { + routeTable: routeTables.natgw_pub, + destination: '242.0.0.0/32', + target: { gateway: natGwIgw }, +}); +const natGwPub = new NatGateway(stacks.natgw_pub, 'testNATgw', { + subnet: subnets.natgw_pub, + vpc: vpcs.natgw_pub, +}); +new Route(stacks.natgw_pub, 'testNATGWRoute', { + routeTable: routeTables.natgw_pub, + destination: '0.0.0.0/0', + target: { gateway: natGwPub }, +}); + +const natGwPriv = new NatGateway(stacks.natgw_priv, 'testNATgw', { + subnet: subnets.natgw_priv, + vpc: vpcs.natgw_priv, + connectivityType: NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + secondaryPrivateIpAddresses: [ + '10.0.0.43', '10.0.0.44', '10.0.0.45', + ], +}); +new Route(stacks.natgw_priv, 'testNATGWRoute', { + routeTable: routeTables.natgw_priv, + destination: '0.0.0.0/0', + target: { gateway: natGwPriv }, +}); + +const dynamoEndpoint = new GatewayVpcEndpoint(stacks.dynamodb, 'testDynamoEndpoint', { + service: GatewayVpcEndpointAwsService.DYNAMODB, + vpc: vpcs.dynamodb, + subnets: [subnets.dynamodb], +}); +new Route(stacks.dynamodb, 'testDynamoRoute', { + routeTable: routeTables.dynamodb, + destination: '0.0.0.0/0', + target: { endpoint: dynamoEndpoint }, +}); + +var i = 0; +for (const stackName in stacks) { + new IntegTest(app, 'integtest-model-' + i, { + testCases: [stacks[stackName]], + }); + i++; +} diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json new file mode 100644 index 0000000000000..21b01be95b3c6 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "ccdbd85132bedf38aeb99e5b0c700f48494d3b7c344a96232f29b48a5279b6ef": { + "source": { + "path": "aws-cdk-vpcv2-alpha-new.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ccdbd85132bedf38aeb99e5b0c700f48494d3b7c344a96232f29b48a5279b6ef.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json new file mode 100644 index 0000000000000..575219310d27f --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json @@ -0,0 +1,279 @@ +{ + "Resources": { + "Ipam50346F82": { + "Type": "AWS::EC2::IPAM", + "Properties": { + "OperatingRegions": [ + { + "RegionName": "eu-west-2" + } + ] + } + }, + "IpamPublicPool050D6AA6C": { + "Type": "AWS::EC2::IPAMPool", + "Properties": { + "AddressFamily": "ipv6", + "AwsService": "ec2", + "IpamScopeId": "DefaultPublicScope", + "Locale": "eu-west-2", + "PublicIpSource": "amazon" + } + }, + "IpamPublicPool0PublicPool0CidrAC7F711E": { + "Type": "AWS::EC2::IPAMPoolCidr", + "Properties": { + "IpamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "NetmaskLength": 52 + } + }, + "VPCTestFB735C86": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "VPCTestIpv6IpamCidrD5C271DD": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "Ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "Ipv6NetmaskLength": 56, + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + }, + "DependsOn": [ + "IpamPublicPool0PublicPool0CidrAC7F711E" + ] + }, + "VPCTestVpnGateway51EEED38": { + "Type": "AWS::EC2::VPNGateway", + "Properties": { + "Type": "ipsec.1" + } + }, + "VPCTestVPCVPNGW0A869280": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + }, + "VpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + } + }, + "VPCTestRoutePropagationFEA3011A": { + "Type": "AWS::EC2::VPNGatewayRoutePropagation", + "Properties": { + "RouteTableIds": [ + { + "Ref": "testsbubnetRouteTableF40F025B" + } + ], + "VpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + }, + "DependsOn": [ + "VPCTestVPCVPNGW0A869280" + ] + }, + "testsbubnetSubnet77337845": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-west-2a", + "CidrBlock": "10.0.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + }, + "DependsOn": [ + "VPCTestIpv6IpamCidrD5C271DD" + ] + }, + "testsbubnetRouteTableF40F025B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + }, + "DependsOn": [ + "VPCTestIpv6IpamCidrD5C271DD" + ] + }, + "testsbubnetRouteTableAssociationD6D083FA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "SubnetId": { + "Ref": "testsbubnetSubnet77337845" + } + }, + "DependsOn": [ + "VPCTestIpv6IpamCidrD5C271DD" + ] + }, + "InstanceInstanceSecurityGroupF0E2D5BE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "InstanceInstanceRoleE9785DE5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ] + } + }, + "InstanceInstanceProfileAB5AEF02": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "InstanceC1063A87": { + "Type": "AWS::EC2::Instance", + "Properties": { + "AvailabilityZone": "eu-west-2a", + "IamInstanceProfile": { + "Ref": "InstanceInstanceProfileAB5AEF02" + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.micro", + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "InstanceInstanceSecurityGroupF0E2D5BE", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "testsbubnetSubnet77337845" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash" + } + }, + "DependsOn": [ + "InstanceInstanceRoleE9785DE5" + ] + } + }, + "Parameters": { + "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json new file mode 100644 index 0000000000000..321da99978a8c --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integtest-model/DefaultTest": { + "stacks": [ + "aws-cdk-vpcv2-alpha-new" + ], + "assertionStack": "integtest-model/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodelDefaultTestDeployAssertCF40BD53" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json new file mode 100644 index 0000000000000..3dba4ef9b8bab --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json new file mode 100644 index 0000000000000..5979efcf9a0da --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json @@ -0,0 +1,212 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-vpcv2-alpha-new.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-vpcv2-alpha-new.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-vpcv2-alpha-new": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-vpcv2-alpha-new.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ccdbd85132bedf38aeb99e5b0c700f48494d3b7c344a96232f29b48a5279b6ef.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-vpcv2-alpha-new.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-vpcv2-alpha-new.assets" + ], + "metadata": { + "/aws-cdk-vpcv2-alpha-new/Ipam/Ipam": [ + { + "type": "aws:cdk:logicalId", + "data": "Ipam50346F82" + } + ], + "/aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamPublicPool050D6AA6C" + } + ], + "/aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0Cidr": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamPublicPool0PublicPool0CidrAC7F711E" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestFB735C86" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/Ipv6IpamCidr": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestIpv6IpamCidrD5C271DD" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/VpnGateway/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestVpnGateway51EEED38" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/VPCVPNGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestVPCVPNGW0A869280" + } + ], + "/aws-cdk-vpcv2-alpha-new/VPCTest/RoutePropagation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestRoutePropagationFEA3011A" + } + ], + "/aws-cdk-vpcv2-alpha-new/testsbubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetSubnet77337845" + } + ], + "/aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableF40F025B" + } + ], + "/aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableAssociationD6D083FA" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceSecurityGroupF0E2D5BE" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceRoleE9785DE5" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceProfileAB5AEF02" + } + ], + "/aws-cdk-vpcv2-alpha-new/Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceC1063A87" + } + ], + "/aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/aws-cdk-vpcv2-alpha-new/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-vpcv2-alpha-new/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "VPCTestSecondaryIp48408C993194": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCTestSecondaryIp48408C993194", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ] + }, + "displayName": "aws-cdk-vpcv2-alpha-new" + }, + "integtestmodelDefaultTestDeployAssertCF40BD53.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodelDefaultTestDeployAssertCF40BD53.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodelDefaultTestDeployAssertCF40BD53": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "metadata": { + "/integtest-model/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json new file mode 100644 index 0000000000000..c1ff499051b89 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json @@ -0,0 +1,552 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-vpcv2-alpha-new": { + "id": "aws-cdk-vpcv2-alpha-new", + "path": "aws-cdk-vpcv2-alpha-new", + "children": { + "Ipam": { + "id": "Ipam", + "path": "aws-cdk-vpcv2-alpha-new/Ipam", + "children": { + "Ipam": { + "id": "Ipam", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/Ipam", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAM", + "aws:cdk:cloudformation:props": { + "operatingRegions": [ + { + "regionName": "eu-west-2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAM", + "version": "0.0.0" + } + }, + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0", + "children": { + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", + "aws:cdk:cloudformation:props": { + "addressFamily": "ipv6", + "awsService": "ec2", + "ipamScopeId": "DefaultPublicScope", + "locale": "eu-west-2", + "publicIpSource": "amazon" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPool", + "version": "0.0.0" + } + }, + "PublicPool0Cidr": { + "id": "PublicPool0Cidr", + "path": "aws-cdk-vpcv2-alpha-new/Ipam/PublicPool0/PublicPool0Cidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPoolCidr", + "aws:cdk:cloudformation:props": { + "ipamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "netmaskLength": 52 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPoolCidr", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Ipam", + "version": "0.0.0" + } + }, + "VPCTest": { + "id": "VPCTest", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "Ipv6IpamCidr": { + "id": "Ipv6IpamCidr", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/Ipv6IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamPublicPool050D6AA6C", + "IpamPoolId" + ] + }, + "ipv6NetmaskLength": 56, + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "VpnGateway": { + "id": "VpnGateway", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/VpnGateway", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/VpnGateway/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGateway", + "aws:cdk:cloudformation:props": { + "type": "ipsec.1" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.VpnGateway", + "version": "0.0.0" + } + }, + "VPCVPNGW": { + "id": "VPCVPNGW", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/VPCVPNGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + }, + "vpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RoutePropagation": { + "id": "RoutePropagation", + "path": "aws-cdk-vpcv2-alpha-new/VPCTest/RoutePropagation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGatewayRoutePropagation", + "aws:cdk:cloudformation:props": { + "routeTableIds": [ + { + "Ref": "testsbubnetRouteTableF40F025B" + } + ], + "vpnGatewayId": { + "Ref": "VPCTestVpnGateway51EEED38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGatewayRoutePropagation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "testsbubnet": { + "id": "testsbubnet", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-west-2a", + "cidrBlock": "10.0.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha-new/testsbubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "subnetId": { + "Ref": "testsbubnetSubnet77337845" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "Instance": { + "id": "Instance", + "path": "aws-cdk-vpcv2-alpha-new/Instance", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "vpcId": { + "Fn::GetAtt": [ + "VPCTestFB735C86", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "aws-cdk-vpcv2-alpha-new/Instance/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha-new/Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Instance", + "aws:cdk:cloudformation:props": { + "availabilityZone": "eu-west-2a", + "iamInstanceProfile": { + "Ref": "InstanceInstanceProfileAB5AEF02" + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamznamihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t3.micro", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "InstanceInstanceSecurityGroupF0E2D5BE", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "testsbubnetSubnet77337845" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-vpcv2-alpha-new/Instance" + } + ], + "userData": { + "Fn::Base64": "#!/bin/bash" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Instance", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-vpcv2-alpha-new/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-vpcv2-alpha-new/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model": { + "id": "integtest-model", + "path": "integtest-model", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts new file mode 100644 index 0000000000000..d30e47b2d9129 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts @@ -0,0 +1,80 @@ +/* + * Our integration tests act as snapshot tests to make sure the rendered template is stable. + * If any changes to the result are required, + * you need to perform an actual CloudFormation deployment of this application, + * and, if it is successful, a new snapshot will be written out. + * + * For more information on CDK integ tests, + * see the main CONTRIBUTING.md file. + */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import { AddressFamily, AwsServiceName, IpCidr, Ipam, IpamPoolPublicIpSource, SubnetV2 } from '../lib'; +//import { Ipv6Cidr } from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2-alpha-new'); + +const ipam = new Ipam(stack, 'Ipam', { + operatingRegion: ['eu-west-2'], //set to the region stack is being deployed to +}); + +/** + * Integ test for VPC with IPAM pool to be run with --no-clean + */ +const pool2 = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + locale: 'eu-west-2', //set to the region stack is being deployed to + publicIpSource: IpamPoolPublicIpSource.AMAZON, +}); + +pool2.provisionCidr('PublicPool0Cidr', { netmaskLength: 52 } ); + +const vpc = new vpc_v2.VpcV2(stack, 'VPCTest', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [vpc_v2.IpAddresses.ipv6Ipam({ + ipamPool: pool2, + netmaskLength: 56, + cidrBlockName: 'Ipv6IpamCidr', + })], + enableDnsHostnames: true, + enableDnsSupport: true, +}); + +/** + * Since source for IPAM IPv6 is set to amazonProvided, + * can assign IPv6 address only after the allocation + * uncomment ipv6CidrBlock and provide valid IPv6 range + */ +new SubnetV2(stack, 'testsbubnet', { + vpc, + availabilityZone: 'eu-west-2a', + ipv4CidrBlock: new IpCidr('10.0.0.0/24'), + //defined on the basis of allocation done in IPAM console + //ipv6CidrBlock: new Ipv6Cidr('2a05:d02c:25:4000::/60'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +vpc.enableVpnGateway({ + vpnRoutePropagation: [{ + subnetType: SubnetType.PRIVATE_ISOLATED, // optional, defaults to "PUBLIC" + }], + type: 'ipsec.1', +}); + +new ec2.Instance(stack, 'Instance', { + vpc, + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO), + machineImage: new ec2.AmazonLinuxImage(), +}); + +new IntegTest(app, 'integtest-model', { + testCases: [stack], +}); + diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json new file mode 100644 index 0000000000000..073423dd71829 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "6af0c32b7b4dcf4566eda1afa97ddb6dc00a4597f5633e0d826df8642bc069f4": { + "source": { + "path": "aws-cdk-vpcv2-alpha.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "6af0c32b7b4dcf4566eda1afa97ddb6dc00a4597f5633e0d826df8642bc069f4.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json new file mode 100644 index 0000000000000..e1962661d5118 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json @@ -0,0 +1,329 @@ +{ + "Resources": { + "IpamTestIpam6C9298EF": { + "Type": "AWS::EC2::IPAM", + "Properties": { + "OperatingRegions": [ + { + "RegionName": "eu-central-1" + } + ] + } + }, + "IpamTestPrivatePool039C763DC": { + "Type": "AWS::EC2::IPAMPool", + "Properties": { + "AddressFamily": "ipv4", + "IpamScopeId": "DefaultPrivateScope", + "Locale": "eu-central-1", + "ProvisionedCidrs": [ + { + "Cidr": "10.2.0.0/16" + } + ] + } + }, + "IpamTestPublicPool0C44B7C49": { + "Type": "AWS::EC2::IPAMPool", + "Properties": { + "AddressFamily": "ipv6", + "AwsService": "ec2", + "IpamScopeId": "DefaultPublicScope", + "Locale": "eu-central-1", + "PublicIpSource": "amazon" + } + }, + "IpamTestPublicPool0PublicPool0CidrC57CE00C": { + "Type": "AWS::EC2::IPAMPoolCidr", + "Properties": { + "IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "NetmaskLength": 52 + } + }, + "VPCintegtest1EBA1CB75": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "VPCintegtest1ipv4IpamCidr8105B4E4": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "Ipv4IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPrivatePool039C763DC", + "IpamPoolId" + ] + }, + "Ipv4NetmaskLength": 20, + "VpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "VPCintegtest1AmazonProvidedE0445E5C": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "AmazonProvidedIpv6CidrBlock": true, + "VpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "Vpcintegtest20DAD8F9D": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.1.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "Vpcintegtest2Ipv6IpamCidrFF84EC2B": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "Ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "Ipv6NetmaskLength": 60, + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "IpamTestPublicPool0PublicPool0CidrC57CE00C" + ] + }, + "Vpcintegtest2SecondaryAddress2A96C0AF8": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "CidrBlock": "10.2.0.0/16", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "Vpcintegtest2SecondaryAddress36FC60BBC": { + "Type": "AWS::EC2::VPCCidrBlock", + "Properties": { + "CidrBlock": "10.3.0.0/16", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "testsbubnetSubnet77337845": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-central-1a", + "CidrBlock": "10.1.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsbubnetRouteTableF40F025B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsbubnetRouteTableAssociationD6D083FA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "SubnetId": { + "Ref": "testsbubnetSubnet77337845" + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsubnetSubnetDD417829": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-central-1b", + "CidrBlock": "10.2.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsubnetRouteTable55223C61": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "testsubnetRouteTableAssociationC106676D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "testsubnetRouteTable55223C61" + }, + "SubnetId": { + "Ref": "testsubnetSubnetDD417829" + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "validateIpv6Subnet07BD40AE": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "eu-central-1b", + "CidrBlock": "10.3.0.0/24", + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "validateIpv6RouteTable10861B00": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + }, + "validateIpv6RouteTableAssociationD6330457": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "validateIpv6RouteTable10861B00" + }, + "SubnetId": { + "Ref": "validateIpv6Subnet07BD40AE" + } + }, + "DependsOn": [ + "Vpcintegtest2Ipv6IpamCidrFF84EC2B", + "Vpcintegtest2SecondaryAddress2A96C0AF8", + "Vpcintegtest2SecondaryAddress36FC60BBC" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json new file mode 100644 index 0000000000000..c583ba29c25f7 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integtest-model/DefaultTest": { + "stacks": [ + "aws-cdk-vpcv2-alpha" + ], + "assertionStack": "integtest-model/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodelDefaultTestDeployAssertCF40BD53" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json new file mode 100644 index 0000000000000..3dba4ef9b8bab --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json new file mode 100644 index 0000000000000..bd084b1280480 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json @@ -0,0 +1,272 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-vpcv2-alpha.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-vpcv2-alpha.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-vpcv2-alpha": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-vpcv2-alpha.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6af0c32b7b4dcf4566eda1afa97ddb6dc00a4597f5633e0d826df8642bc069f4.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-vpcv2-alpha.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-vpcv2-alpha.assets" + ], + "metadata": { + "/aws-cdk-vpcv2-alpha/IpamTest/Ipam": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestIpam6C9298EF" + } + ], + "/aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0/PrivatePool0": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestPrivatePool039C763DC" + } + ], + "/aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestPublicPool0C44B7C49" + } + ], + "/aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0Cidr": [ + { + "type": "aws:cdk:logicalId", + "data": "IpamTestPublicPool0PublicPool0CidrC57CE00C" + } + ], + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1EBA1CB75" + } + ], + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/ipv4IpamCidr": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1ipv4IpamCidr8105B4E4" + } + ], + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1AmazonProvidedE0445E5C" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest20DAD8F9D" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Ipv6IpamCidr": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2Ipv6IpamCidrFF84EC2B" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress2": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryAddress2A96C0AF8" + } + ], + "/aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress3": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryAddress36FC60BBC" + } + ], + "/aws-cdk-vpcv2-alpha/testsbubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetSubnet77337845" + } + ], + "/aws-cdk-vpcv2-alpha/testsbubnet/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableF40F025B" + } + ], + "/aws-cdk-vpcv2-alpha/testsbubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "testsbubnetRouteTableAssociationD6D083FA" + } + ], + "/aws-cdk-vpcv2-alpha/testsubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "testsubnetSubnetDD417829" + } + ], + "/aws-cdk-vpcv2-alpha/testsubnet/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "testsubnetRouteTable55223C61" + } + ], + "/aws-cdk-vpcv2-alpha/testsubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "testsubnetRouteTableAssociationC106676D" + } + ], + "/aws-cdk-vpcv2-alpha/validateIpv6/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "validateIpv6Subnet07BD40AE" + } + ], + "/aws-cdk-vpcv2-alpha/validateIpv6/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "validateIpv6RouteTable10861B00" + } + ], + "/aws-cdk-vpcv2-alpha/validateIpv6/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "validateIpv6RouteTableAssociationD6330457" + } + ], + "/aws-cdk-vpcv2-alpha/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-vpcv2-alpha/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "VPCintegtest1SecondaryIp684795D0A306": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1SecondaryIp684795D0A306", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "VPCintegtest1SecondaryIp757851A2E166": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCintegtest1SecondaryIp757851A2E166", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "Vpcintegtest2SecondaryIp4840275314DC": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryIp4840275314DC", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "Vpcintegtest2SecondaryIp58F23280A479": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryIp58F23280A479", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "Vpcintegtest2SecondaryIpD363CCF2FF57": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpcintegtest2SecondaryIpD363CCF2FF57", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ] + }, + "displayName": "aws-cdk-vpcv2-alpha" + }, + "integtestmodelDefaultTestDeployAssertCF40BD53.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodelDefaultTestDeployAssertCF40BD53.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodelDefaultTestDeployAssertCF40BD53": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "metadata": { + "/integtest-model/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json new file mode 100644 index 0000000000000..d8432677382f0 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json @@ -0,0 +1,608 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-vpcv2-alpha": { + "id": "aws-cdk-vpcv2-alpha", + "path": "aws-cdk-vpcv2-alpha", + "children": { + "IpamTest": { + "id": "IpamTest", + "path": "aws-cdk-vpcv2-alpha/IpamTest", + "children": { + "Ipam": { + "id": "Ipam", + "path": "aws-cdk-vpcv2-alpha/IpamTest/Ipam", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAM", + "aws:cdk:cloudformation:props": { + "operatingRegions": [ + { + "regionName": "eu-central-1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAM", + "version": "0.0.0" + } + }, + "PrivatePool0": { + "id": "PrivatePool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0", + "children": { + "PrivatePool0": { + "id": "PrivatePool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0/PrivatePool0", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", + "aws:cdk:cloudformation:props": { + "addressFamily": "ipv4", + "ipamScopeId": "DefaultPrivateScope", + "locale": "eu-central-1", + "provisionedCidrs": [ + { + "cidr": "10.2.0.0/16" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPool", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0", + "children": { + "PublicPool0": { + "id": "PublicPool0", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", + "aws:cdk:cloudformation:props": { + "addressFamily": "ipv6", + "awsService": "ec2", + "ipamScopeId": "DefaultPublicScope", + "locale": "eu-central-1", + "publicIpSource": "amazon" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPool", + "version": "0.0.0" + } + }, + "PublicPool0Cidr": { + "id": "PublicPool0Cidr", + "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0Cidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPoolCidr", + "aws:cdk:cloudformation:props": { + "ipamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "netmaskLength": 52 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnIPAMPoolCidr", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.Ipam", + "version": "0.0.0" + } + }, + "VPC-integ-test-1": { + "id": "VPC-integ-test-1", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "ipv4IpamCidr": { + "id": "ipv4IpamCidr", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/ipv4IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv4IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPrivatePool039C763DC", + "IpamPoolId" + ] + }, + "ipv4NetmaskLength": 20, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "AmazonProvided": { + "id": "AmazonProvided", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "Vpc-integ-test-2": { + "id": "Vpc-integ-test-2", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.1.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "Ipv6IpamCidr": { + "id": "Ipv6IpamCidr", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/Ipv6IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "ipv6NetmaskLength": 60, + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "SecondaryAddress2": { + "id": "SecondaryAddress2", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.2.0.0/16", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + }, + "SecondaryAddress3": { + "id": "SecondaryAddress3", + "path": "aws-cdk-vpcv2-alpha/Vpc-integ-test-2/SecondaryAddress3", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.3.0.0/16", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "version": "0.0.0" + } + }, + "testsbubnet": { + "id": "testsbubnet", + "path": "aws-cdk-vpcv2-alpha/testsbubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-central-1a", + "cidrBlock": "10.1.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "testsbubnetRouteTableF40F025B" + }, + "subnetId": { + "Ref": "testsbubnetSubnet77337845" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "testsubnet": { + "id": "testsubnet", + "path": "aws-cdk-vpcv2-alpha/testsubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha/testsubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-central-1b", + "cidrBlock": "10.2.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha/testsubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha/testsubnet/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha/testsubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "testsubnetRouteTable55223C61" + }, + "subnetId": { + "Ref": "testsubnetSubnetDD417829" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "validateIpv6": { + "id": "validateIpv6", + "path": "aws-cdk-vpcv2-alpha/validateIpv6", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "eu-central-1b", + "cidrBlock": "10.3.0.0/24", + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "Vpcintegtest20DAD8F9D", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha/validateIpv6/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "validateIpv6RouteTable10861B00" + }, + "subnetId": { + "Ref": "validateIpv6Subnet07BD40AE" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-vpcv2-alpha/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-vpcv2-alpha/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model": { + "id": "integtest-model", + "path": "integtest-model", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts new file mode 100644 index 0000000000000..6074d53f5ea9e --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts @@ -0,0 +1,108 @@ +// /* +// * Our integration tests act as snapshot tests to make sure the rendered template is stable. +// * If any changes to the result are required, +// * you need to perform an actual CloudFormation deployment of this application, +// * and, if it is successful, a new snapshot will be written out. +// * +// * For more information on CDK integ tests, +// * see the main CONTRIBUTING.md file. +// */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import { AddressFamily, AwsServiceName, Ipam, IpamPoolPublicIpSource } from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { SubnetV2, IpCidr } from '../lib/subnet-v2'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2-alpha'); + +const ipam = new Ipam(stack, 'IpamTest', { + operatingRegion: ['eu-central-1'], +}); + +/**Test Ipam Pool Ipv4 */ + +const pool1 = ipam.privateScope.addPool('PrivatePool0', { + addressFamily: AddressFamily.IP_V4, + ipv4ProvisionedCidrs: ['10.2.0.0/16'], + locale: 'eu-central-1', +}); + +const pool2 = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + locale: 'eu-central-1', + publicIpSource: IpamPoolPublicIpSource.AMAZON, +}); +pool2.provisionCidr('PublicPool0Cidr', { netmaskLength: 52 } ); + +/** Test Ipv4 Primary and Secondary address */ +new vpc_v2.VpcV2(stack, 'VPC-integ-test-1', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [ + vpc_v2.IpAddresses.ipv4Ipam({ + ipamPool: pool1, + netmaskLength: 20, + cidrBlockName: 'ipv4IpamCidr', + }), + //Test secondary ipv6 address + vpc_v2.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonProvided', + }), + ], + enableDnsHostnames: true, + enableDnsSupport: true, +}); + +/** + * Integ test for VPC with IPAM pool to be run with --no-clean + */ +const vpc = new vpc_v2.VpcV2(stack, 'Vpc-integ-test-2', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc_v2.IpAddresses.ipv6Ipam({ + ipamPool: pool2, + netmaskLength: 60, + cidrBlockName: 'Ipv6IpamCidr', + }), + vpc_v2.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'SecondaryAddress2', + }), + vpc_v2.IpAddresses.ipv4('10.3.0.0/16', { + cidrBlockName: 'SecondaryAddress3', + }, + )], +}); + +new SubnetV2(stack, 'testsbubnet', { + vpc, + availabilityZone: 'eu-central-1a', + ipv4CidrBlock: new IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +new SubnetV2(stack, 'testsubnet', { + vpc, + availabilityZone: 'eu-central-1b', + ipv4CidrBlock: new IpCidr('10.2.0.0/24'), + //Test secondary ipv6 address after IPAM pool creation + //ipv6CidrBlock: new Ipv6Cidr('2001:db8:1::/64'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +//validate ipv6 +new SubnetV2(stack, 'validateIpv6', { + vpc, + ipv4CidrBlock: new IpCidr('10.3.0.0/24'), + availabilityZone: 'eu-central-1b', + //Test secondary ipv6 address after IPAM pool creation + //ipv6CidrBlock: new Ipv6Cidr('2001:db8::/48'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +new IntegTest(app, 'integtest-model', { + testCases: [stack], +}); + diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts new file mode 100644 index 0000000000000..7d5db75bcd7e2 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts @@ -0,0 +1,150 @@ +import { Template } from 'aws-cdk-lib/assertions'; +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib'; +import { AddressFamily, Ipam, IpamPoolPublicIpSource } from '../lib'; + +describe('IPAM Test', () => { + let stack: cdk.Stack; + let ipam: Ipam; + + beforeEach(() => { + const envUSA = { region: 'us-west-2' }; + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app, 'IPAMTestStack', { + env: envUSA, + }); + ipam = new Ipam(stack, 'Ipam', { + operatingRegion: ['us-west-2'], + }); + }); + + test('Creates IP Pool under Public Scope', () => { + + const pool = ipam.publicScope.addPool('Public', { + addressFamily: AddressFamily.IP_V6, + awsService: vpc.AwsServiceName.EC2, + locale: 'us-west-2', + publicIpSource: IpamPoolPublicIpSource.AMAZON, + }); + + new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.2.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 52, + cidrBlockName: 'Ipv6Ipam', + })], + }); + Template.fromStack(stack).hasResourceProperties( + 'AWS::EC2::IPAMPool', + { + AddressFamily: 'ipv6', + IpamScopeId: 'DefaultPublicScope', + Locale: 'us-west-2', + }, + ); //End Template + }); // End Test + + test('Creates IP Pool under Private Scope', () => { + + const pool = ipam.privateScope.addPool('Private', { + addressFamily: vpc.AddressFamily.IP_V4, + ipv4ProvisionedCidrs: ['10.2.0.0/16'], + locale: 'us-west-2', + }); + + new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.2.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4Ipam({ + ipamPool: pool, + netmaskLength: 20, + cidrBlockName: 'SecondaryIpv4', + })], + }); + Template.fromStack(stack).hasResourceProperties( + 'AWS::EC2::IPAMPool', + { + AddressFamily: 'ipv4', + IpamScopeId: 'DefaultPrivateScope', + Locale: 'us-west-2', + }, + ); //End Template + }); + + test('Creates IPAM CIDR pool under public scope for IPv6', () => { + // Create IPAM resources + const ipamIpv6 = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-2'], + }); + const poolOptions: vpc.PoolOptions = { + addressFamily: AddressFamily.IP_V6, + awsService: vpc.AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-2', + }; + ipamIpv6.publicScope.addPool('TestPool', poolOptions); + + // Define the expected CloudFormation template + const expectedTemplate = { + Resources: { + Ipam50346F82: { Type: 'AWS::EC2::IPAM' }, + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamTestPool5D90F91B: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv6', + IpamScopeId: 'DefaultPublicScope', + Locale: 'us-west-2', + }, + }, + }, + }; + // // Assert that the generated template matches the expected template + Template.fromStack(stack).templateMatches(expectedTemplate); + }); + + test('Get region from stack env', () => { + // Create IPAM resources + const ipamRegion = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-2'], + }); + const poolOptions: vpc.PoolOptions = { + addressFamily: AddressFamily.IP_V6, + awsService: vpc.AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-2', + }; + ipamRegion.publicScope.addPool('TestPool', poolOptions); + + // Define the expected CloudFormation template + const expectedTemplate = { + Resources: { + Ipam50346F82: { Type: 'AWS::EC2::IPAM' }, + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamTestPool5D90F91B: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv6', + IpamScopeId: 'DefaultPublicScope', + Locale: 'us-west-2', + }, + }, + }, + }; + // // Assert that the generated template matches the expected template + Template.fromStack(stack).templateMatches(expectedTemplate); + }); + + test('Creates IPAM with default scopes', () => { + new Ipam(stack, 'TestIpam', { + }); + Template.fromStack(stack).hasResource( + 'AWS::EC2::IPAM', {}, + ); + }); + +});// End Test \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts new file mode 100644 index 0000000000000..e5dc355fc1aea --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/route.test.ts @@ -0,0 +1,674 @@ +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import * as subnet from '../lib/subnet-v2'; +import { CfnEIP, GatewayVpcEndpoint, GatewayVpcEndpointAwsService, SubnetType, VpnConnectionType } from 'aws-cdk-lib/aws-ec2'; +import * as route from '../lib/route'; +import { Template } from 'aws-cdk-lib/assertions'; + +describe('EC2 Routing', () => { + let stack: cdk.Stack; + let myVpc: vpc.VpcV2; + let mySubnet: subnet.SubnetV2; + let routeTable: route.RouteTable; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + myVpc = new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.0.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }); + routeTable = new route.RouteTable(stack, 'TestRouteTable', { + vpc: myVpc, + }); + mySubnet = new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: myVpc, + availabilityZone: 'us-east-1a', + ipv4CidrBlock: new subnet.IpCidr('10.0.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr(cdk.Fn.select(0, myVpc.ipv6CidrBlocks)), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + routeTable: routeTable, + }); + }); + + test('Route to EIGW', () => { + const eigw = new route.EgressOnlyInternetGateway(stack, 'TestEIGW', { + vpc: myVpc, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: eigw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // EIGW should be in stack + TestEIGW4E4CDA8D: { + Type: 'AWS::EC2::EgressOnlyInternetGateway', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', 'VpcId', + ], + }, + }, + }, + // Route linking IP to EIGW should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + EgressOnlyInternetGatewayId: { + 'Fn::GetAtt': [ + 'TestEIGW4E4CDA8D', 'Id', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', 'RouteTableId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to VPN Gateway', () => { + const vpngw = new route.VPNGateway(stack, 'TestVpnGw', { + type: VpnConnectionType.IPSEC_1, + vpc: myVpc, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: vpngw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // VPN Gateway should be in stack + TestVpnGwIGW11AF5344: { + Type: 'AWS::EC2::VPNGateway', + Properties: { + Type: 'ipsec.1', + }, + }, + // Route linking IP to VPN GW should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + GatewayId: { + 'Fn::GetAtt': [ + 'TestVpnGwIGW11AF5344', 'VPNGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', 'RouteTableId', + ], + }, + }, + }, + // Route Gateway attachment should be in stack + TestRouteGWAttachmentDD69361B: { + Type: 'AWS::EC2::VPCGatewayAttachment', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', 'VpcId', + ], + }, + VpnGatewayId: { + 'Fn::GetAtt': [ + 'TestVpnGwIGW11AF5344', 'VPNGatewayId', + ], + }, + }, + }, + }, + }); + }), + + test('Route to VPN Gateway with optional properties', () => { + new route.VPNGateway(stack, 'TestVpnGw', { + type: VpnConnectionType.IPSEC_1, + vpc: myVpc, + amazonSideAsn: 12345678, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // VPN Gateway should be in stack + TestVpnGwIGW11AF5344: { + Type: 'AWS::EC2::VPNGateway', + Properties: { + AmazonSideAsn: 12345678, + Type: 'ipsec.1', + }, + }, + }, + }); + }), + + test('Route to Internet Gateway', () => { + const igw = new route.InternetGateway(stack, 'TestIGW', { + vpc: myVpc, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: igw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // Internet Gateway should be in stack + TestIGW1B4DB37D: { + Type: 'AWS::EC2::InternetGateway', + }, + // Route linking IP to IGW should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + GatewayId: { + 'Fn::GetAtt': [ + 'TestIGW1B4DB37D', 'InternetGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', 'RouteTableId', + ], + }, + }, + }, + // Route Gateway attachment should be in stack + TestRouteGWAttachmentDD69361B: { + Type: 'AWS::EC2::VPCGatewayAttachment', + Properties: { + InternetGatewayId: { + 'Fn::GetAtt': [ + 'TestIGW1B4DB37D', 'InternetGatewayId', + ], + }, + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to private NAT Gateway', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + ConnectivityType: 'private', + PrivateIpAddress: '10.0.0.42', + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to private NAT Gateway with secondary IP addresses', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + secondaryPrivateIpAddresses: [ + '10.0.1.0/28', + '10.0.2.0/28', + ], + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + ConnectivityType: 'private', + PrivateIpAddress: '10.0.0.42', + SecondaryPrivateIpAddresses: [ + '10.0.1.0/28', + '10.0.2.0/28', + ], + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + + }, + }); + }); + + test('Route to private NAT Gateway with secondary IP count', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PRIVATE, + privateIpAddress: '10.0.0.42', + secondaryPrivateIpAddressCount: 2, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + ConnectivityType: 'private', + PrivateIpAddress: '10.0.0.42', + SecondaryPrivateIpAddressCount: 2, + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to public NAT Gateway', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + // EIP should be created when not provided + TestNATGWEIP0A279819: { + Type: 'AWS::EC2::EIP', + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + }, + }); + }); + + test('Route to public NAT Gateway with provided EIP', () => { + const eip = new CfnEIP(stack, 'MyEIP', { + domain: myVpc.vpcId, + }); + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + allocationId: eip.attrAllocationId, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + // EIP should be in stack + MyEIP: { + Type: 'AWS::EC2::EIP', + Properties: { + Domain: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to public NAT Gateway with many parameters', () => { + const natgw = new route.NatGateway(stack, 'TestNATGW', { + subnet: mySubnet, + connectivityType: route.NatConnectivityType.PUBLIC, + maxDrainDuration: cdk.Duration.seconds(2001), + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { gateway: natgw }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // NAT Gateway should be in stack + TestNATGWNATGatewayBE4F6F2D: { + Type: 'AWS::EC2::NatGateway', + Properties: { + AllocationId: { + 'Fn::GetAtt': [ + 'TestNATGWEIP0A279819', + 'AllocationId', + ], + }, + ConnectivityType: 'public', + MaxDrainDurationSeconds: 2001, + SubnetId: { + Ref: 'TestSubnet2A4BE4CA', + }, + }, + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + // Route linking private IP to NAT Gateway should be in stack + TestRoute4CB59404: { + Type: 'AWS::EC2::Route', + Properties: { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: { + 'Fn::GetAtt': [ + 'TestNATGWNATGatewayBE4F6F2D', + 'NatGatewayId', + ], + }, + RouteTableId: { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + }, + }, + // EIP should be created when not provided + TestNATGWEIP0A279819: { + Type: 'AWS::EC2::EIP', + DependsOn: [ + 'TestSubnetRouteTableAssociationFE267B30', + ], + }, + }, + }); + }); + + test('Route to DynamoDB Endpoint', () => { + const dynamodb = new GatewayVpcEndpoint(stack, 'TestDB', { + vpc: myVpc, + service: GatewayVpcEndpointAwsService.DYNAMODB, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { endpoint: dynamodb }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // DynamoDB endpoint should be in stack + TestDB27CDA92F: { + Type: 'AWS::EC2::VPCEndpoint', + Properties: { + RouteTableIds: [ + { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + ], + ServiceName: { + 'Fn::Join': [ + '', + [ + 'com.amazonaws.', + { Ref: 'AWS::Region' }, + '.dynamodb', + ], + ], + }, + VpcEndpointType: 'Gateway', + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to S3 Endpoint', () => { + const dynamodb = new GatewayVpcEndpoint(stack, 'TestS3', { + vpc: myVpc, + service: GatewayVpcEndpointAwsService.S3, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { endpoint: dynamodb }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // S3 endpoint should be in stack + TestS38FCC715C: { + Type: 'AWS::EC2::VPCEndpoint', + Properties: { + RouteTableIds: [ + { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + ], + ServiceName: { + 'Fn::Join': [ + '', + [ + 'com.amazonaws.', + { Ref: 'AWS::Region' }, + '.s3', + ], + ], + }, + VpcEndpointType: 'Gateway', + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + + test('Route to S3 Express Endpoint', () => { + const dynamodb = new GatewayVpcEndpoint(stack, 'TestS3E', { + vpc: myVpc, + service: GatewayVpcEndpointAwsService.S3_EXPRESS, + }); + new route.Route(stack, 'TestRoute', { + routeTable: routeTable, + destination: '0.0.0.0/0', + target: { endpoint: dynamodb }, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + // S3 endpoint should be in stack + TestS3E055E5994: { + Type: 'AWS::EC2::VPCEndpoint', + Properties: { + RouteTableIds: [ + { + 'Fn::GetAtt': [ + 'TestRouteTableC34C2E1C', + 'RouteTableId', + ], + }, + ], + ServiceName: { + 'Fn::Join': [ + '', + [ + 'com.amazonaws.', + { Ref: 'AWS::Region' }, + '.s3express', + ], + ], + }, + VpcEndpointType: 'Gateway', + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + }); + +}); diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts new file mode 100644 index 0000000000000..42289b359cece --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts @@ -0,0 +1,303 @@ +import { Template } from 'aws-cdk-lib/assertions'; +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import * as subnet from '../lib/subnet-v2'; +import { NetworkAcl, SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { AddressFamily, AwsServiceName, Ipam, IpamPoolPublicIpSource } from '../lib/ipam'; +import { createTestSubnet } from './util'; + +/** + * Test suite for the SubnetV2 class. + * Verifies the correct behavior and functionality of creating and managing subnets within a VpcV2 instance. + */ +describe('Subnet V2 with custom IP and routing', () => { + let stack: cdk.Stack; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + + }); + + test('should create a subnet with valid input parameters', () => { + + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + + const subnetConfig = { + vpcV2: testVpc, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + + createTestSubnet(stack, subnetConfig); + + Template.fromStack(stack).templateMatches({ + Resources: { + TestVPCD26570D8: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + }, + }, + TestSubnet2A4BE4CA: { + Type: 'AWS::EC2::Subnet', + Properties: { + CidrBlock: '10.1.0.0/24', + AvailabilityZone: 'us-east-1a', + VpcId: { + 'Fn::GetAtt': [ + 'TestVPCD26570D8', + 'VpcId', + ], + }, + }, + }, + }, + }); + + }); + + test('Should throw error if overlapping CIDR block(IPv4) for the subnet', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + + createTestSubnet(stack, subnetConfig); + + // Define a second subnet with an overlapping CIDR range + expect(() => new subnet.SubnetV2(stack, 'InvalidSubnet', { + vpc: testVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('CIDR block should not overlap with existing subnet blocks'); + }); + + test('Should throw error if invalid CIDR block', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + + expect(() => new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVPC, + ipv4CidrBlock: new subnet.IpCidr('10.3.0.0/23'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('CIDR block should be within the range of VPC'); + }); + + test('Should throw error if VPC does not support IPv6', () => { + const TestVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'Secondary1', + })], + }); + expect(() => new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: TestVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('To use IPv6, the VPC must enable IPv6 support.'); + }); + + test('Create Subnet with IPv6 if it is Amazon Provided Ipv6 is enabled on VPC', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6Cidr: new subnet.IpCidr('2001:db8:1::/64'), + subnetType: SubnetType.PUBLIC, + }; + createTestSubnet(stack, subnetConfig); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVPCD26570D8: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + }, + }, + TestSubnet2A4BE4CA: { + Type: 'AWS::EC2::Subnet', + Properties: { + CidrBlock: '10.1.0.0/24', + AvailabilityZone: 'us-east-1a', + VpcId: { + 'Fn::GetAtt': [ + 'TestVPCD26570D8', + 'VpcId', + ], + }, + Ipv6CidrBlock: '2001:db8:1::/64', + }, + }, + }, + }); + }); + + test('Create Subnet with IPv6 if it is Ipam Ipv6 is enabled on VPC', () => { + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + const pool = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-1', + }); + const TestVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 60, + cidrBlockName: 'ipv6Ipam', + })], + }); + + new subnet.SubnetV2(stack, 'IpamSubnet', { + vpc: TestVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + }); + Template.fromStack(stack).templateMatches({ + Resources: { + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamPublicPool0588A338B: { + Type: 'AWS::EC2::IPAMPool', + Properties: + { + AddressFamily: 'ipv6', + IpamScopeId: 'DefaultPublicScope', + }, + }, + TestVPCD26570D8: { Type: 'AWS::EC2::VPC' }, + TestVPCipv6Ipam6024F9EC: { Type: 'AWS::EC2::VPCCidrBlock' }, + IpamSubnet78671F8A: { + Type: 'AWS::EC2::Subnet', + Properties: { + CidrBlock: '10.1.0.0/24', + AvailabilityZone: 'us-east-1a', + VpcId: { 'Fn::GetAtt': ['TestVPCD26570D8', 'VpcId'] }, + Ipv6CidrBlock: '2001:db8:1::/64', + }, + }, + }, + }); + }); + + test('Should throw error if overlapping CIDR block(IPv6) for the subnet', () => { + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + const pool = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-1', + }); + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 60, + cidrBlockName: 'ipv6Ipam', + })], + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + subnetType: SubnetType.PUBLIC, + }; + createTestSubnet(stack, subnetConfig); + + // Define a second subnet with an overlapping CIDR range + expect(() => new subnet.SubnetV2(stack, 'OverlappingSubnet', { + vpc: testVPC, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1:1::/64'), + availabilityZone: 'us-east-1a', + subnetType: SubnetType.PUBLIC, + })).toThrow('CIDR block should not overlap with existing subnet blocks'); + }); + + test('should store the subnet to VPC by subnet type', () => { + const testVPC = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + const subnetConfig = { + vpcV2: testVPC, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + const testsubnet = createTestSubnet(stack, subnetConfig); + + /** + * Test case: Verify that the subnet is correctly stored in the VPC's collection of public subnets. + * Expected outcome: The testsubnet should be the only public subnet in the VPC. + */ + expect(testVPC.publicSubnets.length).toEqual(1); + expect(testVPC.publicSubnets[0]).toEqual(testsubnet); + }); + + test('should associate a NetworkAcl with the subnet', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + const subnetConfig = { + vpcV2: testVpc, + availabilityZone: 'us-east-1a', + cidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }; + const testsubnet = createTestSubnet(stack, subnetConfig); + + const networkAcl = new NetworkAcl(stack, 'TestNetworkAcl', { + vpc: testVpc, + }); + + testsubnet.associateNetworkAcl('TestAssociation', networkAcl); + + expect(Template.fromStack(stack).hasResource('AWS::EC2::SubnetNetworkAclAssociation', {})); + }); + +}); diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/util.ts b/packages/@aws-cdk/aws-ec2-alpha/test/util.ts new file mode 100644 index 0000000000000..89fb42c30861b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/util.ts @@ -0,0 +1,27 @@ +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import * as subnet from '../lib/subnet-v2'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { AddressFamily } from '../lib'; + +export function createTestSubnet( + stack: cdk.Stack, + config: { + vpcV2: vpc.VpcV2; + availabilityZone: string; + cidrBlock: subnet.IpCidr; + subnetType: SubnetType; + addressFamily?: AddressFamily; + ipv6Cidr?: subnet.IpCidr; + }, +): subnet.SubnetV2 { + const { vpcV2, availabilityZone, cidrBlock, subnetType, ipv6Cidr } = config; + + return new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: vpcV2, + availabilityZone, + ipv4CidrBlock: cidrBlock, + subnetType, + ipv6CidrBlock: ipv6Cidr, + }); +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts new file mode 100644 index 0000000000000..bd5e6fb7161a8 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts @@ -0,0 +1,260 @@ +import { Template } from 'aws-cdk-lib/assertions'; +import * as cdk from 'aws-cdk-lib'; +import * as vpc from '../lib/vpc-v2'; +import { AddressFamily, AwsServiceName, Ipam, IpamPoolPublicIpSource } from '../lib'; + +describe('Vpc V2 with full control', () => { + let stack: cdk.Stack; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + }); + + test('VPC with primary address', () => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + }, + }); + }); + + test('VPC with secondary IPv4 address', () => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('10.2.0.0/16', { + cidrBlockName: 'SecondaryAddress', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + TestVpcSecondaryAddressD76FCD9C: { + Type: 'AWS::EC2::VPCCidrBlock', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + + }); + + test('VPC throws error with incorrect cidr range (IPv4)', () => { + expect(() => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv4('192.168.0.0/16', { + cidrBlockName: 'SecondaryIpv4', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + }).toThrow('CIDR block should be in the same RFC 1918 range in the VPC'); + }); + + test('VPC supports secondary Amazon Provided IPv6 address', () => { + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonProvided' })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + TestVpcAmazonProvided569F7097: { + Type: 'AWS::EC2::VPCCidrBlock', + Properties: { + AmazonProvidedIpv6CidrBlock: true, //Amazon Provided IPv6 address + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + }, + }, + }, + }); + + }); + + test('VPC Primary IP from Ipv4 Ipam', () => { + + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + + const pool = ipam.privateScope.addPool('PrivatePool0', { + addressFamily: AddressFamily.IP_V4, + ipv4ProvisionedCidrs: ['10.1.0.1/24'], + locale: 'us-west-1', + }); + + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4Ipam({ + ipamPool: pool, + netmaskLength: 28, + cidrBlockName: 'IPv4Ipam', + }), + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamPrivatePool0E8589980: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv4', + IpamScopeId: 'DefaultPrivateScope', + Locale: 'us-west-1', + ProvisionedCidrs: [ + { + Cidr: '10.1.0.1/24', + }, + ], + }, + }, + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + Ipv4IpamPoolId: { + 'Fn::GetAtt': [ + 'TestIpamPrivatePool0E8589980', + 'IpamPoolId', + ], + }, + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + }, + }); + }); + + test('VPC Secondary IP from Ipv6 Ipam', () => { + const ipam = new Ipam(stack, 'TestIpam', { + operatingRegion: ['us-west-1'], + }); + + const pool = ipam.publicScope.addPool('PublicPool0', { + addressFamily: AddressFamily.IP_V6, + awsService: AwsServiceName.EC2, + publicIpSource: IpamPoolPublicIpSource.AMAZON, + locale: 'us-west-1', + }); + pool.provisionCidr('PublicPoolCidr', { + netmaskLength: 60, + }); + + new vpc.VpcV2(stack, 'TestVpc', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.ipv6Ipam({ + ipamPool: pool, + netmaskLength: 64, + cidrBlockName: 'IPv6Ipam', + })], + enableDnsHostnames: true, + enableDnsSupport: true, + }, + ); + Template.fromStack(stack).templateMatches({ + Resources: { + TestIpamDBF92BA8: { Type: 'AWS::EC2::IPAM' }, + TestIpamPublicPool0588A338B: { + Type: 'AWS::EC2::IPAMPool', + Properties: { + AddressFamily: 'ipv6', + AwsService: 'ec2', + IpamScopeId: 'DefaultPublicScope', + PublicIpSource: 'amazon', + }, + }, + // Test Amazon Provided IPAM IPv6 + TestIpamPublicPool0PublicPoolCidrB0FF20F7: { + Type: 'AWS::EC2::IPAMPoolCidr', + Properties: { + IpamPoolId: { + 'Fn::GetAtt': [ + 'TestIpamPublicPool0588A338B', + 'IpamPoolId', + ], + }, + NetmaskLength: 60, + }, + }, + TestVpcE77CE678: { + Type: 'AWS::EC2::VPC', + Properties: { + CidrBlock: '10.1.0.0/16', + EnableDnsHostnames: true, + EnableDnsSupport: true, + }, + }, + TestVpcIPv6Ipam178145A5: { + Type: 'AWS::EC2::VPCCidrBlock', + Properties: { + VpcId: { + 'Fn::GetAtt': [ + 'TestVpcE77CE678', + 'VpcId', + ], + }, + Ipv6IpamPoolId: { + 'Fn::GetAtt': [ + 'TestIpamPublicPool0588A338B', + 'IpamPoolId', + ], + }, + Ipv6NetmaskLength: 64, + }, + }, + }, + }); + }); +}); + diff --git a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES index 2c9a5a75dad60..30c90c16203a6 100644 --- a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES +++ b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES @@ -3832,4 +3832,4 @@ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ----------------- +---------------- \ No newline at end of file diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index be8cfb6c4d69c..aad87ef49fbde 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -1355,4 +1355,4 @@ for more details. | 2.148.0 | `false` | `true` | - + \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index daba47a532a73..b446bece17399 100644 --- a/yarn.lock +++ b/yarn.lock @@ -16824,4 +16824,4 @@ zip-stream@^4.1.0: dependencies: archiver-utils "^3.0.4" compress-commons "^4.1.2" - readable-stream "^3.6.0" + readable-stream "^3.6.0" \ No newline at end of file From 5ee6cde8a6cc7c31d9fcde5567eb9988d663bcf3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:55:36 +0000 Subject: [PATCH 14/40] chore(deps): bump certifi from 2023.7.22 to 2024.7.4 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared (#31052) Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2023.7.22&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-project/shared/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt index 404d7b7716fe8..dedc6c4f75539 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared/requirements.txt @@ -1,5 +1,5 @@ # Lock versions of pip packages -certifi==2023.7.22 +certifi==2024.7.4 chardet==3.0.4 idna==3.7 urllib3==1.26.18 From b17bd1dbfc200a6881ab3e64bbf0d9246490015a Mon Sep 17 00:00:00 2001 From: Tom Keller <1083460+kellertk@users.noreply.github.com> Date: Wed, 7 Aug 2024 14:03:04 -0700 Subject: [PATCH 15/40] chore: add needs-triage to issue templates (#31056) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/ISSUE_TEMPLATE/notice.yml | 4 ++-- .github/ISSUE_TEMPLATE/region.yml | 4 ++-- .github/ISSUE_TEMPLATE/tracking.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/notice.yml b/.github/ISSUE_TEMPLATE/notice.yml index f75640e0258c3..f90f63deb325e 100644 --- a/.github/ISSUE_TEMPLATE/notice.yml +++ b/.github/ISSUE_TEMPLATE/notice.yml @@ -1,8 +1,8 @@ --- name: "❗ Notice" -description: Post a notice for a high impact issue +description: Post a notice for a high impact issue. Internal CDK team use only. title: "❗ NOTICE (module name): (short notice description)" -labels: [p0, management/tracking] +labels: [needs-triage, management/tracking] body: - type: dropdown attributes: diff --git a/.github/ISSUE_TEMPLATE/region.yml b/.github/ISSUE_TEMPLATE/region.yml index 0e6ed816993f4..8ef3aa3ca8835 100644 --- a/.github/ISSUE_TEMPLATE/region.yml +++ b/.github/ISSUE_TEMPLATE/region.yml @@ -1,7 +1,7 @@ name: New Region -description: Register a new region. +description: Register a new region. Internal CDK team use only. title: "Register new region: [region]" -labels: ["@aws-cdk/region-info", "feature-request", "p1", "effort/medium"] +labels: ["@aws-cdk/region-info", "feature-request", needs-triage, "effort/medium"] body: - type: input id: ROUTE_53_BUCKET_WEBSITE_ZONE_IDS diff --git a/.github/ISSUE_TEMPLATE/tracking.yml b/.github/ISSUE_TEMPLATE/tracking.yml index 0ecfc903b002c..798be3162f769 100644 --- a/.github/ISSUE_TEMPLATE/tracking.yml +++ b/.github/ISSUE_TEMPLATE/tracking.yml @@ -1,7 +1,7 @@ name: Tracking Issue -description: Add a module tracking issue (internal use only) +description: Add a module tracking issue. Internal CDK team use only. title: "Tracking: [service]" -labels: [management/tracking] +labels: [needs-triage, management/tracking] body: - type: markdown attributes: From abc78bfa613453185e59d5d9a17e5c5cfb5437b3 Mon Sep 17 00:00:00 2001 From: John Dukewich <37190801+jdukewich@users.noreply.github.com> Date: Wed, 7 Aug 2024 18:00:08 -0400 Subject: [PATCH 16/40] feat(ec2): security group lookup via filters (#30625) ### Issue # (if applicable) Closes #30331. ### Reason for this change This will improve the security group lookup functionality for importing existing security groups into a CDK stack. ### Description of changes I added the ability to lookup existing security groups via more filters. Filters are supported by the [DescribeSecurityGroups API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html), and using these filters can be immensely useful for looking up existing security groups, especially if your account or organization follows predictable rules regarding things like security group tags. ### Description of how you validated changes I added unit tests similar to the ones that test the normal lookup by ID or name. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../LookupStack.assets.json | 20 + .../LookupStack.template.json | 36 ++ ...efaultTestDeployAssert9466B7BF.assets.json | 19 + ...aultTestDeployAssert9466B7BF.template.json | 36 ++ .../StackWithSg.assets.json | 34 ++ .../StackWithSg.template.json | 233 +++++++++++ .../__entrypoint__.js | 155 +++++++ .../index.js | 1 + .../cdk.out | 1 + .../integ.json | 13 + .../manifest.json | 253 +++++++++++ .../tree.json | 392 ++++++++++++++++++ .../test/integ.security-group-lookup.ts | 56 +++ packages/aws-cdk-lib/aws-ec2/README.md | 12 +- .../aws-cdk-lib/aws-ec2/lib/security-group.ts | 57 ++- .../aws-ec2/test/security-group.test.ts | 24 ++ .../lib/cloud-assembly/context-queries.ts | 28 ++ .../schema/cloud-assembly.schema.json | 22 + .../schema/cloud-assembly.version.json | 2 +- .../lib/context-providers/security-groups.ts | 30 +- .../context-providers/security-groups.test.ts | 87 +++- 21 files changed, 1485 insertions(+), 26 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json new file mode 100644 index 0000000000000..fc94649590768 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json @@ -0,0 +1,20 @@ +{ + "version": "37.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "LookupStack.template.json", + "packaging": "file" + }, + "destinations": { + "12345678-test-region": { + "bucketName": "cdk-hnb659fds-assets-12345678-test-region", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "region": "test-region", + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json new file mode 100644 index 0000000000000..e67d33537caf4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json @@ -0,0 +1,19 @@ +{ + "version": "37.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "SgLookupTestDefaultTestDeployAssert9466B7BF.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json new file mode 100644 index 0000000000000..a65bbb573ca89 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json @@ -0,0 +1,34 @@ +{ + "version": "37.0.0", + "files": { + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "12345678-test-region": { + "bucketName": "cdk-hnb659fds-assets-12345678-test-region", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "region": "test-region", + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + } + } + }, + "e205a0cabbb47f8c8f8f543d0ad04ed8b26973d67ffd51d9583342d4ad69a2a9": { + "source": { + "path": "StackWithSg.template.json", + "packaging": "file" + }, + "destinations": { + "12345678-test-region": { + "bucketName": "cdk-hnb659fds-assets-12345678-test-region", + "objectKey": "e205a0cabbb47f8c8f8f543d0ad04ed8b26973d67ffd51d9583342d4ad69a2a9.json", + "region": "test-region", + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json new file mode 100644 index 0000000000000..eefe64d08796d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json @@ -0,0 +1,233 @@ +{ + "Resources": { + "MyVpcF9F0CA6F": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "my-vpc-name" + } + ] + } + }, + "MyVpcRestrictDefaultSecurityGroupCustomResourceA4FCCD62": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "MyVpcF9F0CA6F", + "DefaultSecurityGroup" + ] + }, + "Account": "12345678" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:test-region:12345678:security-group/", + { + "Fn::GetAtt": [ + "MyVpcF9F0CA6F", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region", + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "MySgAFDC270F2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "StackWithSg/MySgA", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "myTag", + "Value": "my-value" + } + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "MySgB343D3C61": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "StackWithSg/MySgB", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "myTagKey", + "Value": "true" + } + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "MySgC50C8732C": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "my-description", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "MySgDA51BA0C2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "ownerId description", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js new file mode 100644 index 0000000000000..02033f55cf612 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out new file mode 100644 index 0000000000000..079dd58c72d69 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"37.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json new file mode 100644 index 0000000000000..adc4aec587718 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "enableLookups": true, + "version": "37.0.0", + "testCases": { + "SgLookupTest/DefaultTest": { + "stacks": [ + "StackWithSg" + ], + "assertionStack": "SgLookupTest/DefaultTest/DeployAssert", + "assertionStackName": "SgLookupTestDefaultTestDeployAssert9466B7BF" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json new file mode 100644 index 0000000000000..2f8ff36aefa99 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json @@ -0,0 +1,253 @@ +{ + "version": "37.0.0", + "artifacts": { + "StackWithSg.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "StackWithSg.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "StackWithSg": { + "type": "aws:cloudformation:stack", + "environment": "aws://12345678/test-region", + "properties": { + "templateFile": "StackWithSg.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-test-region/e205a0cabbb47f8c8f8f543d0ad04ed8b26973d67ffd51d9583342d4ad69a2a9.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "StackWithSg.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "StackWithSg.assets" + ], + "metadata": { + "/StackWithSg/MyVpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyVpcF9F0CA6F" + } + ], + "/StackWithSg/MyVpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "MyVpcRestrictDefaultSecurityGroupCustomResourceA4FCCD62" + } + ], + "/StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/StackWithSg/MySgA/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySgAFDC270F2" + } + ], + "/StackWithSg/MySgB/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySgB343D3C61" + } + ], + "/StackWithSg/MySgC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySgC50C8732C" + } + ], + "/StackWithSg/MySgD/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySgDA51BA0C2" + } + ], + "/StackWithSg/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/StackWithSg/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "StackWithSg" + }, + "LookupStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "LookupStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "LookupStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://12345678/test-region", + "properties": { + "templateFile": "LookupStack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-test-region/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "LookupStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "StackWithSg", + "LookupStack.assets" + ], + "metadata": { + "/LookupStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/LookupStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "LookupStack" + }, + "SgLookupTestDefaultTestDeployAssert9466B7BF.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "SgLookupTestDefaultTestDeployAssert9466B7BF": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "SgLookupTestDefaultTestDeployAssert9466B7BF.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "SgLookupTestDefaultTestDeployAssert9466B7BF.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "SgLookupTestDefaultTestDeployAssert9466B7BF.assets" + ], + "metadata": { + "/SgLookupTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/SgLookupTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "SgLookupTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + }, + "missing": [ + { + "key": "security-group:account=12345678:region=test-region:tags.myTag.0=my-value", + "provider": "security-group", + "props": { + "account": "12345678", + "region": "test-region", + "tags": { + "myTag": [ + "my-value" + ] + }, + "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" + } + }, + { + "key": "security-group:account=12345678:region=test-region:tagKeys.0=myTagKey", + "provider": "security-group", + "props": { + "account": "12345678", + "region": "test-region", + "tagKeys": [ + "myTagKey" + ], + "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" + } + }, + { + "key": "security-group:account=12345678:description=my-description:region=test-region", + "provider": "security-group", + "props": { + "account": "12345678", + "region": "test-region", + "description": "my-description", + "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" + } + }, + { + "key": "security-group:account=12345678:description=ownerId description:ownerId=12345678:region=test-region", + "provider": "security-group", + "props": { + "account": "12345678", + "region": "test-region", + "description": "ownerId description", + "ownerId": "12345678", + "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" + } + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json new file mode 100644 index 0000000000000..bf8c406b81c9e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json @@ -0,0 +1,392 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "StackWithSg": { + "id": "StackWithSg", + "path": "StackWithSg", + "children": { + "MyVpc": { + "id": "MyVpc", + "path": "StackWithSg/MyVpc", + "children": { + "Resource": { + "id": "Resource", + "path": "StackWithSg/MyVpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "my-vpc-name" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "StackWithSg/MyVpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "StackWithSg/MyVpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "MySgA": { + "id": "MySgA", + "path": "StackWithSg/MySgA", + "children": { + "Resource": { + "id": "Resource", + "path": "StackWithSg/MySgA/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "StackWithSg/MySgA", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "myTag", + "value": "my-value" + } + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "MySgB": { + "id": "MySgB", + "path": "StackWithSg/MySgB", + "children": { + "Resource": { + "id": "Resource", + "path": "StackWithSg/MySgB/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "StackWithSg/MySgB", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "myTagKey", + "value": "true" + } + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "MySgC": { + "id": "MySgC", + "path": "StackWithSg/MySgC", + "children": { + "Resource": { + "id": "Resource", + "path": "StackWithSg/MySgC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "my-description", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "MySgD": { + "id": "MySgD", + "path": "StackWithSg/MySgD", + "children": { + "Resource": { + "id": "Resource", + "path": "StackWithSg/MySgD/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "ownerId description", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "StackWithSg/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "StackWithSg/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "LookupStack": { + "id": "LookupStack", + "path": "LookupStack", + "children": { + "SgFromLookupTags": { + "id": "SgFromLookupTags", + "path": "LookupStack/SgFromLookupTags", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "SgFromLookupTagKeys": { + "id": "SgFromLookupTagKeys", + "path": "LookupStack/SgFromLookupTagKeys", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "SgFromLookupDescription": { + "id": "SgFromLookupDescription", + "path": "LookupStack/SgFromLookupDescription", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "SgFromLookupOwnerId": { + "id": "SgFromLookupOwnerId", + "path": "LookupStack/SgFromLookupOwnerId", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "LookupStack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "LookupStack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "SgLookupTest": { + "id": "SgLookupTest", + "path": "SgLookupTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "SgLookupTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "SgLookupTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "SgLookupTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "SgLookupTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "SgLookupTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts new file mode 100644 index 0000000000000..1030c57274991 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts @@ -0,0 +1,56 @@ +import * as cdk from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); + +const env = { + account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, + region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, +}; + +// Deploy the security groups to lookup +const stack = new cdk.Stack(app, 'StackWithSg', { env }); +const testVpc = new ec2.Vpc(stack, 'MyVpc', { + vpcName: 'my-vpc-name', + ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'), + subnetConfiguration: [], + natGateways: 0, +}); +const testSgA = new ec2.SecurityGroup(stack, 'MySgA', { vpc: testVpc }); +cdk.Tags.of(testSgA).add('myTag', 'my-value'); +const testSgB = new ec2.SecurityGroup(stack, 'MySgB', { vpc: testVpc }); +cdk.Tags.of(testSgB).add('myTagKey', 'true'); +new ec2.SecurityGroup(stack, 'MySgC', { vpc: testVpc, description: 'my-description' }); +new ec2.SecurityGroup(stack, 'MySgD', { vpc: testVpc, description: 'ownerId description' }); + +// Now perform the lookups +const lookupStack = new cdk.Stack(app, 'LookupStack', { env }); +lookupStack.addDependency(stack); +ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupTags', { + tags: { + myTag: ['my-value'], + }, +}); + +ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupTagKeys', { + tagKeys: ['myTagKey'], +}); + +ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupDescription', { + description: 'my-description', +}); + +ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupOwnerId', { + description: 'ownerId description', + ownerId: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, +}); + +new IntegTest(app, 'SgLookupTest', { + testCases: [stack], + enableLookups: true, +}); + +app.synth(); + diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 686eb78ed2a3f..86e0fd78ee07c 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -843,13 +843,23 @@ Alternatively, use lookup methods to import security groups if you do not know t const sg = ec2.SecurityGroup.fromLookupByName(this, 'SecurityGroupLookup', 'security-group-name', vpc); ``` +You can perform lookups based on filter conditions detailed in the [API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html). +```ts +const sg = ec2.SecurityGroup.fromLookupByFilters(this, 'SecurityGroupLookup', { + ownerId: "012345678901", + description: "my description", + tagKeys: ["tagA", "tagB"], + tags: { tagC: ["valueC", "otherValueC"], tagD: ["valueD"] } +}); +``` + If the security group ID is known and configuration details are unknown, use method `SecurityGroup.fromLookupById` instead. This method will lookup property `allowAllOutbound` from the current configuration of the security group. ```ts const sg = ec2.SecurityGroup.fromLookupById(this, 'SecurityGroupLookup', 'sg-1234'); ``` -The result of `SecurityGroup.fromLookupByName` and `SecurityGroup.fromLookupById` operations will be written to a file called `cdk.context.json`. You must commit this file to source control so that the lookup values are available in non-privileged environments such as CI build steps, and to ensure your template builds are repeatable. +The result of `SecurityGroup.fromLookupByName`, `SecurityGroup.fromLookupById`, and `SecurityGroup.fromLookupByFilters` operations will be written to a file called `cdk.context.json`. You must commit this file to source control so that the lookup values are available in non-privileged environments such as CI build steps, and to ensure your template builds are repeatable. ### Cross Stack Connections diff --git a/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts b/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts index e774c1f9de3af..b9c75b7589350 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts @@ -387,6 +387,13 @@ export class SecurityGroup extends SecurityGroupBase { return this.fromLookupAttributes(scope, id, { securityGroupName, vpc }); } + /** + * Look up a security group by filters + */ + public static fromLookupByFilters(scope: Construct, id: string, filters: SecurityGroupLookupOptions) { + return this.fromLookupAttributes(scope, id, filters); + } + /** * Import an existing security group into this app. * @@ -434,7 +441,15 @@ export class SecurityGroup extends SecurityGroupBase { * Look up a security group. */ private static fromLookupAttributes(scope: Construct, id: string, options: SecurityGroupLookupOptions) { - if (Token.isUnresolved(options.securityGroupId) || Token.isUnresolved(options.securityGroupName) || Token.isUnresolved(options.vpc?.vpcId)) { + if ([ + options.securityGroupId, + options.securityGroupName, + options.vpc?.vpcId, + options.description, + options.ownerId, + options.tagKeys, + options.tags, + ].some(opt => Token.isUnresolved(opt))) { throw new Error('All arguments to look up a security group must be concrete (no Tokens)'); } @@ -444,6 +459,10 @@ export class SecurityGroup extends SecurityGroupBase { securityGroupId: options.securityGroupId, securityGroupName: options.securityGroupName, vpcId: options.vpc?.vpcId, + description: options.description, + ownerId: options.ownerId, + tagKeys: options.tagKeys, + tags: options.tags, }, dummyValue: { securityGroupId: 'sg-12345678', @@ -816,13 +835,13 @@ function isAllTrafficRule(rule: any) { * * Either `securityGroupName` or `securityGroupId` has to be specified. */ -interface SecurityGroupLookupOptions { +export interface SecurityGroupLookupOptions { /** * The name of the security group * * If given, will import the SecurityGroup with this name. * - * @default Don't filter on securityGroupName + * @default - Don't filter on securityGroupName */ readonly securityGroupName?: string; @@ -831,7 +850,7 @@ interface SecurityGroupLookupOptions { * * If given, will import the SecurityGroup with this ID. * - * @default Don't filter on securityGroupId + * @default - Don't filter on securityGroupId */ readonly securityGroupId?: string; @@ -840,7 +859,35 @@ interface SecurityGroupLookupOptions { * * If given, will filter the SecurityGroup based on the VPC. * - * @default Don't filter on VPC + * @default - Don't filter on VPC */ readonly vpc?: IVpc; + + /** + * Security group description + * + * @default - Don't filter on description + */ + readonly description?: string; + + /** + * Account ID of the owner of the security group + * + * @default - Don't filter on owner ID + */ + readonly ownerId?: string; + + /** + * The keys of tags assigned to the security group + * + * @default - Don't filter on tag keys + */ + readonly tagKeys?: string[]; + + /** + * The key/value combination of a tag assigned to the security group + * + * @default - Don't filter on tags + */ + readonly tags?: Record; } diff --git a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts index 50e7f9ae5f224..cd98bd1689181 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts @@ -596,6 +596,30 @@ describe('security group lookup', () => { }); + test('can look up a security group by filters', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'stack', { + env: { + account: '1234', + region: 'us-east-1', + }, + }); + + // WHEN + const securityGroup = SecurityGroup.fromLookupByFilters(stack, 'SG1', { + ownerId: '012345678901', + description: 'my description', + tagKeys: ['tagA', 'tagB'], + tags: { tagC: ['valueC', 'otherValueC'], tagD: ['valueD'] }, + }); + + // THEN + expect(securityGroup.securityGroupId).toEqual('sg-12345678'); + expect(securityGroup.allowAllOutbound).toEqual(true); + + }); + test('can look up a security group and use it as a peer', () => { // GIVEN const app = new App(); diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts index bd35d023dfe69..92fd11f9ea376 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts @@ -449,6 +449,34 @@ export interface SecurityGroupContextQuery { * @default - None */ readonly vpcId?: string; + + /** + * Security group description + * + * @default - None + */ + readonly description?: string; + + /** + * Account ID of the owner of the security group + * + * @default - None + */ + readonly ownerId?: string; + + /** + * The keys of tags assigned to the security group + * + * @default - None + */ + readonly tagKeys?: string[]; + + /** + * The key/value combination of a tag assigned to the security group + * + * @default - None + */ + readonly tags?: Record; } /** diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json index 279dfbe369073..2dc1ceae0d7d9 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json @@ -870,6 +870,25 @@ "vpcId": { "description": "VPC ID (Default - None)", "type": "string" + }, + "description": { + "description": "Security group description (Default - None)", + "type": "string" + }, + "ownerId": { + "description": "Account ID of the owner of the security group (Default - None)", + "type": "string" + }, + "tagKeys": { + "description": "The keys of tags assigned to the security group (Default - None)", + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "description": "The key/value combination of a tag assigned to the security group (Default - None)", + "$ref": "#/definitions/Record" } }, "required": [ @@ -877,6 +896,9 @@ "region" ] }, + "Record": { + "type": "object" + }, "KeyContextQuery": { "description": "Query input for looking up a KMS Key", "type": "object", diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json index 1f0068d32659a..079dd58c72d69 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"37.0.0"} \ No newline at end of file diff --git a/packages/aws-cdk/lib/context-providers/security-groups.ts b/packages/aws-cdk/lib/context-providers/security-groups.ts index 19372df9af842..fa68fa4129e23 100644 --- a/packages/aws-cdk/lib/context-providers/security-groups.ts +++ b/packages/aws-cdk/lib/context-providers/security-groups.ts @@ -17,10 +17,6 @@ export class SecurityGroupContextProviderPlugin implements ContextProviderPlugin throw new Error('\'securityGroupId\' and \'securityGroupName\' can not be specified both when looking up a security group'); } - if (!args.securityGroupId && !args.securityGroupName) { - throw new Error('\'securityGroupId\' or \'securityGroupName\' must be specified to look up a security group'); - } - const options = { assumeRoleArn: args.lookupRoleArn }; const ec2 = (await this.aws.forEnvironment(cxapi.EnvironmentUtils.make(account, region), Mode.ForReading, options)).sdk.ec2(); @@ -37,6 +33,32 @@ export class SecurityGroupContextProviderPlugin implements ContextProviderPlugin Values: [args.securityGroupName], }); } + if (args.description) { + filters.push({ + Name: 'description', + Values: [args.description], + }); + } + if (args.tagKeys) { + filters.push({ + Name: 'tag-key', + Values: args.tagKeys, + }); + } + if (args.ownerId) { + filters.push({ + Name: 'owner-id', + Values: [args.ownerId], + }); + } + if (args.tags) { + Object.entries(args.tags).forEach(([key, values]) => { + filters.push({ + Name: `tag:${key}`, + Values: values, + }); + }); + } const response = await ec2.describeSecurityGroups({ GroupIds: args.securityGroupId ? [args.securityGroupId] : undefined, diff --git a/packages/aws-cdk/test/context-providers/security-groups.test.ts b/packages/aws-cdk/test/context-providers/security-groups.test.ts index c7bdc586ad7bc..2477336d98b93 100644 --- a/packages/aws-cdk/test/context-providers/security-groups.test.ts +++ b/packages/aws-cdk/test/context-providers/security-groups.test.ts @@ -1,7 +1,9 @@ +import * as AWS from 'aws-sdk-mock'; /* eslint-disable import/order */ import * as aws from 'aws-sdk'; -import * as AWS from 'aws-sdk-mock'; -import { hasAllTrafficEgress, SecurityGroupContextProviderPlugin } from '../../lib/context-providers/security-groups'; + +import { SecurityGroupContextProviderPlugin, hasAllTrafficEgress } from '../../lib/context-providers/security-groups'; + import { MockSdkProvider } from '../util/mock-sdk'; AWS.setSDK(require.resolve('aws-sdk')); @@ -226,6 +228,74 @@ describe('security group context provider plugin', () => { expect(res.allowAllOutbound).toEqual(true); }); + test('looks up by security group description, owner id, tag keys, and tags', async () => { + // GIVEN + const provider = new SecurityGroupContextProviderPlugin(mockSDK); + + AWS.mock('EC2', 'describeSecurityGroups', (_params: aws.EC2.DescribeSecurityGroupsRequest, cb: AwsCallback) => { + expect(_params).toEqual({ + GroupIds: undefined, + Filters: [ + { + Name: 'description', + Values: ['my description'], + }, + { + Name: 'tag-key', + Values: ['tagA', 'tagB'], + }, + { + Name: 'owner-id', + Values: ['012345678901'], + }, + { + Name: 'tag:tagC', + Values: ['valueC', 'otherValueC'], + }, + { + Name: 'tag:tagD', + Values: ['valueD'], + }, + ], + }); + cb(null, { + SecurityGroups: [ + { + GroupId: 'sg-1234', + IpPermissionsEgress: [ + { + IpProtocol: '-1', + IpRanges: [ + { CidrIp: '0.0.0.0/0' }, + ], + }, + { + IpProtocol: '-1', + Ipv6Ranges: [ + { CidrIpv6: '::/0' }, + ], + }, + ], + }, + ], + }); + }); + + // WHEN + const res = await provider.getValue({ + account: '1234', + region: 'us-east-1', + ownerId: '012345678901', + description: 'my description', + tagKeys: ['tagA', 'tagB'], + tags: { tagC: ['valueC', 'otherValueC'], tagD: ['valueD'] }, + }); + + // THEN + expect(res.securityGroupId).toEqual('sg-1234'); + expect(res.allowAllOutbound).toEqual(true); + }); + test('detects non all-outbound egress', async () => { // GIVEN const provider = new SecurityGroupContextProviderPlugin(mockSDK); @@ -319,19 +389,6 @@ describe('security group context provider plugin', () => { ).rejects.toThrow(/\'securityGroupId\' and \'securityGroupName\' can not be specified both when looking up a security group/i); }); - test('errors when neither securityGroupId nor securityGroupName are specified', async () => { - // GIVEN - const provider = new SecurityGroupContextProviderPlugin(mockSDK); - - // WHEN - await expect( - provider.getValue({ - account: '1234', - region: 'us-east-1', - }), - ).rejects.toThrow(/\'securityGroupId\' or \'securityGroupName\' must be specified to look up a security group/i); - }); - test('identifies allTrafficEgress from SecurityGroup permissions', () => { expect( hasAllTrafficEgress({ From d5a19bb3eeda50a7b08e2b814dfcf76e6ac21fdc Mon Sep 17 00:00:00 2001 From: Lee Date: Thu, 8 Aug 2024 19:44:53 +0100 Subject: [PATCH 17/40] feat(dynamodb): adding on-demand-throughput to table (#30725) ### Issue # (if applicable) Closes #30091 ### Reason for this change New DynamoDB feature that was just released ### Description of changes Added `maxReadRequestUnits` and `maxWriteRequestUnits` for PAY_PER_REQUEST tables ### Description of how you validated changes Tests on `integ.dynamodb.ondemand.ts` ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-global-table-v2.assets.json | 20 ++ .../aws-cdk-global-table-v2.template.json | 117 +++++++ ...efaultTestDeployAssertF1A4FD2A.assets.json | 19 + ...aultTestDeployAssertF1A4FD2A.template.json | 36 ++ .../cdk.out | 1 + .../integ.json | 16 + .../manifest.json | 121 +++++++ .../tree.json | 196 +++++++++++ .../integ.dynamodb-v2.max-request-units.ts | 41 +++ .../aws-cdk-global-table.assets.json | 20 ++ .../aws-cdk-global-table.template.json | 247 +++++++++++++ ...efaultTestDeployAssertA2A9E81F.assets.json | 19 + ...aultTestDeployAssertA2A9E81F.template.json | 36 ++ .../cdk.out | 1 + .../integ.json | 16 + .../manifest.json | 133 +++++++ .../tree.json | 328 ++++++++++++++++++ .../test/integ.dynamodb-v2.ondemand.ts | 60 ++++ .../integ.json | 10 - .../tree.json | 2 +- .../aws-cdk-dynamodb.assets.json | 6 +- .../aws-cdk-dynamodb.template.json | 70 ++-- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 17 +- .../tree.json | 140 ++++---- .../test/integ.dynamodb.ondemand.ts | 4 + packages/aws-cdk-lib/aws-dynamodb/README.md | 13 + .../aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md | 11 + .../aws-cdk-lib/aws-dynamodb/lib/billing.ts | 27 +- .../aws-cdk-lib/aws-dynamodb/lib/table-v2.ts | 75 +++- .../aws-cdk-lib/aws-dynamodb/lib/table.ts | 51 +++ .../aws-dynamodb/test/billing.test.ts | 26 ++ .../aws-dynamodb/test/dynamodb.test.ts | 69 ++++ .../aws-dynamodb/test/table-v2.test.ts | 155 +++++++++ 35 files changed, 1987 insertions(+), 120 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json new file mode 100644 index 0000000000000..a07133b76fc7d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.assets.json @@ -0,0 +1,20 @@ +{ + "version": "36.0.0", + "files": { + "f6c3259c52a142bbcf580bb47c14037f7819c4cebfb51d6c8586c38bc79c5509": { + "source": { + "path": "aws-cdk-global-table-v2.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-eu-west-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-eu-west-1", + "objectKey": "f6c3259c52a142bbcf580bb47c14037f7819c4cebfb51d6c8586c38bc79c5509.json", + "region": "eu-west-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-eu-west-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json new file mode 100644 index 0000000000000..35b13b4c70e59 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/aws-cdk-global-table-v2.template.json @@ -0,0 +1,117 @@ +{ + "Resources": { + "GlobalTableV212B4E024": { + "Type": "AWS::DynamoDB::GlobalTable", + "Properties": { + "AttributeDefinitions": [ + { + "AttributeName": "pk", + "AttributeType": "S" + }, + { + "AttributeName": "sk", + "AttributeType": "N" + } + ], + "BillingMode": "PAY_PER_REQUEST", + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi2", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + } + ], + "Projection": { + "ProjectionType": "ALL" + }, + "WriteOnDemandThroughputSettings": { + "MaxWriteRequestUnits": 2001 + } + } + ], + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + }, + { + "AttributeName": "sk", + "KeyType": "RANGE" + } + ], + "Replicas": [ + { + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 222 + }, + "Region": "us-east-1" + }, + { + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "Region": "eu-west-1" + } + ], + "StreamSpecification": { + "StreamViewType": "NEW_AND_OLD_IMAGES" + }, + "TableName": "my-global-table-v2", + "WriteOnDemandThroughputSettings": { + "MaxWriteRequestUnits": 10 + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json new file mode 100644 index 0000000000000..02772f0375026 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json new file mode 100644 index 0000000000000..d1446d6169277 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/integ.json @@ -0,0 +1,16 @@ +{ + "version": "36.0.0", + "testCases": { + "aws-cdk-global-table-integ-v2/DefaultTest": { + "stacks": [ + "aws-cdk-global-table-v2" + ], + "regions": [ + "eu-west-1" + ], + "stackUpdateWorkflow": false, + "assertionStack": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert", + "assertionStackName": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json new file mode 100644 index 0000000000000..0377675ebe18a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/manifest.json @@ -0,0 +1,121 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-global-table-v2.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-global-table-v2.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-global-table-v2": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/eu-west-1", + "properties": { + "templateFile": "aws-cdk-global-table-v2.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-eu-west-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-eu-west-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-eu-west-1/f6c3259c52a142bbcf580bb47c14037f7819c4cebfb51d6c8586c38bc79c5509.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-global-table-v2.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-eu-west-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-global-table-v2.assets" + ], + "metadata": { + "/aws-cdk-global-table-v2/GlobalTableV2": [ + { + "type": "aws:cdk:hasPhysicalName", + "data": { + "Ref": "GlobalTableV212B4E024" + } + } + ], + "/aws-cdk-global-table-v2/GlobalTableV2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalTableV212B4E024" + } + ], + "/aws-cdk-global-table-v2/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table-v2/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table-v2" + }, + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkglobaltableintegv2DefaultTestDeployAssertF1A4FD2A.assets" + ], + "metadata": { + "/aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json new file mode 100644 index 0000000000000..574bf311dffef --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.js.snapshot/tree.json @@ -0,0 +1,196 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-global-table-v2": { + "id": "aws-cdk-global-table-v2", + "path": "aws-cdk-global-table-v2", + "children": { + "GlobalTableV2": { + "id": "GlobalTableV2", + "path": "aws-cdk-global-table-v2/GlobalTableV2", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-global-table-v2/GlobalTableV2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::DynamoDB::GlobalTable", + "aws:cdk:cloudformation:props": { + "attributeDefinitions": [ + { + "attributeName": "pk", + "attributeType": "S" + }, + { + "attributeName": "sk", + "attributeType": "N" + } + ], + "billingMode": "PAY_PER_REQUEST", + "globalSecondaryIndexes": [ + { + "indexName": "gsi2", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + } + ], + "projection": { + "projectionType": "ALL" + }, + "writeOnDemandThroughputSettings": { + "maxWriteRequestUnits": 2001 + } + } + ], + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + }, + { + "attributeName": "sk", + "keyType": "RANGE" + } + ], + "replicas": [ + { + "region": "us-east-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + } + } + ], + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 222 + } + }, + { + "region": "eu-west-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + } + } + ] + } + ], + "streamSpecification": { + "streamViewType": "NEW_AND_OLD_IMAGES" + }, + "tableName": "my-global-table-v2", + "writeOnDemandThroughputSettings": { + "maxWriteRequestUnits": 10 + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.CfnGlobalTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.TableBaseV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table-v2/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table-v2/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-global-table-integ-v2": { + "id": "aws-cdk-global-table-integ-v2", + "path": "aws-cdk-global-table-integ-v2", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-global-table-integ-v2/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table-integ-v2/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts new file mode 100644 index 0000000000000..794266767b156 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.max-request-units.ts @@ -0,0 +1,41 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import { AttributeType, Billing, TableV2 } from 'aws-cdk-lib/aws-dynamodb'; +import { Construct } from 'constructs'; + +class TestStack extends Stack { + public constructor(scope: Construct, id: string, props: StackProps) { + super(scope, id, props); + + new TableV2(this, 'GlobalTableV2', { + tableName: 'my-global-table-v2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + sortKey: { name: 'sk', type: AttributeType.NUMBER }, + billing: Billing.onDemand({ + maxWriteRequestUnits: 10, + }), + removalPolicy: RemovalPolicy.DESTROY, + replicas: [ + { + region: 'us-east-1', + maxReadRequestUnits: 222, + }, + ], + globalSecondaryIndexes: [ + { + indexName: 'gsi2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 2001, + maxWriteRequestUnits: 2001, + }, + ], + }); + } +} + +const app = new App(); +new IntegTest(app, 'aws-cdk-global-table-integ-v2', { + testCases: [new TestStack(app, 'aws-cdk-global-table-v2', { env: { region: 'eu-west-1' } })], + regions: ['eu-west-1'], + stackUpdateWorkflow: false, +}); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json new file mode 100644 index 0000000000000..aa94a2c7845ca --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.assets.json @@ -0,0 +1,20 @@ +{ + "version": "36.0.0", + "files": { + "cc5278f2745ed14e48839e10ba3e84d52a026101a039e164e937d90f16b69c34": { + "source": { + "path": "aws-cdk-global-table.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "cc5278f2745ed14e48839e10ba3e84d52a026101a039e164e937d90f16b69c34.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json new file mode 100644 index 0000000000000..e1e71ad2043c7 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/aws-cdk-global-table.template.json @@ -0,0 +1,247 @@ +{ + "Resources": { + "Stream790BDEE4": { + "Type": "AWS::Kinesis::Stream", + "Properties": { + "RetentionPeriodHours": 24, + "ShardCount": 1, + "StreamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "GlobalTable89F068B2": { + "Type": "AWS::DynamoDB::GlobalTable", + "Properties": { + "AttributeDefinitions": [ + { + "AttributeName": "pk", + "AttributeType": "S" + }, + { + "AttributeName": "sk", + "AttributeType": "N" + } + ], + "BillingMode": "PAY_PER_REQUEST", + "GlobalSecondaryIndexes": [ + { + "IndexName": "gsi1", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + } + ], + "Projection": { + "ProjectionType": "ALL" + } + }, + { + "IndexName": "gsi2", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + } + ], + "Projection": { + "ProjectionType": "ALL" + }, + "WriteOnDemandThroughputSettings": { + "MaxWriteRequestUnits": 2001 + } + } + ], + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + }, + { + "AttributeName": "sk", + "KeyType": "RANGE" + } + ], + "LocalSecondaryIndexes": [ + { + "IndexName": "lsi", + "KeySchema": [ + { + "AttributeName": "pk", + "KeyType": "HASH" + }, + { + "AttributeName": "sk", + "KeyType": "RANGE" + } + ], + "Projection": { + "ProjectionType": "ALL" + } + } + ], + "Replicas": [ + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "GlobalSecondaryIndexes": [ + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi1", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 1002 + } + }, + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "PointInTimeRecoverySpecification": { + "PointInTimeRecoveryEnabled": true + }, + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 222 + }, + "Region": "eu-west-1", + "TableClass": "STANDARD_INFREQUENT_ACCESS" + }, + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "GlobalSecondaryIndexes": [ + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi1", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 1002 + } + }, + { + "ContributorInsightsSpecification": { + "Enabled": true + }, + "IndexName": "gsi2", + "ReadOnDemandThroughputSettings": { + "MaxReadRequestUnits": 2001 + } + } + ], + "KinesisStreamSpecification": { + "StreamArn": { + "Fn::GetAtt": [ + "Stream790BDEE4", + "Arn" + ] + } + }, + "PointInTimeRecoverySpecification": { + "PointInTimeRecoveryEnabled": true + }, + "Region": "us-east-1", + "TableClass": "STANDARD_INFREQUENT_ACCESS", + "Tags": [ + { + "Key": "primaryTableTagKey", + "Value": "primaryTableTagValue" + } + ] + } + ], + "SSESpecification": { + "SSEEnabled": true, + "SSEType": "KMS" + }, + "StreamSpecification": { + "StreamViewType": "NEW_AND_OLD_IMAGES" + }, + "TableName": "my-global-table", + "TimeToLiveSpecification": { + "AttributeName": "attr", + "Enabled": true + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Conditions": { + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-north-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-northwest-1" + ] + } + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json new file mode 100644 index 0000000000000..0a9ffc385b09a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json new file mode 100644 index 0000000000000..15437c63539c9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/integ.json @@ -0,0 +1,16 @@ +{ + "version": "36.0.0", + "testCases": { + "aws-cdk-global-table-integ/DefaultTest": { + "stacks": [ + "aws-cdk-global-table" + ], + "regions": [ + "us-east-1" + ], + "stackUpdateWorkflow": false, + "assertionStack": "aws-cdk-global-table-integ/DefaultTest/DeployAssert", + "assertionStackName": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f36374c4697b1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/manifest.json @@ -0,0 +1,133 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-global-table.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-global-table.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-global-table": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/us-east-1", + "properties": { + "templateFile": "aws-cdk-global-table.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/cc5278f2745ed14e48839e10ba3e84d52a026101a039e164e937d90f16b69c34.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-global-table.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-global-table.assets" + ], + "metadata": { + "/aws-cdk-global-table/Stream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Stream790BDEE4" + } + ], + "/aws-cdk-global-table/AwsCdkKinesisEncryptedStreamsUnsupportedRegions": [ + { + "type": "aws:cdk:logicalId", + "data": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions" + } + ], + "/aws-cdk-global-table/GlobalTable": [ + { + "type": "aws:cdk:hasPhysicalName", + "data": { + "Ref": "GlobalTable89F068B2" + } + } + ], + "/aws-cdk-global-table/GlobalTable/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalTable89F068B2" + } + ], + "/aws-cdk-global-table/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table" + }, + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkglobaltableintegDefaultTestDeployAssertA2A9E81F.assets" + ], + "metadata": { + "/aws-cdk-global-table-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-global-table-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-global-table-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json new file mode 100644 index 0000000000000..963c19fb401dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.js.snapshot/tree.json @@ -0,0 +1,328 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-global-table": { + "id": "aws-cdk-global-table", + "path": "aws-cdk-global-table", + "children": { + "Stream": { + "id": "Stream", + "path": "aws-cdk-global-table/Stream", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-global-table/Stream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Kinesis::Stream", + "aws:cdk:cloudformation:props": { + "retentionPeriodHours": 24, + "shardCount": 1, + "streamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.CfnStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.Stream", + "version": "0.0.0" + } + }, + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "id": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "path": "aws-cdk-global-table/AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnCondition", + "version": "0.0.0" + } + }, + "GlobalTable": { + "id": "GlobalTable", + "path": "aws-cdk-global-table/GlobalTable", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-global-table/GlobalTable/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::DynamoDB::GlobalTable", + "aws:cdk:cloudformation:props": { + "attributeDefinitions": [ + { + "attributeName": "pk", + "attributeType": "S" + }, + { + "attributeName": "sk", + "attributeType": "N" + } + ], + "billingMode": "PAY_PER_REQUEST", + "globalSecondaryIndexes": [ + { + "indexName": "gsi1", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + } + ], + "projection": { + "projectionType": "ALL" + } + }, + { + "indexName": "gsi2", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + } + ], + "projection": { + "projectionType": "ALL" + }, + "writeOnDemandThroughputSettings": { + "maxWriteRequestUnits": 2001 + } + } + ], + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + }, + { + "attributeName": "sk", + "keyType": "RANGE" + } + ], + "localSecondaryIndexes": [ + { + "indexName": "lsi", + "keySchema": [ + { + "attributeName": "pk", + "keyType": "HASH" + }, + { + "attributeName": "sk", + "keyType": "RANGE" + } + ], + "projection": { + "projectionType": "ALL" + } + } + ], + "replicas": [ + { + "region": "eu-west-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi1", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 1002 + }, + "contributorInsightsSpecification": { + "enabled": true + } + }, + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + }, + "contributorInsightsSpecification": { + "enabled": true + } + } + ], + "tableClass": "STANDARD_INFREQUENT_ACCESS", + "contributorInsightsSpecification": { + "enabled": true + }, + "pointInTimeRecoverySpecification": { + "pointInTimeRecoveryEnabled": true + }, + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 222 + } + }, + { + "region": "us-east-1", + "globalSecondaryIndexes": [ + { + "indexName": "gsi1", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 1002 + }, + "contributorInsightsSpecification": { + "enabled": true + } + }, + { + "indexName": "gsi2", + "readOnDemandThroughputSettings": { + "maxReadRequestUnits": 2001 + }, + "contributorInsightsSpecification": { + "enabled": true + } + } + ], + "tableClass": "STANDARD_INFREQUENT_ACCESS", + "kinesisStreamSpecification": { + "streamArn": { + "Fn::GetAtt": [ + "Stream790BDEE4", + "Arn" + ] + } + }, + "contributorInsightsSpecification": { + "enabled": true + }, + "pointInTimeRecoverySpecification": { + "pointInTimeRecoveryEnabled": true + }, + "tags": [ + { + "key": "primaryTableTagKey", + "value": "primaryTableTagValue" + } + ] + } + ], + "sseSpecification": { + "sseEnabled": true, + "sseType": "KMS" + }, + "streamSpecification": { + "streamViewType": "NEW_AND_OLD_IMAGES" + }, + "tableName": "my-global-table", + "timeToLiveSpecification": { + "attributeName": "attr", + "enabled": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.CfnGlobalTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_dynamodb.TableBaseV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-global-table-integ": { + "id": "aws-cdk-global-table-integ", + "path": "aws-cdk-global-table-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-global-table-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-global-table-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-global-table-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-global-table-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-global-table-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts new file mode 100644 index 0000000000000..c2070e0b45754 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.ondemand.ts @@ -0,0 +1,60 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import { AttributeType, Billing, TableV2, TableClass, TableEncryptionV2 } from 'aws-cdk-lib/aws-dynamodb'; +import { Stream } from 'aws-cdk-lib/aws-kinesis'; +import { Construct } from 'constructs'; + +class TestStack extends Stack { + public constructor(scope: Construct, id: string, props: StackProps) { + super(scope, id, props); + + const stream = new Stream(this, 'Stream'); + + new TableV2(this, 'GlobalTable', { + tableName: 'my-global-table', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + sortKey: { name: 'sk', type: AttributeType.NUMBER }, + billing: Billing.onDemand(), + encryption: TableEncryptionV2.awsManagedKey(), + contributorInsights: true, + pointInTimeRecovery: true, + tableClass: TableClass.STANDARD_INFREQUENT_ACCESS, + timeToLiveAttribute: 'attr', + removalPolicy: RemovalPolicy.DESTROY, + kinesisStream: stream, + replicas: [ + { + region: 'eu-west-1', + maxReadRequestUnits: 222, + }, + ], + globalSecondaryIndexes: [ + { + indexName: 'gsi1', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 1002, + }, + { + indexName: 'gsi2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 2001, + maxWriteRequestUnits: 2001, + }, + ], + localSecondaryIndexes: [ + { + indexName: 'lsi', + sortKey: { name: 'sk', type: AttributeType.NUMBER }, + }, + ], + tags: [{ key: 'primaryTableTagKey', value: 'primaryTableTagValue' }], + }); + } +} + +const app = new App(); +new IntegTest(app, 'aws-cdk-global-table-integ', { + testCases: [new TestStack(app, 'aws-cdk-global-table', { env: { region: 'us-east-1' } })], + regions: ['us-east-1'], + stackUpdateWorkflow: false, +}); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json index 32e11a1d2250a..5e8e335699b08 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/integ.json @@ -5,16 +5,6 @@ "stacks": [ "ResourcePolicyTest-v2" ], - "regions": [ - "us-east-1" - ], - "cdkCommandOptions": { - "deploy": { - "args": { - "rollback": true - } - } - }, "assertionStack": "table-v2-resource-policy-integ-test/DefaultTest/DeployAssert", "assertionStackName": "tablev2resourcepolicyintegtestDefaultTestDeployAssertBE3353C7" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json index 3a0a1c50405d4..8417b42605972 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb-v2.policy.js.snapshot/tree.json @@ -71,7 +71,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_dynamodb.TableV2", + "fqn": "aws-cdk-lib.aws_dynamodb.TableBaseV2", "version": "0.0.0" } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json index fd6b84f880be7..a06498ad4deee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "36.0.0", "files": { - "6721dc6f360c620369b9c3be4b289ff536e0faa87f39bac615b56ff31b2c609e": { + "4413d3171770b8ef5d6566130e7d33ddf852ba9ac51a59b9aea634446217bb3f": { "source": { "path": "aws-cdk-dynamodb.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6721dc6f360c620369b9c3be4b289ff536e0faa87f39bac615b56ff31b2c609e.json", + "objectKey": "4413d3171770b8ef5d6566130e7d33ddf852ba9ac51a59b9aea634446217bb3f.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json index 4b943cf19b09d..6c7b3cd8fad33 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/aws-cdk-dynamodb.template.json @@ -3,19 +3,23 @@ "TableCD117FA1": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ + "AttributeDefinitions": [ { "AttributeName": "hashKey", - "KeyType": "HASH" + "AttributeType": "S" } ], - "AttributeDefinitions": [ + "BillingMode": "PAY_PER_REQUEST", + "KeySchema": [ { "AttributeName": "hashKey", - "AttributeType": "S" + "KeyType": "HASH" } ], - "BillingMode": "PAY_PER_REQUEST" + "OnDemandThroughput": { + "MaxReadRequestUnits": 100, + "MaxWriteRequestUnits": 200 + } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" @@ -23,16 +27,6 @@ "TableWithGlobalAndLocalSecondaryIndexBC540710": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ - { - "AttributeName": "hashKey", - "KeyType": "HASH" - }, - { - "AttributeName": "sortKey", - "KeyType": "RANGE" - } - ], "AttributeDefinitions": [ { "AttributeName": "hashKey", @@ -65,6 +59,10 @@ "KeyType": "HASH" } ], + "OnDemandThroughput": { + "MaxReadRequestUnits": 100, + "MaxWriteRequestUnits": 100 + }, "Projection": { "ProjectionType": "ALL" } @@ -146,6 +144,16 @@ } } ], + "KeySchema": [ + { + "AttributeName": "hashKey", + "KeyType": "HASH" + }, + { + "AttributeName": "sortKey", + "KeyType": "RANGE" + } + ], "LocalSecondaryIndexes": [ { "IndexName": "LSI-PartitionAndTableSortKey", @@ -250,12 +258,6 @@ "TableWithGlobalSecondaryIndexCC8E841E": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ - { - "AttributeName": "hashKey", - "KeyType": "HASH" - } - ], "AttributeDefinitions": [ { "AttributeName": "hashKey", @@ -280,6 +282,12 @@ "ProjectionType": "ALL" } } + ], + "KeySchema": [ + { + "AttributeName": "hashKey", + "KeyType": "HASH" + } ] }, "UpdateReplacePolicy": "Delete", @@ -288,16 +296,6 @@ "TableWithLocalSecondaryIndex4DA3D08F": { "Type": "AWS::DynamoDB::Table", "Properties": { - "KeySchema": [ - { - "AttributeName": "hashKey", - "KeyType": "HASH" - }, - { - "AttributeName": "sortKey", - "KeyType": "RANGE" - } - ], "AttributeDefinitions": [ { "AttributeName": "hashKey", @@ -313,6 +311,16 @@ } ], "BillingMode": "PAY_PER_REQUEST", + "KeySchema": [ + { + "AttributeName": "hashKey", + "KeyType": "HASH" + }, + { + "AttributeName": "sortKey", + "KeyType": "RANGE" + } + ], "LocalSecondaryIndexes": [ { "IndexName": "LSI-PartitionAndSortKey", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out index 588d7b269d34f..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json index 8c1bf3f2a284a..41061cbfbe3ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "36.0.0", "testCases": { "integ.dynamodb.ondemand": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json index fda20497ff2a4..46a693620203b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "36.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "aws-cdk-dynamodb.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-dynamodb.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6721dc6f360c620369b9c3be4b289ff536e0faa87f39bac615b56ff31b2c609e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4413d3171770b8ef5d6566130e7d33ddf852ba9ac51a59b9aea634446217bb3f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -77,6 +72,12 @@ ] }, "displayName": "aws-cdk-dynamodb" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json index e5ea52068becf..c149e06017f7a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "aws-cdk-dynamodb": { "id": "aws-cdk-dynamodb", "path": "aws-cdk-dynamodb", @@ -26,23 +18,27 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ + "attributeDefinitions": [ { "attributeName": "hashKey", - "keyType": "HASH" + "attributeType": "S" } ], - "attributeDefinitions": [ + "billingMode": "PAY_PER_REQUEST", + "keySchema": [ { "attributeName": "hashKey", - "attributeType": "S" + "keyType": "HASH" } ], - "billingMode": "PAY_PER_REQUEST" + "onDemandThroughput": { + "maxReadRequestUnits": 100, + "maxWriteRequestUnits": 200 + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -50,13 +46,13 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/Table/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", "version": "0.0.0" } }, @@ -70,16 +66,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ - { - "attributeName": "hashKey", - "keyType": "HASH" - }, - { - "attributeName": "sortKey", - "keyType": "RANGE" - } - ], "attributeDefinitions": [ { "attributeName": "hashKey", @@ -114,6 +100,10 @@ ], "projection": { "projectionType": "ALL" + }, + "onDemandThroughput": { + "maxReadRequestUnits": 100, + "maxWriteRequestUnits": 100 } }, { @@ -193,6 +183,16 @@ } } ], + "keySchema": [ + { + "attributeName": "hashKey", + "keyType": "HASH" + }, + { + "attributeName": "sortKey", + "keyType": "RANGE" + } + ], "localSecondaryIndexes": [ { "indexName": "LSI-PartitionAndTableSortKey", @@ -293,7 +293,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -301,13 +301,13 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/TableWithGlobalAndLocalSecondaryIndex/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", "version": "0.0.0" } }, @@ -321,12 +321,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ - { - "attributeName": "hashKey", - "keyType": "HASH" - } - ], "attributeDefinitions": [ { "attributeName": "hashKey", @@ -351,11 +345,17 @@ "projectionType": "ALL" } } + ], + "keySchema": [ + { + "attributeName": "hashKey", + "keyType": "HASH" + } ] } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -363,13 +363,13 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/TableWithGlobalSecondaryIndex/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", "version": "0.0.0" } }, @@ -383,16 +383,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::DynamoDB::Table", "aws:cdk:cloudformation:props": { - "keySchema": [ - { - "attributeName": "hashKey", - "keyType": "HASH" - }, - { - "attributeName": "sortKey", - "keyType": "RANGE" - } - ], "attributeDefinitions": [ { "attributeName": "hashKey", @@ -408,6 +398,16 @@ } ], "billingMode": "PAY_PER_REQUEST", + "keySchema": [ + { + "attributeName": "hashKey", + "keyType": "HASH" + }, + { + "attributeName": "sortKey", + "keyType": "RANGE" + } + ], "localSecondaryIndexes": [ { "indexName": "LSI-PartitionAndSortKey", @@ -429,7 +429,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.CfnTable", + "fqn": "aws-cdk-lib.aws_dynamodb.CfnTable", "version": "0.0.0" } }, @@ -437,26 +437,50 @@ "id": "ScalingRole", "path": "aws-cdk-dynamodb/TableWithLocalSecondaryIndex/ScalingRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-dynamodb.Table", + "fqn": "aws-cdk-lib.aws_dynamodb.Table", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-dynamodb/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-dynamodb/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts index 5a82c86155d65..e28fe9af89c43 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.ondemand.ts @@ -45,6 +45,8 @@ new Table(stack, TABLE, { billingMode: BillingMode.PAY_PER_REQUEST, partitionKey: TABLE_PARTITION_KEY, removalPolicy: RemovalPolicy.DESTROY, + maxReadRequestUnits: 100, + maxWriteRequestUnits: 200, }); const tableWithGlobalAndLocalSecondaryIndex = new Table(stack, TABLE_WITH_GLOBAL_AND_LOCAL_SECONDARY_INDEX, { @@ -63,6 +65,8 @@ Tags.of(tableWithGlobalAndLocalSecondaryIndex).add('Environment', 'Production'); tableWithGlobalAndLocalSecondaryIndex.addGlobalSecondaryIndex({ indexName: GSI_TEST_CASE_1, partitionKey: GSI_PARTITION_KEY, + maxReadRequestUnits: 100, + maxWriteRequestUnits: 100, }); tableWithGlobalAndLocalSecondaryIndex.addGlobalSecondaryIndex({ indexName: GSI_TEST_CASE_2, diff --git a/packages/aws-cdk-lib/aws-dynamodb/README.md b/packages/aws-cdk-lib/aws-dynamodb/README.md index 83d3e35c7d2f2..24e09c418b6ae 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/README.md +++ b/packages/aws-cdk-lib/aws-dynamodb/README.md @@ -148,6 +148,7 @@ Note: You can create an instance of the `TableV2` construct with as many `replic The `TableV2` construct can be configured with on-demand or provisioned billing: * On-demand - The default option. This is a flexible billing option capable of serving requests without capacity planning. The billing mode will be `PAY_PER_REQUEST`. +* You can optionally specify the `maxReadRequestUnits` or `maxWriteRequestUnits` on individual tables and associated global secondary indexes (GSIs). When you configure maximum throughput for an on-demand table, throughput requests that exceed the maximum amount specified will be throttled. * Provisioned - Specify the `readCapacity` and `writeCapacity` that you need for your application. The billing mode will be `PROVISIONED`. Capacity can be configured using one of the following modes: * Fixed - provisioned throughput capacity is configured with a fixed number of I/O operations per second. * Autoscaled - provisioned throughput capacity is dynamically adjusted on your behalf in response to actual traffic patterns. @@ -163,6 +164,18 @@ const table = new dynamodb.TableV2(this, 'Table', { }) ``` +The following example shows how to configure `TableV2` with on-demand billing with optional maximum throughput configured: + +```ts +const table = new dynamodb.TableV2(this, 'Table', { + partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING }, + billing: dynamodb.Billing.onDemand({ + maxReadRequestUnits: 100, + maxWriteRequestUnits: 115, + }), +}) +``` + When using provisioned billing, you must also specify `readCapacity` and `writeCapacity`. You can choose to configure `readCapacity` with fixed capacity or autoscaled capacity, but `writeCapacity` can only be configured with autoscaled capacity. The following example shows how to configure `TableV2` with provisioned billing: ```ts diff --git a/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md b/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md index ae5049af56cd8..34cf25434d6b2 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md +++ b/packages/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md @@ -46,6 +46,17 @@ const table = new dynamodb.Table(this, 'Table', { }); ``` +You can specify a maximum read or write request units when using PAY_PER_REQUEST billing mode: + +```ts +const table = new dynamodb.Table(this, 'Table', { + partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }, + billingMode: dynamodb.BillingMode.PAY_PER_REQUEST, + maxReadRequestUnits: 100, + maxWriteRequestUnits: 200, +}); +``` + Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode. diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts index c319a7023f709..bc05c312226fa 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/billing.ts @@ -16,6 +16,27 @@ export interface ThroughputProps { readonly writeCapacity: Capacity; } +/** + * Properties used to configure maximum throughput for an on-demand table. + */ +export interface MaxThroughputProps { + /** + * The max read request units. + * @default - if table mode is on-demand and this property is undefined, + * no maximum throughput limit will be put in place for read requests. + * This property is only applicable for tables using on-demand mode. + */ + readonly maxReadRequestUnits?: number; + + /** + * The max write request units. + * @default - if table mode is on-demand and this property is undefined, + * no maximum throughput limit will be put in place for write requests. + * This property is only applicable for tables using on-demand mode. + */ + readonly maxWriteRequestUnits?: number; +} + /** * Represents how capacity is managed and how you are charged for read and write throughput * for a DynamoDB table. @@ -26,14 +47,14 @@ export abstract class Billing { * * Note: Billing mode will be PAY_PER_REQUEST. */ - public static onDemand(): Billing { + public static onDemand(props?: MaxThroughputProps): Billing { return new (class extends Billing { public _renderReadCapacity() { - return undefined; + return props?.maxReadRequestUnits; } public _renderWriteCapacity() { - return undefined; + return props?.maxWriteRequestUnits; } }) (BillingMode.PAY_PER_REQUEST); } diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts index a309c994d33ad..65e3c588968e5 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2.ts @@ -40,6 +40,15 @@ export interface ReplicaGlobalSecondaryIndexOptions { * @default - inherited from the primary table */ readonly readCapacity?: Capacity; + + /** + * The maximum read request units for a specific global secondary index on a replica table. + * + * Note: This can only be configured if primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table + */ + readonly maxReadRequestUnits?: number; } /** @@ -75,6 +84,24 @@ export interface GlobalSecondaryIndexPropsV2 extends SecondaryIndexProps { * @default - inherited from the primary table. */ readonly writeCapacity?: Capacity; + + /** + * The maximum read request units. + * + * Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table. + */ + readonly maxReadRequestUnits?: number; + + /** + * The maximum write request units. + * + * Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table. + */ + readonly maxWriteRequestUnits?: number; } /** @@ -149,6 +176,15 @@ export interface ReplicaTableProps extends TableOptionsV2 { */ readonly readCapacity?: Capacity; + /** + * The maxium read request units. + * + * Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. + * + * @default - inherited from the primary table + */ + readonly maxReadRequestUnits?: number; + /** * Options used to configure global secondary index properties. * @@ -459,6 +495,9 @@ export class TableV2 extends TableBaseV2 { private readonly readProvisioning?: CfnGlobalTable.ReadProvisionedThroughputSettingsProperty; private readonly writeProvisioning?: CfnGlobalTable.WriteProvisionedThroughputSettingsProperty; + private readonly maxReadRequestUnits?: number; + private readonly maxWriteRequestUnits?: number; + private readonly replicaTables = new Map(); private readonly replicaKeys: { [region: string]: IKey } = {}; private readonly replicaTableArns: string[] = []; @@ -467,6 +506,7 @@ export class TableV2 extends TableBaseV2 { private readonly globalSecondaryIndexes = new Map(); private readonly localSecondaryIndexes = new Map(); private readonly globalSecondaryIndexReadCapacitys = new Map(); + private readonly globalSecondaryIndexMaxReadUnits = new Map(); public constructor(scope: Construct, id: string, props: TablePropsV2) { super(scope, id, { physicalName: props.tableName ?? PhysicalName.GENERATE_IF_NEEDED }); @@ -485,9 +525,15 @@ export class TableV2 extends TableBaseV2 { this.addKey(props.sortKey, RANGE_KEY_TYPE); } - this.billingMode = props.billing?.mode ?? BillingMode.PAY_PER_REQUEST; - this.readProvisioning = props.billing?._renderReadCapacity(); - this.writeProvisioning = props.billing?._renderWriteCapacity(); + if (props.billing?.mode === BillingMode.PAY_PER_REQUEST || props.billing?.mode === undefined) { + this.maxReadRequestUnits = props.billing?._renderReadCapacity(); + this.maxWriteRequestUnits = props.billing?._renderWriteCapacity(); + this.billingMode = BillingMode.PAY_PER_REQUEST; + } else { + this.readProvisioning = props.billing?._renderReadCapacity(); + this.writeProvisioning = props.billing?._renderWriteCapacity(); + this.billingMode = props.billing.mode; + } props.globalSecondaryIndexes?.forEach(gsi => this.addGlobalSecondaryIndex(gsi)); props.localSecondaryIndexes?.forEach(lsi => this.addLocalSecondaryIndex(lsi)); @@ -501,6 +547,9 @@ export class TableV2 extends TableBaseV2 { localSecondaryIndexes: Lazy.any({ produce: () => this.renderLocalIndexes() }, { omitEmptyArray: true }), billingMode: this.billingMode, writeProvisionedThroughputSettings: this.writeProvisioning, + writeOnDemandThroughputSettings: this.maxWriteRequestUnits + ? { maxWriteRequestUnits: this.maxWriteRequestUnits } + : undefined, streamSpecification: Lazy.any( { produce: () => props.dynamoStream ? { streamViewType: props.dynamoStream } : this.renderStreamSpecification() }, ), @@ -636,6 +685,11 @@ export class TableV2 extends TableBaseV2 { ? props.readCapacity._renderReadCapacity() : this.readProvisioning, tags: props.tags, + readOnDemandThroughputSettings: props.maxReadRequestUnits + ? { maxReadRequestUnits: props.maxReadRequestUnits } + : this.maxReadRequestUnits + ? { maxReadRequestUnits: this.maxReadRequestUnits } + : undefined, resourcePolicy: resourcePolicy ? { policyDocument: resourcePolicy } : undefined, @@ -649,11 +703,18 @@ export class TableV2 extends TableBaseV2 { props.readCapacity && this.globalSecondaryIndexReadCapacitys.set(props.indexName, props.readCapacity); const writeProvisionedThroughputSettings = props.writeCapacity ? props.writeCapacity._renderWriteCapacity() : this.writeProvisioning; + props.maxReadRequestUnits && this.globalSecondaryIndexMaxReadUnits.set(props.indexName, props.maxReadRequestUnits); + + const writeOnDemandThroughputSettings: CfnGlobalTable.WriteOnDemandThroughputSettingsProperty | undefined = props.maxWriteRequestUnits + ? { maxWriteRequestUnits: props.maxWriteRequestUnits } + : undefined; + return { indexName: props.indexName, keySchema, projection, writeProvisionedThroughputSettings, + writeOnDemandThroughputSettings, }; } @@ -678,18 +739,24 @@ export class TableV2 extends TableBaseV2 { const indexName = gsi.indexName; let contributorInsights = this.tableOptions.contributorInsights; let readCapacity = this.globalSecondaryIndexReadCapacitys.get(indexName); - + let maxReadRequestUnits = this.globalSecondaryIndexMaxReadUnits.get(indexName); if (indexNamesFromOptions.includes(indexName)) { const indexOptions = options[indexName]; contributorInsights = indexOptions.contributorInsights; readCapacity = indexOptions.readCapacity; + maxReadRequestUnits = indexOptions.maxReadRequestUnits; } const readProvisionedThroughputSettings = readCapacity?._renderReadCapacity() ?? this.readProvisioning; + const readOnDemandThroughputSettings: CfnGlobalTable.ReadOnDemandThroughputSettingsProperty | undefined = maxReadRequestUnits + ? { maxReadRequestUnits: maxReadRequestUnits } + : undefined; + replicaGlobalSecondaryIndexes.push({ indexName, readProvisionedThroughputSettings, + readOnDemandThroughputSettings, contributorInsightsSpecification: contributorInsights !== undefined ? { enabled: contributorInsights } : undefined, diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts index a9127cabf957a..33bd67411b000 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts @@ -233,6 +233,25 @@ export interface TableOptions extends SchemaOptions { */ readonly writeCapacity?: number; + /** + * The maximum read request units for the table. Careful if you add Global Secondary Indexes, as + * those will share the table's maximum on-demand throughput. + * + * Can only be provided if billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxReadRequestUnits?: number; + /** + * The write request units for the table. Careful if you add Global Secondary Indexes, as + * those will share the table's maximum on-demand throughput. + * + * Can only be provided if billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxWriteRequestUnits?: number; + /** * Specify how you are charged for read and write throughput and how you manage capacity. * @@ -418,6 +437,24 @@ export interface GlobalSecondaryIndexProps extends SecondaryIndexProps, SchemaOp * @default 5 */ readonly writeCapacity?: number; + + /** + * The maximum read request units for the global secondary index. + * + * Can only be provided if table billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxReadRequestUnits?: number; + + /** + * The maximum write request units for the global secondary index. + * + * Can only be provided if table billingMode is PAY_PER_REQUEST. + * + * @default - on-demand throughput is disabled + */ + readonly maxWriteRequestUnits?: number; } /** @@ -1124,6 +1161,13 @@ export class Table extends TableBase { readCapacityUnits: props.readCapacity || 5, writeCapacityUnits: props.writeCapacity || 5, }, + ...(props.maxReadRequestUnits || props.maxWriteRequestUnits ? + { + onDemandThroughput: this.billingMode === BillingMode.PROVISIONED ? undefined : { + maxReadRequestUnits: props.maxReadRequestUnits || undefined, + maxWriteRequestUnits: props.maxWriteRequestUnits || undefined, + }, + } : undefined), sseSpecification, streamSpecification, tableClass: props.tableClass, @@ -1189,6 +1233,13 @@ export class Table extends TableBase { readCapacityUnits: props.readCapacity || 5, writeCapacityUnits: props.writeCapacity || 5, }, + ...(props.maxReadRequestUnits || props.maxWriteRequestUnits ? + { + onDemandThroughput: this.billingMode === BillingMode.PROVISIONED ? undefined : { + maxReadRequestUnits: props.maxReadRequestUnits || undefined, + maxWriteRequestUnits: props.maxWriteRequestUnits || undefined, + }, + } : undefined), }); this.secondaryIndexSchemas.set(props.indexName, { diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts index e62cb924ab282..adda6cb779a97 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/billing.test.ts @@ -48,3 +48,29 @@ describe('provisioned billing', () => { expect(billing.mode).toEqual(BillingMode.PROVISIONED); }); }); + +describe('max throughput on-demand billing', () => { + // GIVEN + let billing: Billing; + beforeEach(() => { + billing = Billing.onDemand({ + maxReadRequestUnits: 10, + maxWriteRequestUnits: 100, + }); + }); + + test('render read capacity', () => { + // WHEN / THEN + expect(billing._renderReadCapacity()).toBe(10); + }); + + test('render write capacity', () => { + // WHEN / THEN + expect(billing._renderWriteCapacity()).toBe(100); + }); + + test('billing mode is PAY_PER_REQUEST', () => { + // WHEN / THEN + expect(billing.mode).toEqual(BillingMode.PAY_PER_REQUEST); + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts index 39598ee4f588a..4be16524b2ca3 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts @@ -762,6 +762,75 @@ describe('when billing mode is PAY_PER_REQUEST', () => { writeCapacity: 1, })).toThrow(/PAY_PER_REQUEST/); }); + + test('when specifying maximum throughput for on-demand', () => { + stack = new Stack(); + new Table(stack, CONSTRUCT_NAME, { + tableName: TABLE_NAME, + billingMode: BillingMode.PAY_PER_REQUEST, + partitionKey: TABLE_PARTITION_KEY, + maxReadRequestUnits: 10, + maxWriteRequestUnits: 5, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::Table', + { + KeySchema: [ + { AttributeName: 'hashKey', KeyType: 'HASH' }, + ], + BillingMode: 'PAY_PER_REQUEST', + AttributeDefinitions: [ + { AttributeName: 'hashKey', AttributeType: 'S' }, + ], + TableName: 'MyTable', + OnDemandThroughput: { + MaxReadRequestUnits: 10, + MaxWriteRequestUnits: 5, + }, + }, + ); + }); + + test('when specifying maximum throughput for on-demand-indexes', () => { + stack = new Stack(); + const table = new Table(stack, CONSTRUCT_NAME, { + tableName: TABLE_NAME, + billingMode: BillingMode.PAY_PER_REQUEST, + partitionKey: TABLE_PARTITION_KEY, + maxReadRequestUnits: 10, + maxWriteRequestUnits: 5, + }); + table.addGlobalSecondaryIndex({ + maxReadRequestUnits: 10, + maxWriteRequestUnits: 20, + indexName: 'gsi1', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::Table', + { + KeySchema: [{ AttributeName: 'hashKey', KeyType: 'HASH' }], + BillingMode: 'PAY_PER_REQUEST', + AttributeDefinitions: [ + { AttributeName: 'hashKey', AttributeType: 'S' }, + { AttributeName: 'pk', AttributeType: 'S' }, + ], + TableName: 'MyTable', + OnDemandThroughput: { + MaxReadRequestUnits: 10, + MaxWriteRequestUnits: 5, + }, + GlobalSecondaryIndexes: [{ + IndexName: 'gsi1', + KeySchema: [{ AttributeName: 'pk', KeyType: 'HASH' }], + OnDemandThroughput: { + MaxReadRequestUnits: 10, + MaxWriteRequestUnits: 20, + }, + }], + }, + ); + }); }); describe('schema details', () => { diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts index 81e9205211a0b..63bbf3319b73e 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts @@ -1029,6 +1029,161 @@ describe('table', () => { table.replica('us-west-2'); }).toThrow('Replica tables are not supported in a region agnostic stack'); }); + + test('with on-demand maximum throughput', () => { + // GIVEN + const stack = new Stack(undefined, 'Stack'); + + // WHEN + new TableV2(stack, 'Table', { + partitionKey: { name: 'pk', type: AttributeType.STRING }, + billing: Billing.onDemand({ + maxReadRequestUnits: 10, + maxWriteRequestUnits: 10, + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::GlobalTable', { + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + AttributeDefinitions: [ + { AttributeName: 'pk', AttributeType: 'S' }, + ], + WriteOnDemandThroughputSettings: { + MaxWriteRequestUnits: 10, + }, + BillingMode: 'PAY_PER_REQUEST', + StreamSpecification: Match.absent(), + Replicas: [ + { + Region: { + Ref: 'AWS::Region', + }, + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 10, + }, + }, + ], + }); + Template.fromStack(stack).hasResource('AWS::DynamoDB::GlobalTable', { DeletionPolicy: CfnDeletionPolicy.RETAIN }); + }); + + test('with on-demand maximum throughput - read only', () => { + // GIVEN + const stack = new Stack(undefined, 'Stack'); + + // WHEN + new TableV2(stack, 'Table', { + partitionKey: { name: 'pk', type: AttributeType.STRING }, + billing: Billing.onDemand({ + maxReadRequestUnits: 10, + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::GlobalTable', { + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + AttributeDefinitions: [ + { AttributeName: 'pk', AttributeType: 'S' }, + ], + BillingMode: 'PAY_PER_REQUEST', + StreamSpecification: Match.absent(), + Replicas: [ + { + Region: { + Ref: 'AWS::Region', + }, + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 10, + }, + }, + ], + }); + Template.fromStack(stack).hasResource('AWS::DynamoDB::GlobalTable', { DeletionPolicy: CfnDeletionPolicy.RETAIN }); + }); + + test('with on-demand maximum throughput - index', () => { + // GIVEN + const stack = new Stack(undefined, 'Stack'); + + // WHEN + new TableV2(stack, 'Table', { + partitionKey: { name: 'pk', type: AttributeType.STRING }, + globalSecondaryIndexes: [ + { + indexName: 'gsi1', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 100, + }, + { + indexName: 'gsi2', + partitionKey: { name: 'pk', type: AttributeType.STRING }, + maxReadRequestUnits: 1, + maxWriteRequestUnits: 1, + }, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::GlobalTable', { + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + AttributeDefinitions: [ + { AttributeName: 'pk', AttributeType: 'S' }, + ], + GlobalSecondaryIndexes: [ + { + IndexName: 'gsi1', + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + Projection: { + ProjectionType: 'ALL', + }, + }, + { + IndexName: 'gsi2', + KeySchema: [ + { AttributeName: 'pk', KeyType: 'HASH' }, + ], + Projection: { + ProjectionType: 'ALL', + }, + WriteOnDemandThroughputSettings: { + MaxWriteRequestUnits: 1, + }, + }, + ], + BillingMode: 'PAY_PER_REQUEST', + StreamSpecification: Match.absent(), + Replicas: [ + { + Region: { + Ref: 'AWS::Region', + }, + GlobalSecondaryIndexes: [{ + IndexName: 'gsi1', + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 100, + }, + }, + { + IndexName: 'gsi2', + ReadOnDemandThroughputSettings: { + MaxReadRequestUnits: 1, + }, + }], + }, + ], + }); + Template.fromStack(stack).hasResource('AWS::DynamoDB::GlobalTable', { DeletionPolicy: CfnDeletionPolicy.RETAIN }); + }); + }); describe('replica tables', () => { From 79b5cd2390508e7b5c3d5c93001e30387bf88a4e Mon Sep 17 00:00:00 2001 From: Kendra Neil <53584728+TheRealAmazonKendra@users.noreply.github.com> Date: Thu, 8 Aug 2024 12:26:26 -0700 Subject: [PATCH 18/40] revert: feat(ec2): security group lookup via filters (#31065) Reverts aws/aws-cdk#30625 --- .../LookupStack.assets.json | 20 - .../LookupStack.template.json | 36 -- ...efaultTestDeployAssert9466B7BF.assets.json | 19 - ...aultTestDeployAssert9466B7BF.template.json | 36 -- .../StackWithSg.assets.json | 34 -- .../StackWithSg.template.json | 233 ----------- .../__entrypoint__.js | 155 ------- .../index.js | 1 - .../cdk.out | 1 - .../integ.json | 13 - .../manifest.json | 253 ----------- .../tree.json | 392 ------------------ .../test/integ.security-group-lookup.ts | 56 --- packages/aws-cdk-lib/aws-ec2/README.md | 12 +- .../aws-cdk-lib/aws-ec2/lib/security-group.ts | 57 +-- .../aws-ec2/test/security-group.test.ts | 24 -- .../lib/cloud-assembly/context-queries.ts | 28 -- .../schema/cloud-assembly.schema.json | 22 - .../schema/cloud-assembly.version.json | 2 +- .../lib/context-providers/security-groups.ts | 30 +- .../context-providers/security-groups.test.ts | 87 +--- 21 files changed, 26 insertions(+), 1485 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json deleted file mode 100644 index fc94649590768..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "37.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "LookupStack.template.json", - "packaging": "file" - }, - "destinations": { - "12345678-test-region": { - "bucketName": "cdk-hnb659fds-assets-12345678-test-region", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "region": "test-region", - "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/LookupStack.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json deleted file mode 100644 index e67d33537caf4..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "37.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "SgLookupTestDefaultTestDeployAssert9466B7BF.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/SgLookupTestDefaultTestDeployAssert9466B7BF.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json deleted file mode 100644 index a65bbb573ca89..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.assets.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "version": "37.0.0", - "files": { - "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { - "source": { - "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", - "packaging": "zip" - }, - "destinations": { - "12345678-test-region": { - "bucketName": "cdk-hnb659fds-assets-12345678-test-region", - "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", - "region": "test-region", - "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" - } - } - }, - "e205a0cabbb47f8c8f8f543d0ad04ed8b26973d67ffd51d9583342d4ad69a2a9": { - "source": { - "path": "StackWithSg.template.json", - "packaging": "file" - }, - "destinations": { - "12345678-test-region": { - "bucketName": "cdk-hnb659fds-assets-12345678-test-region", - "objectKey": "e205a0cabbb47f8c8f8f543d0ad04ed8b26973d67ffd51d9583342d4ad69a2a9.json", - "region": "test-region", - "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json deleted file mode 100644 index eefe64d08796d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/StackWithSg.template.json +++ /dev/null @@ -1,233 +0,0 @@ -{ - "Resources": { - "MyVpcF9F0CA6F": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "my-vpc-name" - } - ] - } - }, - "MyVpcRestrictDefaultSecurityGroupCustomResourceA4FCCD62": { - "Type": "Custom::VpcRestrictDefaultSG", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", - "Arn" - ] - }, - "DefaultSecurityGroupId": { - "Fn::GetAtt": [ - "MyVpcF9F0CA6F", - "DefaultSecurityGroup" - ] - }, - "Account": "12345678" - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ], - "Policies": [ - { - "PolicyName": "Inline", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:RevokeSecurityGroupEgress" - ], - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":ec2:test-region:12345678:security-group/", - { - "Fn::GetAtt": [ - "MyVpcF9F0CA6F", - "DefaultSecurityGroup" - ] - } - ] - ] - } - ] - } - ] - } - } - ] - } - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region", - "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "__entrypoint__.handler", - "Role": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", - "Arn" - ] - }, - "Runtime": "nodejs18.x", - "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" - }, - "DependsOn": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - ] - }, - "MySgAFDC270F2": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "StackWithSg/MySgA", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "myTag", - "Value": "my-value" - } - ], - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "MySgB343D3C61": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "StackWithSg/MySgB", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "myTagKey", - "Value": "true" - } - ], - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "MySgC50C8732C": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "my-description", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "MySgDA51BA0C2": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "ownerId description", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js deleted file mode 100644 index 02033f55cf612..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js +++ /dev/null @@ -1,155 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.withRetries = exports.handler = exports.external = void 0; -const https = require("https"); -const url = require("url"); -// for unit tests -exports.external = { - sendHttpRequest: defaultSendHttpRequest, - log: defaultLog, - includeStackTraces: true, - userHandlerIndex: './index', -}; -const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; -const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; -async function handler(event, context) { - const sanitizedEvent = { ...event, ResponseURL: '...' }; - exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); - // ignore DELETE event when the physical resource ID is the marker that - // indicates that this DELETE is a subsequent DELETE to a failed CREATE - // operation. - if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { - exports.external.log('ignoring DELETE event caused by a failed CREATE event'); - await submitResponse('SUCCESS', event); - return; - } - try { - // invoke the user handler. this is intentionally inside the try-catch to - // ensure that if there is an error it's reported as a failure to - // cloudformation (otherwise cfn waits). - // eslint-disable-next-line @typescript-eslint/no-require-imports - const userHandler = require(exports.external.userHandlerIndex).handler; - const result = await userHandler(sanitizedEvent, context); - // validate user response and create the combined event - const responseEvent = renderResponse(event, result); - // submit to cfn as success - await submitResponse('SUCCESS', responseEvent); - } - catch (e) { - const resp = { - ...event, - Reason: exports.external.includeStackTraces ? e.stack : e.message, - }; - if (!resp.PhysicalResourceId) { - // special case: if CREATE fails, which usually implies, we usually don't - // have a physical resource id. in this case, the subsequent DELETE - // operation does not have any meaning, and will likely fail as well. to - // address this, we use a marker so the provider framework can simply - // ignore the subsequent DELETE. - if (event.RequestType === 'Create') { - exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); - resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; - } - else { - // otherwise, if PhysicalResourceId is not specified, something is - // terribly wrong because all other events should have an ID. - exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); - } - } - // this is an actual error, fail the activity altogether and exist. - await submitResponse('FAILED', resp); - } -} -exports.handler = handler; -function renderResponse(cfnRequest, handlerResponse = {}) { - // if physical ID is not returned, we have some defaults for you based - // on the request type. - const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; - // if we are in DELETE and physical ID was changed, it's an error. - if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { - throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); - } - // merge request event and result event (result prevails). - return { - ...cfnRequest, - ...handlerResponse, - PhysicalResourceId: physicalResourceId, - }; -} -async function submitResponse(status, event) { - const json = { - Status: status, - Reason: event.Reason ?? status, - StackId: event.StackId, - RequestId: event.RequestId, - PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, - LogicalResourceId: event.LogicalResourceId, - NoEcho: event.NoEcho, - Data: event.Data, - }; - const parsedUrl = url.parse(event.ResponseURL); - const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; - exports.external.log('submit response to cloudformation', loggingSafeUrl, json); - const responseBody = JSON.stringify(json); - const req = { - hostname: parsedUrl.hostname, - path: parsedUrl.path, - method: 'PUT', - headers: { - 'content-type': '', - 'content-length': Buffer.byteLength(responseBody, 'utf8'), - }, - }; - const retryOptions = { - attempts: 5, - sleep: 1000, - }; - await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); -} -async function defaultSendHttpRequest(options, requestBody) { - return new Promise((resolve, reject) => { - try { - const request = https.request(options, (response) => { - response.resume(); // Consume the response but don't care about it - if (!response.statusCode || response.statusCode >= 400) { - reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); - } - else { - resolve(); - } - }); - request.on('error', reject); - request.write(requestBody); - request.end(); - } - catch (e) { - reject(e); - } - }); -} -function defaultLog(fmt, ...params) { - // eslint-disable-next-line no-console - console.log(fmt, ...params); -} -function withRetries(options, fn) { - return async (...xs) => { - let attempts = options.attempts; - let ms = options.sleep; - while (true) { - try { - return await fn(...xs); - } - catch (e) { - if (attempts-- <= 0) { - throw e; - } - await sleep(Math.floor(Math.random() * ms)); - ms *= 2; - } - } - }; -} -exports.withRetries = withRetries; -async function sleep(ms) { - return new Promise((ok) => setTimeout(ok, ms)); -} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js deleted file mode 100644 index 013bcaffd8fe5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out deleted file mode 100644 index 079dd58c72d69..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"37.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json deleted file mode 100644 index adc4aec587718..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/integ.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "enableLookups": true, - "version": "37.0.0", - "testCases": { - "SgLookupTest/DefaultTest": { - "stacks": [ - "StackWithSg" - ], - "assertionStack": "SgLookupTest/DefaultTest/DeployAssert", - "assertionStackName": "SgLookupTestDefaultTestDeployAssert9466B7BF" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json deleted file mode 100644 index 2f8ff36aefa99..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/manifest.json +++ /dev/null @@ -1,253 +0,0 @@ -{ - "version": "37.0.0", - "artifacts": { - "StackWithSg.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "StackWithSg.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "StackWithSg": { - "type": "aws:cloudformation:stack", - "environment": "aws://12345678/test-region", - "properties": { - "templateFile": "StackWithSg.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-test-region/e205a0cabbb47f8c8f8f543d0ad04ed8b26973d67ffd51d9583342d4ad69a2a9.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "StackWithSg.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "StackWithSg.assets" - ], - "metadata": { - "/StackWithSg/MyVpc/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyVpcF9F0CA6F" - } - ], - "/StackWithSg/MyVpc/RestrictDefaultSecurityGroupCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "MyVpcRestrictDefaultSecurityGroupCustomResourceA4FCCD62" - } - ], - "/StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - } - ], - "/StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" - } - ], - "/StackWithSg/MySgA/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySgAFDC270F2" - } - ], - "/StackWithSg/MySgB/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySgB343D3C61" - } - ], - "/StackWithSg/MySgC/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySgC50C8732C" - } - ], - "/StackWithSg/MySgD/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySgDA51BA0C2" - } - ], - "/StackWithSg/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/StackWithSg/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "StackWithSg" - }, - "LookupStack.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "LookupStack.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "LookupStack": { - "type": "aws:cloudformation:stack", - "environment": "aws://12345678/test-region", - "properties": { - "templateFile": "LookupStack.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-test-region/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "LookupStack.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "StackWithSg", - "LookupStack.assets" - ], - "metadata": { - "/LookupStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/LookupStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "LookupStack" - }, - "SgLookupTestDefaultTestDeployAssert9466B7BF.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "SgLookupTestDefaultTestDeployAssert9466B7BF.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "SgLookupTestDefaultTestDeployAssert9466B7BF": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "SgLookupTestDefaultTestDeployAssert9466B7BF.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "SgLookupTestDefaultTestDeployAssert9466B7BF.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "SgLookupTestDefaultTestDeployAssert9466B7BF.assets" - ], - "metadata": { - "/SgLookupTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/SgLookupTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "SgLookupTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - }, - "missing": [ - { - "key": "security-group:account=12345678:region=test-region:tags.myTag.0=my-value", - "provider": "security-group", - "props": { - "account": "12345678", - "region": "test-region", - "tags": { - "myTag": [ - "my-value" - ] - }, - "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" - } - }, - { - "key": "security-group:account=12345678:region=test-region:tagKeys.0=myTagKey", - "provider": "security-group", - "props": { - "account": "12345678", - "region": "test-region", - "tagKeys": [ - "myTagKey" - ], - "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" - } - }, - { - "key": "security-group:account=12345678:description=my-description:region=test-region", - "provider": "security-group", - "props": { - "account": "12345678", - "region": "test-region", - "description": "my-description", - "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" - } - }, - { - "key": "security-group:account=12345678:description=ownerId description:ownerId=12345678:region=test-region", - "provider": "security-group", - "props": { - "account": "12345678", - "region": "test-region", - "description": "ownerId description", - "ownerId": "12345678", - "lookupRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region" - } - } - ] -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json deleted file mode 100644 index bf8c406b81c9e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.js.snapshot/tree.json +++ /dev/null @@ -1,392 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "StackWithSg": { - "id": "StackWithSg", - "path": "StackWithSg", - "children": { - "MyVpc": { - "id": "MyVpc", - "path": "StackWithSg/MyVpc", - "children": { - "Resource": { - "id": "Resource", - "path": "StackWithSg/MyVpc/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPC", - "aws:cdk:cloudformation:props": { - "cidrBlock": "10.0.0.0/16", - "enableDnsHostnames": true, - "enableDnsSupport": true, - "instanceTenancy": "default", - "tags": [ - { - "key": "Name", - "value": "my-vpc-name" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" - } - }, - "RestrictDefaultSecurityGroupCustomResource": { - "id": "RestrictDefaultSecurityGroupCustomResource", - "path": "StackWithSg/MyVpc/RestrictDefaultSecurityGroupCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "StackWithSg/MyVpc/RestrictDefaultSecurityGroupCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" - } - }, - "Custom::VpcRestrictDefaultSGCustomResourceProvider": { - "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", - "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "StackWithSg/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "MySgA": { - "id": "MySgA", - "path": "StackWithSg/MySgA", - "children": { - "Resource": { - "id": "Resource", - "path": "StackWithSg/MySgA/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "StackWithSg/MySgA", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "myTag", - "value": "my-value" - } - ], - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "MySgB": { - "id": "MySgB", - "path": "StackWithSg/MySgB", - "children": { - "Resource": { - "id": "Resource", - "path": "StackWithSg/MySgB/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "StackWithSg/MySgB", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "myTagKey", - "value": "true" - } - ], - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "MySgC": { - "id": "MySgC", - "path": "StackWithSg/MySgC", - "children": { - "Resource": { - "id": "Resource", - "path": "StackWithSg/MySgC/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "my-description", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "MySgD": { - "id": "MySgD", - "path": "StackWithSg/MySgD", - "children": { - "Resource": { - "id": "Resource", - "path": "StackWithSg/MySgD/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "ownerId description", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "StackWithSg/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "StackWithSg/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "LookupStack": { - "id": "LookupStack", - "path": "LookupStack", - "children": { - "SgFromLookupTags": { - "id": "SgFromLookupTags", - "path": "LookupStack/SgFromLookupTags", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "SgFromLookupTagKeys": { - "id": "SgFromLookupTagKeys", - "path": "LookupStack/SgFromLookupTagKeys", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "SgFromLookupDescription": { - "id": "SgFromLookupDescription", - "path": "LookupStack/SgFromLookupDescription", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "SgFromLookupOwnerId": { - "id": "SgFromLookupOwnerId", - "path": "LookupStack/SgFromLookupOwnerId", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "LookupStack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "LookupStack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "SgLookupTest": { - "id": "SgLookupTest", - "path": "SgLookupTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "SgLookupTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "SgLookupTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "SgLookupTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "SgLookupTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "SgLookupTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts deleted file mode 100644 index 1030c57274991..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts +++ /dev/null @@ -1,56 +0,0 @@ -import * as cdk from 'aws-cdk-lib'; -import * as ec2 from 'aws-cdk-lib/aws-ec2'; - -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -const app = new cdk.App(); - -const env = { - account: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION, -}; - -// Deploy the security groups to lookup -const stack = new cdk.Stack(app, 'StackWithSg', { env }); -const testVpc = new ec2.Vpc(stack, 'MyVpc', { - vpcName: 'my-vpc-name', - ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'), - subnetConfiguration: [], - natGateways: 0, -}); -const testSgA = new ec2.SecurityGroup(stack, 'MySgA', { vpc: testVpc }); -cdk.Tags.of(testSgA).add('myTag', 'my-value'); -const testSgB = new ec2.SecurityGroup(stack, 'MySgB', { vpc: testVpc }); -cdk.Tags.of(testSgB).add('myTagKey', 'true'); -new ec2.SecurityGroup(stack, 'MySgC', { vpc: testVpc, description: 'my-description' }); -new ec2.SecurityGroup(stack, 'MySgD', { vpc: testVpc, description: 'ownerId description' }); - -// Now perform the lookups -const lookupStack = new cdk.Stack(app, 'LookupStack', { env }); -lookupStack.addDependency(stack); -ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupTags', { - tags: { - myTag: ['my-value'], - }, -}); - -ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupTagKeys', { - tagKeys: ['myTagKey'], -}); - -ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupDescription', { - description: 'my-description', -}); - -ec2.SecurityGroup.fromLookupByFilters(lookupStack, 'SgFromLookupOwnerId', { - description: 'ownerId description', - ownerId: process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, -}); - -new IntegTest(app, 'SgLookupTest', { - testCases: [stack], - enableLookups: true, -}); - -app.synth(); - diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 86e0fd78ee07c..686eb78ed2a3f 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -843,23 +843,13 @@ Alternatively, use lookup methods to import security groups if you do not know t const sg = ec2.SecurityGroup.fromLookupByName(this, 'SecurityGroupLookup', 'security-group-name', vpc); ``` -You can perform lookups based on filter conditions detailed in the [API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html). -```ts -const sg = ec2.SecurityGroup.fromLookupByFilters(this, 'SecurityGroupLookup', { - ownerId: "012345678901", - description: "my description", - tagKeys: ["tagA", "tagB"], - tags: { tagC: ["valueC", "otherValueC"], tagD: ["valueD"] } -}); -``` - If the security group ID is known and configuration details are unknown, use method `SecurityGroup.fromLookupById` instead. This method will lookup property `allowAllOutbound` from the current configuration of the security group. ```ts const sg = ec2.SecurityGroup.fromLookupById(this, 'SecurityGroupLookup', 'sg-1234'); ``` -The result of `SecurityGroup.fromLookupByName`, `SecurityGroup.fromLookupById`, and `SecurityGroup.fromLookupByFilters` operations will be written to a file called `cdk.context.json`. You must commit this file to source control so that the lookup values are available in non-privileged environments such as CI build steps, and to ensure your template builds are repeatable. +The result of `SecurityGroup.fromLookupByName` and `SecurityGroup.fromLookupById` operations will be written to a file called `cdk.context.json`. You must commit this file to source control so that the lookup values are available in non-privileged environments such as CI build steps, and to ensure your template builds are repeatable. ### Cross Stack Connections diff --git a/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts b/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts index b9c75b7589350..e774c1f9de3af 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts @@ -387,13 +387,6 @@ export class SecurityGroup extends SecurityGroupBase { return this.fromLookupAttributes(scope, id, { securityGroupName, vpc }); } - /** - * Look up a security group by filters - */ - public static fromLookupByFilters(scope: Construct, id: string, filters: SecurityGroupLookupOptions) { - return this.fromLookupAttributes(scope, id, filters); - } - /** * Import an existing security group into this app. * @@ -441,15 +434,7 @@ export class SecurityGroup extends SecurityGroupBase { * Look up a security group. */ private static fromLookupAttributes(scope: Construct, id: string, options: SecurityGroupLookupOptions) { - if ([ - options.securityGroupId, - options.securityGroupName, - options.vpc?.vpcId, - options.description, - options.ownerId, - options.tagKeys, - options.tags, - ].some(opt => Token.isUnresolved(opt))) { + if (Token.isUnresolved(options.securityGroupId) || Token.isUnresolved(options.securityGroupName) || Token.isUnresolved(options.vpc?.vpcId)) { throw new Error('All arguments to look up a security group must be concrete (no Tokens)'); } @@ -459,10 +444,6 @@ export class SecurityGroup extends SecurityGroupBase { securityGroupId: options.securityGroupId, securityGroupName: options.securityGroupName, vpcId: options.vpc?.vpcId, - description: options.description, - ownerId: options.ownerId, - tagKeys: options.tagKeys, - tags: options.tags, }, dummyValue: { securityGroupId: 'sg-12345678', @@ -835,13 +816,13 @@ function isAllTrafficRule(rule: any) { * * Either `securityGroupName` or `securityGroupId` has to be specified. */ -export interface SecurityGroupLookupOptions { +interface SecurityGroupLookupOptions { /** * The name of the security group * * If given, will import the SecurityGroup with this name. * - * @default - Don't filter on securityGroupName + * @default Don't filter on securityGroupName */ readonly securityGroupName?: string; @@ -850,7 +831,7 @@ export interface SecurityGroupLookupOptions { * * If given, will import the SecurityGroup with this ID. * - * @default - Don't filter on securityGroupId + * @default Don't filter on securityGroupId */ readonly securityGroupId?: string; @@ -859,35 +840,7 @@ export interface SecurityGroupLookupOptions { * * If given, will filter the SecurityGroup based on the VPC. * - * @default - Don't filter on VPC + * @default Don't filter on VPC */ readonly vpc?: IVpc; - - /** - * Security group description - * - * @default - Don't filter on description - */ - readonly description?: string; - - /** - * Account ID of the owner of the security group - * - * @default - Don't filter on owner ID - */ - readonly ownerId?: string; - - /** - * The keys of tags assigned to the security group - * - * @default - Don't filter on tag keys - */ - readonly tagKeys?: string[]; - - /** - * The key/value combination of a tag assigned to the security group - * - * @default - Don't filter on tags - */ - readonly tags?: Record; } diff --git a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts index cd98bd1689181..50e7f9ae5f224 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts @@ -596,30 +596,6 @@ describe('security group lookup', () => { }); - test('can look up a security group by filters', () => { - // GIVEN - const app = new App(); - const stack = new Stack(app, 'stack', { - env: { - account: '1234', - region: 'us-east-1', - }, - }); - - // WHEN - const securityGroup = SecurityGroup.fromLookupByFilters(stack, 'SG1', { - ownerId: '012345678901', - description: 'my description', - tagKeys: ['tagA', 'tagB'], - tags: { tagC: ['valueC', 'otherValueC'], tagD: ['valueD'] }, - }); - - // THEN - expect(securityGroup.securityGroupId).toEqual('sg-12345678'); - expect(securityGroup.allowAllOutbound).toEqual(true); - - }); - test('can look up a security group and use it as a peer', () => { // GIVEN const app = new App(); diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts index 92fd11f9ea376..bd35d023dfe69 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts @@ -449,34 +449,6 @@ export interface SecurityGroupContextQuery { * @default - None */ readonly vpcId?: string; - - /** - * Security group description - * - * @default - None - */ - readonly description?: string; - - /** - * Account ID of the owner of the security group - * - * @default - None - */ - readonly ownerId?: string; - - /** - * The keys of tags assigned to the security group - * - * @default - None - */ - readonly tagKeys?: string[]; - - /** - * The key/value combination of a tag assigned to the security group - * - * @default - None - */ - readonly tags?: Record; } /** diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json index 2dc1ceae0d7d9..279dfbe369073 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json @@ -870,25 +870,6 @@ "vpcId": { "description": "VPC ID (Default - None)", "type": "string" - }, - "description": { - "description": "Security group description (Default - None)", - "type": "string" - }, - "ownerId": { - "description": "Account ID of the owner of the security group (Default - None)", - "type": "string" - }, - "tagKeys": { - "description": "The keys of tags assigned to the security group (Default - None)", - "type": "array", - "items": { - "type": "string" - } - }, - "tags": { - "description": "The key/value combination of a tag assigned to the security group (Default - None)", - "$ref": "#/definitions/Record" } }, "required": [ @@ -896,9 +877,6 @@ "region" ] }, - "Record": { - "type": "object" - }, "KeyContextQuery": { "description": "Query input for looking up a KMS Key", "type": "object", diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json index 079dd58c72d69..1f0068d32659a 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"37.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/aws-cdk/lib/context-providers/security-groups.ts b/packages/aws-cdk/lib/context-providers/security-groups.ts index fa68fa4129e23..19372df9af842 100644 --- a/packages/aws-cdk/lib/context-providers/security-groups.ts +++ b/packages/aws-cdk/lib/context-providers/security-groups.ts @@ -17,6 +17,10 @@ export class SecurityGroupContextProviderPlugin implements ContextProviderPlugin throw new Error('\'securityGroupId\' and \'securityGroupName\' can not be specified both when looking up a security group'); } + if (!args.securityGroupId && !args.securityGroupName) { + throw new Error('\'securityGroupId\' or \'securityGroupName\' must be specified to look up a security group'); + } + const options = { assumeRoleArn: args.lookupRoleArn }; const ec2 = (await this.aws.forEnvironment(cxapi.EnvironmentUtils.make(account, region), Mode.ForReading, options)).sdk.ec2(); @@ -33,32 +37,6 @@ export class SecurityGroupContextProviderPlugin implements ContextProviderPlugin Values: [args.securityGroupName], }); } - if (args.description) { - filters.push({ - Name: 'description', - Values: [args.description], - }); - } - if (args.tagKeys) { - filters.push({ - Name: 'tag-key', - Values: args.tagKeys, - }); - } - if (args.ownerId) { - filters.push({ - Name: 'owner-id', - Values: [args.ownerId], - }); - } - if (args.tags) { - Object.entries(args.tags).forEach(([key, values]) => { - filters.push({ - Name: `tag:${key}`, - Values: values, - }); - }); - } const response = await ec2.describeSecurityGroups({ GroupIds: args.securityGroupId ? [args.securityGroupId] : undefined, diff --git a/packages/aws-cdk/test/context-providers/security-groups.test.ts b/packages/aws-cdk/test/context-providers/security-groups.test.ts index 2477336d98b93..c7bdc586ad7bc 100644 --- a/packages/aws-cdk/test/context-providers/security-groups.test.ts +++ b/packages/aws-cdk/test/context-providers/security-groups.test.ts @@ -1,9 +1,7 @@ -import * as AWS from 'aws-sdk-mock'; /* eslint-disable import/order */ import * as aws from 'aws-sdk'; - -import { SecurityGroupContextProviderPlugin, hasAllTrafficEgress } from '../../lib/context-providers/security-groups'; - +import * as AWS from 'aws-sdk-mock'; +import { hasAllTrafficEgress, SecurityGroupContextProviderPlugin } from '../../lib/context-providers/security-groups'; import { MockSdkProvider } from '../util/mock-sdk'; AWS.setSDK(require.resolve('aws-sdk')); @@ -228,74 +226,6 @@ describe('security group context provider plugin', () => { expect(res.allowAllOutbound).toEqual(true); }); - test('looks up by security group description, owner id, tag keys, and tags', async () => { - // GIVEN - const provider = new SecurityGroupContextProviderPlugin(mockSDK); - - AWS.mock('EC2', 'describeSecurityGroups', (_params: aws.EC2.DescribeSecurityGroupsRequest, cb: AwsCallback) => { - expect(_params).toEqual({ - GroupIds: undefined, - Filters: [ - { - Name: 'description', - Values: ['my description'], - }, - { - Name: 'tag-key', - Values: ['tagA', 'tagB'], - }, - { - Name: 'owner-id', - Values: ['012345678901'], - }, - { - Name: 'tag:tagC', - Values: ['valueC', 'otherValueC'], - }, - { - Name: 'tag:tagD', - Values: ['valueD'], - }, - ], - }); - cb(null, { - SecurityGroups: [ - { - GroupId: 'sg-1234', - IpPermissionsEgress: [ - { - IpProtocol: '-1', - IpRanges: [ - { CidrIp: '0.0.0.0/0' }, - ], - }, - { - IpProtocol: '-1', - Ipv6Ranges: [ - { CidrIpv6: '::/0' }, - ], - }, - ], - }, - ], - }); - }); - - // WHEN - const res = await provider.getValue({ - account: '1234', - region: 'us-east-1', - ownerId: '012345678901', - description: 'my description', - tagKeys: ['tagA', 'tagB'], - tags: { tagC: ['valueC', 'otherValueC'], tagD: ['valueD'] }, - }); - - // THEN - expect(res.securityGroupId).toEqual('sg-1234'); - expect(res.allowAllOutbound).toEqual(true); - }); - test('detects non all-outbound egress', async () => { // GIVEN const provider = new SecurityGroupContextProviderPlugin(mockSDK); @@ -389,6 +319,19 @@ describe('security group context provider plugin', () => { ).rejects.toThrow(/\'securityGroupId\' and \'securityGroupName\' can not be specified both when looking up a security group/i); }); + test('errors when neither securityGroupId nor securityGroupName are specified', async () => { + // GIVEN + const provider = new SecurityGroupContextProviderPlugin(mockSDK); + + // WHEN + await expect( + provider.getValue({ + account: '1234', + region: 'us-east-1', + }), + ).rejects.toThrow(/\'securityGroupId\' or \'securityGroupName\' must be specified to look up a security group/i); + }); + test('identifies allTrafficEgress from SecurityGroup permissions', () => { expect( hasAllTrafficEgress({ From 1e7c690f5ec404d7c620dc54692999fee67b3eaf Mon Sep 17 00:00:00 2001 From: Leonardo Gama <51037424+Leo10Gama@users.noreply.github.com> Date: Thu, 8 Aug 2024 16:39:18 -0700 Subject: [PATCH 19/40] fix(ec2): prevent deduplication of init command args (#30821) ### Issue # (if applicable) Closes #26221 ### Reason for this change Previously, using `ec2.InitCommand.argvCommand()` would remove some duplicate strings in the input array. This produces an incorrect command in the template, leading to unexpected behaviour. ### Description of changes An additional line was added to the `deepMerge` function that is called in the `InitConfig.bindForType()` method, which checks the key of the input array, preventing it from becoming a set (removing duplicates) if it is a list of commands. ### Description of how you validated changes A unit test was added to generate an `AWS::CloudFormation::Init` resource identical to the one reproduced in the issue. The test was run and failed before the changes were made, and following the changes in `cfn-init.ts`, the test passed. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...c2-multiple-instances-in-stack.assets.json | 4 +- ...-multiple-instances-in-stack.template.json | 25 +++++++- .../manifest.json | 7 ++- .../tree.json | 2 +- .../test/integ.instance-init-multiple.ts | 6 ++ .../manifest.json | 14 ++--- packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts | 15 +++-- .../aws-cdk-lib/aws-ec2/test/cfn-init.test.ts | 62 +++++++++++++++++++ 8 files changed, 115 insertions(+), 20 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json index 37139758282cd..efd673ae6169d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.assets.json @@ -40,7 +40,7 @@ } } }, - "55adc2a4d264e77d2c794df6cb13dd26ee0a9986d5b00a9bfe3cd48b6e0b2dfe": { + "db1c5d9623e5e22db4e511f52daf89f93fb1cbb8f325df40d03d5c50413e63a3": { "source": { "path": "integ-ec2-multiple-instances-in-stack.template.json", "packaging": "file" @@ -48,7 +48,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "55adc2a4d264e77d2c794df6cb13dd26ee0a9986d5b00a9bfe3cd48b6e0b2dfe.json", + "objectKey": "db1c5d9623e5e22db4e511f52daf89f93fb1cbb8f325df40d03d5c50413e63a3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json index 787b41606da14..e09958092be8c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/integ-ec2-multiple-instances-in-stack.template.json @@ -906,7 +906,7 @@ "Fn::Join": [ "", [ - "#!/bin/bash\n# fingerprint: 8787022e9944cbeb\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", + "#!/bin/bash\n# fingerprint: 370d9b2dcf8bf44b\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", { "Ref": "AWS::Region" }, @@ -955,6 +955,29 @@ "owner": "root", "group": "root" } + }, + "commands": { + "000": { + "command": [ + "useradd", + "-u", + "1001", + "-g", + "1001", + "eguser" + ] + }, + "001": { + "command": [ + "useradd", + "-a", + "-u", + "1001", + "-g", + "1001", + "eguser" + ] + } } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json index 9d805bac6514b..bd244eaf3c6a4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/55adc2a4d264e77d2c794df6cb13dd26ee0a9986d5b00a9bfe3cd48b6e0b2dfe.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/db1c5d9623e5e22db4e511f52daf89f93fb1cbb8f325df40d03d5c50413e63a3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -259,7 +259,10 @@ "/integ-ec2-multiple-instances-in-stack/SecondInstance/Resource": [ { "type": "aws:cdk:logicalId", - "data": "SecondInstance4834A636" + "data": "SecondInstance4834A636", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/integ-ec2-multiple-instances-in-stack/BootstrapVersion": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json index e556e0419844d..11c69d2c333ad 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.js.snapshot/tree.json @@ -1265,7 +1265,7 @@ "Fn::Join": [ "", [ - "#!/bin/bash\n# fingerprint: 8787022e9944cbeb\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", + "#!/bin/bash\n# fingerprint: 370d9b2dcf8bf44b\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ", { "Ref": "AWS::Region" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts index 87a8ab87c74e6..de01a25b4715f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init-multiple.ts @@ -55,6 +55,12 @@ class TestStack extends cdk.Stack { '/target/path/config.json', path.join(tmpDir, 'testConfigFile2'), ), + ec2.InitCommand.argvCommand([ + 'useradd', '-u', '1001', '-g', '1001', 'eguser', + ]), + ec2.InitCommand.argvCommand([ + 'useradd', '-a', '-u', '1001', '-g', '1001', 'eguser', + ]), ]), }, }), diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json index b0e1d19683224..e49e7eba966a3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/manifest.json @@ -199,7 +199,10 @@ "/integ-init/Instance2/Resource": [ { "type": "aws:cdk:logicalId", - "data": "Instance255F3526574cbd507dfce8b71" + "data": "Instance255F3526574cbd507dfce8b71", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], "/integ-init/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ @@ -219,15 +222,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "Instance255F35265a0c5f577d761edb0": [ - { - "type": "aws:cdk:logicalId", - "data": "Instance255F35265a0c5f577d761edb0", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "integ-init" diff --git a/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts b/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts index bf055b4b27a41..e97992612b233 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts @@ -311,10 +311,17 @@ function deepMerge(target?: Record, src?: Record) { if (target[key] && !Array.isArray(target[key])) { throw new Error(`Trying to merge array [${value}] into a non-array '${target[key]}'`); } - target[key] = Array.from(new Set([ - ...target[key] ?? [], - ...value, - ])); + if (key === 'command') { // don't deduplicate command arguments + target[key] = new Array( + ...target[key] ?? [], + ...value, + ); + } else { + target[key] = Array.from(new Set([ + ...target[key] ?? [], + ...value, + ])); + } continue; } if (typeof value === 'object' && value) { diff --git a/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts b/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts index bf6823a598988..0a7f5f3a7181b 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts @@ -136,6 +136,68 @@ test('empty configs are not rendered', () => { }); }); +test('duplicate config arguments not deduplicated', () => { + //GIVEN + const config = new ec2.InitConfig([ + ec2.InitCommand.argvCommand([ + 'useradd', '-u', '1001', '-g', '1001', 'eguser', + ]), + ec2.InitCommand.argvCommand([ + 'useradd', '-a', '-u', '1001', '-g', '1001', 'eguser', + ]), + ]); + + // WHEN + const init = ec2.CloudFormationInit.fromConfigSets({ + configSets: { default: ['config'] }, + configs: { config }, + }); + init.attach(resource, linuxOptions()); + + // THEN + expectMetadataLike({ + 'AWS::CloudFormation::Init': { + configSets: { + default: ['config'], + }, + config: { + commands: { + '000': { + command: ['useradd', '-u', '1001', '-g', '1001', 'eguser'], + }, + '001': { + command: ['useradd', '-a', '-u', '1001', '-g', '1001', 'eguser'], + }, + }, + }, + }, + }); +}); + +test('deepMerge properly deduplicates non-command arguments', () => { + // WHEN + const config = new ec2.InitConfig([ + ec2.InitSource.fromUrl('/tmp/blinky', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/blinky', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/pinky', 'https://amazon.com/pinky.zip'), + ec2.InitSource.fromUrl('/tmp/pinky', 'https://amazon.com/pinky.zip'), + ec2.InitSource.fromUrl('/tmp/inky', 'https://amazon.com/inky.zip'), + ec2.InitSource.fromUrl('/tmp/clyde', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/clyde', 'https://amazon.com/blinky.zip'), + ec2.InitSource.fromUrl('/tmp/clyde', 'https://amazon.com/blinky.zip'), + ]); + + // THEN + expect(config._bind(stack, linuxOptions()).config).toEqual(expect.objectContaining({ + sources: { + '/tmp/blinky': 'https://amazon.com/blinky.zip', + '/tmp/pinky': 'https://amazon.com/pinky.zip', + '/tmp/inky': 'https://amazon.com/inky.zip', + '/tmp/clyde': 'https://amazon.com/blinky.zip', + }, + })); +}); + describe('userdata', () => { let simpleInit: ec2.CloudFormationInit; beforeEach(() => { From 7c4f423bf14af996203b090429b8c59bd32f50d8 Mon Sep 17 00:00:00 2001 From: sakurai-ryo Date: Sat, 10 Aug 2024 04:24:32 +0900 Subject: [PATCH 20/40] feat(elasticloadbalancingv2): connection logs for ALB (#30599) ### Reason for this change ALB can output connection logs as well as access logs to the S3 bucket, but this is not yet supported by L2 Construct. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-connection-logs.html ### Description of changes The implementation is almost the same as for access logs. However, since connection logs are not supported by NLB, but only by ALB, the `logConnectionLogs` method is added to the `ApplicationLoadBalancer` instead of the `BaseLoadBalancer`. The needed BucketPolicy is described in the documentation only as follows, but to support buckets that still use the ACL, it is necessary to set the same policy that is currently set in the access logs. ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::elb-account-id:root" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket-name/prefix/AWSLogs/aws-account-id/*" } ] } ``` https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html#attach-bucket-policy-connection ### Description of how you validated changes add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-elbv2-integ.assets.json | 6 +- .../aws-cdk-elbv2-integ.template.json | 196 +++++++++- .../cdk.out | 2 +- ...efaultTestDeployAssertAEFAB19B.assets.json | 2 +- .../integ.json | 2 +- .../manifest.json | 16 +- .../tree.json | 231 +++++++++++- .../test/integ.alb.extended.log.ts | 10 +- ...-alb-log-imported-bucket-integ.assets.json | 6 +- ...lb-log-imported-bucket-integ.template.json | 73 +++- .../cdk.out | 2 +- ...efaultTestDeployAssert163162C1.assets.json | 2 +- .../integ.json | 2 +- .../manifest.json | 8 +- .../tree.json | 225 +++++++----- .../test/integ.alb.log.imported-bucket.ts | 1 + .../aws-cdk-elbv2-integ.assets.json | 4 +- .../aws-cdk-elbv2-integ.template.json | 87 ++++- .../integ.alb.log.js.snapshot/manifest.json | 2 +- .../test/integ.alb.log.js.snapshot/tree.json | 87 ++++- .../test/integ.alb.log.ts | 1 + .../aws-elasticloadbalancingv2/README.md | 16 + .../lib/alb/application-load-balancer.ts | 62 ++++ .../test/alb/load-balancer.test.ts | 339 ++++++++++++++++++ 24 files changed, 1234 insertions(+), 148 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json index 5f6c1f273d748..627c94b6f11d6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "33.0.0", + "version": "36.0.0", "files": { - "07df570609ba80d7ccc6a61dc96229756a5e4fc6a10d9a68ac076b94a8ce3e55": { + "dd9140945011edcbce692a37f5f7cbd8334730c6955bb30907758d7bda777b77": { "source": { "path": "aws-cdk-elbv2-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "07df570609ba80d7ccc6a61dc96229756a5e4fc6a10d9a68ac076b94a8ce3e55.json", + "objectKey": "dd9140945011edcbce692a37f5f7cbd8334730c6955bb30907758d7bda777b77.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json index ce3d2ff8e018f..428814b9ed734 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/aws-cdk-elbv2-integ.template.json @@ -412,6 +412,20 @@ { "Key": "access_logs.s3.prefix", "Value": "" + }, + { + "Key": "connection_logs.s3.enabled", + "Value": "true" + }, + { + "Key": "connection_logs.s3.bucket", + "Value": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + } + }, + { + "Key": "connection_logs.s3.prefix", + "Value": "" } ], "Scheme": "internet-facing", @@ -434,7 +448,8 @@ "Type": "application" }, "DependsOn": [ - "LBALBAccessLogsBucket6AE92937", + "LBALBAccessLogsBucketPolicy1E4EBAFE", + "LBALBConnectionLogsBucketPolicy62509153", "VPCPublicSubnet1DefaultRoute91CEF279", "VPCPublicSubnet1RouteTableAssociation0B0896DC", "VPCPublicSubnet2DefaultRouteB7481BBA", @@ -647,6 +662,185 @@ } } }, + "LBALBConnectionLogsBucket4BFA48DB": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "LoggingConfiguration": { + "LogFilePrefix": "selflog/" + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "LBALBConnectionLogsBucketPolicy62509153": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/selflog/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, "LBListener49E825B4": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out index 560dae10d018f..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"33.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json index c98fca8690504..dc7f5be9c0bd5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/cdkintegalbextendedlogDefaultTestDeployAssertAEFAB19B.assets.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json index b013204787762..28a35b8f9fe2f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "testCases": { "cdk-integ-alb-extended-log/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json index e13264e6591cb..0e3250c83fd85 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-elbv2-integ.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/07df570609ba80d7ccc6a61dc96229756a5e4fc6a10d9a68ac076b94a8ce3e55.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/dd9140945011edcbce692a37f5f7cbd8334730c6955bb30907758d7bda777b77.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -196,6 +196,18 @@ "data": "LBALBAccessLogsBucketPolicy1E4EBAFE" } ], + "/aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBALBConnectionLogsBucket4BFA48DB" + } + ], + "/aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LBALBConnectionLogsBucketPolicy62509153" + } + ], "/aws-cdk-elbv2-integ/LB/Listener/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json index 42f17234eebb4..c87d487493897 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.js.snapshot/tree.json @@ -679,6 +679,20 @@ { "key": "access_logs.s3.prefix", "value": "" + }, + { + "key": "connection_logs.s3.enabled", + "value": "true" + }, + { + "key": "connection_logs.s3.bucket", + "value": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + } + }, + { + "key": "connection_logs.s3.prefix", + "value": "" } ], "scheme": "internet-facing", @@ -964,6 +978,219 @@ "version": "0.0.0" } }, + "ALBConnectionLogsBucket": { + "id": "ALBConnectionLogsBucket", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "AES256" + } + } + ] + }, + "loggingConfiguration": { + "logFilePrefix": "selflog/" + }, + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + }, + "versioningConfiguration": { + "status": "Enabled" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-elbv2-integ/LB/ALBConnectionLogsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "LBALBConnectionLogsBucket4BFA48DB" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/selflog/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + }, + "/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "LBALBConnectionLogsBucket4BFA48DB", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, "Listener": { "id": "Listener", "path": "aws-cdk-elbv2-integ/LB/Listener", @@ -1089,7 +1316,7 @@ "path": "cdk-integ-alb-extended-log/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -1135,7 +1362,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts index 17b1a0009461e..5fc676d118357 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.extended.log.ts @@ -18,8 +18,16 @@ class ExtendedLB extends elbv2.ApplicationLoadBalancer { serverAccessLogsPrefix: 'selflog/', enforceSSL: true, }); - this.logAccessLogs(accessLogsBucket); + + const connectionLogsBucket = new s3.Bucket(this, 'ALBConnectionLogsBucket', { + blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, + encryption: s3.BucketEncryption.S3_MANAGED, + versioned: true, + serverAccessLogsPrefix: 'selflog/', + enforceSSL: true, + }); + this.logConnectionLogs(connectionLogsBucket); } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json index 3e91c58d25201..9234509c27957 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "d102d01a93a63d71a570164bdea30b0eca472ac745027643a4a1b0adb9b0640b": { + "7bcbcac4ed21e823d8252892771a6da060dd1d6110cdf42e73693f1e5c831046": { "source": { "path": "aws-cdk-alb-log-imported-bucket-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "d102d01a93a63d71a570164bdea30b0eca472ac745027643a4a1b0adb9b0640b.json", + "objectKey": "7bcbcac4ed21e823d8252892771a6da060dd1d6110cdf42e73693f1e5c831046.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json index e596a9c1e41e8..ff10559471e6d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json @@ -438,6 +438,47 @@ "Principal": { "Service": "delivery.logs.amazonaws.com" }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, "Resource": { "Fn::Join": [ "", @@ -445,21 +486,16 @@ "arn:aws:s3:::", { "Ref": "Bucket83908E77" - }, - "/prefix/AWSLogs/", - { - "Ref": "AWS::AccountId" - }, - "/*" + } ] ] } }, { - "Action": "s3:GetBucketAcl", + "Action": "s3:PutObject", "Effect": "Allow", "Principal": { - "Service": "delivery.logs.amazonaws.com" + "AWS": "arn:aws:iam::797873946194:root" }, "Resource": { "Fn::Join": [ @@ -468,7 +504,12 @@ "arn:aws:s3:::", { "Ref": "Bucket83908E77" - } + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" ] ] } @@ -499,6 +540,20 @@ { "Key": "access_logs.s3.prefix", "Value": "prefix" + }, + { + "Key": "connection_logs.s3.enabled", + "Value": "true" + }, + { + "Key": "connection_logs.s3.bucket", + "Value": { + "Ref": "Bucket83908E77" + } + }, + { + "Key": "connection_logs.s3.prefix", + "Value": "prefix-connection-log" } ], "Scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json index e45f2e7f3aa99..33278825135ec 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/cdkintegalblogimportedbucketDefaultTestDeployAssert163162C1.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json index 5198aa8d08cc7..c2f7d046cc525 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "cdk-integ-alb-log-imported-bucket/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json index 4c9a325295e57..e0362c5216bff 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-alb-log-imported-bucket-integ.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/d102d01a93a63d71a570164bdea30b0eca472ac745027643a4a1b0adb9b0640b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/7bcbcac4ed21e823d8252892771a6da060dd1d6110cdf42e73693f1e5c831046.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -178,10 +178,10 @@ "data": "Bucket83908E77" } ], - "/aws-cdk-alb-log-imported-bucket-integ/ImportedBucket/Policy/Resource": [ + "/aws-cdk-alb-log-imported-bucket-integ/ImportedBucketPolicy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ImportedBucketPolicy71C80354" + "data": "ImportedBucketPolicyAE50CA2C" } ], "/aws-cdk-alb-log-imported-bucket-integ/LB/Resource": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json index ebc9d24af07a2..f5423598f7b90 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/tree.json @@ -676,110 +676,149 @@ "ImportedBucket": { "id": "ImportedBucket", "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + }, + "ImportedBucketPolicy": { + "id": "ImportedBucketPolicy", + "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucketPolicy", "children": { - "Policy": { - "id": "Policy", - "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "Bucket83908E77" + "Resource": { + "id": "Resource", + "path": "aws-cdk-alb-log-imported-bucket-integ/ImportedBucketPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "Bucket83908E77" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } }, - "policyDocument": { - "Statement": [ + { + "Action": "s3:PutObject", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + }, + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": [ { - "Action": "s3:PutObject", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::797873946194:root" - }, - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "Bucket83908E77" - }, - "/prefix/AWSLogs/", - { - "Ref": "AWS::AccountId" - }, - "/*" - ] + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" ] - } + ] }, { - "Action": "s3:PutObject", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - }, - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "Bucket83908E77" - }, - "/prefix/AWSLogs/", - { - "Ref": "AWS::AccountId" - }, - "/*" - ] + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" ] - } - }, - { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "Bucket83908E77" - } - ] - ] - } + ] } - ], - "Version": "2012-10-17" + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + } + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:s3:::", + { + "Ref": "Bucket83908E77" + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" + ], + "Version": "2012-10-17" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "0.0.0" } }, @@ -811,6 +850,20 @@ { "key": "access_logs.s3.prefix", "value": "prefix" + }, + { + "key": "connection_logs.s3.enabled", + "value": "true" + }, + { + "key": "connection_logs.s3.bucket", + "value": { + "Ref": "Bucket83908E77" + } + }, + { + "key": "connection_logs.s3.prefix", + "value": "prefix-connection-log" } ], "scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts index 0aefeaa37378e..cd79500605179 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts @@ -27,6 +27,7 @@ const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { }); lb.logAccessLogs(importedBucket, 'prefix'); +lb.logConnectionLogs(importedBucket, 'prefix-connection-log'); const listener = lb.addListener('Listener', { port: 80, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json index 462409afac89d..19a55187da880 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.assets.json @@ -15,7 +15,7 @@ } } }, - "e8dcef11b871328ec18d29401ebba343dec78affd3ec6055ab6d8be5b9223c97": { + "c4df03d0ac9684e50da08e315219cabc9dd964956b22ef483cb737334b396ac8": { "source": { "path": "aws-cdk-elbv2-integ.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "e8dcef11b871328ec18d29401ebba343dec78affd3ec6055ab6d8be5b9223c97.json", + "objectKey": "c4df03d0ac9684e50da08e315219cabc9dd964956b22ef483cb737334b396ac8.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json index 49fdcd32c9472..77f2b0a8c6b32 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/aws-cdk-elbv2-integ.template.json @@ -487,6 +487,64 @@ "Principal": { "Service": "delivery.logs.amazonaws.com" }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, "Resource": { "Fn::Join": [ "", @@ -497,7 +555,7 @@ "Arn" ] }, - "/prefix/AWSLogs/", + "/prefix-connection-log/AWSLogs/", { "Ref": "AWS::AccountId" }, @@ -505,19 +563,6 @@ ] ] } - }, - { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -622,6 +667,20 @@ { "Key": "access_logs.s3.prefix", "Value": "prefix" + }, + { + "Key": "connection_logs.s3.enabled", + "Value": "true" + }, + { + "Key": "connection_logs.s3.bucket", + "Value": { + "Ref": "Bucket83908E77" + } + }, + { + "Key": "connection_logs.s3.prefix", + "Value": "prefix-connection-log" } ], "Scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json index 0cd90bc7f55a6..1fe10a574fc59 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/e8dcef11b871328ec18d29401ebba343dec78affd3ec6055ab6d8be5b9223c97.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/c4df03d0ac9684e50da08e315219cabc9dd964956b22ef483cb737334b396ac8.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json index 90720258641d3..819371b497c9a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.js.snapshot/tree.json @@ -764,6 +764,64 @@ "Principal": { "Service": "delivery.logs.amazonaws.com" }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix-connection-log/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/prefix/AWSLogs/", + { + "Ref": "AWS::AccountId" + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:GetBucketAcl", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::797873946194:root" + }, "Resource": { "Fn::Join": [ "", @@ -774,7 +832,7 @@ "Arn" ] }, - "/prefix/AWSLogs/", + "/prefix-connection-log/AWSLogs/", { "Ref": "AWS::AccountId" }, @@ -782,19 +840,6 @@ ] ] } - }, - { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Resource": { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -898,6 +943,20 @@ { "key": "access_logs.s3.prefix", "value": "prefix" + }, + { + "key": "connection_logs.s3.enabled", + "value": "true" + }, + { + "key": "connection_logs.s3.bucket", + "value": { + "Ref": "Bucket83908E77" + } + }, + { + "key": "connection_logs.s3.prefix", + "value": "prefix-connection-log" } ], "scheme": "internet-facing", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts index cab793d0e6a35..69a96e98340f6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.ts @@ -25,6 +25,7 @@ const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { }); lb.logAccessLogs(bucket, 'prefix'); +lb.logConnectionLogs(bucket, 'prefix-connection-log'); const listener = lb.addListener('Listener', { port: 80, diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md index 0f16e99b08917..3fbbce053d021 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md @@ -267,6 +267,22 @@ lb.logAccessLogs(bucket); ``` +### Setting up Connection Log Bucket on Application Load Balancer + +Like access log bucket, the only server-side encryption option that's supported is Amazon S3-managed keys (SSE-S3). For more information +Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html + +```ts +declare const vpc: ec2.Vpc; + +const bucket = new s3.Bucket(this, 'ALBConnectionLogsBucket',{ + encryption: s3.BucketEncryption.S3_MANAGED, +}); + +const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', { vpc }); +lb.logConnectionLogs(bucket); +``` + ## Defining a Network Load Balancer Network Load Balancers are defined in a similar way to Application Load diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts index 0ec173c7b77df..2636e26abbdd5 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts @@ -312,6 +312,68 @@ export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic } } + /** + * Enable connection logging for this load balancer. + * + * A region must be specified on the stack containing the load balancer; you cannot enable logging on + * environment-agnostic stacks. + * + * @see https://docs.aws.amazon.com/cdk/latest/guide/environments.html + */ + public logConnectionLogs(bucket: s3.IBucket, prefix?: string) { + /** + * KMS key encryption is not supported on Connection Log bucket for ALB, the bucket must use Amazon S3-managed keys (SSE-S3). + * See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html#bucket-permissions-troubleshooting-connection + */ + if (bucket.encryptionKey) { + throw new Error('Encryption key detected. Bucket encryption using KMS keys is unsupported'); + } + + prefix = prefix || ''; + this.setAttribute('connection_logs.s3.enabled', 'true'); + this.setAttribute('connection_logs.s3.bucket', bucket.bucketName.toString()); + this.setAttribute('connection_logs.s3.prefix', prefix); + + // https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html + const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com'); + bucket.addToResourcePolicy(new PolicyStatement({ + actions: ['s3:PutObject'], + principals: [this.resourcePolicyPrincipal()], + resources: [ + bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${Stack.of(this).account}/*`), + ], + })); + // We still need this policy for the bucket using the ACL + bucket.addToResourcePolicy( + new PolicyStatement({ + actions: ['s3:PutObject'], + principals: [logsDeliveryServicePrincipal], + resources: [ + bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${Stack.of(this).account}/*`), + ], + conditions: { + StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' }, + }, + }), + ); + bucket.addToResourcePolicy( + new PolicyStatement({ + actions: ['s3:GetBucketAcl'], + principals: [logsDeliveryServicePrincipal], + resources: [bucket.bucketArn], + }), + ); + + // make sure the bucket's policy is created before the ALB (see https://github.com/aws/aws-cdk/issues/1633) + // at the L1 level to avoid creating a circular dependency (see https://github.com/aws/aws-cdk/issues/27528 + // and https://github.com/aws/aws-cdk/issues/27928) + const lb = this.node.defaultChild; + const bucketPolicy = bucket.policy?.node.defaultChild; + if (lb && bucketPolicy && CfnResource.isCfnResource(lb) && CfnResource.isCfnResource(bucketPolicy)) { + lb.addDependency(bucketPolicy); + } + } + /** * Add a security group to this load balancer */ diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index 958a881846fab..6838181872275 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -645,6 +645,345 @@ describe('tests', () => { }); }); + describe('logConnectionLogs', () => { + + class ExtendedLB extends elbv2.ApplicationLoadBalancer { + constructor(scope: Construct, id: string, vpc: ec2.IVpc) { + super(scope, id, { vpc }); + + const connectionLogsBucket = new s3.Bucket(this, 'ALBConnectionLogsBucket', { + blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, + encryption: s3.BucketEncryption.S3_MANAGED, + versioned: true, + serverAccessLogsPrefix: 'selflog/', + enforceSSL: true, + }); + + this.logConnectionLogs(connectionLogsBucket); + } + } + + function loggingSetup(withEncryption: boolean = false ): { stack: cdk.Stack; bucket: s3.Bucket; lb: elbv2.ApplicationLoadBalancer } { + const app = new cdk.App(); + const stack = new cdk.Stack(app, undefined, { env: { region: 'us-east-1' } }); + const vpc = new ec2.Vpc(stack, 'Stack'); + let bucketProps = {}; + if (withEncryption) { + const kmsKey = new Key(stack, 'TestKMSKey'); + bucketProps = { ...bucketProps, encryption: s3.BucketEncryption.KMS, encyptionKey: kmsKey }; + } + const bucket = new s3.Bucket(stack, 'ConnectionLogBucket', { ...bucketProps }); + const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc }); + return { stack, bucket, lb }; + } + + test('sets load balancer attributes', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket); + + //THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + LoadBalancerAttributes: Match.arrayWith([ + { + Key: 'connection_logs.s3.enabled', + Value: 'true', + }, + { + Key: 'connection_logs.s3.bucket', + Value: { Ref: 'ConnectionLogBucketFDE8490A' }, + }, + { + Key: 'connection_logs.s3.prefix', + Value: '', + }, + ]), + }); + }); + + test('adds a dependency on the bucket', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket); + + // THEN + // verify the ALB depends on the bucket policy + Template.fromStack(stack).hasResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + DependsOn: ['ConnectionLogBucketPolicyF17C8635'], + }); + }); + + test('logging bucket permissions', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket); + + // THEN + // verify the bucket policy allows the ALB to put objects in the bucket + Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::127311923021:root']] } }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + Condition: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' } }, + }, + { + Action: 's3:GetBucketAcl', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'], + }, + }, + ], + }, + }); + }); + + test('connection logging with prefix', () => { + // GIVEN + const { stack, bucket, lb } = loggingSetup(); + + // WHEN + lb.logConnectionLogs(bucket, 'prefix-of-connection-logs'); + + // THEN + // verify that the LB attributes reference the bucket + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + LoadBalancerAttributes: Match.arrayWith([ + { + Key: 'connection_logs.s3.enabled', + Value: 'true', + }, + { + Key: 'connection_logs.s3.bucket', + Value: { Ref: 'ConnectionLogBucketFDE8490A' }, + }, + { + Key: 'connection_logs.s3.prefix', + Value: 'prefix-of-connection-logs', + }, + ]), + }); + + // verify the bucket policy allows the ALB to put objects in the bucket + Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::127311923021:root']] } }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/prefix-of-connection-logs/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': ['', [{ 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'] }, '/prefix-of-connection-logs/AWSLogs/', + { Ref: 'AWS::AccountId' }, '/*']], + }, + Condition: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' } }, + }, + { + Action: 's3:GetBucketAcl', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::GetAtt': ['ConnectionLogBucketFDE8490A', 'Arn'], + }, + }, + ], + }, + }); + }); + + test('bucket with KMS throws validation error', () => { + //GIVEN + const { stack, bucket, lb } = loggingSetup(true); + + // WHEN + const logConnectionLogFunctionTest = () => lb.logConnectionLogs(bucket); + + // THEN + // verify failure in case the connection log bucket is encrypted with KMS + expect(logConnectionLogFunctionTest).toThrow('Encryption key detected. Bucket encryption using KMS keys is unsupported'); + + }); + + test('connection logging on imported bucket', () => { + // GIVEN + const { stack, lb } = loggingSetup(); + + const bucket = s3.Bucket.fromBucketName(stack, 'ImportedConnectionLoggingBucket', 'imported-bucket'); + // Imported buckets have `autoCreatePolicy` disabled by default + bucket.policy = new s3.BucketPolicy(stack, 'ImportedConnectionLoggingBucketPolicy', { + bucket, + }); + + // WHEN + lb.logConnectionLogs(bucket); + + // THEN + // verify that the LB attributes reference the bucket + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + LoadBalancerAttributes: Match.arrayWith([ + { + Key: 'connection_logs.s3.enabled', + Value: 'true', + }, + { + Key: 'connection_logs.s3.bucket', + Value: 'imported-bucket', + }, + { + Key: 'connection_logs.s3.prefix', + Value: '', + }, + ]), + }); + + // verify the bucket policy allows the ALB to put objects in the bucket + Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::127311923021:root']] } }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':s3:::imported-bucket/AWSLogs/', + { Ref: 'AWS::AccountId' }, + '/*', + ], + ], + }, + }, + { + Action: 's3:PutObject', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':s3:::imported-bucket/AWSLogs/', + { Ref: 'AWS::AccountId' }, + '/*', + ], + ], + }, + Condition: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' } }, + }, + { + Action: 's3:GetBucketAcl', + Effect: 'Allow', + Principal: { Service: 'delivery.logs.amazonaws.com' }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':s3:::imported-bucket', + ], + ], + }, + }, + ], + }, + }); + + // verify the ALB depends on the bucket policy + Template.fromStack(stack).hasResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + DependsOn: ['ImportedConnectionLoggingBucketPolicy548EEC12'], + }); + }); + + test('does not add circular dependency on bucket with extended load balancer', () => { + // GIVEN + const { stack } = loggingSetup(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + + // WHEN + new ExtendedLB(stack, 'ExtendedLB', vpc); + + // THEN + Template.fromStack(stack).hasResource('AWS::S3::Bucket', { + Type: 'AWS::S3::Bucket', + Properties: { + AccessControl: 'LogDeliveryWrite', + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + LoggingConfiguration: { + LogFilePrefix: 'selflog/', + }, + OwnershipControls: { + Rules: [ + { + ObjectOwnership: 'ObjectWriter', + }, + ], + }, + PublicAccessBlockConfiguration: { + BlockPublicAcls: true, + BlockPublicPolicy: true, + IgnorePublicAcls: true, + RestrictPublicBuckets: true, + }, + VersioningConfiguration: { + Status: 'Enabled', + }, + }, + UpdateReplacePolicy: 'Retain', + DeletionPolicy: 'Retain', + DependsOn: Match.absent(), + }); + }); + }); + test('Exercise metrics', () => { // GIVEN const stack = new cdk.Stack(); From 62a641c1ff77270ead66113716545d415a3b18e1 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 12 Aug 2024 17:16:44 +0300 Subject: [PATCH 21/40] feat: update L1 CloudFormation resource definitions (#31086) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-acmpca │ └ resources │ └[~] resource AWS::ACMPCA::CertificateAuthority │ └ types │ └[~] type CrlConfiguration │ └ properties │ ├[+] CustomPath: string │ ├[+] MaxPartitionSizeMB: integer │ ├[+] PartitioningEnabled: boolean │ └[+] RetainExpiredCertificates: boolean ├[~] service aws-auditmanager │ └ resources │ └[~] resource AWS::AuditManager::Assessment │ └ types │ ├[~] type AWSService │ │ ├ - documentation: The `AWSService` property type specifies an AWS service such as Amazon S3 , AWS CloudTrail , and so on. │ │ │ + documentation: The `AWSService` property type specifies an such as Amazon S3 , AWS CloudTrail , and so on. │ │ └ properties │ │ └ ServiceName: (documentation changed) │ └[~] type Scope │ └ properties │ └ AwsServices: (documentation changed) ├[~] service aws-chatbot │ └ resources │ └[~] resource AWS::Chatbot::SlackChannelConfiguration │ └ properties │ └ SlackChannelId: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type DataResource │ ├ - documentation: You can configure the `DataResource` in an `EventSelector` to log data events for the following three resource types: │ │ - `AWS::DynamoDB::Table` │ │ - `AWS::Lambda::Function` │ │ - `AWS::S3::Object` │ │ To log data events for all other resource types including objects stored in [directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) , you must use [AdvancedEventSelectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) . You must also use `AdvancedEventSelectors` if you want to filter on the `eventName` field. │ │ Configure the `DataResource` to specify the resource type and resource ARNs for which you want to log data events. │ │ > The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail. │ │ The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named `DOC-EXAMPLE-BUCKET1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events. │ │ - A user uploads an image file to `DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. │ │ - A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. │ │ The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions. │ │ - A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function. │ │ - The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event. │ │ - The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event. │ │ + documentation: You can configure the `DataResource` in an `EventSelector` to log data events for the following three resource types: │ │ - `AWS::DynamoDB::Table` │ │ - `AWS::Lambda::Function` │ │ - `AWS::S3::Object` │ │ To log data events for all other resource types including objects stored in [directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) , you must use [AdvancedEventSelectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) . You must also use `AdvancedEventSelectors` if you want to filter on the `eventName` field. │ │ Configure the `DataResource` to specify the resource type and resource ARNs for which you want to log data events. │ │ > The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail. │ │ The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named `amzn-s3-demo-bucket1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events. │ │ - A user uploads an image file to `amzn-s3-demo-bucket1` . │ │ - The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. │ │ - A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::amzn-s3-demo-bucket1` . │ │ - The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. │ │ The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions. │ │ - A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function. │ │ - The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event. │ │ - The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event. │ └ properties │ └ Values: (documentation changed) ├[~] service aws-codecommit │ └ resources │ └[~] resource AWS::CodeCommit::Repository │ └ - documentation: Creates a new, empty repository. │ + documentation: Creates a new, empty repository. │ > AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. [Learn more"](https://docs.aws.amazon.com/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider) ├[~] service aws-codeconnections │ └ resources │ └[~] resource AWS::CodeConnections::Connection │ └ attributes │ └ ConnectionArn: (documentation changed) ├[~] service aws-codepipeline │ └ resources │ ├[~] resource AWS::CodePipeline::Pipeline │ │ └ types │ │ ├[+] type BeforeEntryConditions │ │ │ ├ documentation: The conditions for making checks for entry to a stage. │ │ │ │ name: BeforeEntryConditions │ │ │ └ properties │ │ │ └Conditions: Array │ │ ├[+] type Condition │ │ │ ├ documentation: The condition for the stage. A condition is made up of the rules and the result for the condition. │ │ │ │ name: Condition │ │ │ └ properties │ │ │ ├Result: string │ │ │ └Rules: Array │ │ ├[~] type FailureConditions │ │ │ └ properties │ │ │ └[+] Conditions: Array │ │ ├[+] type RuleDeclaration │ │ │ ├ documentation: Represents information about the rule to be created for an associated condition. An example would be creating a new rule for an entry condition, such as a rule that checks for a test result before allowing the run to enter the deployment stage. │ │ │ │ name: RuleDeclaration │ │ │ └ properties │ │ │ ├RuleTypeId: RuleTypeId │ │ │ ├Configuration: json │ │ │ ├InputArtifacts: Array │ │ │ ├Region: string │ │ │ ├RoleArn: string │ │ │ └Name: string │ │ ├[+] type RuleTypeId │ │ │ ├ documentation: The ID for the rule type, which is made up of the combined values for category, owner, provider, and version. │ │ │ │ name: RuleTypeId │ │ │ └ properties │ │ │ ├Owner: string │ │ │ ├Category: string │ │ │ ├Version: string │ │ │ └Provider: string │ │ ├[~] type StageDeclaration │ │ │ └ properties │ │ │ ├[+] BeforeEntry: BeforeEntryConditions │ │ │ └[+] OnSuccess: SuccessConditions │ │ └[+] type SuccessConditions │ │ ├ documentation: The conditions for making checks that, if met, succeed a stage. │ │ │ name: SuccessConditions │ │ └ properties │ │ └Conditions: Array │ └[~] resource AWS::CodePipeline::Webhook │ ├ properties │ │ └ Authentication: (documentation changed) │ └ types │ └[~] type WebhookAuthConfiguration │ └ properties │ └ SecretToken: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::LogDeliveryConfiguration │ │ ├ - documentation: The logging parameters of a user pool. │ │ │ + documentation: The logging parameters of a user pool returned in response to `GetLogDeliveryConfiguration` . │ │ ├ properties │ │ │ ├ LogConfigurations: (documentation changed) │ │ │ └ UserPoolId: (documentation changed) │ │ └ types │ │ ├[~] type CloudWatchLogsConfiguration │ │ │ └ - documentation: The CloudWatch logging destination of a user pool detailed activity logging configuration. │ │ │ + documentation: Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features. │ │ ├[+] type FirehoseConfiguration │ │ │ ├ name: FirehoseConfiguration │ │ │ └ properties │ │ │ └StreamArn: string │ │ ├[~] type LogConfiguration │ │ │ └ properties │ │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ │ ├ EventSource: (documentation changed) │ │ │ ├[+] FirehoseConfiguration: FirehoseConfiguration │ │ │ ├ LogLevel: (documentation changed) │ │ │ └[+] S3Configuration: S3Configuration │ │ └[+] type S3Configuration │ │ ├ name: S3Configuration │ │ └ properties │ │ └BucketArn: string │ └[~] resource AWS::Cognito::UserPool │ └ types │ └[~] type PasswordPolicy │ └ properties │ └[+] PasswordHistorySize: integer ├[~] service aws-datapipeline │ └ resources │ └[~] resource AWS::DataPipeline::Pipeline │ └ - documentation: The AWS::DataPipeline::Pipeline resource specifies a data pipeline that you can use to automate the movement and transformation of data. In each pipeline, you define pipeline objects, such as activities, schedules, data nodes, and resources. For information about pipeline objects and components that you can use, see [Pipeline Object Reference](https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-pipeline-objects.html) in the *AWS Data Pipeline Developer Guide* . │ The `AWS::DataPipeline::Pipeline` resource adds tasks, schedules, and preconditions to the specified pipeline. You can use `PutPipelineDefinition` to populate a new pipeline. │ `PutPipelineDefinition` also validates the configuration as it adds it to the pipeline. Changes to the pipeline are saved unless one of the following validation errors exist in the pipeline. │ - An object is missing a name or identifier field. │ - A string or reference field is empty. │ - The number of objects in the pipeline exceeds the allowed maximum number of objects. │ - The pipeline is in a FINISHED state. │ Pipeline object definitions are passed to the [PutPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_PutPipelineDefinition.html) action and returned by the [GetPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_GetPipelineDefinition.html) action. │ + documentation: The AWS::DataPipeline::Pipeline resource specifies a data pipeline that you can use to automate the movement and transformation of data. │ > AWS Data Pipeline is no longer available to new customers. Existing customers of AWS Data Pipeline can continue to use the service as normal. [Learn more](https://docs.aws.amazon.com/big-data/migrate-workloads-from-aws-data-pipeline/) │ In each pipeline, you define pipeline objects, such as activities, schedules, data nodes, and resources. │ The `AWS::DataPipeline::Pipeline` resource adds tasks, schedules, and preconditions to the specified pipeline. You can use `PutPipelineDefinition` to populate a new pipeline. │ `PutPipelineDefinition` also validates the configuration as it adds it to the pipeline. Changes to the pipeline are saved unless one of the following validation errors exist in the pipeline. │ - An object is missing a name or identifier field. │ - A string or reference field is empty. │ - The number of objects in the pipeline exceeds the allowed maximum number of objects. │ - The pipeline is in a FINISHED state. │ Pipeline object definitions are passed to the [PutPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_PutPipelineDefinition.html) action and returned by the [GetPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_GetPipelineDefinition.html) action. ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ └[~] type LaunchTemplateData │ │ └ properties │ │ └ ImageId: (documentation changed) │ ├[~] resource AWS::EC2::NetworkInsightsAnalysis │ │ └ types │ │ └[~] type AnalysisRouteTableRoute │ │ └ properties │ │ └ destinationPrefixListId: (documentation changed) │ ├[~] resource AWS::EC2::TransitGatewayAttachment │ │ └ types │ │ └[~] type Options │ │ └ properties │ │ └[-] SecurityGroupReferencingSupport: string │ ├[~] resource AWS::EC2::TransitGatewayMulticastGroupMember │ │ └ attributes │ │ └ SourceType: (documentation changed) │ ├[~] resource AWS::EC2::TransitGatewayMulticastGroupSource │ │ └ attributes │ │ └ MemberType: (documentation changed) │ └[~] resource AWS::EC2::VPCEndpoint │ └ - documentation: Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the [AWS PrivateLink User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/) . │ An endpoint of type `Interface` establishes connections between the subnets in your VPC and an AWS service , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. │ An endpoint of type `gateway` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) │ An endpoint of type `GatewayLoadBalancer` provides private connectivity between your VPC and virtual appliances from a service provider. │ + documentation: Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the [AWS PrivateLink User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/) . │ An endpoint of type `Interface` establishes connections between the subnets in your VPC and an , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. │ An endpoint of type `gateway` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) │ An endpoint of type `GatewayLoadBalancer` provides private connectivity between your VPC and virtual appliances from a service provider. ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ └[~] type AwsVpcConfiguration │ │ └ - documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ │ + documentation: An object representing the networking details for a task or service. For example `awsVpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` . │ └[~] resource AWS::ECS::TaskSet │ └ types │ └[~] type AwsVpcConfiguration │ └ - documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ + documentation: An object representing the networking details for a task or service. For example `awsVpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` . ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup │ └ types │ └[~] type TargetGroupAttribute │ └ properties │ └ Key: (documentation changed) ├[~] service aws-forecast │ └ resources │ ├[~] resource AWS::Forecast::Dataset │ │ └ - documentation: Creates an Amazon Forecast dataset. The information about the dataset that you provide helps Forecast understand how to consume the data for model training. This includes the following: │ │ - *`DataFrequency`* - How frequently your historical time-series data is collected. │ │ - *`Domain`* and *`DatasetType`* - Each dataset has an associated dataset domain and a type within the domain. Amazon Forecast provides a list of predefined domains and types within each domain. For each unique dataset domain and type within the domain, Amazon Forecast requires your data to include a minimum set of predefined fields. │ │ - *`Schema`* - A schema specifies the fields in the dataset, including the field name and data type. │ │ After creating a dataset, you import your training data into it and add the dataset to a dataset group. You use the dataset group to create a predictor. For more information, see [Importing datasets](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ │ To get a list of all your datasets, use the [ListDatasets](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasets.html) operation. │ │ For example Forecast datasets, see the [Amazon Forecast Sample GitHub repository](https://docs.aws.amazon.com/https://github.com/aws-samples/amazon-forecast-samples) . │ │ > The `Status` of a dataset must be `ACTIVE` before you can import training data. Use the [DescribeDataset](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDataset.html) operation to get the status. │ │ + documentation: Creates an Amazon Forecast dataset. │ │ > Amazon Forecast is no longer available to new customers. Existing customers of Amazon Forecast can continue to use the service as normal. [Learn more"](https://docs.aws.amazon.com/machine-learning/transition-your-amazon-forecast-usage-to-amazon-sagemaker-canvas/) │ │ The information about the dataset that you provide helps Forecast understand how to consume the data for model training. This includes the following: │ │ - *`DataFrequency`* - How frequently your historical time-series data is collected. │ │ - *`Domain`* and *`DatasetType`* - Each dataset has an associated dataset domain and a type within the domain. Amazon Forecast provides a list of predefined domains and types within each domain. For each unique dataset domain and type within the domain, Amazon Forecast requires your data to include a minimum set of predefined fields. │ │ - *`Schema`* - A schema specifies the fields in the dataset, including the field name and data type. │ │ After creating a dataset, you import your training data into it and add the dataset to a dataset group. You use the dataset group to create a predictor. For more information, see [Importing datasets](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ │ To get a list of all your datasets, use the [ListDatasets](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasets.html) operation. │ │ For example Forecast datasets, see the [Amazon Forecast Sample GitHub repository](https://docs.aws.amazon.com/https://github.com/aws-samples/amazon-forecast-samples) . │ │ > The `Status` of a dataset must be `ACTIVE` before you can import training data. Use the [DescribeDataset](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDataset.html) operation to get the status. │ └[~] resource AWS::Forecast::DatasetGroup │ └ - documentation: Creates a dataset group, which holds a collection of related datasets. You can add datasets to the dataset group when you create the dataset group, or later by using the [UpdateDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_UpdateDatasetGroup.html) operation. │ After creating a dataset group and adding datasets, you use the dataset group when you create a predictor. For more information, see [Dataset groups](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ To get a list of all your datasets groups, use the [ListDatasetGroups](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasetGroups.html) operation. │ > The `Status` of a dataset group must be `ACTIVE` before you can use the dataset group to create a predictor. To get the status, use the [DescribeDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDatasetGroup.html) operation. │ + documentation: Creates a dataset group, which holds a collection of related datasets. You can add datasets to the dataset group when you create the dataset group, or later by using the [UpdateDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_UpdateDatasetGroup.html) operation. │ > Amazon Forecast is no longer available to new customers. Existing customers of Amazon Forecast can continue to use the service as normal. [Learn more"](https://docs.aws.amazon.com/machine-learning/transition-your-amazon-forecast-usage-to-amazon-sagemaker-canvas/) │ After creating a dataset group and adding datasets, you use the dataset group when you create a predictor. For more information, see [Dataset groups](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ To get a list of all your datasets groups, use the [ListDatasetGroups](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasetGroups.html) operation. │ > The `Status` of a dataset group must be `ACTIVE` before you can use the dataset group to create a predictor. To get the status, use the [DescribeDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDatasetGroup.html) operation. ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ └ types │ └[~] type MSKSourceConfiguration │ └ properties │ └[+] ReadFromTimestamp: string ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::Function │ │ └ types │ │ └[~] type Code │ │ └ properties │ │ └[+] SourceKMSKeyArn: string │ └[~] resource AWS::Lambda::Permission │ └ properties │ ├ Principal: (documentation changed) │ ├ SourceAccount: (documentation changed) │ └ SourceArn: (documentation changed) ├[~] service aws-medialive │ └ resources │ └[~] resource AWS::MediaLive::Multiplexprogram │ └ attributes │ └ ChannelId: (documentation changed) ├[~] service aws-networkfirewall │ └ resources │ └[~] resource AWS::NetworkFirewall::LoggingConfiguration │ └ types │ └[~] type LogDestinationConfig │ └ properties │ └ LogType: (documentation changed) ├[~] service aws-networkmanager │ └ resources │ ├[~] resource AWS::NetworkManager::ConnectAttachment │ │ ├ properties │ │ │ ├[+] NetworkFunctionGroupName: string │ │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ │ └ types │ │ └[+] type ProposedNetworkFunctionGroupChange │ │ ├ documentation: Describes proposed changes to a network function group. │ │ │ name: ProposedNetworkFunctionGroupChange │ │ └ properties │ │ ├Tags: Array │ │ ├AttachmentPolicyRuleNumber: integer │ │ └NetworkFunctionGroupName: string │ ├[~] resource AWS::NetworkManager::CoreNetwork │ │ ├ attributes │ │ │ └[+] NetworkFunctionGroups: Array │ │ └ types │ │ ├[+] type CoreNetworkNetworkFunctionGroup │ │ │ ├ documentation: Describes a network function group. │ │ │ │ name: CoreNetworkNetworkFunctionGroup │ │ │ └ properties │ │ │ ├Name: string │ │ │ ├EdgeLocations: Array │ │ │ └Segments: Segments │ │ └[+] type Segments │ │ ├ name: Segments │ │ └ properties │ │ ├SendTo: Array │ │ └SendVia: Array │ ├[~] resource AWS::NetworkManager::SiteToSiteVpnAttachment │ │ ├ properties │ │ │ ├[+] NetworkFunctionGroupName: string │ │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ │ └ types │ │ └[+] type ProposedNetworkFunctionGroupChange │ │ ├ documentation: Describes proposed changes to a network function group. │ │ │ name: ProposedNetworkFunctionGroupChange │ │ └ properties │ │ ├Tags: Array │ │ ├AttachmentPolicyRuleNumber: integer │ │ └NetworkFunctionGroupName: string │ ├[~] resource AWS::NetworkManager::TransitGatewayRouteTableAttachment │ │ ├ properties │ │ │ ├[+] NetworkFunctionGroupName: string │ │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ │ └ types │ │ └[+] type ProposedNetworkFunctionGroupChange │ │ ├ documentation: Describes proposed changes to a network function group. │ │ │ name: ProposedNetworkFunctionGroupChange │ │ └ properties │ │ ├Tags: Array │ │ ├AttachmentPolicyRuleNumber: integer │ │ └NetworkFunctionGroupName: string │ └[~] resource AWS::NetworkManager::VpcAttachment │ ├ properties │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ ├ attributes │ │ └[+] NetworkFunctionGroupName: string │ └ types │ └[+] type ProposedNetworkFunctionGroupChange │ ├ documentation: Describes proposed changes to a network function group. │ │ name: ProposedNetworkFunctionGroupChange │ └ properties │ ├Tags: Array │ ├AttachmentPolicyRuleNumber: integer │ └NetworkFunctionGroupName: string ├[~] service aws-osis │ └ resources │ └[~] resource AWS::OSIS::Pipeline │ └ types │ ├[~] type VpcAttachmentOptions │ │ ├ - documentation: Options for attaching a VPC to the pipeline. │ │ │ + documentation: Options for attaching a VPC to pipeline. │ │ └ properties │ │ └ AttachToVpc: (documentation changed) │ └[~] type VpcOptions │ └ properties │ └ VpcAttachmentOptions: (documentation changed) ├[~] service aws-pipes │ └ resources │ └[~] resource AWS::Pipes::Pipe │ └ types │ └[~] type S3LogDestination │ └ properties │ └ OutputFormat: (documentation changed) ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ └ properties │ ├ RestoreTime: (documentation changed) │ └ UseLatestRestorableTime: (documentation changed) ├[~] service aws-redshift │ └ resources │ └[~] resource AWS::Redshift::Cluster │ └ types │ └[~] type LoggingProperties │ └ properties │ ├[+] LogDestinationType: string │ └[+] LogExports: Array ├[~] service aws-rolesanywhere │ └ resources │ └[~] resource AWS::RolesAnywhere::Profile │ └ properties │ └[+] AcceptRoleSessionName: boolean ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::ResolverRule │ └ properties │ ├[+] DelegationRecord: string │ └ DomainName: - string (required, immutable?) │ + string (immutable?) ├[~] service aws-s3 │ └ resources │ ├[~] resource AWS::S3::AccessPoint │ │ └ types │ │ └[~] type PublicAccessBlockConfiguration │ │ └ properties │ │ └ RestrictPublicBuckets: (documentation changed) │ ├[~] resource AWS::S3::Bucket │ │ └ types │ │ └[~] type PublicAccessBlockConfiguration │ │ └ properties │ │ └ RestrictPublicBuckets: (documentation changed) │ └[~] resource AWS::S3::MultiRegionAccessPoint │ └ types │ └[~] type PublicAccessBlockConfiguration │ └ properties │ └ RestrictPublicBuckets: (documentation changed) ├[~] service aws-s3objectlambda │ └ resources │ └[~] resource AWS::S3ObjectLambda::AccessPoint │ └ types │ └[~] type PublicAccessBlockConfiguration │ └ properties │ └ RestrictPublicBuckets: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ └[~] resource AWS::SageMaker::ModelPackage │ ├ properties │ │ └ ModelCard: (documentation changed) │ └ types │ ├[~] type ModelAccessConfig │ │ ├ - documentation: Specifies the access configuration file for the ML model. │ │ │ + documentation: The access configuration file to control access to the ML model. You can explicitly accept the model end-user license agreement (EULA) within the `ModelAccessConfig` . │ │ │ - If you are a Jumpstart user, see the [End-user license agreements](https://docs.aws.amazon.com/sagemaker/latest/dg/jumpstart-foundation-models-choose.html#jumpstart-foundation-models-choose-eula) section for more details on accepting the EULA. │ │ │ - If you are an AutoML user, see the *Optional Parameters* section of *Create an AutoML job to fine-tune text generation models using the API* for details on [How to set the EULA acceptance when fine-tuning a model using the AutoML API](https://docs.aws.amazon.com/sagemaker/latest/dg/autopilot-create-experiment-finetune-llms.html#autopilot-llms-finetuning-api-optional-params) . │ │ └ properties │ │ └ AcceptEula: (documentation changed) │ ├[~] type ModelCard │ │ ├ - documentation: The model card associated with the model package. │ │ │ + documentation: An Amazon SageMaker Model Card. │ │ └ properties │ │ └ ModelCardStatus: (documentation changed) │ ├[~] type ModelDataSource │ │ └ - documentation: Specifies the location of ML model data to deploy during endpoint creation. │ │ + documentation: Specifies the location of ML model data to deploy. If specified, you must specify one and only one of the available data sources. │ └[~] type S3ModelDataSource │ └ properties │ ├ CompressionType: (documentation changed) │ ├ ModelAccessConfig: (documentation changed) │ └ S3DataType: (documentation changed) ├[~] service aws-securityhub │ └ resources │ ├[~] resource AWS::SecurityHub::AutomationRule │ │ └ types │ │ └[~] type AutomationRulesFindingFilters │ │ └ properties │ │ └ ResourceId: (documentation changed) │ ├[~] resource AWS::SecurityHub::ConfigurationPolicy │ │ └ types │ │ └[~] type Policy │ │ └ properties │ │ └ SecurityHub: (documentation changed) │ ├[~] resource AWS::SecurityHub::Insight │ │ └ types │ │ └[~] type AwsSecurityFindingFilters │ │ └ properties │ │ └ ComplianceSecurityControlId: (documentation changed) │ └[~] resource AWS::SecurityHub::SecurityControl │ └ properties │ └ SecurityControlId: (documentation changed) └[~] service aws-ssm └ resources └[~] resource AWS::SSM::PatchBaseline └ types └[~] type Rule └ properties ├ ApproveAfterDays: (documentation changed) └ ApproveUntilDate: (documentation changed) ``` --- .../@aws-cdk/cloudformation-diff/package.json | 4 +- packages/@aws-cdk/integ-runner/package.json | 2 +- packages/aws-cdk-lib/package.json | 2 +- tools/@aws-cdk/spec2cdk/package.json | 6 +-- yarn.lock | 37 ++++++++----------- 5 files changed, 22 insertions(+), 29 deletions(-) diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index d1e4c41c3e161..2ec6a62fd0000 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.15", - "@aws-cdk/service-spec-types": "^0.0.83", + "@aws-cdk/aws-service-spec": "^0.1.16", + "@aws-cdk/service-spec-types": "^0.0.84", "chalk": "^4", "diff": "^5.2.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 4891fc574f029..dbee08ff27271 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.1.15", + "@aws-cdk/aws-service-spec": "^0.1.16", "cdk-assets": "0.0.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 37210abcc99f6..44e30b2551662 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -135,7 +135,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.1.15", + "@aws-cdk/aws-service-spec": "^0.1.16", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index 20ade16f95420..ee14350a750e6 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.15", - "@aws-cdk/service-spec-importers": "^0.0.43", - "@aws-cdk/service-spec-types": "^0.0.83", + "@aws-cdk/aws-service-spec": "^0.1.16", + "@aws-cdk/service-spec-importers": "^0.0.44", + "@aws-cdk/service-spec-types": "^0.0.84", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index b446bece17399..3417615880ecf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -51,12 +51,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523" integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg== -"@aws-cdk/aws-service-spec@^0.1.15": - version "0.1.15" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.15.tgz#2d4ab7b847ddc255e5d3a300bb91905c513ffac4" - integrity sha512-r5hNmHKqsuY+Y3bh0TLOTla0yORh3e6o79pOUkDRwyL1tdcds2ziY1Kc967KJDcET5Tn1zvoxTuksD40abmKhw== +"@aws-cdk/aws-service-spec@^0.1.16": + version "0.1.16" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.16.tgz#2cb1f7b1783c4dc362492296ebf61c7fd5cc88c7" + integrity sha512-9NX+04puH6zkTQY2shOzSWa8Ge1sdz0M4sqZw/UI9mgHbflfhxgSkjTwz6Fe/B3FH3ZA1RXl/wW6ThEqeAb3fw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.83" + "@aws-cdk/service-spec-types" "^0.0.84" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": @@ -74,12 +74,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v30/-/lambda-layer-kubectl-v30-2.0.0.tgz#97c40d31e5350ce7170be5d188361118b1e39231" integrity sha512-yES6NfrJ3QV1372lAZ2FLXp/no4bqDWBXeSREJdrpWjQzD0wvL/hCpHEyjZrzHhOi27YbMxFTQ3g9isKAul8+A== -"@aws-cdk/service-spec-importers@^0.0.43": - version "0.0.43" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.43.tgz#94de14d9d21243c213de448edf14f3b83db76086" - integrity sha512-iu1uOGyzI/MF5y3WL/7txu81Bw9KoxgD+dO+M1yLhwKY7zJR6HulQ2FCZCAAU4CDHpXXbpdEz3vY5G692a8uBA== +"@aws-cdk/service-spec-importers@^0.0.44": + version "0.0.44" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.44.tgz#8a2c55e69f1fd33ff19877e7eb82d87cf35cd229" + integrity sha512-Oo5qbamIPx/YOeZlmxNJsenPvNkyaofgieWhZavqhAgk0H5VCis4/stxnUwZzsu3Bc7SCg/vQRILDt4oGt981Q== dependencies: - "@aws-cdk/service-spec-types" "^0.0.82" + "@aws-cdk/service-spec-types" "^0.0.84" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -90,17 +90,10 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.82": - version "0.0.82" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.82.tgz#f677f017fd54b311092af7721946b6464ae100f6" - integrity sha512-8vdhrkYq3p1kg7WY4thblhin8djcKCf1MfcESFoYa5dG8zu9DmdBNXUFx8GiXjkHXADGrPK2/jaL1XhK4qkLpw== - dependencies: - "@cdklabs/tskb" "^0.0.3" - -"@aws-cdk/service-spec-types@^0.0.83": - version "0.0.83" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.83.tgz#20337cb6adde4627ffbcc624fc43e3ae042e746c" - integrity sha512-M3G0UiTKm81SCK9tTSfzmnojg5Mx/NQ3nsIQUIYNmlYHaw/EM9A933sjSv02lJt42fIqnzNjWOH1wiwQFnX28Q== +"@aws-cdk/service-spec-types@^0.0.84": + version "0.0.84" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.84.tgz#b6fa7429bb556d26eb39c18a2ee9802079bdb234" + integrity sha512-AM3ghRsd9cZlpW+nuVRRdQiPuGV9iWDyHnR/Vjd9xKQEf+Qmh9vnRmB205rFncAIlbFjHXxgapII+lujHCGDmQ== dependencies: "@cdklabs/tskb" "^0.0.3" @@ -16824,4 +16817,4 @@ zip-stream@^4.1.0: dependencies: archiver-utils "^3.0.4" compress-commons "^4.1.2" - readable-stream "^3.6.0" \ No newline at end of file + readable-stream "^3.6.0" From 501a4f1a81983992ec04a1acbed84d09e9470f8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:52:07 +0000 Subject: [PATCH 22/40] chore(deps): bump certifi from 2023.7.22 to 2024.7.4 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv (#31087) Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2023.7.22&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-pipenv/Pipfile.lock | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock index 76849b1bba333..56c424a77a645 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock @@ -16,11 +16,12 @@ "default": { "certifi": { "hashes": [ - "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082", - "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9" + "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", + "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90" ], + "index": "pypi", "markers": "python_version >= '3.6'", - "version": "==2023.7.22" + "version": "==2024.7.4" }, "charset-normalizer": { "hashes": [ From 7d2e9d0aa541cc59591dde993f8444f0e46cf65d Mon Sep 17 00:00:00 2001 From: Ashish Dhingra <67916761+ashishdhingra@users.noreply.github.com> Date: Mon, 12 Aug 2024 10:46:21 -0700 Subject: [PATCH 23/40] chore(rds): added Postgres 16.4 version (#31088) ### Issue # (if applicable) Closes #31081. ### Reason for this change Per [PostgreSQL version 16.4 on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-versions.html#postgresql-versions-version164), PostgreSQL version 16.4 is now available on Amazon RDS. Executing AWS CLI command `aws rds describe-db-engine-versions --engine postgres --output table --query 'DBEngineVersions[*].{Engine:Engine,EngineVersion:EngineVersion}'` also lists `16.4` as one of the supported versions. ### Description of changes Added `16.4` version to [PostgresEngineVersion](https://github.com/aws/aws-cdk/blob/501a4f1a81983992ec04a1acbed84d09e9470f8c/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts#L1014C14-L1014C35) class. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index 9ed03ee7da226..601063f816318 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -1669,6 +1669,8 @@ export class PostgresEngineVersion { public static readonly VER_16_2 = PostgresEngineVersion.of('16.2', '16', { s3Import: true, s3Export: true }); /** Version "16.3". */ public static readonly VER_16_3 = PostgresEngineVersion.of('16.3', '16', { s3Import: true, s3Export: true }); + /** Version "16.4". */ + public static readonly VER_16_4 = PostgresEngineVersion.of('16.4', '16', { s3Import: true, s3Export: true }); /** * Create a new PostgresEngineVersion with an arbitrary version. From cf0a91b45a3baf4cc745957c7c59032396053cd2 Mon Sep 17 00:00:00 2001 From: Perry Son <13183804+perrylson@users.noreply.github.com> Date: Mon, 12 Aug 2024 13:02:22 -0700 Subject: [PATCH 24/40] docs(cloudfront): fix typos (#31018) Some typo fixes in the CloudFrontWebDistribution docs. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts index c0fd28b157416..50f2d304b3aee 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/web-distribution.ts @@ -129,7 +129,7 @@ interface SourceConfigurationRender { /** * A source configuration is a wrapper for CloudFront origins and behaviors. - * An origin is what CloudFront will "be in front of" - that is, CloudFront will pull it's assets from an origin. + * An origin is what CloudFront will "be in front of" - that is, CloudFront will pull its assets from an origin. * * If you're using s3 as a source - pass the `s3Origin` property, otherwise, pass the `customOriginSource` property. * @@ -479,7 +479,7 @@ export interface LambdaFunctionAssociation { /** * Allows a Lambda function to have read access to the body content. * Only valid for "request" event types (`ORIGIN_REQUEST` or `VIEWER_REQUEST`). - * See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html + * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html * * @default false */ @@ -736,7 +736,7 @@ export interface CloudFrontWebDistributionAttributes { * }); * ``` * - * This will create a CloudFront distribution that uses your S3Bucket as it's origin. + * This will create a CloudFront distribution that uses your S3Bucket as its origin. * * You can customize the distribution using additional properties from the CloudFrontWebDistributionProps interface. * From 1f0ba9612fbe2eff52b82ce6fc84d40a3a229d34 Mon Sep 17 00:00:00 2001 From: shikha372 Date: Mon, 12 Aug 2024 13:33:33 -0700 Subject: [PATCH 25/40] chore(template): adding regression info in the bug template (#31057) ### Issue # (if applicable) Closes . ### Reason for this change Update bug template for users to inform about the code changes that resulted in breaking changes. ### Description of changes - Adding checkbox to indicate whether this bug is a regression - Add option of an input for adding last known CDK version - Add GH workflow to run when an issue is opened or edit, workflow will add label `potential-regression` on the basis whether checkbox is selected in [issue template or not.](https://github.com/shikha372/aws-cdk/blob/regression_template/.github/ISSUE_TEMPLATE/bug-report.yml) ### Description of how you validated changes Validated template [here](https://github.com/shikha372/aws-cdk/blob/regression_template/.github/ISSUE_TEMPLATE/bug-report.yml) Label : potential-regression (will be created after approval) Label will removed if this option is unchecked and added if this option is checked. Verified with sample issue in personal repo [here](https://github.com/shikha372/aws-cdk/actions/runs/10326894628), can be tested on sample [github issue ](https://github.com/shikha372/aws-cdk/issues/2)created in personal repo. Result will be seen in [github actions](https://github.com/shikha372/aws-cdk/actions). Sample issue: https://github.com/shikha372/aws-cdk/issues/2 Sample run: https://github.com/shikha372/aws-cdk/actions/runs/10326894628/job/28591182838 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/ISSUE_TEMPLATE/bug-report.yml | 15 +++++++++ .../workflows/issue-regression-labeler.yml | 32 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 .github/workflows/issue-regression-labeler.yml diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index c3843d23481d8..7512a919e56fb 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -20,6 +20,21 @@ body: description: What is the problem? A clear and concise description of the bug. validations: required: true + - type: checkboxes + id: regression + attributes: + label: Regression Issue + description: What is a regression? If it worked in a previous version but doesn’t in the latest version, it’s considered a regression. In this case, please provide specific version number in the report. + options: + - label: Select this option if this issue appears to be a regression. + required: false + - type: input + id: working-version + attributes: + label: Last Known Working CDK Version + description: Specify the last known CDK version where this code was functioning as expected (if applicable). + validations: + required: false - type: textarea id: expected attributes: diff --git a/.github/workflows/issue-regression-labeler.yml b/.github/workflows/issue-regression-labeler.yml new file mode 100644 index 0000000000000..bd000719d101b --- /dev/null +++ b/.github/workflows/issue-regression-labeler.yml @@ -0,0 +1,32 @@ +# Apply potential regression label on issues +name: issue-regression-label +on: + issues: + types: [opened, edited] +jobs: + add-regression-label: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Fetch template body + id: check_regression + uses: actions/github-script@v7 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TEMPLATE_BODY: ${{ github.event.issue.body }} + with: + script: | + const regressionPattern = /\[x\] Select this option if this issue appears to be a regression\./i; + const template = `${process.env.TEMPLATE_BODY}` + const match = regressionPattern.test(template); + core.setOutput('is_regression', match); + - name: Manage regression label + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + if [ "${{ steps.check_regression.outputs.is_regression }}" == "true" ]; then + gh issue edit ${{ github.event.issue.number }} --add-label "potential-regression" -R ${{ github.repository }} + else + gh issue edit ${{ github.event.issue.number }} --remove-label "potential-regression" -R ${{ github.repository }} + fi From 4987ef211b6e5daa37e0a392edec930c8a10ab9a Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Tue, 13 Aug 2024 07:11:17 +0900 Subject: [PATCH 26/40] chore(bedrock): support Titan Image Generator v2 (#31045) Add new foundation model. Ref: * https://aws.amazon.com/about-aws/whats-new/2024/08/titan-image-generator-v2-amazon-bedrock/ * https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts index daacd34ef584d..fd1881119b336 100644 --- a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts +++ b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts @@ -50,6 +50,9 @@ export class FoundationModelIdentifier { /** Base model "amazon.titan-image-generator-v1:0". */ public static readonly AMAZON_TITAN_IMAGE_GENERATOR_V1_0 = new FoundationModelIdentifier('amazon.titan-image-generator-v1:0'); + /** Base model "amazon.titan-image-generator-v2:0". */ + public static readonly AMAZON_TITAN_IMAGE_GENERATOR_V2_0 = new FoundationModelIdentifier('amazon.titan-image-generator-v2:0'); + /** Base model "amazon.titan-embed-image-v1:0". */ public static readonly AMAZON_TITAN_EMBED_IMAGE_V1_0 = new FoundationModelIdentifier('amazon.titan-embed-image-v1:0'); From 1eb4f644f44dbe3a90d01bec54e122c6db2a6491 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Wed, 14 Aug 2024 01:42:13 +0900 Subject: [PATCH 27/40] chore(rds): add missing RDS instance engine versions for PostgreSQL, MySQL, and SQL Server (#31095) Add the instance engines that were added in the following updates. #### PostgreSQL [Amazon RDS for PostgreSQL supports minor versions 16.4, 15.8, 14.13, 13.16, and 12.20 ](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-for-postgresql-supports-minor-versions/) * 16.4 was added in #31088 #### MySQL [Amazon RDS for MySQL supports new minor version 8.0.39 ](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-mysql-new-minor-version-8-0-39/) * Note: 8.0.38 does not exist ([Ref](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Concepts.VersionMgmt.html)). #### SQL Server [Amazon RDS for SQL Server supports minor versions 2016 GDR, 2017 CU31 GDR, 2019 GDR, 2022 GDR](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-sql-server-minor-versions-gdr/) [Amazon RDS for SQL Server supports minor version 2019 CU27 ](https://aws.amazon.com/about-aws/whats-new/2024/07/amazon-rds-sql-server-minor-version-2019-cu27/?nc1=h_ls) * The exact engine names were obtained using the following command: ```sh % aws rds describe-db-engine-versions --engine sqlserver-ee --query 'DBEngineVersions[*].EngineVersion' --output table --region us-east-1 // result -------------------------- |DescribeDBEngineVersions| +------------------------+ // omit | 13.00.6441.1.v1 | // omit | 14.00.3471.2.v1 | // omit | 15.00.4375.4.v1 | | 15.00.4382.1.v1 | // omit | 16.00.4131.2.v1 | +------------------------+ ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-rds/lib/instance-engine.ts | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index 601063f816318..3c0b256f6e687 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -936,6 +936,8 @@ export class MysqlEngineVersion { public static readonly VER_8_0_36 = MysqlEngineVersion.of('8.0.36', '8.0'); /** Version "8.0.37". */ public static readonly VER_8_0_37 = MysqlEngineVersion.of('8.0.37', '8.0'); + /** Version "8.0.39". */ + public static readonly VER_8_0_39 = MysqlEngineVersion.of('8.0.39', '8.0'); /** * Create a new MysqlEngineVersion with an arbitrary version. @@ -1525,6 +1527,8 @@ export class PostgresEngineVersion { public static readonly VER_12_18 = PostgresEngineVersion.of('12.18', '12', { s3Import: true, s3Export: true }); /** Version "12.19". */ public static readonly VER_12_19 = PostgresEngineVersion.of('12.19', '12', { s3Import: true, s3Export: true }); + /** Version "12.20". */ + public static readonly VER_12_20 = PostgresEngineVersion.of('12.20', '12', { s3Import: true, s3Export: true }); /** Version "13" (only a major version, without a specific minor version). */ public static readonly VER_13 = PostgresEngineVersion.of('13', '13', { s3Import: true, s3Export: true }); @@ -1588,6 +1592,8 @@ export class PostgresEngineVersion { public static readonly VER_13_14 = PostgresEngineVersion.of('13.14', '13', { s3Import: true, s3Export: true }); /** Version "13.15". */ public static readonly VER_13_15 = PostgresEngineVersion.of('13.15', '13', { s3Import: true, s3Export: true }); + /** Version "13.16". */ + public static readonly VER_13_16 = PostgresEngineVersion.of('13.16', '13', { s3Import: true, s3Export: true }); /** Version "14" (only a major version, without a specific minor version). */ public static readonly VER_14 = PostgresEngineVersion.of('14', '14', { s3Import: true, s3Export: true }); @@ -1639,6 +1645,8 @@ export class PostgresEngineVersion { public static readonly VER_14_11 = PostgresEngineVersion.of('14.11', '14', { s3Import: true, s3Export: true }); /** Version "14.12". */ public static readonly VER_14_12 = PostgresEngineVersion.of('14.12', '14', { s3Import: true, s3Export: true }); + /** Version "14.13". */ + public static readonly VER_14_13 = PostgresEngineVersion.of('14.13', '14', { s3Import: true, s3Export: true }); /** Version "15" (only a major version, without a specific minor version). */ public static readonly VER_15 = PostgresEngineVersion.of('15', '15', { s3Import: true, s3Export: true }); @@ -1660,6 +1668,8 @@ export class PostgresEngineVersion { public static readonly VER_15_6 = PostgresEngineVersion.of('15.6', '15', { s3Import: true, s3Export: true }); /** Version "15.7". */ public static readonly VER_15_7 = PostgresEngineVersion.of('15.7', '15', { s3Import: true, s3Export: true }); + /** Version "15.8". */ + public static readonly VER_15_8 = PostgresEngineVersion.of('15.8', '15', { s3Import: true, s3Export: true }); /** Version "16" (only a major version, without a specific minor version). */ public static readonly VER_16 = PostgresEngineVersion.of('16', '16', { s3Import: true, s3Export: true }); @@ -2549,6 +2559,8 @@ export class SqlServerEngineVersion { public static readonly VER_13_00_6430_49_V1 = SqlServerEngineVersion.of('13.00.6430.49.v1', '13.00'); /** Version "13.00.6435.1.v1". */ public static readonly VER_13_00_6435_1_V1 = SqlServerEngineVersion.of('13.00.6435.1.v1', '13.00'); + /** Version "13.00.6441.1.v1". */ + public static readonly VER_13_00_6441_1_V1 = SqlServerEngineVersion.of('13.00.6441.1.v1', '13.00'); /** Version "14.00" (only a major version, without a specific minor version). */ public static readonly VER_14 = SqlServerEngineVersion.of('14.00', '14.00'); @@ -2600,6 +2612,8 @@ export class SqlServerEngineVersion { public static readonly VER_14_00_3460_9_V1 = SqlServerEngineVersion.of('14.00.3460.9.v1', '14.00'); /** Version "14.00.3465.1.v1". */ public static readonly VER_14_00_3465_1_V1 = SqlServerEngineVersion.of('14.00.3465.1.v1', '14.00'); + /** Version "14.00.3471.2.v1 ". */ + public static readonly VER_14_00_3471_2_V1 = SqlServerEngineVersion.of('14.00.3471.2.v1 ', '14.00'); /** Version "15.00" (only a major version, without a specific minor version). */ public static readonly VER_15 = SqlServerEngineVersion.of('15.00', '15.00'); @@ -2632,6 +2646,10 @@ export class SqlServerEngineVersion { public static readonly VER_15_00_4345_5_V1 = SqlServerEngineVersion.of('15.00.4345.5.v1', '15.00'); /** Version "15.00.4365.2.v1". */ public static readonly VER_15_00_4365_2_V1 = SqlServerEngineVersion.of('15.00.4365.2.v1', '15.00'); + /** Version "15.00.4375.4.v1". */ + public static readonly VER_15_00_4375_4_V1 = SqlServerEngineVersion.of('15.00.4375.4.v1', '15.00'); + /** Version "15.00.4382.1.v1". */ + public static readonly VER_15_00_4382_1_V1 = SqlServerEngineVersion.of('15.00.4382.1.v1', '15.00'); /** Version "16.00" (only a major version, without a specific minor version). */ public static readonly VER_16 = SqlServerEngineVersion.of('16.00', '16.00'); @@ -2647,6 +2665,8 @@ export class SqlServerEngineVersion { public static readonly VER_16_00_4120_1_V1 = SqlServerEngineVersion.of('16.00.4120.1.v1', '16.00'); /** Version "16.00.4125.3.v1". */ public static readonly VER_16_00_4125_3_V1 = SqlServerEngineVersion.of('16.00.4125.3.v1', '16.00'); + /** Version "16.00.4131.2.v1". */ + public static readonly VER_16_00_4131_2_V1 = SqlServerEngineVersion.of('16.00.4131.2.v1', '16.00'); /** * Create a new SqlServerEngineVersion with an arbitrary version. From db45f3ba2e31c257917011bffdf6311d1cbd541c Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Wed, 14 Aug 2024 02:13:26 +0900 Subject: [PATCH 28/40] chore(rds): add Aurora PostgreSQL cluster engine version 14.12, 13.15 and 12.19 (#31094) Add the cluster engines that were added in the following update. [Amazon Aurora supports PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 ](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-aurora-postgresql-new-version-support/) * 16.3 was added in #31003 * 15.7 was added in #31085 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts index 53c3ace4aa99f..2dc660f309c18 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts @@ -946,6 +946,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_12_17 = AuroraPostgresEngineVersion.of('12.17', '12', { s3Import: true, s3Export: true }); /** Version "12.18". */ public static readonly VER_12_18 = AuroraPostgresEngineVersion.of('12.18', '12', { s3Import: true, s3Export: true }); + /** Version "12.19". */ + public static readonly VER_12_19 = AuroraPostgresEngineVersion.of('12.19', '12', { s3Import: true, s3Export: true }); /** * Version "13.3". * @deprecated Version 13.3 is no longer supported by Amazon RDS. @@ -982,6 +984,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_13_13 = AuroraPostgresEngineVersion.of('13.13', '13', { s3Import: true, s3Export: true }); /** Version "13.14". */ public static readonly VER_13_14 = AuroraPostgresEngineVersion.of('13.14', '13', { s3Import: true, s3Export: true }); + /** Version "13.15". */ + public static readonly VER_13_15 = AuroraPostgresEngineVersion.of('13.15', '13', { s3Import: true, s3Export: true }); /** Version "14.3". */ public static readonly VER_14_3 = AuroraPostgresEngineVersion.of('14.3', '14', { s3Import: true, s3Export: true }); /** Version "14.4". */ @@ -1000,6 +1004,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_14_10 = AuroraPostgresEngineVersion.of('14.10', '14', { s3Import: true, s3Export: true }); /** Version "14.11". */ public static readonly VER_14_11 = AuroraPostgresEngineVersion.of('14.11', '14', { s3Import: true, s3Export: true }); + /** Version "14.12". */ + public static readonly VER_14_12 = AuroraPostgresEngineVersion.of('14.12', '14', { s3Import: true, s3Export: true }); /** Version "15.2". */ public static readonly VER_15_2 = AuroraPostgresEngineVersion.of('15.2', '15', { s3Import: true, s3Export: true }); /** Version "15.3". */ From 5b3b2d1905acc4c4e44cc8711a23ddc3ebb9a1f9 Mon Sep 17 00:00:00 2001 From: yasuaki640 Date: Wed, 14 Aug 2024 02:47:03 +0900 Subject: [PATCH 29/40] chore(rds): add support for aurora-postgresql 15.7 (#31085) ### Issue # (if applicable) Closes #. ### Reason for this change There is no enum of 15.7. ### Description of changes Added already supported 15.7 to AuroraPostgressEngineVersion the class. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.html#aurorapostgresql-versions-version15 ### Description of how you validated changes ```sh aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[?EngineVersion=='15.7']" [ { "Engine": "aurora-postgresql", "EngineVersion": "15.7", "DBParameterGroupFamily": "aurora-postgresql15", "DBEngineDescription": "Aurora (PostgreSQL)", "DBEngineVersionDescription": "Aurora PostgreSQL (Compatible with PostgreSQL 15.7)", "ValidUpgradeTarget": [ { "Engine": "aurora-postgresql", "EngineVersion": "16.3", "Description": "Aurora PostgreSQL (Compatible with PostgreSQL 16.3)", "AutoUpgrade": false, "IsMajorVersionUpgrade": true, "SupportedEngineModes": [ "provisioned" ], "SupportsParallelQuery": false, "SupportsGlobalDatabases": true, "SupportsBabelfish": true, "SupportsLocalWriteForwarding": true } ], "ExportableLogTypes": [ "postgresql" ], "SupportsLogExportsToCloudwatchLogs": true, "SupportsReadReplica": false, "SupportedEngineModes": [ "provisioned" ], "SupportedFeatureNames": [ "Bedrock", "Comprehend", "Lambda", "s3Export", "s3Import", "SageMaker" ], "Status": "available", "SupportsParallelQuery": false, "SupportsGlobalDatabases": true, "MajorEngineVersion": "15", "SupportsBabelfish": true, "SupportsCertificateRotationWithoutRestart": true, "SupportedCACertificateIdentifiers": [ "rds-ca-2019", "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], "SupportsLocalWriteForwarding": true } ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts | 2 ++ packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts index 2dc660f309c18..ae281e741a27c 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts @@ -1016,6 +1016,8 @@ export class AuroraPostgresEngineVersion { public static readonly VER_15_5 = AuroraPostgresEngineVersion.of('15.5', '15', { s3Import: true, s3Export: true }); /** Version "15.6". */ public static readonly VER_15_6 = AuroraPostgresEngineVersion.of('15.6', '15', { s3Import: true, s3Export: true }); + /** Version "15.7". */ + public static readonly VER_15_7 = AuroraPostgresEngineVersion.of('15.7', '15', { s3Import: true, s3Export: true }); /** * Version "16.0" * @deprecated Version 16.0 is no longer supported by Amazon RDS. diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts index 441881a597991..cee26e65dfbcf 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster-engine.test.ts @@ -106,6 +106,8 @@ describe('cluster engine', () => { 'aurora-postgresql10'); expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('14.3', '14') }).parameterGroupFamily).toEqual( 'aurora-postgresql14'); + expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('15.7', '15') }).parameterGroupFamily).toEqual( + 'aurora-postgresql15'); expect(DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.of('16.3', '16') }).parameterGroupFamily).toEqual( 'aurora-postgresql16'); }); From f1af7fc66b5ca5b3a4780ed695045d2da65df3ba Mon Sep 17 00:00:00 2001 From: Kazuho Cryer-Shinozuka Date: Wed, 14 Aug 2024 04:59:53 +0900 Subject: [PATCH 30/40] feat(sagemaker): network isolation for a model (#30657) ### Issue # (if applicable) None ### Reason for this change SageMaker model supports for the [network isolation](https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html) function. But Model construct does not support this. ### Description of changes Add `networkIsolation` to `ModelProps` ```ts const model = new sagemaker.Model(this, 'ContainerModel', { containers: [ { image, modelData, } ], networkIsolation: true, // Added }); ``` ### Description of how you validated changes Added both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-sagemaker-alpha/README.md | 25 ++ .../@aws-cdk/aws-sagemaker-alpha/lib/model.ts | 12 + .../aws-cdk-sagemaker-model.assets.json | 4 +- .../aws-cdk-sagemaker-model.template.json | 163 ++++++++++++ .../integ.model.js.snapshot/manifest.json | 20 +- .../test/integ.model.js.snapshot/tree.json | 241 +++++++++++++++++- .../aws-sagemaker-alpha/test/integ.model.ts | 9 + .../aws-sagemaker-alpha/test/model.test.ts | 16 ++ 8 files changed, 477 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/README.md b/packages/@aws-cdk/aws-sagemaker-alpha/README.md index cdddec2ec8103..f4798faf19036 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/README.md +++ b/packages/@aws-cdk/aws-sagemaker-alpha/README.md @@ -78,6 +78,31 @@ const model = new sagemaker.Model(this, 'InferencePipelineModel', { }); ``` +### Model Properties + +#### Network Isolation + +If you enable [network isolation](https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html), the containers can't make any outbound network calls, even to other AWS services such as Amazon S3. Additionally, no AWS credentials are made available to the container runtime environment. + +To enable network isolation, set the `networkIsolation` property to `true`: + +```typescript +import * as sagemaker from '@aws-cdk/aws-sagemaker-alpha'; + +declare const image: sagemaker.ContainerImage; +declare const modelData: sagemaker.ModelData; + +const model = new sagemaker.Model(this, 'ContainerModel', { + containers: [ + { + image, + modelData, + } + ], + networkIsolation: true, +}); +``` + ### Container Images Inference code can be stored in the Amazon EC2 Container Registry (Amazon ECR), which is specified diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts b/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts index 589caed2e9556..28f88d4934b1d 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts +++ b/packages/@aws-cdk/aws-sagemaker-alpha/lib/model.ts @@ -206,6 +206,17 @@ export interface ModelProps { * @default true */ readonly allowAllOutbound?: boolean; + + /** + * Whether to enable network isolation for the model container. + * + * When enabled, no inbound or outbound network calls can be made to or from the model container. + * + * @see https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html + * + * @default false + */ + readonly networkIsolation?: boolean; } /** @@ -312,6 +323,7 @@ export class Model extends ModelBase { primaryContainer: cdk.Lazy.any({ produce: () => this.renderPrimaryContainer() }), vpcConfig: cdk.Lazy.any({ produce: () => this.renderVpcConfig() }), containers: cdk.Lazy.any({ produce: () => this.renderContainers() }), + enableNetworkIsolation: props.networkIsolation, }); this.modelName = this.getResourceNameAttribute(model.attrModelName); this.modelArn = this.getResourceArnAttribute(model.ref, { diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json index d350b0f8b2887..b325edd0bba0b 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.assets.json @@ -14,7 +14,7 @@ } } }, - "3091b68a4482354b22fb86be9dfa04e7f07fd597c15825ad5b16b32f8fdaaf6a": { + "2bf7be4479c7f2590f4e7436df08e6f6516adf0e7234bfcfd7ea7115c7e6dfb6": { "source": { "path": "aws-cdk-sagemaker-model.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3091b68a4482354b22fb86be9dfa04e7f07fd597c15825ad5b16b32f8fdaaf6a.json", + "objectKey": "2bf7be4479c7f2590f4e7436df08e6f6516adf0e7234bfcfd7ea7115c7e6dfb6.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json index 51f06e115d3f8..1a783d4262dce 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json @@ -898,6 +898,169 @@ "HuggingFaceModelRoleDefaultPolicy50587D35", "HuggingFaceModelRoleDA17DA00" ] + }, + "NetworkIsolationModelRole562D6C7F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sagemaker.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSageMakerFullAccess" + ] + ] + } + ] + } + }, + "NetworkIsolationModelRoleDefaultPolicy84ACFE88": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "NetworkIsolationModelRoleDefaultPolicy84ACFE88", + "Roles": [ + { + "Ref": "NetworkIsolationModelRole562D6C7F" + } + ] + } + }, + "NetworkIsolationModel29FE9107": { + "Type": "AWS::SageMaker::Model", + "Properties": { + "Containers": [ + { + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + } + }, + { + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "ModelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + }, + { + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "ModelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + } + ], + "EnableNetworkIsolation": true, + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "NetworkIsolationModelRole562D6C7F", + "Arn" + ] + } + }, + "DependsOn": [ + "NetworkIsolationModelRoleDefaultPolicy84ACFE88", + "NetworkIsolationModelRole562D6C7F" + ] } }, "Mappings": { diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json index 0991dc132bb8b..9411f22bfb458 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3091b68a4482354b22fb86be9dfa04e7f07fd597c15825ad5b16b32f8fdaaf6a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2bf7be4479c7f2590f4e7436df08e6f6516adf0e7234bfcfd7ea7115c7e6dfb6.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -238,6 +238,24 @@ "data": "DlcRepositoryAccountMap" } ], + "/aws-cdk-sagemaker-model/NetworkIsolationModel/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NetworkIsolationModelRole562D6C7F" + } + ], + "/aws-cdk-sagemaker-model/NetworkIsolationModel/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NetworkIsolationModelRoleDefaultPolicy84ACFE88" + } + ], + "/aws-cdk-sagemaker-model/NetworkIsolationModel/Model": [ + { + "type": "aws:cdk:logicalId", + "data": "NetworkIsolationModel29FE9107" + } + ], "/aws-cdk-sagemaker-model/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json index 660e3efff302b..60a1416e86bb8 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/tree.json @@ -1169,13 +1169,13 @@ "version": "0.0.0" } }, - "ModelImage4351027d8888cb0133eeba7ae4ab91c5": { - "id": "ModelImage4351027d8888cb0133eeba7ae4ab91c5", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage4351027d8888cb0133eeba7ae4ab91c5", + "ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62": { + "id": "ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62", "children": { "Staging": { "id": "Staging", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage4351027d8888cb0133eeba7ae4ab91c5/Staging", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62/Staging", "constructInfo": { "fqn": "aws-cdk-lib.AssetStaging", "version": "0.0.0" @@ -1183,7 +1183,7 @@ }, "Repository": { "id": "Repository", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage4351027d8888cb0133eeba7ae4ab91c5/Repository", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelImage1df1fb2d6963bb25c0be68fe5b4e5a62/Repository", "constructInfo": { "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", "version": "0.0.0" @@ -1195,13 +1195,13 @@ "version": "0.0.0" } }, - "ModelDatab93b3e254f66541093e95be708719bbd": { - "id": "ModelDatab93b3e254f66541093e95be708719bbd", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDatab93b3e254f66541093e95be708719bbd", + "ModelDataac735c034334b02fb2f240145313a846": { + "id": "ModelDataac735c034334b02fb2f240145313a846", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDataac735c034334b02fb2f240145313a846", "children": { "Stage": { "id": "Stage", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDatab93b3e254f66541093e95be708719bbd/Stage", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDataac735c034334b02fb2f240145313a846/Stage", "constructInfo": { "fqn": "aws-cdk-lib.AssetStaging", "version": "0.0.0" @@ -1209,7 +1209,7 @@ }, "AssetBucket": { "id": "AssetBucket", - "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDatab93b3e254f66541093e95be708719bbd/AssetBucket", + "path": "aws-cdk-sagemaker-model/InferencePipelineModel/ModelDataac735c034334b02fb2f240145313a846/AssetBucket", "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketBase", "version": "0.0.0" @@ -1471,6 +1471,227 @@ "version": "0.0.0" } }, + "NetworkIsolationModel": { + "id": "NetworkIsolationModel", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel", + "children": { + "Role": { + "id": "Role", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sagemaker.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSageMakerFullAccess" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "NetworkIsolationModelRoleDefaultPolicy84ACFE88", + "roles": [ + { + "Ref": "NetworkIsolationModelRole562D6C7F" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Model": { + "id": "Model", + "path": "aws-cdk-sagemaker-model/NetworkIsolationModel/Model", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SageMaker::Model", + "aws:cdk:cloudformation:props": { + "containers": [ + { + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + } + }, + { + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "modelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + }, + { + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a" + }, + "modelDataUrl": { + "Fn::Sub": "https://s3.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/126d48fa0e32fbef5078b9d88658b35ad29d4291eb86675a64c75fa4f1338916.gz" + } + } + ], + "enableNetworkIsolation": true, + "executionRoleArn": { + "Fn::GetAtt": [ + "NetworkIsolationModelRole562D6C7F", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sagemaker.CfnModel", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-sagemaker-alpha.Model", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-sagemaker-model/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts index 4de64b4b6dafe..e52785a2b35a0 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.ts @@ -131,6 +131,15 @@ new sagemaker.Model(stack, 'HuggingFaceModel', { ], }); +new sagemaker.Model(stack, 'NetworkIsolationModel', { + containers: [ + { image: localImage }, + { image: localImage, modelData: localModelData }, + { image: localImage, modelData: localModelData }, + ], + networkIsolation: true, +}); + new IntegTest(app, 'integtest-model', { testCases: [stack], }); diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts b/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts index f4e64ec6131fc..d08ac389ed5e4 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/model.test.ts @@ -98,6 +98,22 @@ describe('When instantiating SageMaker Model', () => { expect(Object.entries(manifest.dockerImages)).toHaveLength(1); }); + test('set network isolation', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new sagemaker.Model(stack, 'Model', { + containers: [{ image: sagemaker.ContainerImage.fromEcrRepository(new ecr.Repository(stack, 'Repo')) }], + networkIsolation: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::SageMaker::Model', { + EnableNetworkIsolation: true, + }); + }); + describe('with a VPC', () => { test('and security groups, no security group is created', () => { // GIVEN From 0cdce20a8688bb233930542d01358e26e5ba8a61 Mon Sep 17 00:00:00 2001 From: Calvin Combs <66279577+comcalvi@users.noreply.github.com> Date: Tue, 13 Aug 2024 15:54:24 -0700 Subject: [PATCH 31/40] feat(core): configure SNS topics to receive stack events on the Stack construct (#30551) ### Issue # (if applicable) #8581. ### Reason for this change It is easier and clearer to specify the SNS Topic ARNs on the stack construct itself instead of passing it as a command line argument. ### Description of changes Added a new optional stack prop, `notificationArns`, that is written to the CloudAssembly and concatenated with the CLI option `--notification-arns`. When I added CLI integ tests, I discovered that the existing framework is unable to use your local code. It always retrieves the latest release, which is not what you want when running it locally. This fixes that. Don't forget to select stacks by hierarchical ID (currently display name, in our tests) when writing certain test code. Otherwise, the tests may not select the stack you expected. ### Description of how you validated changes Unit tests + CLI integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/package-sources/repo-source.ts | 9 +- .../cli-integ/lib/with-cdk-app.ts | 12 + .../cli-integ/resources/cdk-apps/app/app.js | 11 + .../tests/cli-integ-tests/cli.integtest.ts | 33 +- .../lib/cloud-assembly/artifact-schema.ts | 7 + .../schema/cloud-assembly.schema.json | 6 + .../schema/cloud-assembly.version.json | 2 +- packages/aws-cdk-lib/core/README.md | 12 + .../core/lib/stack-synthesizers/_shared.ts | 1 + packages/aws-cdk-lib/core/lib/stack.ts | 15 + packages/aws-cdk-lib/core/test/stack.test.ts | 15 + .../lib/artifacts/cloudformation-artifact.ts | 6 + .../cx-api/test/stack-artifact.test.ts | 18 + packages/aws-cdk/lib/api/deploy-stack.ts | 10 + .../aws-cdk/lib/api/util/cloudformation.ts | 11 +- packages/aws-cdk/lib/cdk-toolkit.ts | 23 +- .../aws-cdk/test/api/deploy-stack.test.ts | 38 +- packages/aws-cdk/test/cdk-toolkit.test.ts | 377 +++++++++++++----- packages/aws-cdk/test/util.ts | 2 + 19 files changed, 489 insertions(+), 119 deletions(-) diff --git a/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts b/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts index 45a8f4e5d4dfc..7a5f08ec71b98 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts @@ -75,13 +75,14 @@ const YARN_MONOREPO_CACHE: Record = {}; * * Cached in YARN_MONOREPO_CACHE. */ -async function findYarnPackages(root: string): Promise> { +export async function findYarnPackages(root: string): Promise> { if (!(root in YARN_MONOREPO_CACHE)) { - const output: YarnWorkspacesOutput = JSON.parse(await shell(['yarn', 'workspaces', '--silent', 'info'], { + const outputDataString: string = JSON.parse(await shell(['yarn', 'workspaces', '--json', 'info'], { captureStderr: false, cwd: root, show: 'error', - })); + })).data; + const output: YarnWorkspacesOutput = JSON.parse(outputDataString); const ret: Record = {}; for (const [k, v] of Object.entries(output)) { @@ -96,7 +97,7 @@ async function findYarnPackages(root: string): Promise> { * Find the root directory of the repo from the current directory */ export async function autoFindRoot() { - const found = await findUp('release.json'); + const found = findUp('release.json'); if (!found) { throw new Error(`Could not determine repository root: 'release.json' not found from ${process.cwd()}`); } diff --git a/packages/@aws-cdk-testing/cli-integ/lib/with-cdk-app.ts b/packages/@aws-cdk-testing/cli-integ/lib/with-cdk-app.ts index 16226c4cde259..f2b5263df06a5 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/with-cdk-app.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/with-cdk-app.ts @@ -4,6 +4,7 @@ import * as os from 'os'; import * as path from 'path'; import { outputFromStack, AwsClients } from './aws'; import { TestContext } from './integ-test'; +import { findYarnPackages } from './package-sources/repo-source'; import { IPackageSource } from './package-sources/source'; import { packageSourceInSubprocess } from './package-sources/subprocess'; import { RESOURCES_DIR } from './resources'; @@ -612,6 +613,17 @@ function defined(x: A): x is NonNullable { * for Node's dependency lookup mechanism). */ export async function installNpmPackages(fixture: TestFixture, packages: Record) { + if (process.env.REPO_ROOT) { + const monoRepo = await findYarnPackages(process.env.REPO_ROOT); + + // Replace the install target with the physical location of this package + for (const key of Object.keys(packages)) { + if (key in monoRepo) { + packages[key] = monoRepo[key]; + } + } + } + fs.writeFileSync(path.join(fixture.integTestDir, 'package.json'), JSON.stringify({ name: 'cdk-integ-tests', private: true, diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js index d094055795e27..7e91514bb6d94 100755 --- a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js +++ b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js @@ -637,6 +637,13 @@ class BuiltinLambdaStack extends cdk.Stack { } } +class NotificationArnPropStack extends cdk.Stack { + constructor(parent, id, props) { + super(parent, id, props); + new sns.Topic(this, 'topic'); + } +} + const app = new cdk.App({ context: { '@aws-cdk/core:assetHashSalt': process.env.CODEBUILD_BUILD_ID, // Force all assets to be unique, but consistent in one build @@ -677,6 +684,10 @@ switch (stackSet) { new DockerStack(app, `${stackPrefix}-docker`); new DockerStackWithCustomFile(app, `${stackPrefix}-docker-with-custom-file`); + new NotificationArnPropStack(app, `${stackPrefix}-notification-arn-prop`, { + notificationArns: [`arn:aws:sns:${defaultEnv.region}:${defaultEnv.account}:${stackPrefix}-test-topic-prop`], + }); + // SSO stacks new SsoInstanceAccessControlConfig(app, `${stackPrefix}-sso-access-control`); new SsoAssignment(app, `${stackPrefix}-sso-assignment`); diff --git a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts index f323110eecfa4..1ce7fe3ef7751 100644 --- a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts +++ b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts @@ -1,7 +1,7 @@ import { promises as fs, existsSync } from 'fs'; import * as os from 'os'; import * as path from 'path'; -import { integTest, cloneDirectory, shell, withDefaultFixture, retry, sleep, randomInteger, withSamIntegrationFixture, RESOURCES_DIR, withCDKMigrateFixture, withExtendedTimeoutFixture, randomString } from '../../lib'; +import { integTest, cloneDirectory, shell, withDefaultFixture, retry, sleep, randomInteger, withSamIntegrationFixture, RESOURCES_DIR, withCDKMigrateFixture, withExtendedTimeoutFixture, randomString, withoutBootstrap } from '../../lib'; jest.setTimeout(2 * 60 * 60_000); // Includes the time to acquire locks, worst-case single-threaded runtime @@ -187,7 +187,10 @@ integTest('context setting', withDefaultFixture(async (fixture) => { } })); -integTest('context in stage propagates to top', withDefaultFixture(async (fixture) => { +// bootstrapping also performs synthesis. As it turns out, bootstrap-stage synthesis still causes the lookups to be cached, meaning that the lookup never +// happens when we actually call `cdk synth --no-lookups`. This results in the error never being thrown, because it never tries to lookup anything. +// Fix this by not trying to bootstrap; there's no need to bootstrap anyway, since the test never tries to deploy anything. +integTest('context in stage propagates to top', withoutBootstrap(async (fixture) => { await expect(fixture.cdkSynth({ // This will make it error to prove that the context bubbles up, and also that we can fail on command options: ['--no-lookups'], @@ -466,11 +469,12 @@ integTest('deploy with parameters multi', withDefaultFixture(async (fixture) => ); })); -integTest('deploy with notification ARN', withDefaultFixture(async (fixture) => { - const topicName = `${fixture.stackNamePrefix}-test-topic`; +integTest('deploy with notification ARN as flag', withDefaultFixture(async (fixture) => { + const topicName = `${fixture.stackNamePrefix}-test-topic-flag`; const response = await fixture.aws.sns('createTopic', { Name: topicName }); const topicArn = response.TopicArn!; + try { await fixture.cdkDeploy('test-2', { options: ['--notification-arns', topicArn], @@ -488,6 +492,27 @@ integTest('deploy with notification ARN', withDefaultFixture(async (fixture) => } })); +integTest('deploy with notification ARN as prop', withDefaultFixture(async (fixture) => { + const topicName = `${fixture.stackNamePrefix}-test-topic-prop`; + + const response = await fixture.aws.sns('createTopic', { Name: topicName }); + const topicArn = response.TopicArn!; + + try { + await fixture.cdkDeploy('notification-arn-prop'); + + // verify that the stack we deployed has our notification ARN + const describeResponse = await fixture.aws.cloudFormation('describeStacks', { + StackName: fixture.fullStackName('notification-arn-prop'), + }); + expect(describeResponse.Stacks?.[0].NotificationARNs).toEqual([topicArn]); + } finally { + await fixture.aws.sns('deleteTopic', { + TopicArn: topicArn, + }); + } +})); + // NOTE: this doesn't currently work with modern-style synthesis, as the bootstrap // role by default will not have permission to iam:PassRole the created role. integTest('deploy with role', withDefaultFixture(async (fixture) => { diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts index 66872401251aa..644d110e70bd9 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts @@ -55,6 +55,13 @@ export interface AwsCloudFormationStackProperties { */ readonly tags?: { [id: string]: string }; + /** + * SNS Notification ARNs that should receive CloudFormation Stack Events. + * + * @default - No notification arns + */ + readonly notificationArns?: string[]; + /** * The name to use for the CloudFormation stack. * @default - name derived from artifact ID diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json index 279dfbe369073..240834b8c4830 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json @@ -345,6 +345,12 @@ "type": "string" } }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + } + }, "stackName": { "description": "The name to use for the CloudFormation stack. (Default - name derived from artifact ID)", "type": "string" diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json index 1f0068d32659a..079dd58c72d69 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"37.0.0"} \ No newline at end of file diff --git a/packages/aws-cdk-lib/core/README.md b/packages/aws-cdk-lib/core/README.md index 140d8920c44de..aac7abe87c167 100644 --- a/packages/aws-cdk-lib/core/README.md +++ b/packages/aws-cdk-lib/core/README.md @@ -1242,6 +1242,18 @@ const stack = new Stack(app, 'StackName', { }); ``` +### Receiving CloudFormation Stack Events + +You can add one or more SNS Topic ARNs to any Stack: + +```ts +const stack = new Stack(app, 'StackName', { + notificationArns: ['arn:aws:sns:us-east-1:23456789012:Topic'], +}); +``` + +Stack events will be sent to any SNS Topics in this list. + ### CfnJson `CfnJson` allows you to postpone the resolution of a JSON blob from diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts index 1017f172a850e..c985c538cac81 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts @@ -48,6 +48,7 @@ export function addStackArtifactToAssembly( terminationProtection: stack.terminationProtection, tags: nonEmptyDict(stack.tags.tagValues()), validateOnSynth: session.validateOnSynth, + notificationArns: stack._notificationArns, ...stackProps, ...stackNameProperty, }; diff --git a/packages/aws-cdk-lib/core/lib/stack.ts b/packages/aws-cdk-lib/core/lib/stack.ts index ce3cb9c9b9fd8..f66a571f534e1 100644 --- a/packages/aws-cdk-lib/core/lib/stack.ts +++ b/packages/aws-cdk-lib/core/lib/stack.ts @@ -127,6 +127,13 @@ export interface StackProps { */ readonly tags?: { [key: string]: string }; + /** + * SNS Topic ARNs that will receive stack events. + * + * @default - no notfication arns. + */ + readonly notificationArns?: string[]; + /** * Synthesis method to use while deploying this stack * @@ -364,6 +371,13 @@ export class Stack extends Construct implements ITaggable { */ public readonly _crossRegionReferences: boolean; + /** + * SNS Notification ARNs to receive stack events. + * + * @internal + */ + public readonly _notificationArns: string[]; + /** * Logical ID generation strategy */ @@ -450,6 +464,7 @@ export class Stack extends Construct implements ITaggable { throw new Error(`Stack name must be <= 128 characters. Stack name: '${this._stackName}'`); } this.tags = new TagManager(TagType.KEY_VALUE, 'aws:cdk:stack', props.tags); + this._notificationArns = props.notificationArns ?? []; if (!VALID_STACK_NAME_REGEX.test(this.stackName)) { throw new Error(`Stack name must match the regular expression: ${VALID_STACK_NAME_REGEX.toString()}, got '${this.stackName}'`); diff --git a/packages/aws-cdk-lib/core/test/stack.test.ts b/packages/aws-cdk-lib/core/test/stack.test.ts index 82be67b19499b..4846ff3b0cc05 100644 --- a/packages/aws-cdk-lib/core/test/stack.test.ts +++ b/packages/aws-cdk-lib/core/test/stack.test.ts @@ -2075,6 +2075,21 @@ describe('stack', () => { expect(asm.getStackArtifact(stack2.artifactId).tags).toEqual(expected); }); + test('stack notification arns are reflected in the stack artifact properties', () => { + // GIVEN + const NOTIFICATION_ARNS = ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']; + const app = new App({ stackTraces: false }); + const stack1 = new Stack(app, 'stack1', { + notificationArns: NOTIFICATION_ARNS, + }); + + // THEN + const asm = app.synth(); + const expected = { foo: 'bar' }; + + expect(asm.getStackArtifact(stack1.artifactId).notificationArns).toEqual(NOTIFICATION_ARNS); + }); + test('Termination Protection is reflected in Cloud Assembly artifact', () => { // if the root is an app, invoke "synth" to avoid double synthesis const app = new App(); diff --git a/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts b/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts index 7cf279c96d924..d73e2a5b33dd7 100644 --- a/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts +++ b/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts @@ -54,6 +54,11 @@ export class CloudFormationStackArtifact extends CloudArtifact { */ public readonly tags: { [id: string]: string }; + /** + * SNS Topics that will receive stack events. + */ + public readonly notificationArns: string[]; + /** * The physical name of this stack. */ @@ -158,6 +163,7 @@ export class CloudFormationStackArtifact extends CloudArtifact { // We get the tags from 'properties' if available (cloud assembly format >= 6.0.0), otherwise // from the stack metadata this.tags = properties.tags ?? this.tagsFromMetadata(); + this.notificationArns = properties.notificationArns ?? []; this.assumeRoleArn = properties.assumeRoleArn; this.assumeRoleExternalId = properties.assumeRoleExternalId; this.cloudFormationExecutionRoleArn = properties.cloudFormationExecutionRoleArn; diff --git a/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts b/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts index 85009cedd7c23..81d5b4a0c3186 100644 --- a/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts +++ b/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts @@ -21,6 +21,24 @@ afterEach(() => { rimraf(builder.outdir); }); +test('read notification arns from artifact properties', () => { +// GIVEN + const NOTIFICATION_ARNS = ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']; + builder.addArtifact('Stack', { + ...stackBase, + properties: { + ...stackBase.properties, + notificationArns: NOTIFICATION_ARNS, + }, + }); + + // WHEN + const assembly = builder.buildAssembly(); + + // THEN + expect(assembly.getStackByName('Stack').notificationArns).toEqual(NOTIFICATION_ARNS); +}); + test('read tags from artifact properties', () => { // GIVEN builder.addArtifact('Stack', { diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts index 28af2d39616b0..93a57eb2e4629 100644 --- a/packages/aws-cdk/lib/api/deploy-stack.ts +++ b/packages/aws-cdk/lib/api/deploy-stack.ts @@ -644,6 +644,12 @@ async function canSkipDeploy( return false; } + // Notification arns have changed + if (!arrayEquals(cloudFormationStack.notificationArns, deployStackOptions.notificationArns ?? [])) { + debug(`${deployName}: notification arns have changed`); + return false; + } + // Termination protection has been updated if (!!deployStackOptions.stack.terminationProtection !== !!cloudFormationStack.terminationProtection) { debug(`${deployName}: termination protection has been updated`); @@ -694,3 +700,7 @@ function suffixWithErrors(msg: string, errors?: string[]) { ? `${msg}: ${errors.join(', ')}` : msg; } + +function arrayEquals(a: any[], b: any[]): boolean { + return a.every(item => b.includes(item)) && b.every(item => a.includes(item)); +} diff --git a/packages/aws-cdk/lib/api/util/cloudformation.ts b/packages/aws-cdk/lib/api/util/cloudformation.ts index 23e95f6d618e5..2361871e2bef0 100644 --- a/packages/aws-cdk/lib/api/util/cloudformation.ts +++ b/packages/aws-cdk/lib/api/util/cloudformation.ts @@ -138,12 +138,21 @@ export class CloudFormationStack { /** * The stack's current tags * - * Empty list of the stack does not exist + * Empty list if the stack does not exist */ public get tags(): CloudFormation.Tags { return this.stack?.Tags || []; } + /** + * SNS Topic ARNs that will receive stack events. + * + * Empty list if the stack does not exist + */ + public get notificationArns(): CloudFormation.NotificationARNs { + return this.stack?.NotificationARNs ?? []; + } + /** * Return the names of all current parameters to the stack * diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index 854b7ec6419c2..f876634484c46 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -161,7 +161,6 @@ export class CdkToolkit { let changeSet = undefined; if (options.changeSet) { - let stackExists = false; try { stackExists = await this.props.deployments.stackExists({ @@ -214,14 +213,6 @@ export class CdkToolkit { return this.watch(options); } - if (options.notificationArns) { - options.notificationArns.map( arn => { - if (!validateSnsTopicArn(arn)) { - throw new Error(`Notification arn ${arn} is not a valid arn for an SNS topic`); - } - }); - } - const startSynthTime = new Date().getTime(); const stackCollection = await this.selectStacksForDeploy(options.selector, options.exclusively, options.cacheCloudAssembly, options.ignoreNoStacks); @@ -318,7 +309,17 @@ export class CdkToolkit { } } - const stackIndex = stacks.indexOf(stack)+1; + let notificationArns: string[] = []; + notificationArns = notificationArns.concat(options.notificationArns ?? []); + notificationArns = notificationArns.concat(stack.notificationArns); + + notificationArns.map(arn => { + if (!validateSnsTopicArn(arn)) { + throw new Error(`Notification arn ${arn} is not a valid arn for an SNS topic`); + } + }); + + const stackIndex = stacks.indexOf(stack) + 1; print('%s: deploying... [%s/%s]', chalk.bold(stack.displayName), stackIndex, stackCollection.stackCount); const startDeployTime = new Date().getTime(); @@ -335,7 +336,7 @@ export class CdkToolkit { roleArn: options.roleArn, toolkitStackName: options.toolkitStackName, reuseAssets: options.reuseAssets, - notificationArns: options.notificationArns, + notificationArns, tags, execute: options.execute, changeSetName: options.changeSetName, diff --git a/packages/aws-cdk/test/api/deploy-stack.test.ts b/packages/aws-cdk/test/api/deploy-stack.test.ts index 666d4f43410ec..4aec7cc9ff7d1 100644 --- a/packages/aws-cdk/test/api/deploy-stack.test.ts +++ b/packages/aws-cdk/test/api/deploy-stack.test.ts @@ -460,6 +460,42 @@ test('deploy is not skipped if parameters are different', async () => { })); }); +test('deploy is skipped if notificationArns are the same', async () => { + // GIVEN + givenTemplateIs(FAKE_STACK.template); + givenStackExists({ + NotificationARNs: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], + }); + + // WHEN + await deployStack({ + ...standardDeployStackArguments(), + stack: FAKE_STACK, + notificationArns: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], + }); + + // THEN + expect(cfnMocks.createChangeSet).not.toHaveBeenCalled(); +}); + +test('deploy is not skipped if notificationArns are different', async () => { + // GIVEN + givenTemplateIs(FAKE_STACK.template); + givenStackExists({ + NotificationARNs: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], + }); + + // WHEN + await deployStack({ + ...standardDeployStackArguments(), + stack: FAKE_STACK, + notificationArns: ['arn:aws:sns:bermuda-triangle-1337:123456789012:MagicTopic'], + }); + + // THEN + expect(cfnMocks.createChangeSet).toHaveBeenCalled(); +}); + test('if existing stack failed to create, it is deleted and recreated', async () => { // GIVEN givenStackExists( @@ -624,7 +660,7 @@ test('deploy is not skipped if stack is in a _FAILED state', async () => { await deployStack({ ...standardDeployStackArguments(), usePreviousParameters: true, - }).catch(() => {}); + }).catch(() => { }); // THEN expect(cfnMocks.createChangeSet).toHaveBeenCalled(); diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index 7f70bbc8434de..b8d998b97ef84 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -71,6 +71,8 @@ import { CdkToolkit, Tag } from '../lib/cdk-toolkit'; import { RequireApproval } from '../lib/diff'; import { flatten } from '../lib/util'; +process.env.CXAPI_DISABLE_SELECT_BY_ID = '1'; + let cloudExecutable: MockCloudExecutable; let bootstrapper: jest.Mocked; let stderrMock: jest.SpyInstance; @@ -290,11 +292,11 @@ describe('readCurrentTemplate', () => { // GIVEN // throw error first for the 'prepareSdkWithLookupRoleFor' call and succeed for the rest mockForEnvironment = jest.fn().mockImplementationOnce(() => { throw new Error('error'); }) - .mockImplementation(() => { return { sdk: mockCloudExecutable.sdkProvider.sdk, didAssumeRole: true };}); + .mockImplementation(() => { return { sdk: mockCloudExecutable.sdkProvider.sdk, didAssumeRole: true }; }); mockCloudExecutable.sdkProvider.forEnvironment = mockForEnvironment; mockCloudExecutable.sdkProvider.stubSSM({ getParameter() { - return { }; + return {}; }, }); const cdkToolkit = new CdkToolkit({ @@ -336,7 +338,7 @@ describe('readCurrentTemplate', () => { }); mockCloudExecutable.sdkProvider.stubSSM({ getParameter() { - return { }; + return {}; }, }); @@ -482,108 +484,253 @@ describe('deploy', () => { }); }); - test('with sns notification arns', async () => { - // GIVEN - const notificationArns = [ - 'arn:aws:sns:us-east-2:444455556666:MyTopic', - 'arn:aws:sns:eu-west-1:111155556666:my-great-topic', - ]; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-A': { Foo: 'Bar' }, - 'Test-Stack-B': { Baz: 'Zinga!' }, - }, notificationArns), + describe('sns notification arns', () => { + beforeEach(() => { + cloudExecutable = new MockCloudExecutable({ + stacks: [ + MockStack.MOCK_STACK_A, + MockStack.MOCK_STACK_B, + MockStack.MOCK_STACK_WITH_NOTIFICATION_ARNS, + MockStack.MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS, + ], + }); }); - // WHEN - await toolkit.deploy({ - selector: { patterns: ['Test-Stack-A', 'Test-Stack-B'] }, - notificationArns, - hotswap: HotswapMode.FULL_DEPLOYMENT, + test('with sns notification arns as options', async () => { + // GIVEN + const notificationArns = [ + 'arn:aws:sns:us-east-2:444455556666:MyTopic', + 'arn:aws:sns:eu-west-1:111155556666:my-great-topic', + ]; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-A': { Foo: 'Bar' }, + }, notificationArns), + }); + + // WHEN + await toolkit.deploy({ + // Stacks should be selected by their hierarchical ID, which is their displayName, not by the stack ID. + selector: { patterns: ['Test-Stack-A-Display-Name'] }, + notificationArns, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }); }); - }); - test('fail with incorrect sns notification arns', async () => { - // GIVEN - const notificationArns = ['arn:::cfn-my-cool-topic']; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-A': { Foo: 'Bar' }, - }, notificationArns), + test('fail with incorrect sns notification arns as options', async () => { + // GIVEN + const notificationArns = ['arn:::cfn-my-cool-topic']; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-A': { Foo: 'Bar' }, + }, notificationArns), + }); + + // WHEN + await expect(() => + toolkit.deploy({ + // Stacks should be selected by their hierarchical ID, which is their displayName, not by the stack ID. + selector: { patterns: ['Test-Stack-A-Display-Name'] }, + notificationArns, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }), + ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); }); - // WHEN - await expect(() => - toolkit.deploy({ - selector: { patterns: ['Test-Stack-A'] }, + test('with sns notification arns in the executable', async () => { + // GIVEN + const expectedNotificationArns = [ + 'arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic', + ]; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-Notification-Arns': { Foo: 'Bar' }, + }, expectedNotificationArns), + }); + + // WHEN + await toolkit.deploy({ + selector: { patterns: ['Test-Stack-Notification-Arns'] }, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }); + }); + + test('fail with incorrect sns notification arns in the executable', async () => { + // GIVEN + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-Bad-Notification-Arns': { Foo: 'Bar' }, + }), + }); + + // WHEN + await expect(() => + toolkit.deploy({ + selector: { patterns: ['Test-Stack-Bad-Notification-Arns'] }, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }), + ).rejects.toThrow('Notification arn arn:1337:123456789012:sns:bad is not a valid arn for an SNS topic'); + }); + + test('with sns notification arns in the executable and as options', async () => { + // GIVEN + const notificationArns = [ + 'arn:aws:sns:us-east-2:444455556666:MyTopic', + 'arn:aws:sns:eu-west-1:111155556666:my-great-topic', + ]; + + const expectedNotificationArns = notificationArns.concat(['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']); + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-Notification-Arns': { Foo: 'Bar' }, + }, expectedNotificationArns), + }); + + // WHEN + await toolkit.deploy({ + selector: { patterns: ['Test-Stack-Notification-Arns'] }, notificationArns, hotswap: HotswapMode.FULL_DEPLOYMENT, - }), - ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); + }); + }); + + test('fail with incorrect sns notification arns in the executable and incorrect sns notification arns as options', async () => { + // GIVEN + const notificationArns = ['arn:::cfn-my-cool-topic']; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-Bad-Notification-Arns': { Foo: 'Bar' }, + }, notificationArns), + }); + + // WHEN + await expect(() => + toolkit.deploy({ + selector: { patterns: ['Test-Stack-Bad-Notification-Arns'] }, + notificationArns, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }), + ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); + }); + + test('fail with incorrect sns notification arns in the executable and correct sns notification arns as options', async () => { + // GIVEN + const notificationArns = ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-Bad-Notification-Arns': { Foo: 'Bar' }, + }, notificationArns), + }); + + // WHEN + await expect(() => + toolkit.deploy({ + selector: { patterns: ['Test-Stack-Bad-Notification-Arns'] }, + notificationArns, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }), + ).rejects.toThrow('Notification arn arn:1337:123456789012:sns:bad is not a valid arn for an SNS topic'); + }); + test('fail with correct sns notification arns in the executable and incorrect sns notification arns as options', async () => { + // GIVEN + const notificationArns = ['arn:::cfn-my-cool-topic']; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-Notification-Arns': { Foo: 'Bar' }, + }, notificationArns), + }); + + // WHEN + await expect(() => + toolkit.deploy({ + selector: { patterns: ['Test-Stack-Notification-Arns'] }, + notificationArns, + hotswap: HotswapMode.FULL_DEPLOYMENT, + }), + ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); + }); }); + }); - test('globless bootstrap uses environment without question', async () => { + test('globless bootstrap uses environment without question', async () => { // GIVEN - const toolkit = defaultToolkitSetup(); - - // WHEN - await toolkit.bootstrap(['aws://56789/south-pole'], bootstrapper, {}); + const toolkit = defaultToolkitSetup(); - // THEN - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ - account: '56789', - region: 'south-pole', - name: 'aws://56789/south-pole', - }, expect.anything(), expect.anything()); - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); - }); + // WHEN + await toolkit.bootstrap(['aws://56789/south-pole'], bootstrapper, {}); - test('globby bootstrap uses whats in the stacks', async () => { - // GIVEN - const toolkit = defaultToolkitSetup(); - cloudExecutable.configuration.settings.set(['app'], 'something'); + // THEN + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ + account: '56789', + region: 'south-pole', + name: 'aws://56789/south-pole', + }, expect.anything(), expect.anything()); + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + }); - // WHEN - await toolkit.bootstrap(['aws://*/bermuda-triangle-1'], bootstrapper, {}); + test('globby bootstrap uses whats in the stacks', async () => { + // GIVEN + const toolkit = defaultToolkitSetup(); + cloudExecutable.configuration.settings.set(['app'], 'something'); - // THEN - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ - account: '123456789012', - region: 'bermuda-triangle-1', - name: 'aws://123456789012/bermuda-triangle-1', - }, expect.anything(), expect.anything()); - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); - }); + // WHEN + await toolkit.bootstrap(['aws://*/bermuda-triangle-1'], bootstrapper, {}); - test('bootstrap can be invoked without the --app argument', async () => { - // GIVEN - cloudExecutable.configuration.settings.clear(); - const mockSynthesize = jest.fn(); - cloudExecutable.synthesize = mockSynthesize; + // THEN + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ + account: '123456789012', + region: 'bermuda-triangle-1', + name: 'aws://123456789012/bermuda-triangle-1', + }, expect.anything(), expect.anything()); + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + }); - const toolkit = defaultToolkitSetup(); + test('bootstrap can be invoked without the --app argument', async () => { + // GIVEN + cloudExecutable.configuration.settings.clear(); + const mockSynthesize = jest.fn(); + cloudExecutable.synthesize = mockSynthesize; - // WHEN - await toolkit.bootstrap(['aws://123456789012/west-pole'], bootstrapper, {}); + const toolkit = defaultToolkitSetup(); - // THEN - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ - account: '123456789012', - region: 'west-pole', - name: 'aws://123456789012/west-pole', - }, expect.anything(), expect.anything()); - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + // WHEN + await toolkit.bootstrap(['aws://123456789012/west-pole'], bootstrapper, {}); - expect(cloudExecutable.hasApp).toEqual(false); - expect(mockSynthesize).not.toHaveBeenCalled(); - }); + // THEN + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ + account: '123456789012', + region: 'west-pole', + name: 'aws://123456789012/west-pole', + }, expect.anything(), expect.anything()); + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + + expect(cloudExecutable.hasApp).toEqual(false); + expect(mockSynthesize).not.toHaveBeenCalled(); }); }); @@ -591,7 +738,7 @@ describe('destroy', () => { test('destroy correct stack', async () => { const toolkit = defaultToolkitSetup(); - await expect(() => { + expect(() => { return toolkit.destroy({ selector: { patterns: ['Test-Stack-A/Test-Stack-C'] }, exclusively: true, @@ -854,10 +1001,6 @@ describe('synth', () => { expect(mockData.mock.calls.length).toEqual(0); }); - afterEach(() => { - process.env.STACKS_TO_VALIDATE = undefined; - }); - describe('migrate', () => { const testResourcePath = [__dirname, 'commands', 'test-resources']; const templatePath = [...testResourcePath, 'templates']; @@ -993,13 +1136,13 @@ describe('synth', () => { }); }); - test('causes synth to fail if autoValidate=true', async() => { + test('causes synth to fail if autoValidate=true', async () => { const toolkit = defaultToolkitSetup(); const autoValidate = true; await expect(toolkit.synth([], false, true, autoValidate)).rejects.toBeDefined(); }); - test('causes synth to succeed if autoValidate=false', async() => { + test('causes synth to succeed if autoValidate=false', async () => { const toolkit = defaultToolkitSetup(); const autoValidate = false; await toolkit.synth([], false, true, autoValidate); @@ -1007,7 +1150,7 @@ describe('synth', () => { }); }); - test('stack has error and was explicitly selected', async() => { + test('stack has error and was explicitly selected', async () => { cloudExecutable = new MockCloudExecutable({ stacks: [ MockStack.MOCK_STACK_A, @@ -1123,7 +1266,8 @@ class MockStack { ], }, depends: [MockStack.MOCK_STACK_C.stackName], - } + }; + public static readonly MOCK_STACK_WITH_ERROR: TestStackArtifact = { stackName: 'witherrors', env: 'aws://123456789012/bermuda-triangle-1', @@ -1155,6 +1299,39 @@ class MockStack { }, }, } + public static readonly MOCK_STACK_WITH_NOTIFICATION_ARNS: TestStackArtifact = { + stackName: 'Test-Stack-Notification-Arns', + notificationArns: ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic'], + template: { Resources: { TemplateName: 'Test-Stack-Notification-Arns' } }, + env: 'aws://123456789012/bermuda-triangle-1337', + metadata: { + '/Test-Stack-Notification-Arns': [ + { + type: cxschema.ArtifactMetadataEntryType.STACK_TAGS, + data: [ + { key: 'Foo', value: 'Bar' }, + ], + }, + ], + }, + } + + public static readonly MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS: TestStackArtifact = { + stackName: 'Test-Stack-Bad-Notification-Arns', + notificationArns: ['arn:1337:123456789012:sns:bad'], + template: { Resources: { TemplateName: 'Test-Stack-Bad-Notification-Arns' } }, + env: 'aws://123456789012/bermuda-triangle-1337', + metadata: { + '/Test-Stack-Bad-Notification-Arns': [ + { + type: cxschema.ArtifactMetadataEntryType.STACK_TAGS, + data: [ + { key: 'Foo', value: 'Bar' }, + ], + }, + ], + }, + } } class FakeCloudFormation extends Deployments { @@ -1172,9 +1349,7 @@ class FakeCloudFormation extends Deployments { Object.entries(tags).map(([Key, Value]) => ({ Key, Value })) .sort((l, r) => l.Key.localeCompare(r.Key)); } - if (expectedNotificationArns) { - this.expectedNotificationArns = expectedNotificationArns; - } + this.expectedNotificationArns = expectedNotificationArns ?? []; } public deployStack(options: DeployStackOptions): Promise { @@ -1182,7 +1357,11 @@ class FakeCloudFormation extends Deployments { MockStack.MOCK_STACK_A.stackName, MockStack.MOCK_STACK_B.stackName, MockStack.MOCK_STACK_C.stackName, + // MockStack.MOCK_STACK_D deliberately omitted. MockStack.MOCK_STACK_WITH_ASSET.stackName, + MockStack.MOCK_STACK_WITH_ERROR.stackName, + MockStack.MOCK_STACK_WITH_NOTIFICATION_ARNS.stackName, + MockStack.MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS.stackName, ]).toContain(options.stack.stackName); if (this.expectedTags[options.stack.stackName]) { @@ -1213,8 +1392,12 @@ class FakeCloudFormation extends Deployments { return Promise.resolve({}); case MockStack.MOCK_STACK_WITH_ASSET.stackName: return Promise.resolve({}); + case MockStack.MOCK_STACK_WITH_NOTIFICATION_ARNS.stackName: + return Promise.resolve({}); + case MockStack.MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS.stackName: + return Promise.resolve({}); default: - return Promise.reject(`Not an expected mock stack: ${stack.stackName}`); + throw new Error(`not an expected mock stack: ${stack.stackName}`); } } } diff --git a/packages/aws-cdk/test/util.ts b/packages/aws-cdk/test/util.ts index 879d6572f369b..1f059836d670d 100644 --- a/packages/aws-cdk/test/util.ts +++ b/packages/aws-cdk/test/util.ts @@ -16,6 +16,7 @@ export interface TestStackArtifact { env?: string; depends?: string[]; metadata?: cxapi.StackMetadata; + notificationArns?: string[]; /** Old-style assets */ assets?: cxschema.AssetMetadataEntry[]; @@ -101,6 +102,7 @@ function addAttributes(assembly: TestAssembly, builder: cxapi.CloudAssemblyBuild ...stack.properties, templateFile, terminationProtection: stack.terminationProtection, + notificationArns: stack.notificationArns, }, displayName: stack.displayName, }); From 5f30aa5f81ef823422e994563cefc9e8a15e82f8 Mon Sep 17 00:00:00 2001 From: Kendra Neil <53584728+TheRealAmazonKendra@users.noreply.github.com> Date: Tue, 13 Aug 2024 16:55:50 -0700 Subject: [PATCH 32/40] revert: feat(core): configure SNS topics to receive stack events on the Stack construct (#31100) Reverts aws/aws-cdk#30551 --- .../lib/package-sources/repo-source.ts | 9 +- .../cli-integ/lib/with-cdk-app.ts | 12 - .../cli-integ/resources/cdk-apps/app/app.js | 11 - .../tests/cli-integ-tests/cli.integtest.ts | 33 +- .../lib/cloud-assembly/artifact-schema.ts | 7 - .../schema/cloud-assembly.schema.json | 6 - .../schema/cloud-assembly.version.json | 2 +- packages/aws-cdk-lib/core/README.md | 12 - .../core/lib/stack-synthesizers/_shared.ts | 1 - packages/aws-cdk-lib/core/lib/stack.ts | 15 - packages/aws-cdk-lib/core/test/stack.test.ts | 15 - .../lib/artifacts/cloudformation-artifact.ts | 6 - .../cx-api/test/stack-artifact.test.ts | 18 - packages/aws-cdk/lib/api/deploy-stack.ts | 10 - .../aws-cdk/lib/api/util/cloudformation.ts | 11 +- packages/aws-cdk/lib/cdk-toolkit.ts | 23 +- .../aws-cdk/test/api/deploy-stack.test.ts | 38 +- packages/aws-cdk/test/cdk-toolkit.test.ts | 377 +++++------------- packages/aws-cdk/test/util.ts | 2 - 19 files changed, 119 insertions(+), 489 deletions(-) diff --git a/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts b/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts index 7a5f08ec71b98..45a8f4e5d4dfc 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/package-sources/repo-source.ts @@ -75,14 +75,13 @@ const YARN_MONOREPO_CACHE: Record = {}; * * Cached in YARN_MONOREPO_CACHE. */ -export async function findYarnPackages(root: string): Promise> { +async function findYarnPackages(root: string): Promise> { if (!(root in YARN_MONOREPO_CACHE)) { - const outputDataString: string = JSON.parse(await shell(['yarn', 'workspaces', '--json', 'info'], { + const output: YarnWorkspacesOutput = JSON.parse(await shell(['yarn', 'workspaces', '--silent', 'info'], { captureStderr: false, cwd: root, show: 'error', - })).data; - const output: YarnWorkspacesOutput = JSON.parse(outputDataString); + })); const ret: Record = {}; for (const [k, v] of Object.entries(output)) { @@ -97,7 +96,7 @@ export async function findYarnPackages(root: string): Promise(x: A): x is NonNullable { * for Node's dependency lookup mechanism). */ export async function installNpmPackages(fixture: TestFixture, packages: Record) { - if (process.env.REPO_ROOT) { - const monoRepo = await findYarnPackages(process.env.REPO_ROOT); - - // Replace the install target with the physical location of this package - for (const key of Object.keys(packages)) { - if (key in monoRepo) { - packages[key] = monoRepo[key]; - } - } - } - fs.writeFileSync(path.join(fixture.integTestDir, 'package.json'), JSON.stringify({ name: 'cdk-integ-tests', private: true, diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js index 7e91514bb6d94..d094055795e27 100755 --- a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js +++ b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js @@ -637,13 +637,6 @@ class BuiltinLambdaStack extends cdk.Stack { } } -class NotificationArnPropStack extends cdk.Stack { - constructor(parent, id, props) { - super(parent, id, props); - new sns.Topic(this, 'topic'); - } -} - const app = new cdk.App({ context: { '@aws-cdk/core:assetHashSalt': process.env.CODEBUILD_BUILD_ID, // Force all assets to be unique, but consistent in one build @@ -684,10 +677,6 @@ switch (stackSet) { new DockerStack(app, `${stackPrefix}-docker`); new DockerStackWithCustomFile(app, `${stackPrefix}-docker-with-custom-file`); - new NotificationArnPropStack(app, `${stackPrefix}-notification-arn-prop`, { - notificationArns: [`arn:aws:sns:${defaultEnv.region}:${defaultEnv.account}:${stackPrefix}-test-topic-prop`], - }); - // SSO stacks new SsoInstanceAccessControlConfig(app, `${stackPrefix}-sso-access-control`); new SsoAssignment(app, `${stackPrefix}-sso-assignment`); diff --git a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts index 1ce7fe3ef7751..f323110eecfa4 100644 --- a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts +++ b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts @@ -1,7 +1,7 @@ import { promises as fs, existsSync } from 'fs'; import * as os from 'os'; import * as path from 'path'; -import { integTest, cloneDirectory, shell, withDefaultFixture, retry, sleep, randomInteger, withSamIntegrationFixture, RESOURCES_DIR, withCDKMigrateFixture, withExtendedTimeoutFixture, randomString, withoutBootstrap } from '../../lib'; +import { integTest, cloneDirectory, shell, withDefaultFixture, retry, sleep, randomInteger, withSamIntegrationFixture, RESOURCES_DIR, withCDKMigrateFixture, withExtendedTimeoutFixture, randomString } from '../../lib'; jest.setTimeout(2 * 60 * 60_000); // Includes the time to acquire locks, worst-case single-threaded runtime @@ -187,10 +187,7 @@ integTest('context setting', withDefaultFixture(async (fixture) => { } })); -// bootstrapping also performs synthesis. As it turns out, bootstrap-stage synthesis still causes the lookups to be cached, meaning that the lookup never -// happens when we actually call `cdk synth --no-lookups`. This results in the error never being thrown, because it never tries to lookup anything. -// Fix this by not trying to bootstrap; there's no need to bootstrap anyway, since the test never tries to deploy anything. -integTest('context in stage propagates to top', withoutBootstrap(async (fixture) => { +integTest('context in stage propagates to top', withDefaultFixture(async (fixture) => { await expect(fixture.cdkSynth({ // This will make it error to prove that the context bubbles up, and also that we can fail on command options: ['--no-lookups'], @@ -469,12 +466,11 @@ integTest('deploy with parameters multi', withDefaultFixture(async (fixture) => ); })); -integTest('deploy with notification ARN as flag', withDefaultFixture(async (fixture) => { - const topicName = `${fixture.stackNamePrefix}-test-topic-flag`; +integTest('deploy with notification ARN', withDefaultFixture(async (fixture) => { + const topicName = `${fixture.stackNamePrefix}-test-topic`; const response = await fixture.aws.sns('createTopic', { Name: topicName }); const topicArn = response.TopicArn!; - try { await fixture.cdkDeploy('test-2', { options: ['--notification-arns', topicArn], @@ -492,27 +488,6 @@ integTest('deploy with notification ARN as flag', withDefaultFixture(async (fixt } })); -integTest('deploy with notification ARN as prop', withDefaultFixture(async (fixture) => { - const topicName = `${fixture.stackNamePrefix}-test-topic-prop`; - - const response = await fixture.aws.sns('createTopic', { Name: topicName }); - const topicArn = response.TopicArn!; - - try { - await fixture.cdkDeploy('notification-arn-prop'); - - // verify that the stack we deployed has our notification ARN - const describeResponse = await fixture.aws.cloudFormation('describeStacks', { - StackName: fixture.fullStackName('notification-arn-prop'), - }); - expect(describeResponse.Stacks?.[0].NotificationARNs).toEqual([topicArn]); - } finally { - await fixture.aws.sns('deleteTopic', { - TopicArn: topicArn, - }); - } -})); - // NOTE: this doesn't currently work with modern-style synthesis, as the bootstrap // role by default will not have permission to iam:PassRole the created role. integTest('deploy with role', withDefaultFixture(async (fixture) => { diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts index 644d110e70bd9..66872401251aa 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts @@ -55,13 +55,6 @@ export interface AwsCloudFormationStackProperties { */ readonly tags?: { [id: string]: string }; - /** - * SNS Notification ARNs that should receive CloudFormation Stack Events. - * - * @default - No notification arns - */ - readonly notificationArns?: string[]; - /** * The name to use for the CloudFormation stack. * @default - name derived from artifact ID diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json index 240834b8c4830..279dfbe369073 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json @@ -345,12 +345,6 @@ "type": "string" } }, - "notificationArns": { - "type": "array", - "items": { - "type": "string" - } - }, "stackName": { "description": "The name to use for the CloudFormation stack. (Default - name derived from artifact ID)", "type": "string" diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json index 079dd58c72d69..1f0068d32659a 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"37.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/aws-cdk-lib/core/README.md b/packages/aws-cdk-lib/core/README.md index aac7abe87c167..140d8920c44de 100644 --- a/packages/aws-cdk-lib/core/README.md +++ b/packages/aws-cdk-lib/core/README.md @@ -1242,18 +1242,6 @@ const stack = new Stack(app, 'StackName', { }); ``` -### Receiving CloudFormation Stack Events - -You can add one or more SNS Topic ARNs to any Stack: - -```ts -const stack = new Stack(app, 'StackName', { - notificationArns: ['arn:aws:sns:us-east-1:23456789012:Topic'], -}); -``` - -Stack events will be sent to any SNS Topics in this list. - ### CfnJson `CfnJson` allows you to postpone the resolution of a JSON blob from diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts index c985c538cac81..1017f172a850e 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts @@ -48,7 +48,6 @@ export function addStackArtifactToAssembly( terminationProtection: stack.terminationProtection, tags: nonEmptyDict(stack.tags.tagValues()), validateOnSynth: session.validateOnSynth, - notificationArns: stack._notificationArns, ...stackProps, ...stackNameProperty, }; diff --git a/packages/aws-cdk-lib/core/lib/stack.ts b/packages/aws-cdk-lib/core/lib/stack.ts index f66a571f534e1..ce3cb9c9b9fd8 100644 --- a/packages/aws-cdk-lib/core/lib/stack.ts +++ b/packages/aws-cdk-lib/core/lib/stack.ts @@ -127,13 +127,6 @@ export interface StackProps { */ readonly tags?: { [key: string]: string }; - /** - * SNS Topic ARNs that will receive stack events. - * - * @default - no notfication arns. - */ - readonly notificationArns?: string[]; - /** * Synthesis method to use while deploying this stack * @@ -371,13 +364,6 @@ export class Stack extends Construct implements ITaggable { */ public readonly _crossRegionReferences: boolean; - /** - * SNS Notification ARNs to receive stack events. - * - * @internal - */ - public readonly _notificationArns: string[]; - /** * Logical ID generation strategy */ @@ -464,7 +450,6 @@ export class Stack extends Construct implements ITaggable { throw new Error(`Stack name must be <= 128 characters. Stack name: '${this._stackName}'`); } this.tags = new TagManager(TagType.KEY_VALUE, 'aws:cdk:stack', props.tags); - this._notificationArns = props.notificationArns ?? []; if (!VALID_STACK_NAME_REGEX.test(this.stackName)) { throw new Error(`Stack name must match the regular expression: ${VALID_STACK_NAME_REGEX.toString()}, got '${this.stackName}'`); diff --git a/packages/aws-cdk-lib/core/test/stack.test.ts b/packages/aws-cdk-lib/core/test/stack.test.ts index 4846ff3b0cc05..82be67b19499b 100644 --- a/packages/aws-cdk-lib/core/test/stack.test.ts +++ b/packages/aws-cdk-lib/core/test/stack.test.ts @@ -2075,21 +2075,6 @@ describe('stack', () => { expect(asm.getStackArtifact(stack2.artifactId).tags).toEqual(expected); }); - test('stack notification arns are reflected in the stack artifact properties', () => { - // GIVEN - const NOTIFICATION_ARNS = ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']; - const app = new App({ stackTraces: false }); - const stack1 = new Stack(app, 'stack1', { - notificationArns: NOTIFICATION_ARNS, - }); - - // THEN - const asm = app.synth(); - const expected = { foo: 'bar' }; - - expect(asm.getStackArtifact(stack1.artifactId).notificationArns).toEqual(NOTIFICATION_ARNS); - }); - test('Termination Protection is reflected in Cloud Assembly artifact', () => { // if the root is an app, invoke "synth" to avoid double synthesis const app = new App(); diff --git a/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts b/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts index d73e2a5b33dd7..7cf279c96d924 100644 --- a/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts +++ b/packages/aws-cdk-lib/cx-api/lib/artifacts/cloudformation-artifact.ts @@ -54,11 +54,6 @@ export class CloudFormationStackArtifact extends CloudArtifact { */ public readonly tags: { [id: string]: string }; - /** - * SNS Topics that will receive stack events. - */ - public readonly notificationArns: string[]; - /** * The physical name of this stack. */ @@ -163,7 +158,6 @@ export class CloudFormationStackArtifact extends CloudArtifact { // We get the tags from 'properties' if available (cloud assembly format >= 6.0.0), otherwise // from the stack metadata this.tags = properties.tags ?? this.tagsFromMetadata(); - this.notificationArns = properties.notificationArns ?? []; this.assumeRoleArn = properties.assumeRoleArn; this.assumeRoleExternalId = properties.assumeRoleExternalId; this.cloudFormationExecutionRoleArn = properties.cloudFormationExecutionRoleArn; diff --git a/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts b/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts index 81d5b4a0c3186..85009cedd7c23 100644 --- a/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts +++ b/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts @@ -21,24 +21,6 @@ afterEach(() => { rimraf(builder.outdir); }); -test('read notification arns from artifact properties', () => { -// GIVEN - const NOTIFICATION_ARNS = ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']; - builder.addArtifact('Stack', { - ...stackBase, - properties: { - ...stackBase.properties, - notificationArns: NOTIFICATION_ARNS, - }, - }); - - // WHEN - const assembly = builder.buildAssembly(); - - // THEN - expect(assembly.getStackByName('Stack').notificationArns).toEqual(NOTIFICATION_ARNS); -}); - test('read tags from artifact properties', () => { // GIVEN builder.addArtifact('Stack', { diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts index 93a57eb2e4629..28af2d39616b0 100644 --- a/packages/aws-cdk/lib/api/deploy-stack.ts +++ b/packages/aws-cdk/lib/api/deploy-stack.ts @@ -644,12 +644,6 @@ async function canSkipDeploy( return false; } - // Notification arns have changed - if (!arrayEquals(cloudFormationStack.notificationArns, deployStackOptions.notificationArns ?? [])) { - debug(`${deployName}: notification arns have changed`); - return false; - } - // Termination protection has been updated if (!!deployStackOptions.stack.terminationProtection !== !!cloudFormationStack.terminationProtection) { debug(`${deployName}: termination protection has been updated`); @@ -700,7 +694,3 @@ function suffixWithErrors(msg: string, errors?: string[]) { ? `${msg}: ${errors.join(', ')}` : msg; } - -function arrayEquals(a: any[], b: any[]): boolean { - return a.every(item => b.includes(item)) && b.every(item => a.includes(item)); -} diff --git a/packages/aws-cdk/lib/api/util/cloudformation.ts b/packages/aws-cdk/lib/api/util/cloudformation.ts index 2361871e2bef0..23e95f6d618e5 100644 --- a/packages/aws-cdk/lib/api/util/cloudformation.ts +++ b/packages/aws-cdk/lib/api/util/cloudformation.ts @@ -138,21 +138,12 @@ export class CloudFormationStack { /** * The stack's current tags * - * Empty list if the stack does not exist + * Empty list of the stack does not exist */ public get tags(): CloudFormation.Tags { return this.stack?.Tags || []; } - /** - * SNS Topic ARNs that will receive stack events. - * - * Empty list if the stack does not exist - */ - public get notificationArns(): CloudFormation.NotificationARNs { - return this.stack?.NotificationARNs ?? []; - } - /** * Return the names of all current parameters to the stack * diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index f876634484c46..854b7ec6419c2 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -161,6 +161,7 @@ export class CdkToolkit { let changeSet = undefined; if (options.changeSet) { + let stackExists = false; try { stackExists = await this.props.deployments.stackExists({ @@ -213,6 +214,14 @@ export class CdkToolkit { return this.watch(options); } + if (options.notificationArns) { + options.notificationArns.map( arn => { + if (!validateSnsTopicArn(arn)) { + throw new Error(`Notification arn ${arn} is not a valid arn for an SNS topic`); + } + }); + } + const startSynthTime = new Date().getTime(); const stackCollection = await this.selectStacksForDeploy(options.selector, options.exclusively, options.cacheCloudAssembly, options.ignoreNoStacks); @@ -309,17 +318,7 @@ export class CdkToolkit { } } - let notificationArns: string[] = []; - notificationArns = notificationArns.concat(options.notificationArns ?? []); - notificationArns = notificationArns.concat(stack.notificationArns); - - notificationArns.map(arn => { - if (!validateSnsTopicArn(arn)) { - throw new Error(`Notification arn ${arn} is not a valid arn for an SNS topic`); - } - }); - - const stackIndex = stacks.indexOf(stack) + 1; + const stackIndex = stacks.indexOf(stack)+1; print('%s: deploying... [%s/%s]', chalk.bold(stack.displayName), stackIndex, stackCollection.stackCount); const startDeployTime = new Date().getTime(); @@ -336,7 +335,7 @@ export class CdkToolkit { roleArn: options.roleArn, toolkitStackName: options.toolkitStackName, reuseAssets: options.reuseAssets, - notificationArns, + notificationArns: options.notificationArns, tags, execute: options.execute, changeSetName: options.changeSetName, diff --git a/packages/aws-cdk/test/api/deploy-stack.test.ts b/packages/aws-cdk/test/api/deploy-stack.test.ts index 4aec7cc9ff7d1..666d4f43410ec 100644 --- a/packages/aws-cdk/test/api/deploy-stack.test.ts +++ b/packages/aws-cdk/test/api/deploy-stack.test.ts @@ -460,42 +460,6 @@ test('deploy is not skipped if parameters are different', async () => { })); }); -test('deploy is skipped if notificationArns are the same', async () => { - // GIVEN - givenTemplateIs(FAKE_STACK.template); - givenStackExists({ - NotificationARNs: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], - }); - - // WHEN - await deployStack({ - ...standardDeployStackArguments(), - stack: FAKE_STACK, - notificationArns: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], - }); - - // THEN - expect(cfnMocks.createChangeSet).not.toHaveBeenCalled(); -}); - -test('deploy is not skipped if notificationArns are different', async () => { - // GIVEN - givenTemplateIs(FAKE_STACK.template); - givenStackExists({ - NotificationARNs: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], - }); - - // WHEN - await deployStack({ - ...standardDeployStackArguments(), - stack: FAKE_STACK, - notificationArns: ['arn:aws:sns:bermuda-triangle-1337:123456789012:MagicTopic'], - }); - - // THEN - expect(cfnMocks.createChangeSet).toHaveBeenCalled(); -}); - test('if existing stack failed to create, it is deleted and recreated', async () => { // GIVEN givenStackExists( @@ -660,7 +624,7 @@ test('deploy is not skipped if stack is in a _FAILED state', async () => { await deployStack({ ...standardDeployStackArguments(), usePreviousParameters: true, - }).catch(() => { }); + }).catch(() => {}); // THEN expect(cfnMocks.createChangeSet).toHaveBeenCalled(); diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index b8d998b97ef84..7f70bbc8434de 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -71,8 +71,6 @@ import { CdkToolkit, Tag } from '../lib/cdk-toolkit'; import { RequireApproval } from '../lib/diff'; import { flatten } from '../lib/util'; -process.env.CXAPI_DISABLE_SELECT_BY_ID = '1'; - let cloudExecutable: MockCloudExecutable; let bootstrapper: jest.Mocked; let stderrMock: jest.SpyInstance; @@ -292,11 +290,11 @@ describe('readCurrentTemplate', () => { // GIVEN // throw error first for the 'prepareSdkWithLookupRoleFor' call and succeed for the rest mockForEnvironment = jest.fn().mockImplementationOnce(() => { throw new Error('error'); }) - .mockImplementation(() => { return { sdk: mockCloudExecutable.sdkProvider.sdk, didAssumeRole: true }; }); + .mockImplementation(() => { return { sdk: mockCloudExecutable.sdkProvider.sdk, didAssumeRole: true };}); mockCloudExecutable.sdkProvider.forEnvironment = mockForEnvironment; mockCloudExecutable.sdkProvider.stubSSM({ getParameter() { - return {}; + return { }; }, }); const cdkToolkit = new CdkToolkit({ @@ -338,7 +336,7 @@ describe('readCurrentTemplate', () => { }); mockCloudExecutable.sdkProvider.stubSSM({ getParameter() { - return {}; + return { }; }, }); @@ -484,253 +482,108 @@ describe('deploy', () => { }); }); - describe('sns notification arns', () => { - beforeEach(() => { - cloudExecutable = new MockCloudExecutable({ - stacks: [ - MockStack.MOCK_STACK_A, - MockStack.MOCK_STACK_B, - MockStack.MOCK_STACK_WITH_NOTIFICATION_ARNS, - MockStack.MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS, - ], - }); - }); - - test('with sns notification arns as options', async () => { - // GIVEN - const notificationArns = [ - 'arn:aws:sns:us-east-2:444455556666:MyTopic', - 'arn:aws:sns:eu-west-1:111155556666:my-great-topic', - ]; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-A': { Foo: 'Bar' }, - }, notificationArns), - }); - - // WHEN - await toolkit.deploy({ - // Stacks should be selected by their hierarchical ID, which is their displayName, not by the stack ID. - selector: { patterns: ['Test-Stack-A-Display-Name'] }, - notificationArns, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }); - }); - - test('fail with incorrect sns notification arns as options', async () => { - // GIVEN - const notificationArns = ['arn:::cfn-my-cool-topic']; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-A': { Foo: 'Bar' }, - }, notificationArns), - }); - - // WHEN - await expect(() => - toolkit.deploy({ - // Stacks should be selected by their hierarchical ID, which is their displayName, not by the stack ID. - selector: { patterns: ['Test-Stack-A-Display-Name'] }, - notificationArns, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }), - ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); + test('with sns notification arns', async () => { + // GIVEN + const notificationArns = [ + 'arn:aws:sns:us-east-2:444455556666:MyTopic', + 'arn:aws:sns:eu-west-1:111155556666:my-great-topic', + ]; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-A': { Foo: 'Bar' }, + 'Test-Stack-B': { Baz: 'Zinga!' }, + }, notificationArns), }); - test('with sns notification arns in the executable', async () => { - // GIVEN - const expectedNotificationArns = [ - 'arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic', - ]; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-Notification-Arns': { Foo: 'Bar' }, - }, expectedNotificationArns), - }); - - // WHEN - await toolkit.deploy({ - selector: { patterns: ['Test-Stack-Notification-Arns'] }, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }); + // WHEN + await toolkit.deploy({ + selector: { patterns: ['Test-Stack-A', 'Test-Stack-B'] }, + notificationArns, + hotswap: HotswapMode.FULL_DEPLOYMENT, }); + }); - test('fail with incorrect sns notification arns in the executable', async () => { - // GIVEN - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-Bad-Notification-Arns': { Foo: 'Bar' }, - }), - }); - - // WHEN - await expect(() => - toolkit.deploy({ - selector: { patterns: ['Test-Stack-Bad-Notification-Arns'] }, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }), - ).rejects.toThrow('Notification arn arn:1337:123456789012:sns:bad is not a valid arn for an SNS topic'); + test('fail with incorrect sns notification arns', async () => { + // GIVEN + const notificationArns = ['arn:::cfn-my-cool-topic']; + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments: new FakeCloudFormation({ + 'Test-Stack-A': { Foo: 'Bar' }, + }, notificationArns), }); - test('with sns notification arns in the executable and as options', async () => { - // GIVEN - const notificationArns = [ - 'arn:aws:sns:us-east-2:444455556666:MyTopic', - 'arn:aws:sns:eu-west-1:111155556666:my-great-topic', - ]; - - const expectedNotificationArns = notificationArns.concat(['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']); - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-Notification-Arns': { Foo: 'Bar' }, - }, expectedNotificationArns), - }); - - // WHEN - await toolkit.deploy({ - selector: { patterns: ['Test-Stack-Notification-Arns'] }, + // WHEN + await expect(() => + toolkit.deploy({ + selector: { patterns: ['Test-Stack-A'] }, notificationArns, hotswap: HotswapMode.FULL_DEPLOYMENT, - }); - }); - - test('fail with incorrect sns notification arns in the executable and incorrect sns notification arns as options', async () => { - // GIVEN - const notificationArns = ['arn:::cfn-my-cool-topic']; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-Bad-Notification-Arns': { Foo: 'Bar' }, - }, notificationArns), - }); - - // WHEN - await expect(() => - toolkit.deploy({ - selector: { patterns: ['Test-Stack-Bad-Notification-Arns'] }, - notificationArns, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }), - ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); - }); - - test('fail with incorrect sns notification arns in the executable and correct sns notification arns as options', async () => { - // GIVEN - const notificationArns = ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic']; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-Bad-Notification-Arns': { Foo: 'Bar' }, - }, notificationArns), - }); - - // WHEN - await expect(() => - toolkit.deploy({ - selector: { patterns: ['Test-Stack-Bad-Notification-Arns'] }, - notificationArns, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }), - ).rejects.toThrow('Notification arn arn:1337:123456789012:sns:bad is not a valid arn for an SNS topic'); - }); + }), + ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); - test('fail with correct sns notification arns in the executable and incorrect sns notification arns as options', async () => { - // GIVEN - const notificationArns = ['arn:::cfn-my-cool-topic']; - const toolkit = new CdkToolkit({ - cloudExecutable, - configuration: cloudExecutable.configuration, - sdkProvider: cloudExecutable.sdkProvider, - deployments: new FakeCloudFormation({ - 'Test-Stack-Notification-Arns': { Foo: 'Bar' }, - }, notificationArns), - }); - - // WHEN - await expect(() => - toolkit.deploy({ - selector: { patterns: ['Test-Stack-Notification-Arns'] }, - notificationArns, - hotswap: HotswapMode.FULL_DEPLOYMENT, - }), - ).rejects.toThrow('Notification arn arn:::cfn-my-cool-topic is not a valid arn for an SNS topic'); - }); }); - }); - test('globless bootstrap uses environment without question', async () => { + test('globless bootstrap uses environment without question', async () => { // GIVEN - const toolkit = defaultToolkitSetup(); + const toolkit = defaultToolkitSetup(); - // WHEN - await toolkit.bootstrap(['aws://56789/south-pole'], bootstrapper, {}); + // WHEN + await toolkit.bootstrap(['aws://56789/south-pole'], bootstrapper, {}); - // THEN - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ - account: '56789', - region: 'south-pole', - name: 'aws://56789/south-pole', - }, expect.anything(), expect.anything()); - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); - }); + // THEN + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ + account: '56789', + region: 'south-pole', + name: 'aws://56789/south-pole', + }, expect.anything(), expect.anything()); + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + }); - test('globby bootstrap uses whats in the stacks', async () => { - // GIVEN - const toolkit = defaultToolkitSetup(); - cloudExecutable.configuration.settings.set(['app'], 'something'); + test('globby bootstrap uses whats in the stacks', async () => { + // GIVEN + const toolkit = defaultToolkitSetup(); + cloudExecutable.configuration.settings.set(['app'], 'something'); - // WHEN - await toolkit.bootstrap(['aws://*/bermuda-triangle-1'], bootstrapper, {}); + // WHEN + await toolkit.bootstrap(['aws://*/bermuda-triangle-1'], bootstrapper, {}); - // THEN - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ - account: '123456789012', - region: 'bermuda-triangle-1', - name: 'aws://123456789012/bermuda-triangle-1', - }, expect.anything(), expect.anything()); - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); - }); + // THEN + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ + account: '123456789012', + region: 'bermuda-triangle-1', + name: 'aws://123456789012/bermuda-triangle-1', + }, expect.anything(), expect.anything()); + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + }); - test('bootstrap can be invoked without the --app argument', async () => { - // GIVEN - cloudExecutable.configuration.settings.clear(); - const mockSynthesize = jest.fn(); - cloudExecutable.synthesize = mockSynthesize; + test('bootstrap can be invoked without the --app argument', async () => { + // GIVEN + cloudExecutable.configuration.settings.clear(); + const mockSynthesize = jest.fn(); + cloudExecutable.synthesize = mockSynthesize; - const toolkit = defaultToolkitSetup(); + const toolkit = defaultToolkitSetup(); - // WHEN - await toolkit.bootstrap(['aws://123456789012/west-pole'], bootstrapper, {}); + // WHEN + await toolkit.bootstrap(['aws://123456789012/west-pole'], bootstrapper, {}); - // THEN - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ - account: '123456789012', - region: 'west-pole', - name: 'aws://123456789012/west-pole', - }, expect.anything(), expect.anything()); - expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); - - expect(cloudExecutable.hasApp).toEqual(false); - expect(mockSynthesize).not.toHaveBeenCalled(); + // THEN + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledWith({ + account: '123456789012', + region: 'west-pole', + name: 'aws://123456789012/west-pole', + }, expect.anything(), expect.anything()); + expect(bootstrapper.bootstrapEnvironment).toHaveBeenCalledTimes(1); + + expect(cloudExecutable.hasApp).toEqual(false); + expect(mockSynthesize).not.toHaveBeenCalled(); + }); }); }); @@ -738,7 +591,7 @@ describe('destroy', () => { test('destroy correct stack', async () => { const toolkit = defaultToolkitSetup(); - expect(() => { + await expect(() => { return toolkit.destroy({ selector: { patterns: ['Test-Stack-A/Test-Stack-C'] }, exclusively: true, @@ -1001,6 +854,10 @@ describe('synth', () => { expect(mockData.mock.calls.length).toEqual(0); }); + afterEach(() => { + process.env.STACKS_TO_VALIDATE = undefined; + }); + describe('migrate', () => { const testResourcePath = [__dirname, 'commands', 'test-resources']; const templatePath = [...testResourcePath, 'templates']; @@ -1136,13 +993,13 @@ describe('synth', () => { }); }); - test('causes synth to fail if autoValidate=true', async () => { + test('causes synth to fail if autoValidate=true', async() => { const toolkit = defaultToolkitSetup(); const autoValidate = true; await expect(toolkit.synth([], false, true, autoValidate)).rejects.toBeDefined(); }); - test('causes synth to succeed if autoValidate=false', async () => { + test('causes synth to succeed if autoValidate=false', async() => { const toolkit = defaultToolkitSetup(); const autoValidate = false; await toolkit.synth([], false, true, autoValidate); @@ -1150,7 +1007,7 @@ describe('synth', () => { }); }); - test('stack has error and was explicitly selected', async () => { + test('stack has error and was explicitly selected', async() => { cloudExecutable = new MockCloudExecutable({ stacks: [ MockStack.MOCK_STACK_A, @@ -1266,8 +1123,7 @@ class MockStack { ], }, depends: [MockStack.MOCK_STACK_C.stackName], - }; - + } public static readonly MOCK_STACK_WITH_ERROR: TestStackArtifact = { stackName: 'witherrors', env: 'aws://123456789012/bermuda-triangle-1', @@ -1299,39 +1155,6 @@ class MockStack { }, }, } - public static readonly MOCK_STACK_WITH_NOTIFICATION_ARNS: TestStackArtifact = { - stackName: 'Test-Stack-Notification-Arns', - notificationArns: ['arn:aws:sns:bermuda-triangle-1337:123456789012:MyTopic'], - template: { Resources: { TemplateName: 'Test-Stack-Notification-Arns' } }, - env: 'aws://123456789012/bermuda-triangle-1337', - metadata: { - '/Test-Stack-Notification-Arns': [ - { - type: cxschema.ArtifactMetadataEntryType.STACK_TAGS, - data: [ - { key: 'Foo', value: 'Bar' }, - ], - }, - ], - }, - } - - public static readonly MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS: TestStackArtifact = { - stackName: 'Test-Stack-Bad-Notification-Arns', - notificationArns: ['arn:1337:123456789012:sns:bad'], - template: { Resources: { TemplateName: 'Test-Stack-Bad-Notification-Arns' } }, - env: 'aws://123456789012/bermuda-triangle-1337', - metadata: { - '/Test-Stack-Bad-Notification-Arns': [ - { - type: cxschema.ArtifactMetadataEntryType.STACK_TAGS, - data: [ - { key: 'Foo', value: 'Bar' }, - ], - }, - ], - }, - } } class FakeCloudFormation extends Deployments { @@ -1349,7 +1172,9 @@ class FakeCloudFormation extends Deployments { Object.entries(tags).map(([Key, Value]) => ({ Key, Value })) .sort((l, r) => l.Key.localeCompare(r.Key)); } - this.expectedNotificationArns = expectedNotificationArns ?? []; + if (expectedNotificationArns) { + this.expectedNotificationArns = expectedNotificationArns; + } } public deployStack(options: DeployStackOptions): Promise { @@ -1357,11 +1182,7 @@ class FakeCloudFormation extends Deployments { MockStack.MOCK_STACK_A.stackName, MockStack.MOCK_STACK_B.stackName, MockStack.MOCK_STACK_C.stackName, - // MockStack.MOCK_STACK_D deliberately omitted. MockStack.MOCK_STACK_WITH_ASSET.stackName, - MockStack.MOCK_STACK_WITH_ERROR.stackName, - MockStack.MOCK_STACK_WITH_NOTIFICATION_ARNS.stackName, - MockStack.MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS.stackName, ]).toContain(options.stack.stackName); if (this.expectedTags[options.stack.stackName]) { @@ -1392,12 +1213,8 @@ class FakeCloudFormation extends Deployments { return Promise.resolve({}); case MockStack.MOCK_STACK_WITH_ASSET.stackName: return Promise.resolve({}); - case MockStack.MOCK_STACK_WITH_NOTIFICATION_ARNS.stackName: - return Promise.resolve({}); - case MockStack.MOCK_STACK_WITH_BAD_NOTIFICATION_ARNS.stackName: - return Promise.resolve({}); default: - throw new Error(`not an expected mock stack: ${stack.stackName}`); + return Promise.reject(`Not an expected mock stack: ${stack.stackName}`); } } } diff --git a/packages/aws-cdk/test/util.ts b/packages/aws-cdk/test/util.ts index 1f059836d670d..879d6572f369b 100644 --- a/packages/aws-cdk/test/util.ts +++ b/packages/aws-cdk/test/util.ts @@ -16,7 +16,6 @@ export interface TestStackArtifact { env?: string; depends?: string[]; metadata?: cxapi.StackMetadata; - notificationArns?: string[]; /** Old-style assets */ assets?: cxschema.AssetMetadataEntry[]; @@ -102,7 +101,6 @@ function addAttributes(assembly: TestAssembly, builder: cxapi.CloudAssemblyBuild ...stack.properties, templateFile, terminationProtection: stack.terminationProtection, - notificationArns: stack.notificationArns, }, displayName: stack.displayName, }); From 94b68d7b21ed23d8e93c72ed3a8c38f73e95a49f Mon Sep 17 00:00:00 2001 From: Kendra Neil <53584728+TheRealAmazonKendra@users.noreply.github.com> Date: Tue, 13 Aug 2024 19:41:43 -0700 Subject: [PATCH 33/40] chore: use externally published cloud-assembly-schema (#31064) ### Issue # (if applicable) Closes #. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- package.json | 8 +- .../cli-lib-alpha/THIRD_PARTY_LICENSES | 117 +-- .../@aws-cdk/cloud-assembly-schema/.gitignore | 9 - .../@aws-cdk/cloud-assembly-schema/.npmignore | 29 - .../cloud-assembly-schema/CONTRIBUTING.md | 67 -- .../@aws-cdk/cloud-assembly-schema/LICENSE | 201 ---- .../@aws-cdk/cloud-assembly-schema/NOTICE | 46 - .../cloud-assembly-schema/jest.config.js | 13 - .../cloud-assembly-schema/package.json | 122 --- packages/@aws-cdk/cx-api/package.json | 6 +- .../integ-runner/THIRD_PARTY_LICENSES | 2 +- packages/@aws-cdk/integ-runner/package.json | 4 +- .../cloud-assembly-schema/.jsiirc.json | 13 - .../cloud-assembly-schema/CONTRIBUTING.md | 67 -- .../cloud-assembly-schema/README.md | 55 - .../cloud-assembly-schema/index.ts | 2 +- .../lib/assets/aws-destination.ts | 25 - .../lib/assets/docker-image-asset.ts | 175 ---- .../lib/assets/file-asset.ts | 76 -- .../cloud-assembly-schema/lib/assets/index.ts | 4 - .../lib/assets/schema.ts | 26 - .../lib/cloud-assembly/artifact-schema.ts | 204 ---- .../lib/cloud-assembly/context-queries.ts | 514 ---------- .../lib/cloud-assembly/index.ts | 4 - .../lib/cloud-assembly/metadata-schema.ts | 325 ------ .../lib/cloud-assembly/schema.ts | 140 --- .../cloud-assembly-schema/lib/index.ts | 4 - .../lib/integ-tests/commands/common.ts | 201 ---- .../lib/integ-tests/commands/deploy.ts | 104 -- .../lib/integ-tests/commands/destroy.ts | 20 - .../lib/integ-tests/commands/index.ts | 3 - .../lib/integ-tests/index.ts | 3 - .../lib/integ-tests/schema.ts | 35 - .../lib/integ-tests/test-case.ts | 206 ---- .../cloud-assembly-schema/lib/manifest.ts | 292 ------ .../cloud-assembly-schema/schema/README.md | 5 - .../schema/assets.schema.json | 253 ----- .../schema/cloud-assembly.schema.json | 939 ------------------ .../schema/cloud-assembly.version.json | 1 - .../schema/integ.schema.json | 493 --------- .../scripts/update-schema.sh | 11 - .../scripts/update-schema.ts | 151 --- .../test/__snapshots__/manifest.test.ts.snap | 7 - .../cloud-assembly-schema/test/assets.test.ts | 194 ---- .../test/fixtures/high-version/manifest.json | 3 - .../invalid-artifact-type/manifest.json | 9 - .../invalid-nested-property/manifest.json | 6 - .../fixtures/invalid-version/manifest.json | 3 - .../test/fixtures/only-version/manifest.json | 3 - .../fixtures/random-metadata/manifest.json | 35 - .../fixtures/unknown-property/manifest.json | 4 - .../fixtures/with-stack-tags/manifest.json | 38 - .../test/integ-tests.test.ts | 137 --- .../test/manifest.test.ts | 162 --- .../cloud-assembly-schema/test/schema.test.ts | 47 - packages/aws-cdk-lib/package.json | 1 + packages/aws-cdk/THIRD_PARTY_LICENSES | 22 +- packages/aws-cdk/package.json | 4 +- packages/aws-cdk/test/api/exec.test.ts | 2 +- packages/awslint/package.json | 6 +- packages/cdk-assets/package.json | 4 +- tools/@aws-cdk/cdk-build-tools/package.json | 6 +- yarn.lock | 117 ++- 63 files changed, 197 insertions(+), 5588 deletions(-) delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/.gitignore delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/.npmignore delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/LICENSE delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/NOTICE delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/jest.config.js delete mode 100644 packages/@aws-cdk/cloud-assembly-schema/package.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/README.md delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json delete mode 100755 packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts delete mode 100644 packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts diff --git a/package.json b/package.json index 4b07be0640957..6e7b4575961f2 100644 --- a/package.json +++ b/package.json @@ -25,9 +25,9 @@ "fs-extra": "^9.1.0", "graceful-fs": "^4.2.11", "jest-junit": "^13.2.0", - "jsii-diff": "1.101.0", - "jsii-pacmak": "1.101.0", - "jsii-reflect": "1.101.0", + "jsii-diff": "1.102.0", + "jsii-pacmak": "1.102.0", + "jsii-reflect": "1.102.0", "lerna": "^8.1.5", "nx": "^19.4.0", "patch-package": "^6.5.1", @@ -177,4 +177,4 @@ "dependencies": { "string-width": "^4.2.3" } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES index 30c90c16203a6..1fb7f7fdfaabf 100644 --- a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES +++ b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES @@ -207,7 +207,7 @@ The @aws-cdk/cli-lib-alpha package includes the following third-party software/l ---------------- -** @jsii/check-node@1.97.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.97.0 | Apache-2.0 +** @jsii/check-node@1.102.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.102.0 | Apache-2.0 jsii Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -266,7 +266,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** ajv@8.12.0 - https://www.npmjs.com/package/ajv/v/8.12.0 | MIT +** ajv@8.16.0 - https://www.npmjs.com/package/ajv/v/8.16.0 | MIT The MIT License (MIT) Copyright (c) 2015-2021 Evgeny Poberezkin @@ -493,7 +493,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE ---------------- -** aws-sdk@2.1596.0 - https://www.npmjs.com/package/aws-sdk/v/2.1596.0 | Apache-2.0 +** aws-sdk@2.1653.0 - https://www.npmjs.com/package/aws-sdk/v/2.1653.0 | Apache-2.0 AWS SDK for JavaScript Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -601,10 +601,10 @@ SOFTWARE. ---------------- -** braces@3.0.2 - https://www.npmjs.com/package/braces/v/3.0.2 | MIT +** braces@3.0.3 - https://www.npmjs.com/package/braces/v/3.0.3 | MIT The MIT License (MIT) -Copyright (c) 2014-2018, Jon Schlinkert. +Copyright (c) 2014-present, Jon Schlinkert. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -691,7 +691,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI ---------------- -** cdk-from-cfn@0.156.0 - https://www.npmjs.com/package/cdk-from-cfn/v/0.156.0 | MIT OR Apache-2.0 +** cdk-from-cfn@0.162.0 - https://www.npmjs.com/package/cdk-from-cfn/v/0.162.0 | MIT OR Apache-2.0 ---------------- @@ -1123,7 +1123,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** debug@4.3.4 - https://www.npmjs.com/package/debug/v/4.3.4 | MIT +** debug@4.3.5 - https://www.npmjs.com/package/debug/v/4.3.5 | MIT (The MIT License) Copyright (c) 2014-2017 TJ Holowaychuk @@ -1390,7 +1390,7 @@ SOFTWARE. ---------------- -** fill-range@7.0.1 - https://www.npmjs.com/package/fill-range/v/7.0.1 | MIT +** fill-range@7.1.1 - https://www.npmjs.com/package/fill-range/v/7.1.1 | MIT The MIT License (MIT) Copyright (c) 2014-present, Jon Schlinkert. @@ -1667,7 +1667,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** https-proxy-agent@7.0.4 - https://www.npmjs.com/package/https-proxy-agent/v/7.0.4 | MIT +** https-proxy-agent@7.0.5 - https://www.npmjs.com/package/https-proxy-agent/v/7.0.5 | MIT (The MIT License) Copyright (c) 2013 Nathan Rajlich @@ -2315,26 +2315,6 @@ licenses; we recommend you read them, as their terms may differ from the terms above. ----------------- - -** lru-cache@6.0.0 - https://www.npmjs.com/package/lru-cache/v/6.0.0 | ISC -The ISC License - -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - ---------------- ** lru-cache@7.18.3 - https://www.npmjs.com/package/lru-cache/v/7.18.3 | ISC @@ -2497,7 +2477,30 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---------------- -** pac-proxy-agent@7.0.1 - https://www.npmjs.com/package/pac-proxy-agent/v/7.0.1 | MIT +** pac-proxy-agent@7.0.2 - https://www.npmjs.com/package/pac-proxy-agent/v/7.0.2 | MIT +(The MIT License) + +Copyright (c) 2014 Nathan Rajlich + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + ---------------- @@ -3094,10 +3097,10 @@ THE SOFTWARE. ---------------- -** sax@1.3.0 - https://www.npmjs.com/package/sax/v/1.3.0 | ISC +** sax@1.4.1 - https://www.npmjs.com/package/sax/v/1.4.1 | ISC The ISC License -Copyright (c) 2010-2022 Isaac Z. Schlueter and Contributors +Copyright (c) 2010-2024 Isaac Z. Schlueter and Contributors Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -3116,7 +3119,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. `String.fromCodePoint` by Mathias Bynens used according to terms of MIT License, as follows: -Copyright (c) 2010-2022 Mathias Bynens +Copyright (c) 2010-2024 Mathias Bynens Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the @@ -3140,7 +3143,27 @@ Copyright (c) 2010-2022 Mathias Bynens ---------------- -** semver@7.6.0 - https://www.npmjs.com/package/semver/v/7.6.0 | ISC +** semver@7.6.2 - https://www.npmjs.com/package/semver/v/7.6.2 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +---------------- + +** semver@7.6.3 - https://www.npmjs.com/package/semver/v/7.6.3 | ISC The ISC License Copyright (c) Isaac Z. Schlueter and Contributors @@ -3200,7 +3223,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** socks-proxy-agent@8.0.3 - https://www.npmjs.com/package/socks-proxy-agent/v/8.0.3 | MIT +** socks-proxy-agent@8.0.4 - https://www.npmjs.com/package/socks-proxy-agent/v/8.0.4 | MIT (The MIT License) Copyright (c) 2013 Nathan Rajlich @@ -3545,7 +3568,7 @@ THE SOFTWARE. ---------------- -** tslib@2.6.2 - https://www.npmjs.com/package/tslib/v/2.6.2 | 0BSD +** tslib@2.6.3 - https://www.npmjs.com/package/tslib/v/2.6.3 | 0BSD Copyright (c) Microsoft Corporation. Permission to use, copy, modify, and/or distribute this software for any @@ -3723,26 +3746,6 @@ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------- - -** yallist@4.0.0 - https://www.npmjs.com/package/yallist/v/4.0.0 | ISC -The ISC License - -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - ---------------- ** yaml@1.10.2 - https://www.npmjs.com/package/yaml/v/1.10.2 | ISC @@ -3832,4 +3835,4 @@ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ----------------- \ No newline at end of file +---------------- diff --git a/packages/@aws-cdk/cloud-assembly-schema/.gitignore b/packages/@aws-cdk/cloud-assembly-schema/.gitignore deleted file mode 100644 index 6b8649e2756f5..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -# This package is copied from aws-cdk-lib/cloud-assembly-schema, ignore everything -# except package.json -* -!package.json -!.npmignore -!jest.config.js -!LICENSE -!NOTICE -!CONTRIBUTING.md diff --git a/packages/@aws-cdk/cloud-assembly-schema/.npmignore b/packages/@aws-cdk/cloud-assembly-schema/.npmignore deleted file mode 100644 index 2f484b8db6b88..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/.npmignore +++ /dev/null @@ -1,29 +0,0 @@ -# Don't include original .ts files when doing `npm pack` -*.ts -!*.d.ts -coverage -.nyc_output -*.tgz - -dist -.LAST_PACKAGE -.LAST_BUILD -!*.js - -# Include .jsii -!.jsii - -*.snk - -*.tsbuildinfo - -tsconfig.json -.eslintrc.js -jest.config.js - -# exclude cdk artifacts -**/cdk.out -junit.xml -test/ -!*.lit.ts -**/*.snapshot diff --git a/packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md b/packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md deleted file mode 100644 index 0a96c52f7ca1a..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/CONTRIBUTING.md +++ /dev/null @@ -1,67 +0,0 @@ -## Cloud Assembly Schema - -Making changes to this module should only happen when you introduce new cloud assembly capabilities. - -> For example: supporting the `--target` option when building docker containers. - -If you decided these changes are necessary, simply go ahead and make the necessary modifications to -the interfaces that describe the schema. Our tests and validation mechanisms will ensure you make those -changes correctly. - -### Module Structure - -There are two main things to understand about the files in this module: - -- [`lib/manifest.ts`](./lib/manifest.ts) - - This is the typescript code that defines our schema. It is solely comprised of structs (property only interfaces). - It directly maps to the way we want manifest files to be stored on disk. When you want to make changes to the schema, - this is the file you should be editing. - -- [`lib/schema`](./schema/) - - This directory contains the generated json [schema](./schema/cloud-assembly.schema.json) from the aforementioned - typescript code. It also contains a [version](./schema/cloud-assembly.version.json) file that holds the current version - of the schema. These files are **not** intended for manual editing. Keep reading to understand how they change and when. - -### Schema Generation - -The schema can be generated by running `yarn update-schema`. It reads the [`manifest.ts`](./lib/manifest.ts) file and writes -an updated json schema to [`cloud-assembly.schema.json`](./schema/cloud-assembly.schema.json). -In addition, this command also performs a `major` version bump on the [version](./schema/cloud-assembly.version.json) file. - -Note that it is not generated as part of the build, this is to ensure developers will be intentional when making -changes to the schema. If changes to the code are performed, without generating a new schema, the tests will fail: - -```console -$ yarn test -FAIL test/schema.test.js (5.902s) - ✓ manifest save (7ms) - ✕ cloud-assembly.json.schema is correct (5304ms) - ✓ manifest load (4ms) - ✓ manifest load fails for invalid nested property (5ms) - ✓ manifest load fails for invalid artifact type (1ms) - ✓ stack-tags are deserialized properly (1ms) - ✓ can access random metadata (1ms) - - ● cloud-assembly.json.schema is correct - - Whoops, Looks like the schema has changed. Did you forget to run 'yarn update-schema'? -``` - -### Schema Validation - -Being a **stable** `jsii` module, it undergoes strict API compatibility checks with the help -of [`jsii-diff`](https://github.com/aws/jsii/tree/master/packages/jsii-diff). -This means that breaking changes will be rejected. These include: - -- Adding a required property. (same as changing from *optional* to *required*) -- Changing the type of the property. - -In addition, the interfaces defined here are programmatically exposed to users, via the `manifest` -property of the [`CloudAssembly`](../cx-api/lib/cloud-assembly.ts) class. This means that the following are -also considered breaking changes: - -- Changing a property from *required* to *optional*. -- Removing an optional property. -- Removing a required property. diff --git a/packages/@aws-cdk/cloud-assembly-schema/LICENSE b/packages/@aws-cdk/cloud-assembly-schema/LICENSE deleted file mode 100644 index dcf28b52a83af..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/packages/@aws-cdk/cloud-assembly-schema/NOTICE b/packages/@aws-cdk/cloud-assembly-schema/NOTICE deleted file mode 100644 index 14e30418ed7dc..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/NOTICE +++ /dev/null @@ -1,46 +0,0 @@ -AWS Cloud Development Kit (AWS CDK) -Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. - -------------------------------------------------------------------------------- - -The AWS CDK includes the following third-party software/licensing: - -** jsonschema - https://www.npmjs.com/package/jsonschema -Copyright (C) 2012-2015 Tom de Grunt - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - ----------------- - -** semver - https://www.npmjs.com/package/semver -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - ----------------- diff --git a/packages/@aws-cdk/cloud-assembly-schema/jest.config.js b/packages/@aws-cdk/cloud-assembly-schema/jest.config.js deleted file mode 100644 index b128c97cea054..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/jest.config.js +++ /dev/null @@ -1,13 +0,0 @@ -const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); -module.exports = { - ...baseConfig, - testMatch: [ - '/**/test/**/?(*.)+(test).ts', - ], - coverageThreshold: { - global: { - branches: 70, - statements: 75, - }, - }, -}; diff --git a/packages/@aws-cdk/cloud-assembly-schema/package.json b/packages/@aws-cdk/cloud-assembly-schema/package.json deleted file mode 100644 index 0a05241153b84..0000000000000 --- a/packages/@aws-cdk/cloud-assembly-schema/package.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "name": "@aws-cdk/cloud-assembly-schema", - "version": "0.0.0", - "description": "Cloud Assembly Schema", - "main": "lib/index.js", - "types": "lib/index.d.ts", - "nx": { - "targets": { - "build": { - "outputs": [ - "{projectRoot}/**/*.js", - "{projectRoot}/**/*.d.ts", - "{projectRoot}/.jsii", - "{projectRoot}/.warnings.jsii.js", - "{projectRoot}/.gitignore", - "{projectRoot}/tsconfig.json", - "{projectRoot}/schema/**/*", - "{projectRoot}/README.md", - "{projectRoot}/rosetta", - "!{projectRoot}/node_modules/**/*" - ] - } - } - }, - "jsii": { - "excludeTypescript": [ - "**/test/**/*.ts" - ], - "outdir": "dist", - "targets": { - "java": { - "package": "software.amazon.awscdk.cloudassembly.schema", - "maven": { - "groupId": "software.amazon.awscdk", - "artifactId": "cdk-cloud-assembly-schema" - } - }, - "dotnet": { - "namespace": "Amazon.CDK.CloudAssembly.Schema", - "packageId": "Amazon.CDK.CloudAssembly.Schema", - "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png" - }, - "python": { - "distName": "aws-cdk.cloud-assembly-schema", - "module": "aws_cdk.cloud_assembly_schema", - "classifiers": [ - "Framework :: AWS CDK", - "Framework :: AWS CDK :: 2" - ] - } - }, - "projectReferences": true, - "metadata": { - "jsii": { - "rosetta": { - "strict": false - } - } - } - }, - "scripts": { - "build": "cdk-build --skip-lint", - "gen": "cdk-copy cloud-assembly-schema", - "watch": "cdk-watch", - "test": "cdk-test", - "pkglint": "pkglint -f", - "package": "cdk-package", - "awslint": "cdk-awslint", - "build+test+package": "yarn build+test && yarn package", - "build+test": "yarn build && yarn test", - "compat": "cdk-compat", - "rosetta:extract": "yarn --silent jsii-rosetta extract", - "build+extract": "yarn build && yarn rosetta:extract", - "build+test+extract": "yarn build+test && yarn rosetta:extract" - }, - "author": { - "name": "Amazon Web Services", - "url": "https://aws.amazon.com", - "organization": true - }, - "license": "Apache-2.0", - "devDependencies": { - "@aws-cdk/cdk-build-tools": "0.0.0", - "@aws-cdk/pkglint": "0.0.0", - "@types/jest": "^29.5.12", - "@types/mock-fs": "^4.13.4", - "@types/semver": "^7.5.8", - "aws-cdk-lib": "0.0.0", - "jest": "^29.7.0", - "mock-fs": "^4.14.0", - "typescript-json-schema": "^0.64.0" - }, - "repository": { - "url": "https://github.com/aws/aws-cdk.git", - "type": "git", - "directory": "packages/@aws-cdk/cloud-assembly-schema" - }, - "keywords": [ - "aws", - "cdk" - ], - "homepage": "https://github.com/aws/aws-cdk", - "bundledDependencies": [ - "jsonschema", - "semver" - ], - "engines": { - "node": ">= 14.15.0" - }, - "stability": "stable", - "dependencies": { - "jsonschema": "^1.4.1", - "semver": "^7.6.2" - }, - "awscdkio": { - "announce": false - }, - "maturity": "stable", - "publishConfig": { - "tag": "latest" - } -} diff --git a/packages/@aws-cdk/cx-api/package.json b/packages/@aws-cdk/cx-api/package.json index 9f6ae2cf09c03..934dc131399b4 100644 --- a/packages/@aws-cdk/cx-api/package.json +++ b/packages/@aws-cdk/cx-api/package.json @@ -82,12 +82,12 @@ "semver": "^7.6.2" }, "peerDependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0" + "@aws-cdk/cloud-assembly-schema": "^36.0.5" }, "license": "Apache-2.0", "devDependencies": { "@aws-cdk/cdk-build-tools": "0.0.0", - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.12", "@types/mock-fs": "^4.13.4", @@ -120,4 +120,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES b/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES index 893b93cf2cd93..4467ac778b87e 100644 --- a/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES +++ b/packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES @@ -750,7 +750,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** semver@7.6.2 - https://www.npmjs.com/package/semver/v/7.6.2 | ISC +** semver@7.6.3 - https://www.npmjs.com/package/semver/v/7.6.3 | ISC The ISC License Copyright (c) Isaac Z. Schlueter and Contributors diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index dbee08ff27271..d73be4ecb3111 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -71,7 +71,7 @@ }, "dependencies": { "chokidar": "^3.6.0", - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/aws-service-spec": "^0.1.16", @@ -108,4 +108,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json b/packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json deleted file mode 100644 index 21db8e13672e1..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/.jsiirc.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "targets": { - "java": { - "package": "software.amazon.awscdk.cloudassembly.schema" - }, - "dotnet": { - "namespace": "Amazon.CDK.CloudAssembly.Schema" - }, - "python": { - "module": "aws_cdk.cloud_assembly_schema" - } - } -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md b/packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md deleted file mode 100644 index 0a96c52f7ca1a..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/CONTRIBUTING.md +++ /dev/null @@ -1,67 +0,0 @@ -## Cloud Assembly Schema - -Making changes to this module should only happen when you introduce new cloud assembly capabilities. - -> For example: supporting the `--target` option when building docker containers. - -If you decided these changes are necessary, simply go ahead and make the necessary modifications to -the interfaces that describe the schema. Our tests and validation mechanisms will ensure you make those -changes correctly. - -### Module Structure - -There are two main things to understand about the files in this module: - -- [`lib/manifest.ts`](./lib/manifest.ts) - - This is the typescript code that defines our schema. It is solely comprised of structs (property only interfaces). - It directly maps to the way we want manifest files to be stored on disk. When you want to make changes to the schema, - this is the file you should be editing. - -- [`lib/schema`](./schema/) - - This directory contains the generated json [schema](./schema/cloud-assembly.schema.json) from the aforementioned - typescript code. It also contains a [version](./schema/cloud-assembly.version.json) file that holds the current version - of the schema. These files are **not** intended for manual editing. Keep reading to understand how they change and when. - -### Schema Generation - -The schema can be generated by running `yarn update-schema`. It reads the [`manifest.ts`](./lib/manifest.ts) file and writes -an updated json schema to [`cloud-assembly.schema.json`](./schema/cloud-assembly.schema.json). -In addition, this command also performs a `major` version bump on the [version](./schema/cloud-assembly.version.json) file. - -Note that it is not generated as part of the build, this is to ensure developers will be intentional when making -changes to the schema. If changes to the code are performed, without generating a new schema, the tests will fail: - -```console -$ yarn test -FAIL test/schema.test.js (5.902s) - ✓ manifest save (7ms) - ✕ cloud-assembly.json.schema is correct (5304ms) - ✓ manifest load (4ms) - ✓ manifest load fails for invalid nested property (5ms) - ✓ manifest load fails for invalid artifact type (1ms) - ✓ stack-tags are deserialized properly (1ms) - ✓ can access random metadata (1ms) - - ● cloud-assembly.json.schema is correct - - Whoops, Looks like the schema has changed. Did you forget to run 'yarn update-schema'? -``` - -### Schema Validation - -Being a **stable** `jsii` module, it undergoes strict API compatibility checks with the help -of [`jsii-diff`](https://github.com/aws/jsii/tree/master/packages/jsii-diff). -This means that breaking changes will be rejected. These include: - -- Adding a required property. (same as changing from *optional* to *required*) -- Changing the type of the property. - -In addition, the interfaces defined here are programmatically exposed to users, via the `manifest` -property of the [`CloudAssembly`](../cx-api/lib/cloud-assembly.ts) class. This means that the following are -also considered breaking changes: - -- Changing a property from *required* to *optional*. -- Removing an optional property. -- Removing a required property. diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/README.md b/packages/aws-cdk-lib/cloud-assembly-schema/README.md deleted file mode 100644 index a102522dba4fd..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# Cloud Assembly Schema - - -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. - -## Cloud Assembly - -The *Cloud Assembly* is the output of the synthesis operation. It is produced as part of the -[`cdk synth`](https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk#cdk-synthesize) -command, or the [`app.synth()`](https://github.com/aws/aws-cdk/blob/main/packages/@aws-cdk/core/lib/app.ts#L135) method invocation. - -Its essentially a set of files and directories, one of which is the `manifest.json` file. It defines the set of instructions that are -needed in order to deploy the assembly directory. - -> For example, when `cdk deploy` is executed, the CLI reads this file and performs its instructions: -> -> - Build container images. -> - Upload assets. -> - Deploy CloudFormation templates. - -Therefore, the assembly is how the CDK class library and CDK CLI (or any other consumer) communicate. To ensure compatibility -between the assembly and its consumers, we treat the manifest file as a well defined, versioned schema. - -## Schema - -This module contains the typescript structs that comprise the `manifest.json` file, as well as the -generated [*json-schema*](./schema/cloud-assembly.schema.json). - -## Versioning - -The schema version is specified in the [`cloud-assembly.version.json`](./schema/cloud-assembly.schema.json) file, under the `version` property. -It follows semantic versioning, but with a small twist. - -When we add instructions to the assembly, they are reflected in the manifest file and the *json-schema* accordingly. -Every such instruction, is crucial for ensuring the correct deployment behavior. This means that to properly deploy a cloud assembly, -consumers must be aware of every such instruction modification. - -For this reason, every change to the schema, even though it might not strictly break validation of the *json-schema* format, -is considered `major` version bump. - -## How to consume - -If you'd like to consume the [schema file](./schema/cloud-assembly.schema.json) in order to do validations on `manifest.json` files, -simply download it from this repo and run it against standard *json-schema* validators, such as [jsonschema](https://www.npmjs.com/package/jsonschema). - -Consumers must take into account the `major` version of the schema they are consuming. They should reject cloud assemblies -with a `major` version that is higher than what they expect. While schema validation might pass on such assemblies, the deployment integrity -cannot be guaranteed because some instructions will be ignored. - -> For example, if your consumer was built when the schema version was 2.0.0, you should reject deploying cloud assemblies with a -> manifest version of 3.0.0. - -## Contributing - -See [Contribution Guide](./CONTRIBUTING.md) diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/index.ts index f41a696fd204d..88dd90ebb9af3 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/index.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/index.ts @@ -1 +1 @@ -export * from './lib'; +export * from '@aws-cdk/cloud-assembly-schema'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts deleted file mode 100644 index f419fde03c56d..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/aws-destination.ts +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Destination for assets that need to be uploaded to AWS - */ -export interface AwsDestination { - /** - * The region where this asset will need to be published - * - * @default - Current region - */ - readonly region?: string; - - /** - * The role that needs to be assumed while publishing this asset - * - * @default - No role will be assumed - */ - readonly assumeRoleArn?: string; - - /** - * The ExternalId that needs to be supplied while assuming this role - * - * @default - No ExternalId will be supplied - */ - readonly assumeRoleExternalId?: string; -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts deleted file mode 100644 index 70c9761f47c70..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/docker-image-asset.ts +++ /dev/null @@ -1,175 +0,0 @@ -import { AwsDestination } from './aws-destination'; - -/** - * A file asset - */ -export interface DockerImageAsset { - /** - * Source description for file assets - */ - readonly source: DockerImageSource; - - /** - * Destinations for this file asset - */ - readonly destinations: { [id: string]: DockerImageDestination }; -} - -/** - * Properties for how to produce a Docker image from a source - */ -export interface DockerImageSource { - /** - * The directory containing the Docker image build instructions. - * - * This path is relative to the asset manifest location. - * - * @default - Exactly one of `directory` and `executable` is required - */ - readonly directory?: string; - - /** - * A command-line executable that returns the name of a local - * Docker image on stdout after being run. - * - * @default - Exactly one of `directory` and `executable` is required - */ - readonly executable?: string[]; - - /** - * The name of the file with build instructions - * - * Only allowed when `directory` is set. - * - * @default "Dockerfile" - */ - readonly dockerFile?: string; - - /** - * Target build stage in a Dockerfile with multiple build stages - * - * Only allowed when `directory` is set. - * - * @default - The last stage in the Dockerfile - */ - readonly dockerBuildTarget?: string; - - /** - * Additional build arguments - * - * Only allowed when `directory` is set. - * - * @default - No additional build arguments - */ - readonly dockerBuildArgs?: { [name: string]: string }; - - /** - * SSH agent socket or keys - * - * Requires building with docker buildkit. - * - * @default - No ssh flag is set - */ - readonly dockerBuildSsh?: string; - - /** - * Additional build secrets - * - * Only allowed when `directory` is set. - * - * @default - No additional build secrets - */ - readonly dockerBuildSecrets?: { [name: string]: string }; - - /** - * Networking mode for the RUN commands during build. _Requires Docker Engine API v1.25+_. - * - * Specify this property to build images on a specific networking mode. - * - * @default - no networking mode specified - */ - readonly networkMode?: string; - - /** - * Platform to build for. _Requires Docker Buildx_. - * - * Specify this property to build images on a specific platform/architecture. - * - * @default - current machine platform - */ - readonly platform?: string; - - /** - * Outputs - * - * @default - no outputs are passed to the build command (default outputs are used) - * @see https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs - */ - readonly dockerOutputs?: string[]; - - /** - * Cache from options to pass to the `docker build` command. - * - * @default - no cache from options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheFrom?: DockerCacheOption[]; - - /** - * Cache to options to pass to the `docker build` command. - * - * @default - no cache to options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheTo?: DockerCacheOption; - - /** - * Disable the cache and pass `--no-cache` to the `docker build` command. - * - * @default - cache is used - */ - readonly cacheDisabled?: boolean; -} - -/** - * Where to publish docker images - */ -export interface DockerImageDestination extends AwsDestination { - /** - * Name of the ECR repository to publish to - */ - readonly repositoryName: string; - - /** - * Tag of the image to publish - */ - readonly imageTag: string; -} - -/** - * Options for configuring the Docker cache backend - */ -export interface DockerCacheOption { - /** - * The type of cache to use. - * Refer to https://docs.docker.com/build/cache/backends/ for full list of backends. - * @default - unspecified - * - * @example 'registry' - */ - readonly type: string; - /** - * Any parameters to pass into the docker cache backend configuration. - * Refer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. - * @default {} No options provided - * - * @example - * declare const branch: string; - * - * const params = { - * ref: `12345678.dkr.ecr.us-west-2.amazonaws.com/cache:${branch}`, - * mode: "max", - * }; - */ - readonly params?: { [key: string]: string }; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts deleted file mode 100644 index 58c7e0cc93ebc..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/file-asset.ts +++ /dev/null @@ -1,76 +0,0 @@ -import { AwsDestination } from './aws-destination'; - -/** - * A file asset - */ -export interface FileAsset { - /** - * Source description for file assets - */ - readonly source: FileSource; - - /** - * Destinations for this file asset - */ - readonly destinations: { [id: string]: FileDestination }; -} - -/** - * Packaging strategy for file assets - */ -export enum FileAssetPackaging { - /** - * Upload the given path as a file - */ - FILE = 'file', - - /** - * The given path is a directory, zip it and upload - */ - ZIP_DIRECTORY = 'zip', -} - -/** - * Describe the source of a file asset - */ -export interface FileSource { - /** - * External command which will produce the file asset to upload. - * - * @default - Exactly one of `executable` and `path` is required. - */ - readonly executable?: string[]; - - /** - * The filesystem object to upload - * - * This path is relative to the asset manifest location. - * - * @default - Exactly one of `executable` and `path` is required. - */ - readonly path?: string; - - /** - * Packaging method - * - * Only allowed when `path` is specified. - * - * @default FILE - */ - readonly packaging?: FileAssetPackaging; -} - -/** - * Where in S3 a file asset needs to be published - */ -export interface FileDestination extends AwsDestination { - /** - * The name of the bucket - */ - readonly bucketName: string; - - /** - * The destination object key - */ - readonly objectKey: string; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts deleted file mode 100644 index 49c126e3f2d9b..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './schema'; -export * from './docker-image-asset'; -export * from './file-asset'; -export * from './aws-destination'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts deleted file mode 100644 index 7f5b33da127cd..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/assets/schema.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { DockerImageAsset } from './docker-image-asset'; -import { FileAsset } from './file-asset'; - -/** - * Definitions for the asset manifest - */ -export interface AssetManifest { - /** - * Version of the manifest - */ - readonly version: string; - - /** - * The file assets in this manifest - * - * @default - No files - */ - readonly files?: { [id: string]: FileAsset }; - - /** - * The Docker image assets in this manifest - * - * @default - No Docker images - */ - readonly dockerImages?: { [id: string]: DockerImageAsset }; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts deleted file mode 100644 index 66872401251aa..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/artifact-schema.ts +++ /dev/null @@ -1,204 +0,0 @@ - -/** - * Information needed to access an IAM role created - * as part of the bootstrap process - */ -export interface BootstrapRole { - /** - * The ARN of the IAM role created as part of bootrapping - * e.g. lookupRoleArn - */ - readonly arn: string; - - /** - * External ID to use when assuming the bootstrap role - * - * @default - No external ID - */ - readonly assumeRoleExternalId?: string; - - /** - * Version of bootstrap stack required to use this role - * - * @default - No bootstrap stack required - */ - readonly requiresBootstrapStackVersion?: number; - - /** - * Name of SSM parameter with bootstrap stack version - * - * @default - Discover SSM parameter by reading stack - */ - readonly bootstrapStackVersionSsmParameter?: string; -} - -/** - * Artifact properties for CloudFormation stacks. - */ -export interface AwsCloudFormationStackProperties { - /** - * A file relative to the assembly root which contains the CloudFormation template for this stack. - */ - readonly templateFile: string; - - /** - * Values for CloudFormation stack parameters that should be passed when the stack is deployed. - * - * @default - No parameters - */ - readonly parameters?: { [id: string]: string }; - - /** - * Values for CloudFormation stack tags that should be passed when the stack is deployed. - * - * @default - No tags - */ - readonly tags?: { [id: string]: string }; - - /** - * The name to use for the CloudFormation stack. - * @default - name derived from artifact ID - */ - readonly stackName?: string; - - /** - * Whether to enable termination protection for this stack. - * - * @default false - */ - readonly terminationProtection?: boolean; - - /** - * The role that needs to be assumed to deploy the stack - * - * @default - No role is assumed (current credentials are used) - */ - readonly assumeRoleArn?: string; - - /** - * External ID to use when assuming role for cloudformation deployments - * - * @default - No external ID - */ - readonly assumeRoleExternalId?: string; - - /** - * The role that is passed to CloudFormation to execute the change set - * - * @default - No role is passed (currently assumed role/credentials are used) - */ - readonly cloudFormationExecutionRoleArn?: string; - - /** - * The role to use to look up values from the target AWS account - * - * @default - No role is assumed (current credentials are used) - */ - readonly lookupRole?: BootstrapRole; - - /** - * If the stack template has already been included in the asset manifest, its asset URL - * - * @default - Not uploaded yet, upload just before deploying - */ - readonly stackTemplateAssetObjectUrl?: string; - - /** - * Version of bootstrap stack required to deploy this stack - * - * @default - No bootstrap stack required - */ - readonly requiresBootstrapStackVersion?: number; - - /** - * SSM parameter where the bootstrap stack version number can be found - * - * Only used if `requiresBootstrapStackVersion` is set. - * - * - If this value is not set, the bootstrap stack name must be known at - * deployment time so the stack version can be looked up from the stack - * outputs. - * - If this value is set, the bootstrap stack can have any name because - * we won't need to look it up. - * - * @default - Bootstrap stack version number looked up - */ - readonly bootstrapStackVersionSsmParameter?: string; - - /** - * Whether this stack should be validated by the CLI after synthesis - * - * @default - false - */ - readonly validateOnSynth?: boolean; -} - -/** - * Configuration options for the Asset Manifest - */ -export interface AssetManifestOptions { - /** - * Version of bootstrap stack required to deploy this stack - * - * @default - Version 1 (basic modern bootstrap stack) - */ - readonly requiresBootstrapStackVersion?: number; - - /** - * SSM parameter where the bootstrap stack version number can be found - * - * - If this value is not set, the bootstrap stack name must be known at - * deployment time so the stack version can be looked up from the stack - * outputs. - * - If this value is set, the bootstrap stack can have any name because - * we won't need to look it up. - * - * @default - Bootstrap stack version number looked up - */ - readonly bootstrapStackVersionSsmParameter?: string; -} - -/** - * Artifact properties for the Asset Manifest - */ -export interface AssetManifestProperties extends AssetManifestOptions { - /** - * Filename of the asset manifest - */ - readonly file: string; -} - -/** - * Artifact properties for the Construct Tree Artifact - */ -export interface TreeArtifactProperties { - /** - * Filename of the tree artifact - */ - readonly file: string; -} - -/** - * Artifact properties for nested cloud assemblies - */ -export interface NestedCloudAssemblyProperties { - /** - * Relative path to the nested cloud assembly - */ - readonly directoryName: string; - - /** - * Display name for the cloud assembly - * - * @default - The artifact ID - */ - readonly displayName?: string; -} - -/** - * Properties for manifest artifacts - */ -export type ArtifactProperties = AwsCloudFormationStackProperties -| AssetManifestProperties -| TreeArtifactProperties -| NestedCloudAssemblyProperties; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts deleted file mode 100644 index bd35d023dfe69..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/context-queries.ts +++ /dev/null @@ -1,514 +0,0 @@ -import { Tag } from './metadata-schema'; - -/** - * Identifier for the context provider - */ -export enum ContextProvider { - /** - * AMI provider - */ - AMI_PROVIDER = 'ami', - - /** - * AZ provider - */ - AVAILABILITY_ZONE_PROVIDER = 'availability-zones', - - /** - * Route53 Hosted Zone provider - */ - HOSTED_ZONE_PROVIDER = 'hosted-zone', - - /** - * SSM Parameter Provider - */ - SSM_PARAMETER_PROVIDER = 'ssm', - - /** - * VPC Provider - */ - VPC_PROVIDER = 'vpc-provider', - - /** - * VPC Endpoint Service AZ Provider - */ - ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER = 'endpoint-service-availability-zones', - - /** - * Load balancer provider - */ - LOAD_BALANCER_PROVIDER = 'load-balancer', - - /** - * Load balancer listener provider - */ - LOAD_BALANCER_LISTENER_PROVIDER = 'load-balancer-listener', - - /** - * Security group provider - */ - SECURITY_GROUP_PROVIDER = 'security-group', - - /** - * KMS Key Provider - */ - KEY_PROVIDER = 'key-provider', - - /** - * A plugin provider (the actual plugin name will be in the properties) - */ - PLUGIN = 'plugin', -} - -/** - * Query to AMI context provider - */ -export interface AmiContextQuery { - /** - * Account to query - */ - readonly account: string; - - /** - * Region to query - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Owners to DescribeImages call - * - * @default - All owners - */ - readonly owners?: string[]; - - /** - * Filters to DescribeImages call - */ - readonly filters: {[key: string]: string[]}; -} - -/** - * Query to availability zone context provider - */ -export interface AvailabilityZonesContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - -} - -/** - * Query to hosted zone context provider - */ -export interface HostedZoneContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * The domain name e.g. example.com to lookup - */ - readonly domainName: string; - - /** - * True if the zone you want to find is a private hosted zone - * - * @default false - */ - readonly privateZone?: boolean; - - /** - * The VPC ID to that the private zone must be associated with - * - * If you provide VPC ID and privateZone is false, this will return no results - * and raise an error. - * - * @default - Required if privateZone=true - */ - readonly vpcId?: string; -} - -/** - * Query to SSM Parameter Context Provider - */ -export interface SSMParameterContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Parameter name to query - */ - readonly parameterName: string; -} - -/** - * Query input for looking up a VPC - */ -export interface VpcContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Filters to apply to the VPC - * - * Filter parameters are the same as passed to DescribeVpcs. - * - * @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html - */ - readonly filter: {[key: string]: string}; - - /** - * Whether to populate the subnetGroups field of the `VpcContextResponse`, - * which contains potentially asymmetric subnet groups. - * - * @default false - */ - readonly returnAsymmetricSubnets?: boolean; - - /** - * Optional tag for subnet group name. - * If not provided, we'll look at the aws-cdk:subnet-name tag. - * If the subnet does not have the specified tag, - * we'll use its type as the name. - * - * @default 'aws-cdk:subnet-name' - */ - readonly subnetGroupNameTag?: string; - - /** - * Whether to populate the `vpnGatewayId` field of the `VpcContextResponse`, - * which contains the VPN Gateway ID, if one exists. You can explicitly - * disable this in order to avoid the lookup if you know the VPC does not have - * a VPN Gatway attached. - * - * @default true - */ - readonly returnVpnGateways?: boolean; -} - -/** - * Query to endpoint service context provider - */ -export interface EndpointServiceAvailabilityZonesContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Query service name - */ - readonly serviceName: string; -} - -/** - * Type of load balancer - */ -export enum LoadBalancerType { - /** - * Network load balancer - */ - NETWORK = 'network', - - /** - * Application load balancer - */ - APPLICATION = 'application', -} - -/** - * Filters for selecting load balancers - */ -export interface LoadBalancerFilter { - /** - * Filter load balancers by their type - */ - readonly loadBalancerType: LoadBalancerType; - - /** - * Find by load balancer's ARN - * @default - does not search by load balancer arn - */ - readonly loadBalancerArn?: string; - - /** - * Match load balancer tags - * @default - does not match load balancers by tags - */ - readonly loadBalancerTags?: Tag[]; -} - -/** - * Query input for looking up a load balancer - */ -export interface LoadBalancerContextQuery extends LoadBalancerFilter { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; -} - -/** - * The protocol for connections from clients to the load balancer - */ -export enum LoadBalancerListenerProtocol { - /** - * HTTP protocol - */ - HTTP = 'HTTP', - - /** - * HTTPS protocol - */ - HTTPS = 'HTTPS', - - /** - * TCP protocol - */ - TCP = 'TCP', - - /** - * TLS protocol - */ - TLS = 'TLS', - - /** - * UDP protocol - * */ - UDP = 'UDP', - - /** - * TCP and UDP protocol - * */ - TCP_UDP = 'TCP_UDP', -} - -/** - * Query input for looking up a load balancer listener - */ -export interface LoadBalancerListenerContextQuery extends LoadBalancerFilter { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Find by listener's arn - * @default - does not find by listener arn - */ - readonly listenerArn?: string; - - /** - * Filter by listener protocol - * @default - does not filter by listener protocol - */ - readonly listenerProtocol?: LoadBalancerListenerProtocol; - - /** - * Filter listeners by listener port - * @default - does not filter by a listener port - */ - readonly listenerPort?: number; -} - -/** - * Query input for looking up a security group - */ -export interface SecurityGroupContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Security group id - * - * @default - None - */ - readonly securityGroupId?: string; - - /** - * Security group name - * - * @default - None - */ - readonly securityGroupName?: string; - - /** - * VPC ID - * - * @default - None - */ - readonly vpcId?: string; -} - -/** - * Query input for looking up a KMS Key - */ -export interface KeyContextQuery { - /** - * Query account - */ - readonly account: string; - - /** - * Query region - */ - readonly region: string; - - /** - * The ARN of the role that should be used to look up the missing values - * - * @default - None - */ - readonly lookupRoleArn?: string; - - /** - * Alias name used to search the Key - */ - readonly aliasName: string; -} - -/** - * Query input for plugins - * - * This alternate branch is necessary because it needs to be able to escape all type checking - * we do on on the cloud assembly -- we cannot know the properties that will be used a priori. - */ -export interface PluginContextQuery { - /** - * The name of the plugin - */ - readonly pluginName: string; - - /** - * Arbitrary other arguments for the plugin. - * - * This index signature is not usable in non-TypeScript/JavaScript languages. - * - * @jsii ignore - */ - [key: string]: any; -} - -export type ContextQueryProperties = AmiContextQuery -| AvailabilityZonesContextQuery -| HostedZoneContextQuery -| SSMParameterContextQuery -| VpcContextQuery -| EndpointServiceAvailabilityZonesContextQuery -| LoadBalancerContextQuery -| LoadBalancerListenerContextQuery -| SecurityGroupContextQuery -| KeyContextQuery -| PluginContextQuery; - diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts deleted file mode 100644 index 931538d80cf11..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './schema'; -export * from './metadata-schema'; -export * from './artifact-schema'; -export * from './context-queries'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts deleted file mode 100644 index a96df56d49b58..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/metadata-schema.ts +++ /dev/null @@ -1,325 +0,0 @@ -/** - * Common properties for asset metadata. - */ -interface BaseAssetMetadataEntry { - /** - * Requested packaging style - */ - readonly packaging: string; - - /** - * Logical identifier for the asset - */ - readonly id: string; - - /** - * The hash of the asset source. - */ - readonly sourceHash: string; - - /** - * Path on disk to the asset - */ - readonly path: string; -} - -/** - * Metadata Entry spec for files. - * - * @example - * const entry = { - * packaging: 'file', - * s3BucketParameter: 'bucket-parameter', - * s3KeyParamenter: 'key-parameter', - * artifactHashParameter: 'hash-parameter', - * } - */ -export interface FileAssetMetadataEntry extends BaseAssetMetadataEntry { - /** - * Requested packaging style - */ - readonly packaging: 'zip' | 'file'; - - /** - * Name of parameter where S3 bucket should be passed in - */ - readonly s3BucketParameter: string; - - /** - * Name of parameter where S3 key should be passed in - */ - readonly s3KeyParameter: string; - - /** - * The name of the parameter where the hash of the bundled asset should be passed in. - */ - readonly artifactHashParameter: string; -} - -/** - * Metadata Entry spec for stack tag. - */ -export interface Tag { - /** - * Tag key. - * - * (In the actual file on disk this will be cased as "Key", and the structure is - * patched to match this structure upon loading: - * https://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137) - */ - readonly key: string; - - /** - * Tag value. - * - * (In the actual file on disk this will be cased as "Value", and the structure is - * patched to match this structure upon loading: - * https://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137) - */ - readonly value: string; -} - -/** - * Options for configuring the Docker cache backend - */ -export interface ContainerImageAssetCacheOption { - /** - * The type of cache to use. - * Refer to https://docs.docker.com/build/cache/backends/ for full list of backends. - * @default - unspecified - * - * @example 'registry' - */ - readonly type: string; - /** - * Any parameters to pass into the docker cache backend configuration. - * Refer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. - * @default {} No options provided - * - * @example - * declare const branch: string; - * - * const params = { - * ref: `12345678.dkr.ecr.us-west-2.amazonaws.com/cache:${branch}`, - * mode: "max", - * }; - */ - readonly params?: { [key: string]: string }; -} - -/** - * Metadata Entry spec for container images. - * - * @example - * const entry = { - * packaging: 'container-image', - * repositoryName: 'repository-name', - * imageTag: 'tag', - * } - */ -export interface ContainerImageAssetMetadataEntry extends BaseAssetMetadataEntry { - /** - * Type of asset - */ - readonly packaging: 'container-image'; - - /** - * ECR Repository name and repo digest (separated by "@sha256:") where this - * image is stored. - * - * @default undefined If not specified, `repositoryName` and `imageTag` are - * required because otherwise how will the stack know where to find the asset, - * ha? - * @deprecated specify `repositoryName` and `imageTag` instead, and then you - * know where the image will go. - */ - readonly imageNameParameter?: string; - - /** - * ECR repository name, if omitted a default name based on the asset's ID is - * used instead. Specify this property if you need to statically address the - * image, e.g. from a Kubernetes Pod. Note, this is only the repository name, - * without the registry and the tag parts. - * - * @default - this parameter is REQUIRED after 1.21.0 - */ - readonly repositoryName?: string; - - /** - * The docker image tag to use for tagging pushed images. This field is - * required if `imageParameterName` is ommited (otherwise, the app won't be - * able to find the image). - * - * @default - this parameter is REQUIRED after 1.21.0 - */ - readonly imageTag?: string; - - /** - * Build args to pass to the `docker build` command - * - * @default no build args are passed - */ - readonly buildArgs?: { [key: string]: string }; - - /** - * SSH agent socket or keys to pass to the `docker build` command - * - * @default no ssh arg is passed - */ - readonly buildSsh?: string; - - /** - * Build secrets to pass to the `docker build` command - * - * @default no build secrets are passed - */ - readonly buildSecrets?: { [key: string]: string }; - - /** - * Docker target to build to - * - * @default no build target - */ - readonly target?: string; - - /** - * Path to the Dockerfile (relative to the directory). - * - * @default - no file is passed - */ - readonly file?: string; - - /** - * Networking mode for the RUN commands during build. - * - * @default - no networking mode specified - */ - readonly networkMode?: string; - - /** - * Platform to build for. _Requires Docker Buildx_. - * - * @default - current machine platform - */ - readonly platform?: string; - - /** - * Outputs to pass to the `docker build` command. - * - * @default - no outputs are passed to the build command (default outputs are used) - * @see https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs - */ - readonly outputs?: string[]; - - /** - * Cache from options to pass to the `docker build` command. - * - * @default - no cache from options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheFrom?: ContainerImageAssetCacheOption[]; - - /** - * Cache to options to pass to the `docker build` command. - * - * @default - no cache to options are passed to the build command - * @see https://docs.docker.com/build/cache/backends/ - */ - readonly cacheTo?: ContainerImageAssetCacheOption; - - /** - * Disable the cache and pass `--no-cache` to the `docker build` command. - * - * @default - cache is used - */ - readonly cacheDisabled?: boolean; -} - -/** - * @see ArtifactMetadataEntryType.ASSET - */ -export type AssetMetadataEntry = FileAssetMetadataEntry | ContainerImageAssetMetadataEntry; - -// Type aliases for metadata entries. -// Used simply to assign names to data types for more clarity. - -/** - * @see ArtifactMetadataEntryType.INFO - * @see ArtifactMetadataEntryType.WARN - * @see ArtifactMetadataEntryType.ERROR - */ -export type LogMessageMetadataEntry = string; - -/** - * @see ArtifactMetadataEntryType.LOGICAL_ID - */ -export type LogicalIdMetadataEntry = string; - -/** - * @see ArtifactMetadataEntryType.STACK_TAGS - */ -export type StackTagsMetadataEntry = Tag[]; - -/** - * Union type for all metadata entries that might exist in the manifest. - */ -export type MetadataEntryData = AssetMetadataEntry | LogMessageMetadataEntry | LogicalIdMetadataEntry | StackTagsMetadataEntry; - -/** - * Type of artifact metadata entry. - */ -export enum ArtifactMetadataEntryType { - /** - * Asset in metadata. - */ - ASSET = 'aws:cdk:asset', - - /** - * Metadata key used to print INFO-level messages by the toolkit when an app is syntheized. - */ - INFO = 'aws:cdk:info', - - /** - * Metadata key used to print WARNING-level messages by the toolkit when an app is syntheized. - */ - WARN = 'aws:cdk:warning', - - /** - * Metadata key used to print ERROR-level messages by the toolkit when an app is syntheized. - */ - ERROR = 'aws:cdk:error', - - /** - * Represents the CloudFormation logical ID of a resource at a certain path. - */ - LOGICAL_ID = 'aws:cdk:logicalId', - - /** - * Represents tags of a stack. - */ - STACK_TAGS = 'aws:cdk:stack-tags', -} - -/** - * A metadata entry in a cloud assembly artifact. - */ -export interface MetadataEntry { - /** - * The type of the metadata entry. - */ - readonly type: string; - - /** - * The data. - * - * @default - no data. - */ - readonly data?: MetadataEntryData; - - /** - * A stack trace for when the entry was created. - * - * @default - no trace. - */ - readonly trace?: string[]; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts deleted file mode 100644 index b6c9ba4ba39cd..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/cloud-assembly/schema.ts +++ /dev/null @@ -1,140 +0,0 @@ -import { ArtifactProperties } from './artifact-schema'; -import { ContextProvider, ContextQueryProperties } from './context-queries'; -import { MetadataEntry } from './metadata-schema'; - -/** - * Type of cloud artifact. - */ -export enum ArtifactType { - /** - * Stub required because of JSII. - */ - NONE = 'none', // required due to a jsii bug - - /** - * The artifact is an AWS CloudFormation stack. - */ - AWS_CLOUDFORMATION_STACK = 'aws:cloudformation:stack', - - /** - * The artifact contains the CDK application's construct tree. - */ - CDK_TREE = 'cdk:tree', - - /** - * Manifest for all assets in the Cloud Assembly - */ - ASSET_MANIFEST = 'cdk:asset-manifest', - - /** - * Nested Cloud Assembly - */ - NESTED_CLOUD_ASSEMBLY = 'cdk:cloud-assembly', -} - -/** - * Information about the application's runtime components. - */ -export interface RuntimeInfo { - /** - * The list of libraries loaded in the application, associated with their versions. - */ - readonly libraries: { [name: string]: string }; -} - -/** - * Represents a missing piece of context. - */ -export interface MissingContext { - /** - * The missing context key. - */ - readonly key: string; - - /** - * The provider from which we expect this context key to be obtained. - */ - readonly provider: ContextProvider; - - /** - * A set of provider-specific options. - */ - readonly props: ContextQueryProperties; -} - -/** - * A manifest for a single artifact within the cloud assembly. - */ -export interface ArtifactManifest { - /** - * The type of artifact. - */ - readonly type: ArtifactType; - - /** - * The environment into which this artifact is deployed. - * - * @default - no envrionment. - */ - readonly environment?: string; // format: aws://account/region - - /** - * Associated metadata. - * - * @default - no metadata. - */ - readonly metadata?: { [path: string]: MetadataEntry[] }; - - /** - * IDs of artifacts that must be deployed before this artifact. - * - * @default - no dependencies. - */ - readonly dependencies?: string[]; - - /** - * The set of properties for this artifact (depends on type) - * - * @default - no properties. - */ - readonly properties?: ArtifactProperties; - - /** - * A string that represents this artifact. Should only be used in user interfaces. - * - * @default - no display name - */ - readonly displayName?: string; -} - -/** - * A manifest which describes the cloud assembly. - */ -export interface AssemblyManifest { - /** - * Protocol version - */ - readonly version: string; - - /** - * The set of artifacts in this assembly. - * - * @default - no artifacts. - */ - readonly artifacts?: { [id: string]: ArtifactManifest }; - - /** - * Missing context information. If this field has values, it means that the - * cloud assembly is not complete and should not be deployed. - * - * @default - no missing context. - */ - readonly missing?: MissingContext[]; - - /** - * Runtime information. - * - * @default - no info. - */ - readonly runtime?: RuntimeInfo; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts deleted file mode 100644 index 5fd6eb6ceda07..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './cloud-assembly'; -export * from './assets'; -export * from './manifest'; -export * from './integ-tests'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts deleted file mode 100644 index 393307c260e5b..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts +++ /dev/null @@ -1,201 +0,0 @@ -/** - * In what scenarios should the CLI ask for approval - */ -export enum RequireApproval { - /** - * Never ask for approval - */ - NEVER = 'never', - - /** - * Prompt for approval for any type of change to the stack - */ - ANYCHANGE = 'any-change', - - /** - * Only prompt for approval if there are security related changes - */ - BROADENING = 'broadening', -} - -/** - * Default CDK CLI options that apply to all commands - */ -export interface DefaultCdkOptions { - /** - * List of stacks to deploy - * - * Requried if `all` is not set - * - * @default - [] - */ - readonly stacks?: string[]; - - /** - * Deploy all stacks - * - * Requried if `stacks` is not set - * - * @default - false - */ - readonly all?: boolean; - - /** - * command-line for executing your app or a cloud assembly directory - * e.g. "node bin/my-app.js" - * or - * "cdk.out" - * - * @default - read from cdk.json - */ - readonly app?: string; - - /** - * Role to pass to CloudFormation for deployment - * - * @default - use the bootstrap cfn-exec role - */ - readonly roleArn?: string; - - /** - * Additional context - * - * @default - no additional context - */ - readonly context?: { [name: string]: string }; - - /** - * Print trace for stack warnings - * - * @default false - */ - readonly trace?: boolean; - - /** - * Do not construct stacks with warnings - * - * @default false - */ - readonly strict?: boolean; - - /** - * Perform context lookups. - * - * Synthesis fails if this is disabled and context lookups need - * to be performed - * - * @default true - */ - readonly lookups?: boolean; - - /** - * Ignores synthesis errors, which will likely produce an invalid output - * - * @default false - */ - readonly ignoreErrors?: boolean; - - /** - * Use JSON output instead of YAML when templates are printed - * to STDOUT - * - * @default false - */ - readonly json?: boolean; - - /** - * show debug logs - * - * @default false - */ - readonly verbose?: boolean; - - /** - * enable emission of additional debugging information, such as creation stack - * traces of tokens - * - * @default false - */ - readonly debug?: boolean; - - /** - * Use the indicated AWS profile as the default environment - * - * @default - no profile is used - */ - readonly profile?: string; - - /** - * Use the indicated proxy. Will read from - * HTTPS_PROXY environment if specified - * - * @default - no proxy - */ - readonly proxy?: string; - - /** - * Path to CA certificate to use when validating HTTPS - * requests. - * - * @default - read from AWS_CA_BUNDLE environment variable - */ - readonly caBundlePath?: string; - - /** - * Force trying to fetch EC2 instance credentials - * - * @default - guess EC2 instance status - */ - readonly ec2Creds?: boolean; - - /** - * Include "AWS::CDK::Metadata" resource in synthesized templates - * - * @default true - */ - readonly versionReporting?: boolean; - - /** - * Include "aws:cdk:path" CloudFormation metadata for each resource - * - * @default true - */ - readonly pathMetadata?: boolean; - - /** - * Include "aws:asset:*" CloudFormation metadata for resources that use assets - * - * @default true - */ - readonly assetMetadata?: boolean; - - /** - * Copy assets to the output directory - * - * Needed for local debugging the source files with SAM CLI - * - * @default false - */ - readonly staging?: boolean; - - /** - * Emits the synthesized cloud assembly into a directory - * - * @default cdk.out - */ - readonly output?: string; - - /** - * Show relevant notices - * - * @default true - */ - readonly notices?: boolean; - - /** - * Show colors and other style from console output - * - * @default true - */ - readonly color?: boolean; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts deleted file mode 100644 index 8d63a7d9644f9..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/deploy.ts +++ /dev/null @@ -1,104 +0,0 @@ -import { DefaultCdkOptions, RequireApproval } from './common'; - -/** - * Options to use with cdk deploy - */ -export interface DeployOptions extends DefaultCdkOptions { - /** - * Only perform action on the given stack - * - * @default false - */ - readonly exclusively?: boolean; - - /** - * Name of the toolkit stack to use/deploy - * - * @default CDKToolkit - */ - readonly toolkitStackName?: string; - - /** - * Reuse the assets with the given asset IDs - * - * @default - do not reuse assets - */ - readonly reuseAssets?: string[]; - - /** - * Optional name to use for the CloudFormation change set. - * If not provided, a name will be generated automatically. - * - * @default - auto generate a name - */ - readonly changeSetName?: string; - - /** - * Always deploy, even if templates are identical. - * @default false - */ - readonly force?: boolean; - - /** - * Rollback failed deployments - * - * @default true - */ - readonly rollback?: boolean; - - /** - * ARNs of SNS topics that CloudFormation will notify with stack related events - * - * @default - no notifications - */ - readonly notificationArns?: string[]; - - /** - * What kind of security changes require approval - * - * @default RequireApproval.Never - */ - readonly requireApproval?: RequireApproval; - - /** - * Whether to execute the ChangeSet - * Not providing `execute` parameter will result in execution of ChangeSet - * @default true - */ - readonly execute?: boolean; - - /** - * Additional parameters for CloudFormation at deploy time - * @default {} - */ - readonly parameters?: { [name: string]: string }; - - /** - * Use previous values for unspecified parameters - * - * If not set, all parameters must be specified for every deployment. - * - * @default true - */ - readonly usePreviousParameters?: boolean; - - /** - * Path to file where stack outputs will be written after a successful deploy as JSON - * @default - Outputs are not written to any file - */ - readonly outputsFile?: string; - - /** - * Whether we are on a CI system - * - * @default false - */ - readonly ci?: boolean; - - /** - * Deploy multiple stacks in parallel - * - * @default 1 - */ - readonly concurrency?: number; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts deleted file mode 100644 index 9dfe8f267c6db..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/destroy.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { DefaultCdkOptions } from './common'; - -/** - * Options to use with cdk destroy - */ -export interface DestroyOptions extends DefaultCdkOptions { - /** - * Do not ask for permission before destroying stacks - * - * @default false - */ - readonly force?: boolean; - - /** - * Only destroy the given stack - * - * @default false - */ - readonly exclusively?: boolean; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts deleted file mode 100644 index 528980446938b..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './common'; -export * from './deploy'; -export * from './destroy'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts deleted file mode 100644 index 5a08e62a47958..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './schema'; -export * from './commands'; -export * from './test-case'; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts deleted file mode 100644 index 1a617e23cf959..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/schema.ts +++ /dev/null @@ -1,35 +0,0 @@ -import { TestCase } from './test-case'; -/** - * Definitions for the integration testing manifest - */ -export interface IntegManifest { - /** - * Version of the manifest - */ - readonly version: string; - - /** - * Enable lookups for this test. If lookups are enabled - * then `stackUpdateWorkflow` must be set to false. - * Lookups should only be enabled when you are explicitely testing - * lookups. - * - * @default false - */ - readonly enableLookups?: boolean; - - /** - * Additional context to use when performing - * a synth. Any context provided here will override - * any default context - * - * @default - no additional context - */ - readonly synthContext?: { [name: string]: string }; - - /** - * test cases - */ - readonly testCases: { [testName: string]: TestCase }; -} - diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts deleted file mode 100644 index 6878f9da2563c..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/test-case.ts +++ /dev/null @@ -1,206 +0,0 @@ -import { DeployOptions, DestroyOptions } from './commands'; - -/** - * The set of options to control the workflow of the test runner - */ -export interface TestOptions { - /** - * Run update workflow on this test case - * This should only be set to false to test scenarios - * that are not possible to test as part of the update workflow - * - * @default true - */ - readonly stackUpdateWorkflow?: boolean; - - /** - * Additional options to use for each CDK command - * - * @default - runner default options - */ - readonly cdkCommandOptions?: CdkCommands; - - /** - * Additional commands to run at predefined points in the test workflow - * - * e.g. { postDeploy: ['yarn', 'test'] } - * - * @default - no hooks - */ - readonly hooks?: Hooks; - - /** - * Whether or not to include asset hashes in the diff - * Asset hashes can introduces a lot of unneccessary noise into tests, - * but there are some cases where asset hashes _should_ be included. For example - * any tests involving custom resources or bundling - * - * @default false - */ - readonly diffAssets?: boolean; - - /** - * List of CloudFormation resource types in this stack that can - * be destroyed as part of an update without failing the test. - * - * This list should only include resources that for this specific - * integration test we are sure will not cause errors or an outage if - * destroyed. For example, maybe we know that a new resource will be created - * first before the old resource is destroyed which prevents any outage. - * - * e.g. ['AWS::IAM::Role'] - * - * @default - do not allow destruction of any resources on update - */ - readonly allowDestroy?: string[]; - - /** - * Limit deployment to these regions - * - * @default - can run in any region - */ - readonly regions?: string[]; -} - -/** - * Represents an integration test case - */ -export interface TestCase extends TestOptions { - /** - * Stacks that should be tested as part of this test case - * The stackNames will be passed as args to the cdk commands - * so dependent stacks will be automatically deployed unless - * `exclusively` is passed - */ - readonly stacks: string[]; - - /** - * The node id of the stack that contains assertions. - * This is the value that can be used to deploy the stack with the CDK CLI - * - * @default - no assertion stack - */ - readonly assertionStack?: string; - - /** - * The name of the stack that contains assertions - * - * @default - no assertion stack - */ - readonly assertionStackName?: string; -} - -/** - * Commands to run at predefined points during the - * integration test workflow - */ -export interface Hooks { - /** - * Commands to run prior to deploying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly preDeploy?: string[]; - - /** - * Commands to run prior after deploying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly postDeploy?: string[]; - - /** - * Commands to run prior to destroying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly preDestroy?: string[]; - - /** - * Commands to run after destroying the cdk stacks - * in the integration test - * - * @default - no commands - */ - readonly postDestroy?: string[]; -} - -/** - * Represents a cdk command - * i.e. `synth`, `deploy`, & `destroy` - */ -export interface CdkCommand { - /** - * Whether or not to run this command as part of the workflow - * This can be used if you only want to test some of the workflow - * for example enable `synth` and disable `deploy` & `destroy` in order - * to limit the test to synthesis - * - * @default true - */ - readonly enabled?: boolean; - - /** - * If the runner should expect this command to fail - * - * @default false - */ - readonly expectError?: boolean; - - /** - * This can be used in combination with `expectedError` - * to validate that a specific message is returned. - * - * @default - do not validate message - */ - readonly expectedMessage?: string; -} - -/** - * Represents a cdk deploy command - */ -export interface DeployCommand extends CdkCommand { - /** - * Additional arguments to pass to the command - * This can be used to test specific CLI functionality - * - * @default - only default args are used - */ - readonly args?: DeployOptions; -} - -/** - * Represents a cdk destroy command - */ -export interface DestroyCommand extends CdkCommand { - /** - * Additional arguments to pass to the command - * This can be used to test specific CLI functionality - * - * @default - only default args are used - */ - readonly args?: DestroyOptions; -} - -/** - * Options for specific cdk commands that are run - * as part of the integration test workflow - */ -export interface CdkCommands { - /** - * Options to for the cdk deploy command - * - * @default - default deploy options - */ - readonly deploy?: DeployCommand; - - /** - * Options to for the cdk destroy command - * - * @default - default destroy options - */ - readonly destroy?: DestroyCommand; -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts deleted file mode 100644 index 76069e0187d4c..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/manifest.ts +++ /dev/null @@ -1,292 +0,0 @@ -import * as fs from 'fs'; -import * as jsonschema from 'jsonschema'; -import * as semver from 'semver'; -import * as assets from './assets'; -import * as assembly from './cloud-assembly'; -import * as integ from './integ-tests'; - -/* eslint-disable @typescript-eslint/no-var-requires */ -/* eslint-disable @typescript-eslint/no-require-imports */ - -// this prefix is used by the CLI to identify this specific error. -// in which case we want to instruct the user to upgrade his CLI. -// see exec.ts#createAssembly -export const VERSION_MISMATCH: string = 'Cloud assembly schema version mismatch'; - -const ASSETS_SCHEMA = require('../schema/assets.schema.json'); - -const ASSEMBLY_SCHEMA = require('../schema/cloud-assembly.schema.json'); - -/** - * Version is shared for both manifests - */ -const SCHEMA_VERSION = require('../schema/cloud-assembly.version.json').version; - -const INTEG_SCHEMA = require('../schema/integ.schema.json'); - -/** - * Options for the loadManifest operation - */ -export interface LoadManifestOptions { - /** - * Skip the version check - * - * This means you may read a newer cloud assembly than the CX API is designed - * to support, and your application may not be aware of all features that in use - * in the Cloud Assembly. - * - * @default false - */ - readonly skipVersionCheck?: boolean; - - /** - * Skip enum checks - * - * This means you may read enum values you don't know about yet. Make sure to always - * check the values of enums you encounter in the manifest. - * - * @default false - */ - readonly skipEnumCheck?: boolean; - - /** - * Topologically sort all artifacts - * - * This parameter is only respected by the constructor of `CloudAssembly`. The - * property lives here for backwards compatibility reasons. - * - * @default true - */ - readonly topoSort?: boolean; -} - -/** - * Protocol utility class. - */ -export class Manifest { - /** - * Validates and saves the cloud assembly manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveAssemblyManifest(manifest: assembly.AssemblyManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, ASSEMBLY_SCHEMA, Manifest.patchStackTagsOnWrite); - } - - /** - * Load and validates the cloud assembly manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadAssemblyManifest(filePath: string, options?: LoadManifestOptions): assembly.AssemblyManifest { - return Manifest.loadManifest(filePath, ASSEMBLY_SCHEMA, Manifest.patchStackTagsOnRead, options); - } - - /** - * Validates and saves the asset manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveAssetManifest(manifest: assets.AssetManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, ASSETS_SCHEMA, Manifest.patchStackTagsOnRead); - } - - /** - * Load and validates the asset manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadAssetManifest(filePath: string): assets.AssetManifest { - return this.loadManifest(filePath, ASSETS_SCHEMA); - } - - /** - * Validates and saves the integ manifest to file. - * - * @param manifest - manifest. - * @param filePath - output file path. - */ - public static saveIntegManifest(manifest: integ.IntegManifest, filePath: string) { - Manifest.saveManifest(manifest, filePath, INTEG_SCHEMA); - } - - /** - * Load and validates the integ manifest from file. - * - * @param filePath - path to the manifest file. - */ - public static loadIntegManifest(filePath: string): integ.IntegManifest { - return this.loadManifest(filePath, INTEG_SCHEMA); - } - - /** - * Fetch the current schema version number. - */ - public static version(): string { - return SCHEMA_VERSION; - } - - /** - * Deprecated - * @deprecated use `saveAssemblyManifest()` - */ - public static save(manifest: assembly.AssemblyManifest, filePath: string) { return this.saveAssemblyManifest(manifest, filePath); } - - /** - * Deprecated - * @deprecated use `loadAssemblyManifest()` - */ - public static load(filePath: string): assembly.AssemblyManifest { return this.loadAssemblyManifest(filePath); } - - private static validate(manifest: { version: string }, schema: jsonschema.Schema, options?: LoadManifestOptions) { - function parseVersion(version: string) { - const ver = semver.valid(version); - if (!ver) { - throw new Error(`Invalid semver string: "${version}"`); - } - return ver; - } - - const maxSupported = parseVersion(Manifest.version()); - const actual = parseVersion(manifest.version); - - // first validate the version should be accepted. - if (semver.gt(actual, maxSupported) && !options?.skipVersionCheck) { - // we use a well known error prefix so that the CLI can identify this specific error - // and print some more context to the user. - throw new Error(`${VERSION_MISMATCH}: Maximum schema version supported is ${maxSupported}, but found ${actual}`); - } - - // now validate the format is good. - const validator = new jsonschema.Validator(); - const result = validator.validate(manifest, schema, { - - // does exist but is not in the TypeScript definitions - nestedErrors: true, - - allowUnknownAttributes: false, - - } as any); - - let errors = result.errors; - if (options?.skipEnumCheck) { - // Enum validations aren't useful when - errors = stripEnumErrors(errors); - } - - if (errors.length > 0) { - throw new Error(`Invalid assembly manifest:\n${errors.map(e => e.stack).join('\n')}`); - } - } - - private static saveManifest(manifest: any, filePath: string, schema: jsonschema.Schema, preprocess?: (obj: any) => any) { - let withVersion = { ...manifest, version: Manifest.version() }; - Manifest.validate(withVersion, schema); - if (preprocess) { - withVersion = preprocess(withVersion); - } - fs.writeFileSync(filePath, JSON.stringify(withVersion, undefined, 2)); - } - - private static loadManifest(filePath: string, schema: jsonschema.Schema, preprocess?: (obj: any) => any, options?: LoadManifestOptions) { - const contents = fs.readFileSync(filePath, { encoding: 'utf-8' }); - let obj; - try { - obj = JSON.parse(contents); - } catch (e: any) { - throw new Error(`${e.message}, while parsing ${JSON.stringify(contents)}`); - } - if (preprocess) { - obj = preprocess(obj); - } - Manifest.validate(obj, schema, options); - return obj; - } - - /** - * This requires some explaining... - * - * We previously used `{ Key, Value }` for the object that represents a stack tag. (Notice the casing) - * @link https://github.com/aws/aws-cdk/blob/v1.27.0/packages/aws-cdk/lib/api/cxapp/stacks.ts#L427. - * - * When that object moved to this package, it had to be JSII compliant, which meant the property - * names must be `camelCased`, and not `PascalCased`. This meant it no longer matches the structure in the `manifest.json` file. - * In order to support current manifest files, we have to translate the `PascalCased` representation to the new `camelCased` one. - * - * Note that the serialization itself still writes `PascalCased` because it relates to how CloudFormation expects it. - * - * Ideally, we would start writing the `camelCased` and translate to how CloudFormation expects it when needed. But this requires nasty - * backwards-compatibility code and it just doesn't seem to be worth the effort. - */ - private static patchStackTagsOnRead(manifest: assembly.AssemblyManifest) { - return Manifest.replaceStackTags(manifest, tags => tags.map((diskTag: any) => ({ - key: diskTag.Key, - value: diskTag.Value, - }))); - } - - /** - * See explanation on `patchStackTagsOnRead` - * - * Translate stack tags metadata if it has the "right" casing. - */ - private static patchStackTagsOnWrite(manifest: assembly.AssemblyManifest) { - return Manifest.replaceStackTags(manifest, tags => tags.map(memTag => - // Might already be uppercased (because stack synthesis generates it in final form yet) - ('Key' in memTag ? memTag : { Key: memTag.key, Value: memTag.value }) as any, - )); - } - - /** - * Recursively replace stack tags in the stack metadata - */ - private static replaceStackTags(manifest: assembly.AssemblyManifest, fn: Endofunctor): assembly.AssemblyManifest { - // Need to add in the `noUndefined`s because otherwise jest snapshot tests are going to freak out - // about the keys with values that are `undefined` (even though they would never be JSON.stringified) - return noUndefined({ - ...manifest, - artifacts: mapValues(manifest.artifacts, artifact => { - if (artifact.type !== assembly.ArtifactType.AWS_CLOUDFORMATION_STACK) { return artifact; } - return noUndefined({ - ...artifact, - metadata: mapValues(artifact.metadata, metadataEntries => metadataEntries.map(metadataEntry => { - if (metadataEntry.type !== assembly.ArtifactMetadataEntryType.STACK_TAGS || !metadataEntry.data) { return metadataEntry; } - return { - ...metadataEntry, - data: fn(metadataEntry.data as assembly.StackTagsMetadataEntry), - }; - })), - } as assembly.ArtifactManifest); - }), - }); - } - - private constructor() {} -} - -type Endofunctor = (x: A) => A; - -function mapValues(xs: Record | undefined, fn: (x: A) => B): Record | undefined { - if (!xs) { return undefined; } - const ret: Record | undefined = {}; - for (const [k, v] of Object.entries(xs)) { - ret[k] = fn(v); - } - return ret; -} - -function noUndefined(xs: A): A { - const ret: any = {}; - for (const [k, v] of Object.entries(xs)) { - if (v !== undefined) { - ret[k] = v; - } - } - return ret; -} - -function stripEnumErrors(errors: jsonschema.ValidationError[]) { - return errors.filter(e => typeof e.schema ==='string' || !('enum' in e.schema)); -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md b/packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md deleted file mode 100644 index ae58ce74ee4e8..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/README.md +++ /dev/null @@ -1,5 +0,0 @@ -## Cloud Assembly JSON Schema - -**DO NOT MODIFY FILES IN THIS DIRECTORY BY HAND** - -To modify, run `yarn update-schema`. \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json deleted file mode 100644 index 980fbaf0d86de..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/assets.schema.json +++ /dev/null @@ -1,253 +0,0 @@ -{ - "$ref": "#/definitions/AssetManifest", - "definitions": { - "AssetManifest": { - "description": "Definitions for the asset manifest", - "type": "object", - "properties": { - "version": { - "description": "Version of the manifest", - "type": "string" - }, - "files": { - "description": "The file assets in this manifest (Default - No files)", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/FileAsset" - } - }, - "dockerImages": { - "description": "The Docker image assets in this manifest (Default - No Docker images)", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/DockerImageAsset" - } - } - }, - "required": [ - "version" - ] - }, - "FileAsset": { - "description": "A file asset", - "type": "object", - "properties": { - "source": { - "$ref": "#/definitions/FileSource", - "description": "Source description for file assets" - }, - "destinations": { - "description": "Destinations for this file asset", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/FileDestination" - } - } - }, - "required": [ - "destinations", - "source" - ] - }, - "FileSource": { - "description": "Describe the source of a file asset", - "type": "object", - "properties": { - "executable": { - "description": "External command which will produce the file asset to upload. (Default - Exactly one of `executable` and `path` is required.)", - "type": "array", - "items": { - "type": "string" - } - }, - "path": { - "description": "The filesystem object to upload\n\nThis path is relative to the asset manifest location. (Default - Exactly one of `executable` and `path` is required.)", - "type": "string" - }, - "packaging": { - "description": "Packaging method\n\nOnly allowed when `path` is specified. (Default FILE)", - "enum": [ - "file", - "zip" - ], - "type": "string" - } - } - }, - "FileDestination": { - "description": "Where in S3 a file asset needs to be published", - "type": "object", - "properties": { - "bucketName": { - "description": "The name of the bucket", - "type": "string" - }, - "objectKey": { - "description": "The destination object key", - "type": "string" - }, - "region": { - "description": "The region where this asset will need to be published (Default - Current region)", - "type": "string" - }, - "assumeRoleArn": { - "description": "The role that needs to be assumed while publishing this asset (Default - No role will be assumed)", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "The ExternalId that needs to be supplied while assuming this role (Default - No ExternalId will be supplied)", - "type": "string" - } - }, - "required": [ - "bucketName", - "objectKey" - ] - }, - "DockerImageAsset": { - "description": "A file asset", - "type": "object", - "properties": { - "source": { - "$ref": "#/definitions/DockerImageSource", - "description": "Source description for file assets" - }, - "destinations": { - "description": "Destinations for this file asset", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/DockerImageDestination" - } - } - }, - "required": [ - "destinations", - "source" - ] - }, - "DockerImageSource": { - "description": "Properties for how to produce a Docker image from a source", - "type": "object", - "properties": { - "directory": { - "description": "The directory containing the Docker image build instructions.\n\nThis path is relative to the asset manifest location. (Default - Exactly one of `directory` and `executable` is required)", - "type": "string" - }, - "executable": { - "description": "A command-line executable that returns the name of a local\nDocker image on stdout after being run. (Default - Exactly one of `directory` and `executable` is required)", - "type": "array", - "items": { - "type": "string" - } - }, - "dockerFile": { - "description": "The name of the file with build instructions\n\nOnly allowed when `directory` is set. (Default Dockerfile)", - "type": "string" - }, - "dockerBuildTarget": { - "description": "Target build stage in a Dockerfile with multiple build stages\n\nOnly allowed when `directory` is set. (Default - The last stage in the Dockerfile)", - "type": "string" - }, - "dockerBuildArgs": { - "description": "Additional build arguments\n\nOnly allowed when `directory` is set. (Default - No additional build arguments)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "dockerBuildSsh": { - "description": "SSH agent socket or keys\n\nRequires building with docker buildkit. (Default - No ssh flag is set)", - "type": "string" - }, - "dockerBuildSecrets": { - "description": "Additional build secrets\n\nOnly allowed when `directory` is set. (Default - No additional build secrets)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "networkMode": { - "description": "Networking mode for the RUN commands during build. _Requires Docker Engine API v1.25+_.\n\nSpecify this property to build images on a specific networking mode. (Default - no networking mode specified)", - "type": "string" - }, - "platform": { - "description": "Platform to build for. _Requires Docker Buildx_.\n\nSpecify this property to build images on a specific platform/architecture. (Default - current machine platform)", - "type": "string" - }, - "dockerOutputs": { - "description": "Outputs (Default - no outputs are passed to the build command (default outputs are used))", - "type": "array", - "items": { - "type": "string" - } - }, - "cacheFrom": { - "description": "Cache from options to pass to the `docker build` command. (Default - no cache from options are passed to the build command)", - "type": "array", - "items": { - "$ref": "#/definitions/DockerCacheOption" - } - }, - "cacheTo": { - "description": "Cache to options to pass to the `docker build` command. (Default - no cache to options are passed to the build command)", - "$ref": "#/definitions/DockerCacheOption" - }, - "cacheDisabled": { - "description": "Disable the cache and pass `--no-cache` to the `docker build` command. (Default - cache is used)", - "type": "boolean" - } - } - }, - "DockerCacheOption": { - "description": "Options for configuring the Docker cache backend", - "type": "object", - "properties": { - "type": { - "description": "The type of cache to use.\nRefer to https://docs.docker.com/build/cache/backends/ for full list of backends. (Default - unspecified)", - "type": "string" - }, - "params": { - "description": "Any parameters to pass into the docker cache backend configuration.\nRefer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. (Default {} No options provided)", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "type" - ] - }, - "DockerImageDestination": { - "description": "Where to publish docker images", - "type": "object", - "properties": { - "repositoryName": { - "description": "Name of the ECR repository to publish to", - "type": "string" - }, - "imageTag": { - "description": "Tag of the image to publish", - "type": "string" - }, - "region": { - "description": "The region where this asset will need to be published (Default - Current region)", - "type": "string" - }, - "assumeRoleArn": { - "description": "The role that needs to be assumed while publishing this asset (Default - No role will be assumed)", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "The ExternalId that needs to be supplied while assuming this role (Default - No ExternalId will be supplied)", - "type": "string" - } - }, - "required": [ - "imageTag", - "repositoryName" - ] - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json deleted file mode 100644 index 279dfbe369073..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.schema.json +++ /dev/null @@ -1,939 +0,0 @@ -{ - "$ref": "#/definitions/AssemblyManifest", - "definitions": { - "AssemblyManifest": { - "description": "A manifest which describes the cloud assembly.", - "type": "object", - "properties": { - "version": { - "description": "Protocol version", - "type": "string" - }, - "artifacts": { - "description": "The set of artifacts in this assembly. (Default - no artifacts.)", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/ArtifactManifest" - } - }, - "missing": { - "description": "Missing context information. If this field has values, it means that the\ncloud assembly is not complete and should not be deployed. (Default - no missing context.)", - "type": "array", - "items": { - "$ref": "#/definitions/MissingContext" - } - }, - "runtime": { - "description": "Runtime information. (Default - no info.)", - "$ref": "#/definitions/RuntimeInfo" - } - }, - "required": [ - "version" - ] - }, - "ArtifactManifest": { - "description": "A manifest for a single artifact within the cloud assembly.", - "type": "object", - "properties": { - "type": { - "$ref": "#/definitions/ArtifactType", - "description": "The type of artifact." - }, - "environment": { - "description": "The environment into which this artifact is deployed. (Default - no envrionment.)", - "type": "string" - }, - "metadata": { - "description": "Associated metadata. (Default - no metadata.)", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "$ref": "#/definitions/MetadataEntry" - } - } - }, - "dependencies": { - "description": "IDs of artifacts that must be deployed before this artifact. (Default - no dependencies.)", - "type": "array", - "items": { - "type": "string" - } - }, - "properties": { - "description": "The set of properties for this artifact (depends on type) (Default - no properties.)", - "anyOf": [ - { - "$ref": "#/definitions/AwsCloudFormationStackProperties" - }, - { - "$ref": "#/definitions/AssetManifestProperties" - }, - { - "$ref": "#/definitions/TreeArtifactProperties" - }, - { - "$ref": "#/definitions/NestedCloudAssemblyProperties" - } - ] - }, - "displayName": { - "description": "A string that represents this artifact. Should only be used in user interfaces. (Default - no display name)", - "type": "string" - } - }, - "required": [ - "type" - ] - }, - "ArtifactType": { - "description": "Type of cloud artifact.", - "type": "string", - "enum": [ - "none", - "aws:cloudformation:stack", - "cdk:tree", - "cdk:asset-manifest", - "cdk:cloud-assembly" - ] - }, - "MetadataEntry": { - "description": "A metadata entry in a cloud assembly artifact.", - "type": "object", - "properties": { - "type": { - "description": "The type of the metadata entry.", - "type": "string" - }, - "data": { - "description": "The data. (Default - no data.)", - "anyOf": [ - { - "$ref": "#/definitions/FileAssetMetadataEntry" - }, - { - "$ref": "#/definitions/ContainerImageAssetMetadataEntry" - }, - { - "type": "array", - "items": { - "$ref": "#/definitions/Tag" - } - }, - { - "type": "string" - }, - { - "description": "Free form data." - } - ] - }, - "trace": { - "description": "A stack trace for when the entry was created. (Default - no trace.)", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "type" - ] - }, - "FileAssetMetadataEntry": { - "description": "Metadata Entry spec for files.", - "type": "object", - "properties": { - "packaging": { - "description": "Requested packaging style", - "enum": [ - "file", - "zip" - ], - "type": "string" - }, - "s3BucketParameter": { - "description": "Name of parameter where S3 bucket should be passed in", - "type": "string" - }, - "s3KeyParameter": { - "description": "Name of parameter where S3 key should be passed in", - "type": "string" - }, - "artifactHashParameter": { - "description": "The name of the parameter where the hash of the bundled asset should be passed in.", - "type": "string" - }, - "id": { - "description": "Logical identifier for the asset", - "type": "string" - }, - "sourceHash": { - "description": "The hash of the asset source.", - "type": "string" - }, - "path": { - "description": "Path on disk to the asset", - "type": "string" - } - }, - "required": [ - "artifactHashParameter", - "id", - "packaging", - "path", - "s3BucketParameter", - "s3KeyParameter", - "sourceHash" - ] - }, - "ContainerImageAssetMetadataEntry": { - "description": "Metadata Entry spec for container images.", - "type": "object", - "properties": { - "packaging": { - "description": "Type of asset", - "type": "string", - "const": "container-image" - }, - "imageNameParameter": { - "description": "ECR Repository name and repo digest (separated by \"@sha256:\") where this\nimage is stored. (Default undefined If not specified, `repositoryName` and `imageTag` are\nrequired because otherwise how will the stack know where to find the asset,\nha?)", - "type": "string" - }, - "repositoryName": { - "description": "ECR repository name, if omitted a default name based on the asset's ID is\nused instead. Specify this property if you need to statically address the\nimage, e.g. from a Kubernetes Pod. Note, this is only the repository name,\nwithout the registry and the tag parts. (Default - this parameter is REQUIRED after 1.21.0)", - "type": "string" - }, - "imageTag": { - "description": "The docker image tag to use for tagging pushed images. This field is\nrequired if `imageParameterName` is ommited (otherwise, the app won't be\nable to find the image). (Default - this parameter is REQUIRED after 1.21.0)", - "type": "string" - }, - "buildArgs": { - "description": "Build args to pass to the `docker build` command (Default no build args are passed)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "buildSsh": { - "description": "SSH agent socket or keys to pass to the `docker build` command (Default no ssh arg is passed)", - "type": "string" - }, - "buildSecrets": { - "description": "Build secrets to pass to the `docker build` command (Default no build secrets are passed)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "target": { - "description": "Docker target to build to (Default no build target)", - "type": "string" - }, - "file": { - "description": "Path to the Dockerfile (relative to the directory). (Default - no file is passed)", - "type": "string" - }, - "networkMode": { - "description": "Networking mode for the RUN commands during build. (Default - no networking mode specified)", - "type": "string" - }, - "platform": { - "description": "Platform to build for. _Requires Docker Buildx_. (Default - current machine platform)", - "type": "string" - }, - "outputs": { - "description": "Outputs to pass to the `docker build` command. (Default - no outputs are passed to the build command (default outputs are used))", - "type": "array", - "items": { - "type": "string" - } - }, - "cacheFrom": { - "description": "Cache from options to pass to the `docker build` command. (Default - no cache from options are passed to the build command)", - "type": "array", - "items": { - "$ref": "#/definitions/ContainerImageAssetCacheOption" - } - }, - "cacheTo": { - "description": "Cache to options to pass to the `docker build` command. (Default - no cache to options are passed to the build command)", - "$ref": "#/definitions/ContainerImageAssetCacheOption" - }, - "cacheDisabled": { - "description": "Disable the cache and pass `--no-cache` to the `docker build` command. (Default - cache is used)", - "type": "boolean" - }, - "id": { - "description": "Logical identifier for the asset", - "type": "string" - }, - "sourceHash": { - "description": "The hash of the asset source.", - "type": "string" - }, - "path": { - "description": "Path on disk to the asset", - "type": "string" - } - }, - "required": [ - "id", - "packaging", - "path", - "sourceHash" - ] - }, - "ContainerImageAssetCacheOption": { - "description": "Options for configuring the Docker cache backend", - "type": "object", - "properties": { - "type": { - "description": "The type of cache to use.\nRefer to https://docs.docker.com/build/cache/backends/ for full list of backends. (Default - unspecified)", - "type": "string" - }, - "params": { - "description": "Any parameters to pass into the docker cache backend configuration.\nRefer to https://docs.docker.com/build/cache/backends/ for cache backend configuration. (Default {} No options provided)", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "type" - ] - }, - "Tag": { - "description": "Metadata Entry spec for stack tag.", - "type": "object", - "properties": { - "key": { - "description": "Tag key.\n\n(In the actual file on disk this will be cased as \"Key\", and the structure is\npatched to match this structure upon loading:\nhttps://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137)", - "type": "string" - }, - "value": { - "description": "Tag value.\n\n(In the actual file on disk this will be cased as \"Value\", and the structure is\npatched to match this structure upon loading:\nhttps://github.com/aws/aws-cdk/blob/4aadaa779b48f35838cccd4e25107b2338f05547/packages/%40aws-cdk/cloud-assembly-schema/lib/manifest.ts#L137)", - "type": "string" - } - }, - "required": [ - "key", - "value" - ] - }, - "AwsCloudFormationStackProperties": { - "description": "Artifact properties for CloudFormation stacks.", - "type": "object", - "properties": { - "templateFile": { - "description": "A file relative to the assembly root which contains the CloudFormation template for this stack.", - "type": "string" - }, - "parameters": { - "description": "Values for CloudFormation stack parameters that should be passed when the stack is deployed. (Default - No parameters)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "tags": { - "description": "Values for CloudFormation stack tags that should be passed when the stack is deployed. (Default - No tags)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "stackName": { - "description": "The name to use for the CloudFormation stack. (Default - name derived from artifact ID)", - "type": "string" - }, - "terminationProtection": { - "description": "Whether to enable termination protection for this stack.", - "default": false, - "type": "boolean" - }, - "assumeRoleArn": { - "description": "The role that needs to be assumed to deploy the stack (Default - No role is assumed (current credentials are used))", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "External ID to use when assuming role for cloudformation deployments (Default - No external ID)", - "type": "string" - }, - "cloudFormationExecutionRoleArn": { - "description": "The role that is passed to CloudFormation to execute the change set (Default - No role is passed (currently assumed role/credentials are used))", - "type": "string" - }, - "lookupRole": { - "description": "The role to use to look up values from the target AWS account (Default - No role is assumed (current credentials are used))", - "$ref": "#/definitions/BootstrapRole" - }, - "stackTemplateAssetObjectUrl": { - "description": "If the stack template has already been included in the asset manifest, its asset URL (Default - Not uploaded yet, upload just before deploying)", - "type": "string" - }, - "requiresBootstrapStackVersion": { - "description": "Version of bootstrap stack required to deploy this stack (Default - No bootstrap stack required)", - "type": "number" - }, - "bootstrapStackVersionSsmParameter": { - "description": "SSM parameter where the bootstrap stack version number can be found\n\nOnly used if `requiresBootstrapStackVersion` is set.\n\n- If this value is not set, the bootstrap stack name must be known at\n deployment time so the stack version can be looked up from the stack\n outputs.\n- If this value is set, the bootstrap stack can have any name because\n we won't need to look it up. (Default - Bootstrap stack version number looked up)", - "type": "string" - }, - "validateOnSynth": { - "description": "Whether this stack should be validated by the CLI after synthesis (Default - false)", - "type": "boolean" - } - }, - "required": [ - "templateFile" - ] - }, - "BootstrapRole": { - "description": "Information needed to access an IAM role created\nas part of the bootstrap process", - "type": "object", - "properties": { - "arn": { - "description": "The ARN of the IAM role created as part of bootrapping\ne.g. lookupRoleArn", - "type": "string" - }, - "assumeRoleExternalId": { - "description": "External ID to use when assuming the bootstrap role (Default - No external ID)", - "type": "string" - }, - "requiresBootstrapStackVersion": { - "description": "Version of bootstrap stack required to use this role (Default - No bootstrap stack required)", - "type": "number" - }, - "bootstrapStackVersionSsmParameter": { - "description": "Name of SSM parameter with bootstrap stack version (Default - Discover SSM parameter by reading stack)", - "type": "string" - } - }, - "required": [ - "arn" - ] - }, - "AssetManifestProperties": { - "description": "Artifact properties for the Asset Manifest", - "type": "object", - "properties": { - "file": { - "description": "Filename of the asset manifest", - "type": "string" - }, - "requiresBootstrapStackVersion": { - "description": "Version of bootstrap stack required to deploy this stack (Default - Version 1 (basic modern bootstrap stack))", - "type": "number" - }, - "bootstrapStackVersionSsmParameter": { - "description": "SSM parameter where the bootstrap stack version number can be found\n\n- If this value is not set, the bootstrap stack name must be known at\n deployment time so the stack version can be looked up from the stack\n outputs.\n- If this value is set, the bootstrap stack can have any name because\n we won't need to look it up. (Default - Bootstrap stack version number looked up)", - "type": "string" - } - }, - "required": [ - "file" - ] - }, - "TreeArtifactProperties": { - "description": "Artifact properties for the Construct Tree Artifact", - "type": "object", - "properties": { - "file": { - "description": "Filename of the tree artifact", - "type": "string" - } - }, - "required": [ - "file" - ] - }, - "NestedCloudAssemblyProperties": { - "description": "Artifact properties for nested cloud assemblies", - "type": "object", - "properties": { - "directoryName": { - "description": "Relative path to the nested cloud assembly", - "type": "string" - }, - "displayName": { - "description": "Display name for the cloud assembly (Default - The artifact ID)", - "type": "string" - } - }, - "required": [ - "directoryName" - ] - }, - "MissingContext": { - "description": "Represents a missing piece of context.", - "type": "object", - "properties": { - "key": { - "description": "The missing context key.", - "type": "string" - }, - "provider": { - "$ref": "#/definitions/ContextProvider", - "description": "The provider from which we expect this context key to be obtained." - }, - "props": { - "$ref": "#/definitions/ContextQueryProperties", - "description": "A set of provider-specific options." - } - }, - "required": [ - "key", - "props", - "provider" - ] - }, - "ContextProvider": { - "description": "Identifier for the context provider", - "type": "string", - "enum": [ - "ami", - "availability-zones", - "hosted-zone", - "ssm", - "vpc-provider", - "endpoint-service-availability-zones", - "load-balancer", - "load-balancer-listener", - "security-group", - "key-provider", - "plugin" - ] - }, - "ContextQueryProperties": { - "anyOf": [ - { - "$ref": "#/definitions/AmiContextQuery" - }, - { - "$ref": "#/definitions/AvailabilityZonesContextQuery" - }, - { - "$ref": "#/definitions/HostedZoneContextQuery" - }, - { - "$ref": "#/definitions/SSMParameterContextQuery" - }, - { - "$ref": "#/definitions/VpcContextQuery" - }, - { - "$ref": "#/definitions/EndpointServiceAvailabilityZonesContextQuery" - }, - { - "$ref": "#/definitions/LoadBalancerContextQuery" - }, - { - "$ref": "#/definitions/LoadBalancerListenerContextQuery" - }, - { - "$ref": "#/definitions/SecurityGroupContextQuery" - }, - { - "$ref": "#/definitions/KeyContextQuery" - }, - { - "$ref": "#/definitions/PluginContextQuery" - } - ] - }, - "AmiContextQuery": { - "description": "Query to AMI context provider", - "type": "object", - "properties": { - "account": { - "description": "Account to query", - "type": "string" - }, - "region": { - "description": "Region to query", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "owners": { - "description": "Owners to DescribeImages call (Default - All owners)", - "type": "array", - "items": { - "type": "string" - } - }, - "filters": { - "description": "Filters to DescribeImages call", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "required": [ - "account", - "filters", - "region" - ] - }, - "AvailabilityZonesContextQuery": { - "description": "Query to availability zone context provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - } - }, - "required": [ - "account", - "region" - ] - }, - "HostedZoneContextQuery": { - "description": "Query to hosted zone context provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "domainName": { - "description": "The domain name e.g. example.com to lookup", - "type": "string" - }, - "privateZone": { - "description": "True if the zone you want to find is a private hosted zone", - "default": false, - "type": "boolean" - }, - "vpcId": { - "description": "The VPC ID to that the private zone must be associated with\n\nIf you provide VPC ID and privateZone is false, this will return no results\nand raise an error. (Default - Required if privateZone=true)", - "type": "string" - } - }, - "required": [ - "account", - "domainName", - "region" - ] - }, - "SSMParameterContextQuery": { - "description": "Query to SSM Parameter Context Provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "parameterName": { - "description": "Parameter name to query", - "type": "string" - } - }, - "required": [ - "account", - "parameterName", - "region" - ] - }, - "VpcContextQuery": { - "description": "Query input for looking up a VPC", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "filter": { - "description": "Filters to apply to the VPC\n\nFilter parameters are the same as passed to DescribeVpcs.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "returnAsymmetricSubnets": { - "description": "Whether to populate the subnetGroups field of the `VpcContextResponse`,\nwhich contains potentially asymmetric subnet groups.", - "default": false, - "type": "boolean" - }, - "subnetGroupNameTag": { - "description": "Optional tag for subnet group name.\nIf not provided, we'll look at the aws-cdk:subnet-name tag.\nIf the subnet does not have the specified tag,\nwe'll use its type as the name. (Default 'aws-cdk:subnet-name')", - "type": "string" - }, - "returnVpnGateways": { - "description": "Whether to populate the `vpnGatewayId` field of the `VpcContextResponse`,\nwhich contains the VPN Gateway ID, if one exists. You can explicitly\ndisable this in order to avoid the lookup if you know the VPC does not have\na VPN Gatway attached. (Default true)", - "type": "boolean" - } - }, - "required": [ - "account", - "filter", - "region" - ] - }, - "EndpointServiceAvailabilityZonesContextQuery": { - "description": "Query to endpoint service context provider", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "serviceName": { - "description": "Query service name", - "type": "string" - } - }, - "required": [ - "account", - "region", - "serviceName" - ] - }, - "LoadBalancerContextQuery": { - "description": "Query input for looking up a load balancer", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "loadBalancerType": { - "$ref": "#/definitions/LoadBalancerType", - "description": "Filter load balancers by their type" - }, - "loadBalancerArn": { - "description": "Find by load balancer's ARN (Default - does not search by load balancer arn)", - "type": "string" - }, - "loadBalancerTags": { - "description": "Match load balancer tags (Default - does not match load balancers by tags)", - "type": "array", - "items": { - "$ref": "#/definitions/Tag" - } - } - }, - "required": [ - "account", - "loadBalancerType", - "region" - ] - }, - "LoadBalancerType": { - "description": "Type of load balancer", - "type": "string", - "enum": [ - "network", - "application" - ] - }, - "LoadBalancerListenerContextQuery": { - "description": "Query input for looking up a load balancer listener", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "listenerArn": { - "description": "Find by listener's arn (Default - does not find by listener arn)", - "type": "string" - }, - "listenerProtocol": { - "description": "Filter by listener protocol (Default - does not filter by listener protocol)", - "enum": [ - "HTTP", - "HTTPS", - "TCP", - "TCP_UDP", - "TLS", - "UDP" - ], - "type": "string" - }, - "listenerPort": { - "description": "Filter listeners by listener port (Default - does not filter by a listener port)", - "type": "number" - }, - "loadBalancerType": { - "$ref": "#/definitions/LoadBalancerType", - "description": "Filter load balancers by their type" - }, - "loadBalancerArn": { - "description": "Find by load balancer's ARN (Default - does not search by load balancer arn)", - "type": "string" - }, - "loadBalancerTags": { - "description": "Match load balancer tags (Default - does not match load balancers by tags)", - "type": "array", - "items": { - "$ref": "#/definitions/Tag" - } - } - }, - "required": [ - "account", - "loadBalancerType", - "region" - ] - }, - "SecurityGroupContextQuery": { - "description": "Query input for looking up a security group", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "securityGroupId": { - "description": "Security group id (Default - None)", - "type": "string" - }, - "securityGroupName": { - "description": "Security group name (Default - None)", - "type": "string" - }, - "vpcId": { - "description": "VPC ID (Default - None)", - "type": "string" - } - }, - "required": [ - "account", - "region" - ] - }, - "KeyContextQuery": { - "description": "Query input for looking up a KMS Key", - "type": "object", - "properties": { - "account": { - "description": "Query account", - "type": "string" - }, - "region": { - "description": "Query region", - "type": "string" - }, - "lookupRoleArn": { - "description": "The ARN of the role that should be used to look up the missing values (Default - None)", - "type": "string" - }, - "aliasName": { - "description": "Alias name used to search the Key", - "type": "string" - } - }, - "required": [ - "account", - "aliasName", - "region" - ] - }, - "PluginContextQuery": { - "description": "Query input for plugins\n\nThis alternate branch is necessary because it needs to be able to escape all type checking\nwe do on on the cloud assembly -- we cannot know the properties that will be used a priori.", - "type": "object", - "additionalProperties": {}, - "properties": { - "pluginName": { - "description": "The name of the plugin", - "type": "string" - } - }, - "required": [ - "pluginName" - ] - }, - "RuntimeInfo": { - "description": "Information about the application's runtime components.", - "type": "object", - "properties": { - "libraries": { - "description": "The list of libraries loaded in the application, associated with their versions.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "libraries" - ] - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json deleted file mode 100644 index a43e4f30b6f64..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/integ.schema.json +++ /dev/null @@ -1,493 +0,0 @@ -{ - "$ref": "#/definitions/IntegManifest", - "definitions": { - "IntegManifest": { - "description": "Definitions for the integration testing manifest", - "type": "object", - "properties": { - "version": { - "description": "Version of the manifest", - "type": "string" - }, - "enableLookups": { - "description": "Enable lookups for this test. If lookups are enabled\nthen `stackUpdateWorkflow` must be set to false.\nLookups should only be enabled when you are explicitely testing\nlookups.", - "default": false, - "type": "boolean" - }, - "synthContext": { - "description": "Additional context to use when performing\na synth. Any context provided here will override\nany default context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "testCases": { - "description": "test cases", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/TestCase" - } - } - }, - "required": [ - "testCases", - "version" - ] - }, - "TestCase": { - "description": "Represents an integration test case", - "type": "object", - "properties": { - "stacks": { - "description": "Stacks that should be tested as part of this test case\nThe stackNames will be passed as args to the cdk commands\nso dependent stacks will be automatically deployed unless\n`exclusively` is passed", - "type": "array", - "items": { - "type": "string" - } - }, - "assertionStack": { - "description": "The node id of the stack that contains assertions.\nThis is the value that can be used to deploy the stack with the CDK CLI (Default - no assertion stack)", - "type": "string" - }, - "assertionStackName": { - "description": "The name of the stack that contains assertions (Default - no assertion stack)", - "type": "string" - }, - "stackUpdateWorkflow": { - "description": "Run update workflow on this test case\nThis should only be set to false to test scenarios\nthat are not possible to test as part of the update workflow (Default true)", - "type": "boolean" - }, - "cdkCommandOptions": { - "description": "Additional options to use for each CDK command (Default - runner default options)", - "$ref": "#/definitions/CdkCommands" - }, - "hooks": { - "description": "Additional commands to run at predefined points in the test workflow\n\ne.g. { postDeploy: ['yarn', 'test'] } (Default - no hooks)", - "$ref": "#/definitions/Hooks" - }, - "diffAssets": { - "description": "Whether or not to include asset hashes in the diff\nAsset hashes can introduces a lot of unneccessary noise into tests,\nbut there are some cases where asset hashes _should_ be included. For example\nany tests involving custom resources or bundling", - "default": false, - "type": "boolean" - }, - "allowDestroy": { - "description": "List of CloudFormation resource types in this stack that can\nbe destroyed as part of an update without failing the test.\n\nThis list should only include resources that for this specific\nintegration test we are sure will not cause errors or an outage if\ndestroyed. For example, maybe we know that a new resource will be created\nfirst before the old resource is destroyed which prevents any outage.\n\ne.g. ['AWS::IAM::Role'] (Default - do not allow destruction of any resources on update)", - "type": "array", - "items": { - "type": "string" - } - }, - "regions": { - "description": "Limit deployment to these regions (Default - can run in any region)", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "stacks" - ] - }, - "CdkCommands": { - "description": "Options for specific cdk commands that are run\nas part of the integration test workflow", - "type": "object", - "properties": { - "deploy": { - "description": "Options to for the cdk deploy command (Default - default deploy options)", - "$ref": "#/definitions/DeployCommand" - }, - "destroy": { - "description": "Options to for the cdk destroy command (Default - default destroy options)", - "$ref": "#/definitions/DestroyCommand" - } - } - }, - "DeployCommand": { - "description": "Represents a cdk deploy command", - "type": "object", - "properties": { - "args": { - "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", - "$ref": "#/definitions/DeployOptions" - }, - "enabled": { - "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", - "type": "boolean" - }, - "expectError": { - "description": "If the runner should expect this command to fail", - "default": false, - "type": "boolean" - }, - "expectedMessage": { - "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", - "type": "string" - } - } - }, - "DeployOptions": { - "description": "Options to use with cdk deploy", - "type": "object", - "properties": { - "exclusively": { - "description": "Only perform action on the given stack", - "default": false, - "type": "boolean" - }, - "toolkitStackName": { - "description": "Name of the toolkit stack to use/deploy (Default CDKToolkit)", - "type": "string" - }, - "reuseAssets": { - "description": "Reuse the assets with the given asset IDs (Default - do not reuse assets)", - "type": "array", - "items": { - "type": "string" - } - }, - "changeSetName": { - "description": "Optional name to use for the CloudFormation change set.\nIf not provided, a name will be generated automatically. (Default - auto generate a name)", - "type": "string" - }, - "force": { - "description": "Always deploy, even if templates are identical.", - "default": false, - "type": "boolean" - }, - "rollback": { - "description": "Rollback failed deployments (Default true)", - "type": "boolean" - }, - "notificationArns": { - "description": "ARNs of SNS topics that CloudFormation will notify with stack related events (Default - no notifications)", - "type": "array", - "items": { - "type": "string" - } - }, - "requireApproval": { - "description": "What kind of security changes require approval (Default RequireApproval.Never)", - "enum": [ - "any-change", - "broadening", - "never" - ], - "type": "string" - }, - "execute": { - "description": "Whether to execute the ChangeSet\nNot providing `execute` parameter will result in execution of ChangeSet (Default true)", - "type": "boolean" - }, - "parameters": { - "description": "Additional parameters for CloudFormation at deploy time (Default [object Object])", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "usePreviousParameters": { - "description": "Use previous values for unspecified parameters\n\nIf not set, all parameters must be specified for every deployment. (Default true)", - "type": "boolean" - }, - "outputsFile": { - "description": "Path to file where stack outputs will be written after a successful deploy as JSON (Default - Outputs are not written to any file)", - "type": "string" - }, - "ci": { - "description": "Whether we are on a CI system", - "default": false, - "type": "boolean" - }, - "concurrency": { - "description": "Deploy multiple stacks in parallel (Default 1)", - "type": "number" - }, - "stacks": { - "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", - "type": "array", - "items": { - "type": "string" - } - }, - "all": { - "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", - "type": "boolean" - }, - "app": { - "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", - "type": "string" - }, - "roleArn": { - "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", - "type": "string" - }, - "context": { - "description": "Additional context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trace": { - "description": "Print trace for stack warnings", - "default": false, - "type": "boolean" - }, - "strict": { - "description": "Do not construct stacks with warnings", - "default": false, - "type": "boolean" - }, - "lookups": { - "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", - "type": "boolean" - }, - "ignoreErrors": { - "description": "Ignores synthesis errors, which will likely produce an invalid output", - "default": false, - "type": "boolean" - }, - "json": { - "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", - "default": false, - "type": "boolean" - }, - "verbose": { - "description": "show debug logs", - "default": false, - "type": "boolean" - }, - "debug": { - "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", - "default": false, - "type": "boolean" - }, - "profile": { - "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", - "type": "string" - }, - "proxy": { - "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", - "type": "string" - }, - "caBundlePath": { - "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", - "type": "string" - }, - "ec2Creds": { - "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", - "type": "boolean" - }, - "versionReporting": { - "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", - "type": "boolean" - }, - "pathMetadata": { - "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", - "type": "boolean" - }, - "assetMetadata": { - "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", - "type": "boolean" - }, - "staging": { - "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", - "default": false, - "type": "boolean" - }, - "output": { - "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", - "type": "string" - }, - "notices": { - "description": "Show relevant notices (Default true)", - "type": "boolean" - }, - "color": { - "description": "Show colors and other style from console output (Default true)", - "type": "boolean" - } - } - }, - "DestroyCommand": { - "description": "Represents a cdk destroy command", - "type": "object", - "properties": { - "args": { - "description": "Additional arguments to pass to the command\nThis can be used to test specific CLI functionality (Default - only default args are used)", - "$ref": "#/definitions/DestroyOptions" - }, - "enabled": { - "description": "Whether or not to run this command as part of the workflow\nThis can be used if you only want to test some of the workflow\nfor example enable `synth` and disable `deploy` & `destroy` in order\nto limit the test to synthesis (Default true)", - "type": "boolean" - }, - "expectError": { - "description": "If the runner should expect this command to fail", - "default": false, - "type": "boolean" - }, - "expectedMessage": { - "description": "This can be used in combination with `expectedError`\nto validate that a specific message is returned. (Default - do not validate message)", - "type": "string" - } - } - }, - "DestroyOptions": { - "description": "Options to use with cdk destroy", - "type": "object", - "properties": { - "force": { - "description": "Do not ask for permission before destroying stacks", - "default": false, - "type": "boolean" - }, - "exclusively": { - "description": "Only destroy the given stack", - "default": false, - "type": "boolean" - }, - "stacks": { - "description": "List of stacks to deploy\n\nRequried if `all` is not set (Default - [])", - "type": "array", - "items": { - "type": "string" - } - }, - "all": { - "description": "Deploy all stacks\n\nRequried if `stacks` is not set (Default - false)", - "type": "boolean" - }, - "app": { - "description": "command-line for executing your app or a cloud assembly directory\ne.g. \"node bin/my-app.js\"\nor\n\"cdk.out\" (Default - read from cdk.json)", - "type": "string" - }, - "roleArn": { - "description": "Role to pass to CloudFormation for deployment (Default - use the bootstrap cfn-exec role)", - "type": "string" - }, - "context": { - "description": "Additional context (Default - no additional context)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trace": { - "description": "Print trace for stack warnings", - "default": false, - "type": "boolean" - }, - "strict": { - "description": "Do not construct stacks with warnings", - "default": false, - "type": "boolean" - }, - "lookups": { - "description": "Perform context lookups.\n\nSynthesis fails if this is disabled and context lookups need\nto be performed (Default true)", - "type": "boolean" - }, - "ignoreErrors": { - "description": "Ignores synthesis errors, which will likely produce an invalid output", - "default": false, - "type": "boolean" - }, - "json": { - "description": "Use JSON output instead of YAML when templates are printed\nto STDOUT", - "default": false, - "type": "boolean" - }, - "verbose": { - "description": "show debug logs", - "default": false, - "type": "boolean" - }, - "debug": { - "description": "enable emission of additional debugging information, such as creation stack\ntraces of tokens", - "default": false, - "type": "boolean" - }, - "profile": { - "description": "Use the indicated AWS profile as the default environment (Default - no profile is used)", - "type": "string" - }, - "proxy": { - "description": "Use the indicated proxy. Will read from\nHTTPS_PROXY environment if specified (Default - no proxy)", - "type": "string" - }, - "caBundlePath": { - "description": "Path to CA certificate to use when validating HTTPS\nrequests. (Default - read from AWS_CA_BUNDLE environment variable)", - "type": "string" - }, - "ec2Creds": { - "description": "Force trying to fetch EC2 instance credentials (Default - guess EC2 instance status)", - "type": "boolean" - }, - "versionReporting": { - "description": "Include \"AWS::CDK::Metadata\" resource in synthesized templates (Default true)", - "type": "boolean" - }, - "pathMetadata": { - "description": "Include \"aws:cdk:path\" CloudFormation metadata for each resource (Default true)", - "type": "boolean" - }, - "assetMetadata": { - "description": "Include \"aws:asset:*\" CloudFormation metadata for resources that use assets (Default true)", - "type": "boolean" - }, - "staging": { - "description": "Copy assets to the output directory\n\nNeeded for local debugging the source files with SAM CLI", - "default": false, - "type": "boolean" - }, - "output": { - "description": "Emits the synthesized cloud assembly into a directory (Default cdk.out)", - "type": "string" - }, - "notices": { - "description": "Show relevant notices (Default true)", - "type": "boolean" - }, - "color": { - "description": "Show colors and other style from console output (Default true)", - "type": "boolean" - } - } - }, - "Hooks": { - "description": "Commands to run at predefined points during the\nintegration test workflow", - "type": "object", - "properties": { - "preDeploy": { - "description": "Commands to run prior to deploying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "postDeploy": { - "description": "Commands to run prior after deploying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "preDestroy": { - "description": "Commands to run prior to destroying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - }, - "postDestroy": { - "description": "Commands to run after destroying the cdk stacks\nin the integration test (Default - no commands)", - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "$schema": "http://json-schema.org/draft-07/schema#" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh b/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh deleted file mode 100755 index 04a6710e54bdb..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -euo pipefail -scriptsdir=$(cd $(dirname $0) && pwd) -packagedir=$(cd ${scriptsdir}/.. && pwd) - -# Output -OUTPUT_DIR="${packagedir}/schema" -mkdir -p ${OUTPUT_DIR} - -# regenerate JSON schema and bumps the version -ts-node --prefer-ts-exts -e "require('${packagedir}/scripts/update-schema.ts').update()" diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts b/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts deleted file mode 100644 index 532a0774612f3..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/scripts/update-schema.ts +++ /dev/null @@ -1,151 +0,0 @@ -import * as fs from 'fs'; -import * as path from 'path'; -import * as semver from 'semver'; -// eslint-disable-next-line import/no-extraneous-dependencies -import * as tjs from 'typescript-json-schema'; - -function log(message: string) { - // eslint-disable-next-line no-console - console.log(message); -} - -/** - * Where schemas are committed. - */ -const SCHEMA_DIR = path.resolve(__dirname, '../schema'); - -const SCHEMA_DEFINITIONS: { - [schemaName: string]: { - /** - * The name of the root type. - */ - rootTypeName: string; - /** - * Files loaded to generate the schema. - * Should be relative to `cloud-assembly-schema/lib`. - * Usually this is just the file containing the root type. - */ - files: string[]; - }; -} = { - 'assets': { - rootTypeName: 'AssetManifest', - files: [path.join('assets', 'schema.ts')], - }, - 'cloud-assembly': { - rootTypeName: 'AssemblyManifest', - files: [path.join('cloud-assembly', 'schema.ts')], - }, - 'integ': { - rootTypeName: 'IntegManifest', - files: [path.join('integ-tests', 'schema.ts')], - }, -}; - -export const SCHEMAS = Object.keys(SCHEMA_DEFINITIONS); - -export function update() { - for (const s of SCHEMAS) { - generateSchema(s); - } - - bump(); -} - -export function bump() { - const versionFile = path.join(SCHEMA_DIR, 'cloud-assembly.version.json'); - - // eslint-disable-next-line @typescript-eslint/no-require-imports - const metadata = require(versionFile); - - const oldVersion = metadata.version; - const newVersion = semver.inc(oldVersion, 'major'); - - log(`Updating schema version: ${oldVersion} -> ${newVersion}`); - fs.writeFileSync(versionFile, JSON.stringify({ version: newVersion })); -} - -/** - * Generates a schema from typescript types. - * @returns JSON schema - * @param schemaName the schema to generate - * @param shouldBump writes a new version of the schema and bumps the major version - */ -export function generateSchema(schemaName: string, saveToFile: boolean = true) { - const spec = SCHEMA_DEFINITIONS[schemaName]; - const out = saveToFile ? path.join(SCHEMA_DIR, `${schemaName}.schema.json`) : ''; - - const settings: Partial = { - required: true, - ref: true, - topRef: true, - noExtraProps: false, - out, - }; - - const compilerOptions = { - strictNullChecks: true, - }; - - const program = tjs.getProgramFromFiles(spec.files.map(file =>path.join(__dirname, '..', 'lib', file)), compilerOptions); - const schema = tjs.generateSchema(program, spec.rootTypeName, settings); - - augmentDescription(schema); - addAnyMetadataEntry(schema); - - if (out) { - log(`Generating schema to ${out}`); - fs.writeFileSync(out, JSON.stringify(schema, null, 4)); - } - - return schema; -} - -/** - * Remove 'default' from the schema since its generated - * from the tsdocs, which are not necessarily actual values, - * but rather descriptive behavior. - * - * To keep this inforamtion in the schema, we append it to the - * 'description' of the property. - */ -function augmentDescription(schema: any) { - - function _recurse(o: any) { - for (const prop in o) { - - if (prop === 'description' && typeof o[prop] === 'string') { - - const description = o[prop]; - const defaultValue = o.default; - - if (!defaultValue) { - // property doesn't have a default value - // skip - continue; - } - - const descriptionWithDefault = `${description} (Default ${defaultValue})`; - - delete o.default; - o[prop] = descriptionWithDefault; - - } else if (typeof o[prop] === 'object') { - _recurse(o[prop]); - } - } - } - - _recurse(schema); - -} - -/** - * Patch the properties of MetadataEntry to allow - * specifying any free form data. This is needed since source - * code doesn't allow this in order to enforce stricter jsii - * compatibility checks. - */ -function addAnyMetadataEntry(schema: any) { - schema?.definitions?.MetadataEntry?.properties.data.anyOf.push({ description: 'Free form data.' }); -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap b/packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap deleted file mode 100644 index 14a8ff8031165..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/__snapshots__/manifest.test.ts.snap +++ /dev/null @@ -1,7 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`manifest load 1`] = ` -{ - "version": "0.0.0", -} -`; diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts deleted file mode 100644 index 24ddd465484b7..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/assets.test.ts +++ /dev/null @@ -1,194 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import { FileAssetPackaging, Manifest } from '../lib'; - -describe('Docker image asset', () => { - test('valid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - dockerImages: { - asset: { - source: { - directory: '.', - }, - destinations: { - dest: { - region: 'us-north-20', - repositoryName: 'REPO', - imageTag: 'TAG', - }, - }, - }, - externalAsset: { - source: { - executable: ['sometool'], - }, - destinations: { - dest: { - region: 'us-north-20', - repositoryName: 'REPO', - imageTag: 'TAG', - }, - }, - }, - }, - }); - }).not.toThrow(); - }); - - test('invalid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - dockerImages: { - asset: { - source: { - directory: true, - }, - destinations: {}, - }, - externalAsset: { - source: {}, - destinations: {}, - }, - }, - }); - }).toThrow(/instance\.dockerImages\.asset\.source\.directory is not of a type\(s\) string/); - }); -}); - -describe('File asset', () => { - describe('valid input', () => { - test('without packaging', () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 'a/b/c', - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - externalAsset: { - source: { - executable: ['sometool'], - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).not.toThrow(); - }); - - for (const packaging of Object.values(FileAssetPackaging)) { - test(`with "${packaging}" packaging`, () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 'a/b/c', - packaging, - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).not.toThrow(); - }); - } - }); - - describe('invalid input', () => { - test('bad "source.path" property', () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 3, - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - externalAsset: { - source: { - executable: ['sometool'], - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).toThrow(/instance\.files\.asset\.source\.path is not of a type\(s\) string/); - }); - - test('bad "source.packaging" property', () => { - expect(() => { - validate({ - version: Manifest.version(), - files: { - asset: { - source: { - path: 'a/b/c', - packaging: 'BLACK_HOLE', - }, - destinations: { - dest: { - region: 'us-north-20', - bucketName: 'Bouquet', - objectKey: 'key', - }, - }, - }, - }, - }); - }).toThrow(/instance\.files\.asset\.source\.packaging is not one of enum values: file,zip/); - }); - }); -}); - -function validate(manifest: any) { - const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'assets.test.')); - const filePath = path.join(dir, 'manifest.json'); - fs.writeFileSync(filePath, JSON.stringify(manifest, undefined, 2)); - try { - Manifest.loadAssetManifest(filePath); - } finally { - fs.unlinkSync(filePath); - fs.rmdirSync(dir); - } -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json deleted file mode 100644 index ef6fc1c901429..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/high-version/manifest.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "version": "99.99.99" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json deleted file mode 100644 index ea1558cb1e6f9..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-artifact-type/manifest.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "version": "0.0.0", - "artifacts": { - "MyArt": { - "type": "who:am:i", - "environment": "aws://37736633/us-region-1" - } - } -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json deleted file mode 100644 index da1a33b17936e..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-nested-property/manifest.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "version": "0.0.0", - "runtime": { - "libraries": ["should", "be", "a", "map"] - } -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json deleted file mode 100644 index 36b2250cf8d33..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/invalid-version/manifest.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "version": "version" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json deleted file mode 100644 index c158d5be87422..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/only-version/manifest.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "version": "0.0.0" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json deleted file mode 100644 index cd2209c526595..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/random-metadata/manifest.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "version": "0.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "stack": { - "type": "aws:cloudformation:stack", - "metadata": { - "AwsCdkPlaygroundBatch": [ - { - "type": "random-array", - "data": ["42"], - "trace": ["trace"] - }, - { - "type": "random-number", - "data": 42, - "trace": ["trace"] - }, - { - "type": "random-map", - "data": { - "key": "value" - }, - "trace": ["trace"] - } - ] - } - } - } - } \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json deleted file mode 100644 index d1f0bca305c81..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/unknown-property/manifest.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "version": "0.0.0", - "who-am-i": "unknown" -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json b/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json deleted file mode 100644 index 4d18eed47c8a0..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/fixtures/with-stack-tags/manifest.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "version": "0.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "stack": { - "type": "aws:cloudformation:stack", - "metadata": { - "AwsCdkPlaygroundBatch": [ - { - "type": "aws:cdk:stack-tags", - "data": [{ - "Key": "hello", - "Value": "world" - }], - "trace": ["trace"] - }, - { - "type": "aws:cdk:asset", - "data": { - "repositoryName": "repo", - "imageTag": "tag", - "id": "id", - "packaging": "container-image", - "path": "path", - "sourceHash": "hash" - }, - "trace": ["trace"] - } - ] - } - } - } -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts deleted file mode 100644 index 3baefc89d750f..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/integ-tests.test.ts +++ /dev/null @@ -1,137 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import { Manifest } from '../lib'; - -describe('Integration test', () => { - test('valid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - testCase1: { - stacks: ['stack1', 'stack2'], - stackUpdateWorkflow: true, - cdkCommandOptions: { - deploy: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - exclusively: true, - toolkitStackName: 'Stack', - reuseAssets: ['asset1', 'asset2'], - changeSetName: 'changeset', - force: true, - rollback: false, - notificationArns: ['arn1', 'arn2'], - execute: true, - parameters: { - 'MYPARAM': 'Value', - 'Stack1:OtherParam': 'OtherValue', - }, - usePreviousParameters: true, - outputsFile: 'outputs.json', - ci: true, - requireApproval: 'never', - app: 'node bin/my-app.js', - roleArn: 'roleArn', - context: { - KEY: 'value', - }, - trace: true, - strict: true, - lookups: true, - ignoreErrors: true, - json: true, - verbose: true, - debug: true, - profile: 'profile', - proxy: 'https://proxy', - caBundlePath: 'path/to/bundle', - ec2Creds: true, - versionReporting: false, - pathMetadata: false, - assetMetadata: true, - staging: false, - output: true, - notices: true, - color: false, - }, - }, - synth: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - quiet: true, - exclusively: true, - validation: true, - }, - }, - destroy: { - enabled: true, - expectError: false, - expectedMessage: 'some message', - args: { - force: true, - exclusively: true, - }, - }, - }, - hooks: { - preDeploy: ['yarn test'], - postDeploy: ['some other command'], - preDestroy: ['command1', 'command2'], - postDestroy: ['command3', 'command4'], - }, - diffAssets: true, - allowDestroy: ['AWS::IAM::Role'], - region: ['us-east-1', 'us-east-2'], - }, - }, - }); - }); - }); - - test('invalid input', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - stacks: true, - }, - }); - }).toThrow(/instance\.testCases\.stacks is not of a type\(s\) object/); - }); - - test('without command options', () => { - expect(() => { - validate({ - version: Manifest.version(), - testCases: { - testCase1: { - stacks: ['stack1', 'stack2'], - stackUpdateWorkflow: true, - hooks: { - preDeploy: ['yarn test'], - }, - diffAssets: true, - }, - }, - }); - }); - }); -}); - -function validate(manifest: any) { - const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'integ.test.')); - const filePath = path.join(dir, 'manifest.json'); - fs.writeFileSync(filePath, JSON.stringify(manifest, undefined, 2)); - try { - Manifest.loadIntegManifest(filePath); - } finally { - fs.unlinkSync(filePath); - fs.rmdirSync(dir); - } -} diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts deleted file mode 100644 index a8f1311a2dcc9..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/manifest.test.ts +++ /dev/null @@ -1,162 +0,0 @@ -import * as fs from 'fs'; -import * as os from 'os'; -import * as path from 'path'; -import * as semver from 'semver'; -import { AssemblyManifest, Manifest, StackTagsMetadataEntry } from '../lib'; - -const FIXTURES = path.join(__dirname, 'fixtures'); - -function fixture(name: string) { - return path.join(FIXTURES, name, 'manifest.json'); -} - -test('manifest save', () => { - - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - - const assemblyManifest: AssemblyManifest = { - version: 'version', - runtime: { - libraries: { lib1: '1.2.3' }, - }, - }; - - Manifest.saveAssemblyManifest(assemblyManifest, manifestFile); - - const saved = JSON.parse(fs.readFileSync(manifestFile, { encoding: 'utf-8' })); - - expect(saved).toEqual({ - ...assemblyManifest, - version: Manifest.version(), // version is forced - }); -}); - -test('manifest load', () => { - const loaded = Manifest.loadAssemblyManifest(fixture('only-version')); - expect(loaded).toMatchSnapshot(); -}); - -test('manifest load fails for invalid nested property', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('invalid-nested-property'))).toThrow(/Invalid assembly manifest/); -}); - -test('manifest load fails for invalid artifact type', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('invalid-artifact-type'))).toThrow(/Invalid assembly manifest/); -}); - -test('manifest load fails on higher major version', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('high-version'))).toThrow(/Cloud assembly schema version mismatch/); -}); - -// once we start introducing minor version bumps that are considered -// non breaking, this test can be removed. -test('manifest load fails on higher minor version', () => { - - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - - const newVersion = semver.inc(Manifest.version(), 'minor'); - expect(newVersion).toBeTruthy(); - - if (newVersion) { - const assemblyManifest: AssemblyManifest = { - version: newVersion, - }; - - // can't use saveAssemblyManifest because it will force the correct version - fs.writeFileSync(manifestFile, JSON.stringify(assemblyManifest)); - - expect(() => Manifest.loadAssemblyManifest(manifestFile)).toThrow(/Cloud assembly schema version mismatch/); - } -}); - -test('manifest load doesnt fail if version checking is disabled, and unknown properties are added', () => { - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - const newVersion = semver.inc(Manifest.version(), 'major'); - expect(newVersion).toBeTruthy(); - - const assemblyManifest: AssemblyManifest = { - version: newVersion!, - artifacts: { - SomeArtifact: { - type: 'aws:cloudformation:stack', - thisPropertyWillNeverBeInTheManifest: 'i_hope', - } as any, - UnknownArtifact: { - type: 'unknown-artifact-type', - } as any, - }, - }; - - // can't use saveAssemblyManifest because it will force the correct version - fs.writeFileSync(manifestFile, JSON.stringify(assemblyManifest)); - - Manifest.loadAssemblyManifest(manifestFile, { skipVersionCheck: true, skipEnumCheck: true }); -}); - -// once we start introducing patch version bumps that are considered -// non breaking, this test can be removed. -test('manifest load fails on higher patch version', () => { - - const outdir = fs.mkdtempSync(path.join(os.tmpdir(), 'schema-tests')); - const manifestFile = path.join(outdir, 'manifest.json'); - - const newVersion = semver.inc(Manifest.version(), 'patch'); - expect(newVersion).toBeTruthy(); - - if (newVersion) { - const assemblyManifest: AssemblyManifest = { - version: newVersion, - }; - - // can't use saveAssemblyManifest because it will force the correct version - fs.writeFileSync(manifestFile, JSON.stringify(assemblyManifest)); - - expect(() => Manifest.loadAssemblyManifest(manifestFile)).toThrow(/Cloud assembly schema version mismatch/); - } -}); - -test('manifest load fails on invalid version', () => { - expect(() => Manifest.loadAssemblyManifest(fixture('invalid-version'))).toThrow(/Invalid semver string/); -}); - -test('manifest load succeeds on unknown properties', () => { - const manifest = Manifest.loadAssemblyManifest(fixture('unknown-property')); - expect(manifest.version).toEqual('0.0.0'); -}); - -test('stack-tags are deserialized properly', () => { - - const m: AssemblyManifest = Manifest.loadAssemblyManifest(fixture('with-stack-tags')); - - if (m.artifacts?.stack?.metadata?.AwsCdkPlaygroundBatch[0].data) { - const entry = m.artifacts.stack.metadata.AwsCdkPlaygroundBatch[0].data as StackTagsMetadataEntry; - expect(entry[0].key).toEqual('hello'); - expect(entry[0].value).toEqual('world'); - } - expect(m.version).toEqual('0.0.0'); - -}); - -test('can access random metadata', () => { - - const loaded = Manifest.loadAssemblyManifest(fixture('random-metadata')); - const randomArray = loaded.artifacts?.stack.metadata?.AwsCdkPlaygroundBatch[0].data; - const randomNumber = loaded.artifacts?.stack.metadata?.AwsCdkPlaygroundBatch[1].data; - const randomMap = loaded.artifacts?.stack.metadata?.AwsCdkPlaygroundBatch[2].data; - - expect(randomArray).toEqual(['42']); - expect(randomNumber).toEqual(42); - expect(randomMap).toEqual({ - key: 'value', - }); - - expect(randomMap).toBeTruthy(); - - if (randomMap) { - expect((randomMap as any).key).toEqual('value'); - } - -}); diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts b/packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts deleted file mode 100644 index ad935bbe73789..0000000000000 --- a/packages/aws-cdk-lib/cloud-assembly-schema/test/schema.test.ts +++ /dev/null @@ -1,47 +0,0 @@ -import { generateSchema, SCHEMAS } from '../scripts/update-schema'; - -test('if this test fails, run "yarn update-schema"', () => { - - // when we compare schemas we ignore changes the - // description that is generated from the ts docstrings. - const docStringFields = [ - 'description', - ]; - - for (const schemaName of SCHEMAS) { - const expected = removeStringKeys(generateSchema(schemaName, false), docStringFields); - - // eslint-disable-next-line @typescript-eslint/no-require-imports - const actual = removeStringKeys(require(`../schema/${schemaName}.schema.json`), docStringFields); - - try { - expect(actual).toEqual(expected); - } catch (err: any) { - // I couldn't for the life of me figure out how to provide additional error message - // to jest...any ideas? - err.message = `Whoops, Looks like the schema has changed. Did you forget to run 'yarn update-schema'?\n\n${err.message}`; - throw err; - } - } - -}); - -function removeStringKeys(obj: any, keys: string[]) { - - function _recurse(o: any) { - for (const prop in o) { - if (keys.includes(prop) && typeof o[prop] === 'string') { - delete o[prop]; - } else if (typeof o[prop] === 'object') { - _recurse(o[prop]); - } - } - } - const cloned = clone(obj); - _recurse(cloned); - return cloned; -} - -function clone(obj: any) { - return JSON.parse(JSON.stringify(obj)); -} diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 44e30b2551662..b364698e5381f 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -122,6 +122,7 @@ "@aws-cdk/asset-awscli-v1": "^2.2.202", "@aws-cdk/asset-kubectl-v20": "^2.1.2", "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@balena/dockerignore": "^1.0.2", "case": "1.6.3", "fs-extra": "^11.2.0", diff --git a/packages/aws-cdk/THIRD_PARTY_LICENSES b/packages/aws-cdk/THIRD_PARTY_LICENSES index bdd874b45cfec..a7dc51a926a60 100644 --- a/packages/aws-cdk/THIRD_PARTY_LICENSES +++ b/packages/aws-cdk/THIRD_PARTY_LICENSES @@ -1,6 +1,6 @@ The aws-cdk package includes the following third-party software/licensing: -** @jsii/check-node@1.101.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.101.0 | Apache-2.0 +** @jsii/check-node@1.102.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.102.0 | Apache-2.0 jsii Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -2954,6 +2954,26 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +---------------- + +** semver@7.6.3 - https://www.npmjs.com/package/semver/v/7.6.3 | ISC +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + ---------------- ** slice-ansi@4.0.0 - https://www.npmjs.com/package/slice-ansi/v/4.0.0 | MIT diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 8162bb751544d..a678374b16958 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -96,11 +96,11 @@ "xml-js": "^1.6.11" }, "dependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", - "@jsii/check-node": "1.101.0", + "@jsii/check-node": "1.102.0", "archiver": "^5.3.2", "aws-sdk": "^2.1653.0", "camelcase": "^6.3.0", diff --git a/packages/aws-cdk/test/api/exec.test.ts b/packages/aws-cdk/test/api/exec.test.ts index d15f9ac9c0ce2..a8c32aed06d8a 100644 --- a/packages/aws-cdk/test/api/exec.test.ts +++ b/packages/aws-cdk/test/api/exec.test.ts @@ -76,7 +76,7 @@ test('cli throws when manifest version > schema version', async () => { } const expectedError = 'This CDK CLI is not compatible with the CDK library used by your application. Please upgrade the CLI to the latest version.' - + `\n(Cloud assembly schema version mismatch: Maximum schema version supported is ${currentSchemaVersion}, but found ${mockManifestVersion})`; + + `\n(Cloud assembly schema version mismatch: Maximum schema version supported is ${semver.major(currentSchemaVersion)}.x.x, but found ${mockManifestVersion})`; config.settings.set(['app'], 'cdk.out'); diff --git a/packages/awslint/package.json b/packages/awslint/package.json index f9ba600f5ba97..39b7b0a6ababb 100644 --- a/packages/awslint/package.json +++ b/packages/awslint/package.json @@ -18,10 +18,10 @@ "awslint": "bin/awslint" }, "dependencies": { - "@jsii/spec": "1.101.0", + "@jsii/spec": "1.102.0", "chalk": "^4", "fs-extra": "^9.1.0", - "jsii-reflect": "1.101.0", + "jsii-reflect": "1.102.0", "change-case": "^4.1.2", "yargs": "^16.2.0" }, @@ -71,4 +71,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index e07450f12ec3a..8b19ba83cb908 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -43,7 +43,7 @@ "@aws-cdk/pkglint": "0.0.0" }, "dependencies": { - "@aws-cdk/cloud-assembly-schema": "0.0.0", + "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cx-api": "0.0.0", "archiver": "^5.3.2", "aws-sdk": "^2.1653.0", @@ -79,4 +79,4 @@ "publishConfig": { "tag": "latest" } -} +} \ No newline at end of file diff --git a/tools/@aws-cdk/cdk-build-tools/package.json b/tools/@aws-cdk/cdk-build-tools/package.json index 53374615cbef5..c65e33c5fae5b 100644 --- a/tools/@aws-cdk/cdk-build-tools/package.json +++ b/tools/@aws-cdk/cdk-build-tools/package.json @@ -62,8 +62,8 @@ "jest-junit": "^13.2.0", "jsii": "~5.4.25", "jsii-rosetta": "~5.4.24", - "jsii-pacmak": "1.101.0", - "jsii-reflect": "1.101.0", + "jsii-pacmak": "1.102.0", + "jsii-reflect": "1.102.0", "markdownlint-cli": "^0.41.0", "nyc": "^15.1.0", "semver": "^7.6.2", @@ -87,4 +87,4 @@ "ubergen": { "exclude": true } -} +} \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 3417615880ecf..8f0c3f4ac727f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -59,6 +59,14 @@ "@aws-cdk/service-spec-types" "^0.0.84" "@cdklabs/tskb" "^0.0.3" +"@aws-cdk/cloud-assembly-schema@^36.0.5": + version "36.0.5" + resolved "https://registry.npmjs.org/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-36.0.5.tgz#20207347d263eea8c3e0381ce2b9d169f0fbfe41" + integrity sha512-3BYOfDqB+xU/ZCjdQ1SDc6qodvg93DY7MPU9FuuIhvqLQBsuO6e//WNZlkToo/QXE9FFm7d/TQI9AyAD/Y/84w== + dependencies: + jsonschema "^1.4.1" + semver "^7.6.3" + "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": version "2.0.242" resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v24/-/lambda-layer-kubectl-v24-2.0.242.tgz#4273a5ad7714f933a7eba155eb9280823086db71" @@ -4250,7 +4258,22 @@ chalk "^4.1.2" semver "^7.6.0" -"@jsii/spec@1.101.0", "@jsii/spec@^1.101.0": +"@jsii/check-node@1.102.0": + version "1.102.0" + resolved "https://registry.npmjs.org/@jsii/check-node/-/check-node-1.102.0.tgz#d5dce81b60411b35d4890e69eee2b86d606c8672" + integrity sha512-uyKjxCe1ou11RJz6koBr5vXtyaGjTA45hF+H88GNW96vms7jKqmYdMm067Az1OKwl38h02lQRQ2tmoEzV7u74w== + dependencies: + chalk "^4.1.2" + semver "^7.6.3" + +"@jsii/spec@1.102.0", "@jsii/spec@^1.102.0": + version "1.102.0" + resolved "https://registry.npmjs.org/@jsii/spec/-/spec-1.102.0.tgz#3f9cfcd44e4358ba7259730452e89b2111918524" + integrity sha512-/VcmoEyp7HR0xoFz47/fiyZjAv+0gHG4ZwTbgB+umbB88bTbLZadnqBL7T9OIKQbK4w8HNOaRnHwjNBIYIPxWQ== + dependencies: + ajv "^8.17.1" + +"@jsii/spec@^1.101.0": version "1.101.0" resolved "https://registry.npmjs.org/@jsii/spec/-/spec-1.101.0.tgz#b1c3488d5df2ee0c355e0a3493e3de4add9d7452" integrity sha512-855OnjKm4RTzRA78GGTNBG/GLe6X/vHJYD58zg7Rw8rWS7sU6iB65TM/7P7R3cufVew8umjjPjvW7ygS6ZqITQ== @@ -6843,6 +6866,16 @@ ajv@^8.0.1, ajv@^8.13.0: require-from-string "^2.0.2" uri-js "^4.4.1" +ajv@^8.17.1: + version "8.17.1" + resolved "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" + integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== + dependencies: + fast-deep-equal "^3.1.3" + fast-uri "^3.0.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + ansi-align@^3.0.1: version "3.0.1" resolved "https://registry.npmjs.org/ansi-align/-/ansi-align-3.0.1.tgz#0cdf12e111ace773a86e9a1fad1225c43cb19a59" @@ -7934,10 +7967,10 @@ co@^4.6.0: resolved "https://registry.npmjs.org/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184" integrity sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ== -codemaker@^1.101.0: - version "1.101.0" - resolved "https://registry.npmjs.org/codemaker/-/codemaker-1.101.0.tgz#27e5e0311f08061618804e485a015eaa860aa718" - integrity sha512-bAg+N4PA8mniJrCpTYFdaFmJA+3fE1Vjgf4o1EnPc07nw6qRcJsr/D9ZZoutEsvw7UM8OmZp4qZxVzpCqRhhQQ== +codemaker@^1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/codemaker/-/codemaker-1.102.0.tgz#336dd6a8f7ffd64e02afcee7830c1f8d768f0efe" + integrity sha512-lxsbbcSMxCdT+9wUv1AvBH9791andoWDcQ6s7ZK6KsMZ+UkRLO3obzhi7Zm+RIA3lHecqzaGmOKyRnu0Dx/Zew== dependencies: camelcase "^6.3.0" decamelize "^5.0.1" @@ -8066,6 +8099,15 @@ commonmark@^0.31.0: minimist "~1.2.5" string.prototype.repeat "^1.0.0" +commonmark@^0.31.1: + version "0.31.1" + resolved "https://registry.npmjs.org/commonmark/-/commonmark-0.31.1.tgz#5c8b1b5eaaca00a0912cad68d1f0f00c836cecd3" + integrity sha512-M6pbc3sRU96iiOK7rmjv/TNrXvTaOscvthUCq7YOrlvZWbqAA36fyEtBvyI3nCcEK4u+JAy9sAdtftIeXwIWig== + dependencies: + entities "~3.0.1" + mdurl "~1.0.1" + minimist "~1.2.5" + compare-func@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/compare-func/-/compare-func-2.0.0.tgz#fb65e75edbddfd2e568554e8b5b05fff7a51fcb3" @@ -9629,6 +9671,11 @@ fast-memoize@^2.5.2: resolved "https://registry.npmjs.org/fast-memoize/-/fast-memoize-2.5.2.tgz#79e3bb6a4ec867ea40ba0e7146816f6cdce9b57e" integrity sha512-Ue0LwpDYErFbmNnZSF0UH6eImUwDmogUO1jyE+JbN2gsQz/jICm1Ve7t9QT0rNSsfJt+Hs4/S3GnsDVjL4HVrw== +fast-uri@^3.0.1: + version "3.0.1" + resolved "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.1.tgz#cddd2eecfc83a71c1be2cc2ef2061331be8a7134" + integrity sha512-MWipKbbYiYI0UC7cl8m/i/IWTqfC8YXsqjzybjddLsFjStroQzsHXkc73JutMvBiXmOvapk+axIl79ig5t55Bw== + fast-xml-parser@4.2.5: version "4.2.5" resolved "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz#a6747a09296a6cb34f2ae634019bf1738f3b421f" @@ -11601,37 +11648,49 @@ jsesc@^2.5.1: resolved "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4" integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA== -jsii-diff@1.101.0: - version "1.101.0" - resolved "https://registry.npmjs.org/jsii-diff/-/jsii-diff-1.101.0.tgz#d8bf59c522aaf419e9465170db78810a9795f8a9" - integrity sha512-7DvBiLireA91AnWCxt7EcKd04/zp8Rhk8oTYSGtIM57ZNZ+FV7cbrgxmXqja6P1ZXz67N3UAjKC8KdtFXeOqRA== +jsii-diff@1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/jsii-diff/-/jsii-diff-1.102.0.tgz#4008ea927f4367eecef813189822df6d6f239109" + integrity sha512-mFXOk5CDlk7ojkomHh2H6ngcknht1/r5Qmeice+B1xlL/fEmySs+g/ILowDED4Yu4P4491kZzh3EDMAaf34NkQ== dependencies: - "@jsii/check-node" "1.101.0" - "@jsii/spec" "^1.101.0" + "@jsii/check-node" "1.102.0" + "@jsii/spec" "^1.102.0" fs-extra "^10.1.0" - jsii-reflect "^1.101.0" + jsii-reflect "^1.102.0" log4js "^6.9.1" yargs "^16.2.0" -jsii-pacmak@1.101.0: - version "1.101.0" - resolved "https://registry.npmjs.org/jsii-pacmak/-/jsii-pacmak-1.101.0.tgz#8ad183be51d5a79e455253b27ae596efcb8a3b35" - integrity sha512-07a04KtOj+Kmx+5XQVD1JG6QOh6JNqFWh4bbzMDKiFx7JoHhQnLq07b/OlUpCuP7J7Q9WaXXYM59EUQpXO07wg== +jsii-pacmak@1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/jsii-pacmak/-/jsii-pacmak-1.102.0.tgz#ccf7f98f05c2b1bad34a0b90dbf5c479bd45c1a1" + integrity sha512-3/nqBYNH8n/5IWI0sBFBYl1yATokEDUDQtYFLjzk7oXNWpUJ23/encI78Cs55ZS6UXcfWN3xczGLqCWnsgEpnw== dependencies: - "@jsii/check-node" "1.101.0" - "@jsii/spec" "^1.101.0" + "@jsii/check-node" "1.102.0" + "@jsii/spec" "^1.102.0" clone "^2.1.2" - codemaker "^1.101.0" - commonmark "^0.31.0" + codemaker "^1.102.0" + commonmark "^0.31.1" escape-string-regexp "^4.0.0" fs-extra "^10.1.0" - jsii-reflect "^1.101.0" - semver "^7.6.0" + jsii-reflect "^1.102.0" + semver "^7.6.3" spdx-license-list "^6.9.0" xmlbuilder "^15.1.1" yargs "^16.2.0" -jsii-reflect@1.101.0, jsii-reflect@^1.101.0: +jsii-reflect@1.102.0, jsii-reflect@^1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.102.0.tgz#4d1d3c9e2f51d157a43297d55dd61487bf61e384" + integrity sha512-Lf2l8z3HSRSyouFGpDddfheP2LznKvFDKVlUWEzO+jDnQFOJOYTv4x617Yy5JIeIa9D8f70drRelOqove6hZtQ== + dependencies: + "@jsii/check-node" "1.102.0" + "@jsii/spec" "^1.102.0" + chalk "^4" + fs-extra "^10.1.0" + oo-ascii-tree "^1.102.0" + yargs "^16.2.0" + +jsii-reflect@^1.101.0: version "1.101.0" resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.101.0.tgz#e96fa687ba9db5c4b70995839aacceea11abc288" integrity sha512-ZCFb+laktj/ekNadUYksf+jLZq4fjoQeNe344GwslJOaemGjgAeqy0atV2H8nvTYU8ubszFApUPpdoRvtxgdPw== @@ -13640,6 +13699,11 @@ oo-ascii-tree@^1.101.0: resolved "https://registry.npmjs.org/oo-ascii-tree/-/oo-ascii-tree-1.101.0.tgz#bd14acf6a71430c02443f865975ec0c4b4ff03aa" integrity sha512-hNE9Nfvo4HLa9/dAiaiXUm64KHUvgBa7jPftsb8gZdTv1G1wSMMnd9j7SMcRzaMbDEqi+0cfgeBSIcsKy+k0vA== +oo-ascii-tree@^1.102.0: + version "1.102.0" + resolved "https://registry.npmjs.org/oo-ascii-tree/-/oo-ascii-tree-1.102.0.tgz#438e67730bc8503ae28e40a5273075e5f489b875" + integrity sha512-SNcZNfqtov0Af+6hx+qnliUhTOIxPUfboX/zQnc2EdmGHLXKQ3eSPQ40NopCgv4canzl5EvKGlCJaMCvk2viCQ== + open@^7.4.2: version "7.4.2" resolved "https://registry.npmjs.org/open/-/open-7.4.2.tgz#b8147e26dcf3e426316c730089fd71edd29c2321" @@ -14988,11 +15052,16 @@ semver@^6.0.0, semver@^6.1.1, semver@^6.3.0, semver@^6.3.1: resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.0.0, semver@^7.1.1, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.2: +semver@^7.0.0, semver@^7.1.1, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.3, semver@^7.5.4, semver@^7.6.2: version "7.6.2" resolved "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13" integrity sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w== +semver@^7.6.0, semver@^7.6.3: + version "7.6.3" + resolved "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" + integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== + sentence-case@^3.0.4: version "3.0.4" resolved "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz#3645a7b8c117c787fde8702056225bb62a45131f" From ffba5b1d0a8dfece02a9d5ad8a989955a7f4a812 Mon Sep 17 00:00:00 2001 From: Xia Zhao <78883180+xazhao@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:46:07 -0700 Subject: [PATCH 34/40] revert: feat(ecs): add validation checks to memory cpu combinations of FARGATE compatible task definitions (#31110) Revert https://github.com/aws/aws-cdk/pull/30166 ### Issue # (if applicable) Closes #. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssertD76B1D35.assets.json | 19 -- ...aultTestDeployAssertD76B1D35.template.json | 36 ---- .../aws-ecs-fargate-task-def.assets.json | 19 -- .../aws-ecs-fargate-task-def.template.json | 87 -------- .../cdk.out | 1 - .../integ.json | 12 -- .../manifest.json | 122 ----------- .../tree.json | 202 ----------------- .../aws-ecs/test/integ.fargate-task-def.ts | 25 --- ...efaultTestDeployAssertF13B2133.assets.json | 19 -- ...aultTestDeployAssertF13B2133.template.json | 36 ---- .../aws-ecs-task-def.assets.json | 19 -- .../aws-ecs-task-def.template.json | 88 -------- .../test/integ.task-def.js.snapshot/cdk.out | 1 - .../integ.task-def.js.snapshot/integ.json | 12 -- .../integ.task-def.js.snapshot/manifest.json | 119 ---------- .../test/integ.task-def.js.snapshot/tree.json | 203 ------------------ .../test/aws-ecs/test/integ.task-def.ts | 26 --- ...servicecatalog-deploy-action-beta1.test.ts | 2 +- .../load-balanced-fargate-service-v2.test.ts | 3 +- .../load-balanced-fargate-service.test.ts | 4 +- .../fargate/scheduled-fargate-task.test.ts | 2 +- packages/aws-cdk-lib/aws-ecs/README.md | 2 +- .../aws-ecs/lib/base/task-definition.ts | 72 ++----- .../fargate/fargate-task-definition.test.ts | 34 +-- .../aws-ecs/test/task-definition.test.ts | 42 +--- .../api/cloudformation-deployments.test.ts | 2 +- 27 files changed, 32 insertions(+), 1177 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.ts delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets.json deleted file mode 100644 index a2587e6d528bd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.assets.json deleted file mode 100644 index 47920c3666a13..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "9cc4d79897c01e0d9dc06bb0648af4d1d360aea0fd4d556081bed713d96d2436": { - "source": { - "path": "aws-ecs-fargate-task-def.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "9cc4d79897c01e0d9dc06bb0648af4d1d360aea0fd4d556081bed713d96d2436.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.template.json deleted file mode 100644 index 17d20d29f57ef..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/aws-ecs-fargate-task-def.template.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "Resources": { - "TaskDefTaskRole1EDB4A67": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TaskDef54694570": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Essential": true, - "Image": "amazon/amazon-ecs-sample", - "Name": "SampleContainer", - "PortMappings": [ - { - "ContainerPort": 80, - "HostPort": 80, - "Protocol": "tcp" - } - ] - } - ], - "Cpu": "256", - "Family": "awsecsfargatetaskdefTaskDef69F258AC", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", - "Arn" - ] - } - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/integ.json deleted file mode 100644 index 1a97105790686..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/integ.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "FargateTaskDefinition/DefaultTest": { - "stacks": [ - "aws-ecs-fargate-task-def" - ], - "assertionStack": "FargateTaskDefinition/DefaultTest/DeployAssert", - "assertionStackName": "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/manifest.json deleted file mode 100644 index 11f65944a28fc..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/manifest.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "aws-ecs-fargate-task-def.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "aws-ecs-fargate-task-def.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "aws-ecs-fargate-task-def": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "aws-ecs-fargate-task-def.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9cc4d79897c01e0d9dc06bb0648af4d1d360aea0fd4d556081bed713d96d2436.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "aws-ecs-fargate-task-def.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "aws-ecs-fargate-task-def.assets" - ], - "metadata": { - "/aws-ecs-fargate-task-def/TaskDef/TaskRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TaskDefTaskRole1EDB4A67" - } - ], - "/aws-ecs-fargate-task-def/TaskDef/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TaskDef54694570", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] - } - ], - "/aws-ecs-fargate-task-def/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/aws-ecs-fargate-task-def/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "aws-ecs-fargate-task-def" - }, - "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "FargateTaskDefinitionDefaultTestDeployAssertD76B1D35.assets" - ], - "metadata": { - "/FargateTaskDefinition/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/FargateTaskDefinition/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "FargateTaskDefinition/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/tree.json deleted file mode 100644 index 063f35b7938f7..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.js.snapshot/tree.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "aws-ecs-fargate-task-def": { - "id": "aws-ecs-fargate-task-def", - "path": "aws-ecs-fargate-task-def", - "children": { - "TaskDef": { - "id": "TaskDef", - "path": "aws-ecs-fargate-task-def/TaskDef", - "children": { - "TaskRole": { - "id": "TaskRole", - "path": "aws-ecs-fargate-task-def/TaskDef/TaskRole", - "children": { - "ImportTaskRole": { - "id": "ImportTaskRole", - "path": "aws-ecs-fargate-task-def/TaskDef/TaskRole/ImportTaskRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-ecs-fargate-task-def/TaskDef/TaskRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-ecs-fargate-task-def/TaskDef/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", - "aws:cdk:cloudformation:props": { - "containerDefinitions": [ - { - "essential": true, - "image": "amazon/amazon-ecs-sample", - "name": "SampleContainer", - "portMappings": [ - { - "containerPort": 80, - "hostPort": 80, - "protocol": "tcp" - } - ] - } - ], - "cpu": "256", - "family": "awsecsfargatetaskdefTaskDef69F258AC", - "memory": "512", - "networkMode": "awsvpc", - "requiresCompatibilities": [ - "FARGATE" - ], - "taskRoleArn": { - "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", - "Arn" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", - "version": "0.0.0" - } - }, - "SampleContainer": { - "id": "SampleContainer", - "path": "aws-ecs-fargate-task-def/TaskDef/SampleContainer", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-ecs-fargate-task-def/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-ecs-fargate-task-def/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "FargateTaskDefinition": { - "id": "FargateTaskDefinition", - "path": "FargateTaskDefinition", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "FargateTaskDefinition/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "FargateTaskDefinition/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "FargateTaskDefinition/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "FargateTaskDefinition/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "FargateTaskDefinition/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.ts deleted file mode 100644 index 46be63397f340..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.fargate-task-def.ts +++ /dev/null @@ -1,25 +0,0 @@ -import * as cdk from 'aws-cdk-lib'; -import * as ecs from 'aws-cdk-lib/aws-ecs'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-fargate-task-def'); - -const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { - cpu: 256, - memoryLimitMiB: 512, -}); - -taskDefinition.addContainer('SampleContainer', { - image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), - essential: true, - portMappings: [ - { containerPort: 80, hostPort: 80, protocol: ecs.Protocol.TCP }, - ], -}); - -new IntegTest(app, 'FargateTaskDefinition', { - testCases: [stack], -}); - -app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.assets.json deleted file mode 100644 index c36858976d347..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "TaskDefinitionDefaultTestDeployAssertF13B2133.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/TaskDefinitionDefaultTestDeployAssertF13B2133.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.assets.json deleted file mode 100644 index 0c6a62c1ef756..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "69e8cabd26b07a22fe937a35822c9447fa44ce785d99d44da971c9f953f701da": { - "source": { - "path": "aws-ecs-task-def.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "69e8cabd26b07a22fe937a35822c9447fa44ce785d99d44da971c9f953f701da.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.template.json deleted file mode 100644 index 9b0e24807ea39..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/aws-ecs-task-def.template.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "Resources": { - "TaskDefTaskRole1EDB4A67": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TaskDef54694570": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Essential": true, - "Image": "amazon/amazon-ecs-sample", - "Name": "SampleContainer", - "PortMappings": [ - { - "ContainerPort": 80, - "HostPort": 80, - "Protocol": "tcp" - } - ] - } - ], - "Cpu": "256", - "Family": "awsecstaskdefTaskDefDBCEF036", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "EC2", - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", - "Arn" - ] - } - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/integ.json deleted file mode 100644 index d996244d1508f..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/integ.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "TaskDefinition/DefaultTest": { - "stacks": [ - "aws-ecs-task-def" - ], - "assertionStack": "TaskDefinition/DefaultTest/DeployAssert", - "assertionStackName": "TaskDefinitionDefaultTestDeployAssertF13B2133" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/manifest.json deleted file mode 100644 index ead60c3c0ea88..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/manifest.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "aws-ecs-task-def.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "aws-ecs-task-def.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "aws-ecs-task-def": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "aws-ecs-task-def.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/69e8cabd26b07a22fe937a35822c9447fa44ce785d99d44da971c9f953f701da.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "aws-ecs-task-def.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "aws-ecs-task-def.assets" - ], - "metadata": { - "/aws-ecs-task-def/TaskDef/TaskRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TaskDefTaskRole1EDB4A67" - } - ], - "/aws-ecs-task-def/TaskDef/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TaskDef54694570" - } - ], - "/aws-ecs-task-def/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/aws-ecs-task-def/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "aws-ecs-task-def" - }, - "TaskDefinitionDefaultTestDeployAssertF13B2133.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "TaskDefinitionDefaultTestDeployAssertF13B2133.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "TaskDefinitionDefaultTestDeployAssertF13B2133": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "TaskDefinitionDefaultTestDeployAssertF13B2133.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "TaskDefinitionDefaultTestDeployAssertF13B2133.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "TaskDefinitionDefaultTestDeployAssertF13B2133.assets" - ], - "metadata": { - "/TaskDefinition/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/TaskDefinition/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "TaskDefinition/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/tree.json deleted file mode 100644 index e2a89e9602c30..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.js.snapshot/tree.json +++ /dev/null @@ -1,203 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "aws-ecs-task-def": { - "id": "aws-ecs-task-def", - "path": "aws-ecs-task-def", - "children": { - "TaskDef": { - "id": "TaskDef", - "path": "aws-ecs-task-def/TaskDef", - "children": { - "TaskRole": { - "id": "TaskRole", - "path": "aws-ecs-task-def/TaskDef/TaskRole", - "children": { - "ImportTaskRole": { - "id": "ImportTaskRole", - "path": "aws-ecs-task-def/TaskDef/TaskRole/ImportTaskRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-ecs-task-def/TaskDef/TaskRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-ecs-task-def/TaskDef/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", - "aws:cdk:cloudformation:props": { - "containerDefinitions": [ - { - "essential": true, - "image": "amazon/amazon-ecs-sample", - "name": "SampleContainer", - "portMappings": [ - { - "containerPort": 80, - "hostPort": 80, - "protocol": "tcp" - } - ] - } - ], - "cpu": "256", - "family": "awsecstaskdefTaskDefDBCEF036", - "memory": "512", - "networkMode": "awsvpc", - "requiresCompatibilities": [ - "EC2", - "FARGATE" - ], - "taskRoleArn": { - "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", - "Arn" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", - "version": "0.0.0" - } - }, - "SampleContainer": { - "id": "SampleContainer", - "path": "aws-ecs-task-def/TaskDef/SampleContainer", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ecs.TaskDefinition", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-ecs-task-def/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-ecs-task-def/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "TaskDefinition": { - "id": "TaskDefinition", - "path": "TaskDefinition", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "TaskDefinition/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "TaskDefinition/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "TaskDefinition/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "TaskDefinition/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "TaskDefinition/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.ts deleted file mode 100644 index e9f4780343816..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/integ.task-def.ts +++ /dev/null @@ -1,26 +0,0 @@ -import * as cdk from 'aws-cdk-lib'; -import * as ecs from 'aws-cdk-lib/aws-ecs'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-ecs-task-def'); - -const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', { - compatibility: ecs.Compatibility.EC2_AND_FARGATE, - cpu: '256', - memoryMiB: '512', -}); - -taskDefinition.addContainer('SampleContainer', { - image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), - essential: true, - portMappings: [ - { containerPort: 80, hostPort: 80, protocol: ecs.Protocol.TCP }, - ], -}); - -new IntegTest(app, 'TaskDefinition', { - testCases: [stack], -}); - -app.synth(); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts index 30388c7801783..cee8f139e117f 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts @@ -7,7 +7,7 @@ import * as cpactions from '../../lib'; /* eslint-disable quote-props */ describe('ServiceCatalog Deploy Action', () => { - test('addAction successfully leads to creation of codepipeline service catalog action with properly formatted TemplateFilePath', () => { + test('addAction succesfully leads to creation of codepipeline service catalog action with properly formatted TemplateFilePath', () => { // GIVEN const stack = new TestFixture(); // WHEN diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts index 5700a62b58b15..3068e9a8e4e29 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts @@ -642,8 +642,7 @@ describe('Application Load Balancer', () => { // WHEN new ApplicationMultipleTargetGroupsFargateService(stack, 'myService', { cluster: new ecs.Cluster(stack, 'EcsCluster', { vpc }), - cpu: 256, - memoryLimitMiB: 512, + memoryLimitMiB: 256, taskImageOptions: { image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), }, diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts index bf60714822fcd..18b6b929f76f6 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts @@ -554,7 +554,7 @@ describe('ApplicationLoadBalancedFargateService', () => { // WHEN const taskDef = new ecs.FargateTaskDefinition(stack1, 'TaskDef', { cpu: 1024, - memoryLimitMiB: 2048, + memoryLimitMiB: 1024, }); const container = taskDef.addContainer('Container', { image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), @@ -1816,7 +1816,7 @@ describe('NetworkLoadBalancedFargateService', () => { }); const taskDef = new ecs.FargateTaskDefinition(stack2, 'TaskDef', { cpu: 1024, - memoryLimitMiB: 2048, + memoryLimitMiB: 1024, }); const container = taskDef.addContainer('myContainer', { image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts index 28d881b8f7d92..7300f3c16e908 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts @@ -91,7 +91,7 @@ test('Can create a scheduled Fargate Task - with optional props', () => { scheduledFargateTaskImageOptions: { image: ecs.ContainerImage.fromRegistry('henk'), memoryLimitMiB: 512, - cpu: 256, + cpu: 2, ephemeralStorageGiB: 100, environment: { TRIGGER: 'CloudWatch Events' }, }, diff --git a/packages/aws-cdk-lib/aws-ecs/README.md b/packages/aws-cdk-lib/aws-ecs/README.md index 6198c3f8f05c6..f0669e3adcc66 100644 --- a/packages/aws-cdk-lib/aws-ecs/README.md +++ b/packages/aws-cdk-lib/aws-ecs/README.md @@ -505,7 +505,7 @@ To grant a principal permission to run your `TaskDefinition`, you can use the `T ```ts declare const role: iam.IGrantable; const taskDef = new ecs.TaskDefinition(this, 'TaskDef', { - cpu: '256', + cpu: '512', memoryMiB: '512', compatibility: ecs.Compatibility.EC2_AND_FARGATE, }); diff --git a/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts b/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts index c3896e1113811..7ab075ae777ce 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts @@ -432,9 +432,23 @@ export class TaskDefinition extends TaskDefinitionBase { } this.networkMode = props.networkMode ?? (this.isFargateCompatible ? NetworkMode.AWS_VPC : NetworkMode.BRIDGE); + if (this.isFargateCompatible && this.networkMode !== NetworkMode.AWS_VPC) { + throw new Error(`Fargate tasks can only have AwsVpc network mode, got: ${this.networkMode}`); + } if (props.proxyConfiguration && this.networkMode !== NetworkMode.AWS_VPC) { throw new Error(`ProxyConfiguration can only be used with AwsVpc network mode, got: ${this.networkMode}`); } + if (props.placementConstraints && props.placementConstraints.length > 0 && this.isFargateCompatible) { + throw new Error('Cannot set placement constraints on tasks that run on Fargate'); + } + + if (this.isFargateCompatible && (!props.cpu || !props.memoryMiB)) { + throw new Error(`Fargate-compatible tasks require both CPU (${props.cpu}) and memory (${props.memoryMiB}) specifications`); + } + + if (props.inferenceAccelerators && props.inferenceAccelerators.length > 0 && this.isFargateCompatible) { + throw new Error('Cannot use inference accelerators on tasks that run on Fargate'); + } if (this.isExternalCompatible && ![NetworkMode.BRIDGE, NetworkMode.HOST, NetworkMode.NONE].includes(this.networkMode)) { throw new Error(`External tasks can only have Bridge, Host or None network mode, got: ${this.networkMode}`); @@ -444,30 +458,6 @@ export class TaskDefinition extends TaskDefinitionBase { throw new Error('Cannot specify runtimePlatform in non-Fargate compatible tasks'); } - //FARGATE compatible tasks pre-checks - if (this.isFargateCompatible) { - if (this.networkMode !== NetworkMode.AWS_VPC) { - throw new Error(`Fargate tasks can only have AwsVpc network mode, got: ${this.networkMode}`); - } - - if (props.placementConstraints && props.placementConstraints.length > 0) { - throw new Error('Cannot set placement constraints on tasks that run on Fargate'); - } - - if (!props.cpu || !props.memoryMiB) { - throw new Error(`Fargate-compatible tasks require both CPU (${props.cpu}) and memory (${props.memoryMiB}) specifications`); - } - - if (props.inferenceAccelerators && props.inferenceAccelerators.length > 0) { - throw new Error('Cannot use inference accelerators on tasks that run on Fargate'); - } - - // Check the combination as per doc https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html - this.node.addValidation({ - validate: () => this.validateFargateTaskDefinitionMemoryCpu(props.cpu!, props.memoryMiB!), - }); - } - this._executionRole = props.executionRole; this.taskRole = props.taskRole || new iam.Role(this, 'TaskRole', { @@ -909,40 +899,6 @@ export class TaskDefinition extends TaskDefinitionBase { throw new Error(`If operatingSystemFamily is ${runtimePlatform.operatingSystemFamily!._operatingSystemFamily}, then cpu must be in 1024 (1 vCPU), 2048 (2 vCPU), or 4096 (4 vCPU). Provided value was: ${cpu}`); } }; - - private validateFargateTaskDefinitionMemoryCpu(cpu: string, memory: string): string[] { - const ret = new Array(); - const resolvedCpu = this.stack.resolve(cpu) as string; - const resolvedMemoryMiB = this.stack.resolve(memory) as string; - const validCpuMemoryCombinations = [ - { cpu: '256', memory: ['512', '1024', '2048'] }, - { cpu: '512', memory: this.range(1024, 4096, 1024) }, - { cpu: '1024', memory: this.range(2048, 8192, 1024) }, - { cpu: '2048', memory: this.range(4096, 16384, 1024) }, - { cpu: '4096', memory: this.range(8192, 30720, 1024) }, - { cpu: '8192', memory: this.range(16384, 61440, 4096) }, - { cpu: '16384', memory: this.range(32768, 122880, 8192) }, - ]; - - const isValidCombination = validCpuMemoryCombinations.some((combo) => { - return combo.cpu === resolvedCpu && combo.memory.includes(resolvedMemoryMiB); - }); - - if (!isValidCombination) { - ret.push('Invalid CPU and memory combinations for FARGATE compatible task definition - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html'); - } - - return ret; - } - - private range(start: number, end: number, step: number): string[] { - const result = []; - for (let i = start; i <= end; i += step) { - result.push(String(i)); - } - return result; - } - } /** diff --git a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts index 9d7c03c4a877f..be93c76e2b65e 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts @@ -26,13 +26,13 @@ describe('fargate task definition', () => { const stack = new cdk.Stack(); new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', { - cpu: cdk.Lazy.number({ produce: () => 512 }), + cpu: cdk.Lazy.number({ produce: () => 128 }), memoryLimitMiB: cdk.Lazy.number({ produce: () => 1024 }), }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { - Cpu: '512', + Cpu: '128', Memory: '1024', }); @@ -42,7 +42,7 @@ describe('fargate task definition', () => { // GIVEN const stack = new cdk.Stack(); const taskDefinition = new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', { - cpu: 256, + cpu: 128, executionRole: new iam.Role(stack, 'ExecutionRole', { path: '/', assumedBy: new iam.CompositePrincipal( @@ -72,7 +72,7 @@ describe('fargate task definition', () => { // THEN Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { - Cpu: '256', + Cpu: '128', ExecutionRoleArn: { 'Fn::GetAtt': [ 'ExecutionRole605A040B', @@ -216,32 +216,6 @@ describe('fargate task definition', () => { }); }).toThrow(/'pidMode' can only be set to 'task' for Linux Fargate containers, got: 'host'./); }); - - test('throws error when invalid CPU and memory combination is provided', () => { - const stack = new cdk.Stack(); - - new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', { - cpu: 256, - memoryLimitMiB: 125, - }); - - expect(() => { - Template.fromStack(stack); - }).toThrow(/Invalid CPU and memory combinations for FARGATE compatible task definition/); - }); - - test('successful when valid CPU and memory combination is provided', () => { - const stack = new cdk.Stack(); - new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', { - cpu: 256, - memoryLimitMiB: 512, - }); - - Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { - Cpu: '256', - Memory: '512', - }); - }); }); describe('When configuredAtLaunch in the Volume', ()=> { test('do not throw when configuredAtLaunch is false', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts b/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts index 2347ded71b363..f098b3e89afcb 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts @@ -14,7 +14,7 @@ describe('task definition', () => { // WHEN new ecs.TaskDefinition(stack, 'TD', { - cpu: '256', + cpu: '512', memoryMiB: '512', compatibility: ecs.Compatibility.EC2_AND_FARGATE, }); @@ -51,7 +51,7 @@ describe('task definition', () => { assumedBy: new iam.AccountRootPrincipal(), }); const taskDef = new ecs.TaskDefinition(stack, 'TD', { - cpu: '256', + cpu: '512', memoryMiB: '512', compatibility: ecs.Compatibility.EC2_AND_FARGATE, }); @@ -96,7 +96,7 @@ describe('task definition', () => { assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com'), }); const taskDef = new ecs.TaskDefinition(stack, 'TD', { - cpu: '256', + cpu: '512', memoryMiB: '512', compatibility: ecs.Compatibility.EC2_AND_FARGATE, executionRole: executionRole, @@ -154,7 +154,7 @@ describe('task definition', () => { }, ); const taskDef = new ecs.TaskDefinition(stack, 'TD', { - cpu: '256', + cpu: '512', memoryMiB: '512', compatibility: ecs.Compatibility.EC2_AND_FARGATE, }); @@ -387,7 +387,7 @@ describe('task definition', () => { }, ); const taskDef = new ecs.TaskDefinition(stack, 'TD', { - cpu: '256', + cpu: '512', memoryMiB: '512', compatibility: ecs.Compatibility.EC2_AND_FARGATE, }); @@ -457,34 +457,6 @@ describe('task definition', () => { Template.fromStack(stack); }).toThrow("ECS Container Container must have at least one of 'memoryLimitMiB' or 'memoryReservationMiB' specified"); }); - - test('throws error when invalid CPU and memory combination is provided with Fargate compatibilities', () => { - const stack = new cdk.Stack(); - - new ecs.TaskDefinition(stack, 'TaskDef', { - compatibility: ecs.Compatibility.EC2_AND_FARGATE, - cpu: '122', - memoryMiB: '513', - }); - - expect(() => { - Template.fromStack(stack); - }).toThrow(/Invalid CPU and memory combinations for FARGATE compatible task definition/); - }); - - test('successful when valid CPU and memory combination is provided with Fargate compatibilities', () => { - const stack = new cdk.Stack(); - new ecs.TaskDefinition(stack, 'TaskDef', { - compatibility: ecs.Compatibility.EC2_AND_FARGATE, - cpu: '256', - memoryMiB: '512', - }); - - Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { - Cpu: '256', - Memory: '512', - }); - }); }); describe('When importing from an existing Task definition', () => { @@ -588,7 +560,7 @@ describe('task definition', () => { const stack = new cdk.Stack(); const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', { cpu: '512', - memoryMiB: '1024', + memoryMiB: '512', compatibility: ecs.Compatibility.FARGATE, }); @@ -638,7 +610,7 @@ describe('task definition', () => { const stack = new cdk.Stack(); const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', { cpu: '512', - memoryMiB: '1024', + memoryMiB: '512', compatibility: ecs.Compatibility.FARGATE, }); diff --git a/packages/aws-cdk/test/api/cloudformation-deployments.test.ts b/packages/aws-cdk/test/api/cloudformation-deployments.test.ts index 7d6288ba10249..cbaf7c3d8746c 100644 --- a/packages/aws-cdk/test/api/cloudformation-deployments.test.ts +++ b/packages/aws-cdk/test/api/cloudformation-deployments.test.ts @@ -756,7 +756,7 @@ test('readCurrentTemplateWithNestedStacks() caches calls to listStackResources() expect(numberOfTimesListStackResourcesWasCalled).toEqual(1); }); -test('readCurrentTemplateWithNestedStacks() successfully ignores stacks without metadata', async () => { +test('readCurrentTemplateWithNestedStacks() succesfully ignores stacks without metadata', async () => { // GIVEN const cfnStack = new FakeCloudformationStack({ stackName: 'MetadataRoot', From a8b072c5e621b695ecf6bec6aa54053f8f3f5cc2 Mon Sep 17 00:00:00 2001 From: Kendra Neil <53584728+TheRealAmazonKendra@users.noreply.github.com> Date: Wed, 14 Aug 2024 11:25:19 -0700 Subject: [PATCH 35/40] chore: remove apis and tests that were only published in v1 for pipelines (#31098) DELETED All of this code and the associated tests were for CDK Pipelines V1, which was never released to cdk v2. All of the APIs are stripped from the distribution before publishing so this is just code cleanup and this will contain no breaking changes. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../PipelineSecurityStack.assets.json | 45 - .../PipelineSecurityStack.template.json | 3184 ----------- ...efaultTestDeployAssertEE246BCA.assets.json | 19 - ...aultTestDeployAssertEE246BCA.template.json | 36 - ...curityCheckMySafeStack7A4F8E95.assets.json | 19 - ...rityCheckMySafeStack7A4F8E95.template.json | 41 - .../cdk.out | 1 - .../manifest.json | 60 - ...leSecurityCheckMyStack0B9FE272.assets.json | 19 - ...SecurityCheckMyStack0B9FE272.template.json | 82 - .../cdk.out | 1 - .../manifest.json | 66 - ...NoSecurityCheckMyStack3484019E.assets.json | 19 - ...SecurityCheckMyStack3484019E.template.json | 82 - .../cdk.out | 1 - .../manifest.json | 66 - ...ckPreProductionMyStackDCCBB4EA.assets.json | 19 - ...PreProductionMyStackDCCBB4EA.template.json | 82 - .../cdk.out | 1 - .../manifest.json | 66 - ...eProductionMySafeStackC0D87904.assets.json | 19 - ...roductionMySafeStackC0D87904.template.json | 41 - .../cdk.out | 1 - .../manifest.json | 60 - ...tackSingleStageMyStack29962269.assets.json | 19 - ...ckSingleStageMyStack29962269.template.json | 82 - .../cdk.out | 1 - .../manifest.json | 66 - .../index.js | 1 - .../index.js | 1 - .../cdk.out | 1 - .../integ.json | 13 - .../manifest.json | 431 -- .../tree.json | 5039 ----------------- .../pipelines/test/integ.pipeline-security.ts | 115 - .../PipelineStack.assets.json | 32 - .../PipelineStack.template.json | 2148 ------- ...efaultTestDeployAssertBC780F98.assets.json | 19 - ...aultTestDeployAssertBC780F98.template.json | 36 - ...elineStackPreProdStack65A0AD1F.assets.json | 45 - ...ineStackPreProdStack65A0AD1F.template.json | 41 - .../assembly-PipelineStack-PreProd/cdk.out | 1 - .../manifest.json | 60 - .../index.js | 1 - ...99171adef5e1d8f6b88810e5fef75e6ca09ba5.txt | 1 - ...03f1ced72b4fc58c498dfd99c78fa77e721e0e.txt | 1 - ...pelineStack-Pipeline-Assets-FileAsset.yaml | 16 - .../cdk.out | 1 - .../integ.json | 13 - .../manifest.json | 318 -- .../tree.json | 2946 ---------- ...nteg.pipeline-with-assets-single-upload.ts | 107 - .../test/integ.pipeline-with-assets.ts | 106 - .../PipelineStack.assets.json | 32 - .../PipelineStack.template.json | 1910 ------- ...efaultTestDeployAssertBC780F98.assets.json | 19 - ...aultTestDeployAssertBC780F98.template.json | 36 - ...elineStackPreProdStack65A0AD1F.assets.json | 19 - ...ineStackPreProdStack65A0AD1F.template.json | 41 - .../assembly-PipelineStack-PreProd/cdk.out | 1 - .../manifest.json | 60 - .../index.js | 1 - .../test/integ.pipeline.js.snapshot/cdk.out | 1 - .../integ.pipeline.js.snapshot/integ.json | 13 - .../integ.pipeline.js.snapshot/manifest.json | 300 - .../test/integ.pipeline.js.snapshot/tree.json | 2564 --------- .../test/pipelines/test/integ.pipeline.ts | 97 - packages/@aws-cdk/cx-api/FEATURE_FLAGS.md | 21 +- packages/aws-cdk-lib/pipelines/README.md | 526 +- packages/aws-cdk-lib/pipelines/lib/index.ts | 1 - .../legacy/actions/deploy-cdk-stack-action.ts | 386 -- .../pipelines/lib/legacy/actions/index.ts | 3 - .../legacy/actions/publish-assets-action.ts | 228 - .../legacy/actions/update-pipeline-action.ts | 183 - .../aws-cdk-lib/pipelines/lib/legacy/index.ts | 5 - .../pipelines/lib/legacy/pipeline.ts | 624 -- .../aws-cdk-lib/pipelines/lib/legacy/stage.ts | 586 -- .../pipelines/lib/legacy/synths/_util.ts | 15 - .../pipelines/lib/legacy/synths/index.ts | 1 - .../lib/legacy/synths/simple-synth-action.ts | 591 -- .../pipelines/lib/legacy/validation/_files.ts | 97 - .../pipelines/lib/legacy/validation/index.ts | 1 - .../legacy/validation/shell-script-action.ts | 253 - .../blueprint/logicalid-stability.test.ts | 126 - .../codepipeline-existing.test.ts | 65 - .../pipelines/test/compliance/assets.test.ts | 1351 ++--- .../test/compliance/basic-behavior.test.ts | 280 +- .../compliance/docker-credentials.test.ts | 355 +- .../test/compliance/environments.test.ts | 649 +-- .../test/compliance/escape-hatching.test.ts | 283 +- .../test/compliance/security-check.test.ts | 547 +- .../test/compliance/self-mutation.test.ts | 378 +- .../test/compliance/stack-ordering.test.ts | 196 +- .../pipelines/test/compliance/synths.test.ts | 1615 ++---- .../test/compliance/validations.test.ts | 1058 ++-- .../pipelines/test/{legacy => }/fs.test.ts | 2 +- .../pipelines/test/testhelpers/compliance.ts | 57 +- .../pipelines/test/testhelpers/index.ts | 1 - .../test/testhelpers/legacy-pipeline.ts | 47 - 99 files changed, 2731 insertions(+), 28585 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.ts delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/index.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts delete mode 100644 packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts delete mode 100644 packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts delete mode 100644 packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts rename packages/aws-cdk-lib/pipelines/test/{legacy => }/fs.test.ts (85%) delete mode 100644 packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json deleted file mode 100644 index f698f535c5907..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.assets.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { - "source": { - "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6": { - "source": { - "path": "asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "e9491d10b7f496e4aa18e0f88da57dc8e342c62cbfbb5190f663fc8039981448": { - "source": { - "path": "PipelineSecurityStack.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e9491d10b7f496e4aa18e0f88da57dc8e342c62cbfbb5190f663fc8039981448.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json deleted file mode 100644 index a9a989ab4a39e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json +++ /dev/null @@ -1,3184 +0,0 @@ -{ - "Resources": { - "SourceBucketDDD2130A": { - "Type": "AWS::S3::Bucket", - "Properties": { - "Tags": [ - { - "Key": "aws-cdk:auto-delete-objects", - "Value": "true" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "SourceBucketPolicy703DFBF9": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { - "Type": "Custom::S3AutoDeleteObjects", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", - "Arn" - ] - }, - "BucketName": { - "Ref": "SourceBucketDDD2130A" - } - }, - "DependsOn": [ - "SourceBucketPolicy703DFBF9" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "TestPipelineArtifactsBucketEncryptionKey13258842": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestPipelineArtifactsBucketEncryptionKeyAliasE8D86DD3": { - "Type": "AWS::KMS::Alias", - "Properties": { - "AliasName": "alias/codepipeline-pipelinesecuritystack-testpipeline-f7060861", - "TargetKeyId": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestPipelineArtifactsBucket026AF2F9": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "TestPipelineArtifactsBucketPolicyDF75C611": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "TestPipelineArtifactsBucket026AF2F9" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineRole63C35BBD": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineRoleDefaultPolicyFA69BF2D": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineRoleDefaultPolicyFA69BF2D", - "Roles": [ - { - "Ref": "TestPipelineRole63C35BBD" - } - ] - } - }, - "TestPipeline34ACDBF9": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Type": "KMS" - }, - "Location": { - "Ref": "TestPipelineArtifactsBucket026AF2F9" - }, - "Type": "S3" - }, - "Name": "TestPipeline", - "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineRole63C35BBD", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "S3", - "Version": "1" - }, - "Configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "Name": "S3", - "OutputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"8c69c5d954446d78352846c8ddc8ff911cec11c1f93f8aab1fac67556cf1a058\"}]" - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "Synth", - "OutputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Build" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - "EnvironmentVariables": { - "Fn::Join": [ - "", - [ - "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/SingleStage\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"UnattachedStage\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"SingleStageManualApproval\"},{\"name\":\"NOTIFICATION_ARN\",\"type\":\"PLAINTEXT\",\"value\":\"", - { - "Ref": "SecurityChangesTopic9762A9B3" - }, - "\"},{\"name\":\"NOTIFICATION_SUBJECT\",\"type\":\"PLAINTEXT\",\"value\":\"Confirm permission broadening in SingleStage\"}]" - ] - ] - } - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SingleStageSecurityCheck", - "Namespace": "SingleStageSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2", - "Arn" - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{SingleStageSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{SingleStageSecurityCheck.LINK}" - }, - "Name": "SingleStageManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", - "Arn" - ] - }, - "RunOrder": 2 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SingleStage-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SingleStage-MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 3 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SingleStage-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "SingleStage-MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 4 - } - ], - "Name": "UnattachedStage" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "EnvironmentVariables": { - "Fn::Join": [ - "", - [ - "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/PreProduction\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"PreProduction\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"PreProductionManualApproval\"},{\"name\":\"NOTIFICATION_ARN\",\"type\":\"PLAINTEXT\",\"value\":\"", - { - "Ref": "SecurityChangesTopic9762A9B3" - }, - "\"},{\"name\":\"NOTIFICATION_SUBJECT\",\"type\":\"PLAINTEXT\",\"value\":\"Confirm permission broadening in PreProduction\"}]" - ] - ] - } - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "PreProductionSecurityCheck", - "Namespace": "PreProductionSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194", - "Arn" - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{PreProductionSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{PreProductionSecurityCheck.LINK}" - }, - "Name": "PreProductionManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9", - "Arn" - ] - }, - "RunOrder": 2 - }, - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "EnvironmentVariables": { - "Fn::Join": [ - "", - [ - "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/SafeProduction\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"PreProduction\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"SafeProductionManualApproval\"},{\"name\":\"NOTIFICATION_ARN\",\"type\":\"PLAINTEXT\",\"value\":\"", - { - "Ref": "SecurityChangesTopic9762A9B3" - }, - "\"},{\"name\":\"NOTIFICATION_SUBJECT\",\"type\":\"PLAINTEXT\",\"value\":\"Confirm permission broadening in SafeProduction\"}]" - ] - ] - } - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SafeProductionSecurityCheck", - "Namespace": "SafeProductionSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6", - "Arn" - ] - }, - "RunOrder": 5 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{SafeProductionSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{SafeProductionSecurityCheck.LINK}" - }, - "Name": "SafeProductionManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9", - "Arn" - ] - }, - "RunOrder": 6 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProduction-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 3 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProduction-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 4 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SafeProduction-MySafeStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SafeProduction-MySafeStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 7 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "SafeProduction-MySafeStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "SafeProduction-MySafeStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 8 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "DisableSecurityCheck-MySafeStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "DisableSecurityCheck-MySafeStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 9 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "DisableSecurityCheck-MySafeStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "DisableSecurityCheck-MySafeStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 10 - } - ], - "Name": "PreProduction" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "EnvironmentVariables": "[{\"name\":\"STAGE_PATH\",\"type\":\"PLAINTEXT\",\"value\":\"PipelineSecurityStack/EnableSecurityCheck\"},{\"name\":\"STAGE_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"NoSecurityCheck\"},{\"name\":\"ACTION_NAME\",\"type\":\"PLAINTEXT\",\"value\":\"EnableSecurityCheckManualApproval\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "EnableSecurityCheckSecurityCheck", - "Namespace": "EnableSecurityCheckSecurityCheck", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D", - "Arn" - ] - }, - "RunOrder": 3 - }, - { - "ActionTypeId": { - "Category": "Approval", - "Owner": "AWS", - "Provider": "Manual", - "Version": "1" - }, - "Configuration": { - "CustomData": "#{EnableSecurityCheckSecurityCheck.MESSAGE}", - "ExternalEntityLink": "#{EnableSecurityCheckSecurityCheck.LINK}" - }, - "Name": "EnableSecurityCheckManualApproval", - "RoleArn": { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015", - "Arn" - ] - }, - "RunOrder": 4 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "NoSecurityCheck-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "NoSecurityCheck-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 2 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "EnableSecurityCheck-MyStack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "EnableSecurityCheck-MyStack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 5 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "EnableSecurityCheck-MyStack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "EnableSecurityCheck-MyStack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 6 - } - ], - "Name": "NoSecurityCheck" - } - ], - "Tags": [ - { - "Key": "SECURITY_CHECK", - "Value": "ALLOW_APPROVE" - } - ] - }, - "DependsOn": [ - "TestPipelineRoleDefaultPolicyFA69BF2D", - "TestPipelineRole63C35BBD" - ] - }, - "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineSourceS3CodePipelineActionRoleDefaultPolicy8B0350FD", - "Roles": [ - { - "Ref": "TestPipelineSourceS3CodePipelineActionRoleEF21D3A0" - } - ] - } - }, - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineBuildSynthCodePipelineActionRoleDefaultPolicy65DF5C76": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCdkBuildProject755D4B01", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineBuildSynthCodePipelineActionRoleDefaultPolicy65DF5C76", - "Roles": [ - { - "Ref": "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926" - } - ] - } - }, - "TestPipelineBuildSynthCdkBuildProjectRole4C6E5729": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineBuildSynthCdkBuildProjectRoleDefaultPolicy73DC4481": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineBuildSynthCdkBuildProjectRoleDefaultPolicy73DC4481", - "Roles": [ - { - "Ref": "TestPipelineBuildSynthCdkBuildProjectRole4C6E5729" - } - ] - } - }, - "TestPipelineBuildSynthCdkBuildProject755D4B01": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "NPM_CONFIG_UNSAFE_PERM", - "Type": "PLAINTEXT", - "Value": "true" - } - ], - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCdkBuildProjectRole4C6E5729", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"yarn install --frozen-lockfile\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"yarn build\",\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleDefaultPolicyFC737D71": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleDefaultPolicyFC737D71", - "Roles": [ - { - "Ref": "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2" - } - ] - } - }, - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRoleDefaultPolicy10D0864F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRoleDefaultPolicy10D0864F", - "Roles": [ - { - "Ref": "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194" - } - ] - } - }, - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRoleDefaultPolicyB836B566": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRoleDefaultPolicyB836B566", - "Roles": [ - { - "Ref": "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6" - } - ] - } - }, - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRoleDefaultPolicyE83A2CA1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRoleDefaultPolicyE83A2CA1", - "Roles": [ - { - "Ref": "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D" - } - ] - } - }, - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicyE47AE90F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipelineState", - "codepipeline:PutApprovalResult" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/SECURITY_CHECK": "ALLOW_APPROVE" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicyE47AE90F", - "Roles": [ - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D" - } - ] - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6.zip" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Timeout": 300 - }, - "DependsOn": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicyE47AE90F", - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole7594919D" - ] - }, - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleA54CF050": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicyF2137052": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": { - "Ref": "SecurityChangesTopic9762A9B3" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicyF2137052", - "Roles": [ - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleA54CF050" - } - ] - } - }, - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "NO_ARTIFACTS" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckRoleA54CF050", - "Arn" - ] - }, - "Source": { - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": 0.2,\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"npm install -g aws-cdk\",\n \"export PIPELINE_NAME=\\\"$(node -pe '`${process.env.CODEBUILD_INITIATOR}`.split(\\\"/\\\")[1]')\\\"\",\n \"payload=\\\"$(node -pe 'JSON.stringify({ \\\"PipelineName\\\": process.env.PIPELINE_NAME, \\\"StageName\\\": process.env.STAGE_NAME, \\\"ActionName\\\": process.env.ACTION_NAME })' )\\\"\",\n \"ARN=$CODEBUILD_BUILD_ARN\",\n \"REGION=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[3]')\\\"\",\n \"ACCOUNT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[4]')\\\"\",\n \"PROJECT_NAME=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[5].split(\\\"/\\\")[1]')\\\"\",\n \"PROJECT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[6]')\\\"\",\n \"export LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codebuild/$ACCOUNT_ID/projects/$PROJECT_NAME/build/$PROJECT_NAME:$PROJECT_ID/?region=$REGION\\\"\",\n \"export PIPELINE_LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codepipeline/pipelines/$PIPELINE_NAME/view?region=$REGION\\\"\",\n \"if cdk diff -a . --security-only --fail $STAGE_PATH/\\\\*; then aws lambda invoke --function-name ", - { - "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKPipelinesAutoApprove1EE0AA81" - }, - " --invocation-type Event --cli-binary-format raw-in-base64-out --payload \\\"$payload\\\" lambda.out; export MESSAGE=\\\"No security-impacting changes detected.\\\"; else [ -z \\\"${NOTIFICATION_ARN}\\\" ] || aws sns publish --topic-arn $NOTIFICATION_ARN --subject \\\"$NOTIFICATION_SUBJECT\\\" --message \\\"An upcoming change would broaden security changes in $PIPELINE_NAME.\\nReview and approve the changes in CodePipeline to proceed with the deployment.\\n\\nReview the changes in CodeBuild:\\n\\n$LINK\\n\\nApprove the changes in CodePipeline (stage $STAGE_NAME, action $ACTION_NAME):\\n\\n$PIPELINE_LINK\\\"; export MESSAGE=\\\"Deployment would make security-impacting changes. Click the link below to inspect them, then click Approve if all changes are expected.\\\"; fi\"\n ]\n }\n },\n \"env\": {\n \"exported-variables\": [\n \"LINK\",\n \"MESSAGE\"\n ]\n }\n}" - ] - ] - }, - "Type": "NO_SOURCE" - } - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicy5AF69BD3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipelineState", - "codepipeline:PutApprovalResult" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/SECURITY_CHECK": "ALLOW_APPROVE" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicy5AF69BD3", - "Roles": [ - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A" - } - ] - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6.zip" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Timeout": 300 - }, - "DependsOn": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRoleDefaultPolicy5AF69BD3", - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApproveServiceRole1358574A" - ] - }, - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleD3505CF0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicy6F6EA2A6": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9", - "Arn" - ] - }, - ":*" - ] - ] - } - ] - }, - { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": { - "Ref": "SecurityChangesTopic9762A9B3" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucket026AF2F9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleDefaultPolicy6F6EA2A6", - "Roles": [ - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleD3505CF0" - } - ] - } - }, - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "NO_ARTIFACTS" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckRoleD3505CF0", - "Arn" - ] - }, - "Source": { - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": 0.2,\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"npm install -g aws-cdk\",\n \"export PIPELINE_NAME=\\\"$(node -pe '`${process.env.CODEBUILD_INITIATOR}`.split(\\\"/\\\")[1]')\\\"\",\n \"payload=\\\"$(node -pe 'JSON.stringify({ \\\"PipelineName\\\": process.env.PIPELINE_NAME, \\\"StageName\\\": process.env.STAGE_NAME, \\\"ActionName\\\": process.env.ACTION_NAME })' )\\\"\",\n \"ARN=$CODEBUILD_BUILD_ARN\",\n \"REGION=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[3]')\\\"\",\n \"ACCOUNT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[4]')\\\"\",\n \"PROJECT_NAME=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[5].split(\\\"/\\\")[1]')\\\"\",\n \"PROJECT_ID=\\\"$(node -pe '`${process.env.ARN}`.split(\\\":\\\")[6]')\\\"\",\n \"export LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codebuild/$ACCOUNT_ID/projects/$PROJECT_NAME/build/$PROJECT_NAME:$PROJECT_ID/?region=$REGION\\\"\",\n \"export PIPELINE_LINK=\\\"https://$REGION.console.aws.amazon.com/codesuite/codepipeline/pipelines/$PIPELINE_NAME/view?region=$REGION\\\"\",\n \"if cdk diff -a . --security-only --fail $STAGE_PATH/\\\\*; then aws lambda invoke --function-name ", - { - "Ref": "UnattachedStageStageApplicationSecurityCheckCDKPipelinesAutoApprove249F82F9" - }, - " --invocation-type Event --cli-binary-format raw-in-base64-out --payload \\\"$payload\\\" lambda.out; export MESSAGE=\\\"No security-impacting changes detected.\\\"; else [ -z \\\"${NOTIFICATION_ARN}\\\" ] || aws sns publish --topic-arn $NOTIFICATION_ARN --subject \\\"$NOTIFICATION_SUBJECT\\\" --message \\\"An upcoming change would broaden security changes in $PIPELINE_NAME.\\nReview and approve the changes in CodePipeline to proceed with the deployment.\\n\\nReview the changes in CodeBuild:\\n\\n$LINK\\n\\nApprove the changes in CodePipeline (stage $STAGE_NAME, action $ACTION_NAME):\\n\\n$PIPELINE_LINK\\\"; export MESSAGE=\\\"Deployment would make security-impacting changes. Click the link below to inspect them, then click Approve if all changes are expected.\\\"; fi\"\n ]\n }\n },\n \"env\": {\n \"exported-variables\": [\n \"LINK\",\n \"MESSAGE\"\n ]\n }\n}" - ] - ] - }, - "Type": "NO_SOURCE" - } - } - }, - "SecurityChangesTopic9762A9B3": { - "Type": "AWS::SNS::Topic" - }, - "SecurityChangesTopictestemailcom7C32D452": { - "Type": "AWS::SNS::Subscription", - "Properties": { - "Endpoint": "test@email.com", - "Protocol": "email", - "TopicArn": { - "Ref": "SecurityChangesTopic9762A9B3" - } - } - } - }, - "Mappings": { - "LatestNodeRuntimeMap": { - "af-south-1": { - "value": "nodejs20.x" - }, - "ap-east-1": { - "value": "nodejs20.x" - }, - "ap-northeast-1": { - "value": "nodejs20.x" - }, - "ap-northeast-2": { - "value": "nodejs20.x" - }, - "ap-northeast-3": { - "value": "nodejs20.x" - }, - "ap-south-1": { - "value": "nodejs20.x" - }, - "ap-south-2": { - "value": "nodejs20.x" - }, - "ap-southeast-1": { - "value": "nodejs20.x" - }, - "ap-southeast-2": { - "value": "nodejs20.x" - }, - "ap-southeast-3": { - "value": "nodejs20.x" - }, - "ap-southeast-4": { - "value": "nodejs20.x" - }, - "ap-southeast-5": { - "value": "nodejs20.x" - }, - "ap-southeast-7": { - "value": "nodejs20.x" - }, - "ca-central-1": { - "value": "nodejs20.x" - }, - "ca-west-1": { - "value": "nodejs20.x" - }, - "cn-north-1": { - "value": "nodejs18.x" - }, - "cn-northwest-1": { - "value": "nodejs18.x" - }, - "eu-central-1": { - "value": "nodejs20.x" - }, - "eu-central-2": { - "value": "nodejs20.x" - }, - "eu-isoe-west-1": { - "value": "nodejs18.x" - }, - "eu-north-1": { - "value": "nodejs20.x" - }, - "eu-south-1": { - "value": "nodejs20.x" - }, - "eu-south-2": { - "value": "nodejs20.x" - }, - "eu-west-1": { - "value": "nodejs20.x" - }, - "eu-west-2": { - "value": "nodejs20.x" - }, - "eu-west-3": { - "value": "nodejs20.x" - }, - "il-central-1": { - "value": "nodejs20.x" - }, - "me-central-1": { - "value": "nodejs20.x" - }, - "me-south-1": { - "value": "nodejs20.x" - }, - "mx-central-1": { - "value": "nodejs20.x" - }, - "sa-east-1": { - "value": "nodejs20.x" - }, - "us-east-1": { - "value": "nodejs20.x" - }, - "us-east-2": { - "value": "nodejs20.x" - }, - "us-gov-east-1": { - "value": "nodejs18.x" - }, - "us-gov-west-1": { - "value": "nodejs18.x" - }, - "us-iso-east-1": { - "value": "nodejs18.x" - }, - "us-iso-west-1": { - "value": "nodejs18.x" - }, - "us-isob-east-1": { - "value": "nodejs18.x" - }, - "us-west-1": { - "value": "nodejs20.x" - }, - "us-west-2": { - "value": "nodejs20.x" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json deleted file mode 100644 index 2e1ece3c7c7a2..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityTestDefaultTestDeployAssertEE246BCA.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json deleted file mode 100644 index 56bf2e32c37ca..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50": { - "source": { - "path": "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json deleted file mode 100644 index 25024d7cb74b1..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "Resources": { - "MySafeTopicCC243D11": { - "Type": "AWS::SNS::Topic" - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json deleted file mode 100644 index 5c2441812122d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-DisableSecurityCheck/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "DisableSecurityCheck-MySafeStack" - }, - "dependencies": [ - "PipelineSecurityStackDisableSecurityCheckMySafeStack7A4F8E95.assets" - ], - "metadata": { - "/PipelineSecurityStack/DisableSecurityCheck/MySafeStack/MySafeTopic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySafeTopicCC243D11" - } - ], - "/PipelineSecurityStack/DisableSecurityCheck/MySafeStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/DisableSecurityCheck/MySafeStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/DisableSecurityCheck/MySafeStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json deleted file mode 100644 index 07f739c5f5923..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { - "source": { - "path": "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json deleted file mode 100644 index 9f723f7ccb5fa..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-EnableSecurityCheck/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "EnableSecurityCheck-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackEnableSecurityCheckMyStack0B9FE272.assets" - ], - "metadata": { - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/EnableSecurityCheck/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/EnableSecurityCheck/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json deleted file mode 100644 index ff06078cec81f..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { - "source": { - "path": "PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json deleted file mode 100644 index 2122aeedd21b5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-NoSecurityCheck/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackNoSecurityCheckMyStack3484019E": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackNoSecurityCheckMyStack3484019E.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "NoSecurityCheck-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackNoSecurityCheckMyStack3484019E.assets" - ], - "metadata": { - "/PipelineSecurityStack/NoSecurityCheck/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/NoSecurityCheck/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/NoSecurityCheck/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/NoSecurityCheck/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/NoSecurityCheck/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json deleted file mode 100644 index 06bf236bec53b..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { - "source": { - "path": "PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json deleted file mode 100644 index 9175443047e81..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-PreProduction/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackPreProductionMyStackDCCBB4EA": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackPreProductionMyStackDCCBB4EA.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "PreProduction-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackPreProductionMyStackDCCBB4EA.assets" - ], - "metadata": { - "/PipelineSecurityStack/PreProduction/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/PreProduction/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/PreProduction/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/PreProduction/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/PreProduction/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json deleted file mode 100644 index 8fb0d8df01aa2..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50": { - "source": { - "path": "PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json deleted file mode 100644 index 25024d7cb74b1..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "Resources": { - "MySafeTopicCC243D11": { - "Type": "AWS::SNS::Topic" - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json deleted file mode 100644 index 25c091b2d6bdc..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SafeProduction/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackSafeProductionMySafeStackC0D87904": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackSafeProductionMySafeStackC0D87904.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/438cc177ec016e131365f2b864849c84dcb371e8e7ed718c21cc27d6569faf50.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "SafeProduction-MySafeStack" - }, - "dependencies": [ - "PipelineSecurityStackSafeProductionMySafeStackC0D87904.assets" - ], - "metadata": { - "/PipelineSecurityStack/SafeProduction/MySafeStack/MySafeTopic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MySafeTopicCC243D11" - } - ], - "/PipelineSecurityStack/SafeProduction/MySafeStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/SafeProduction/MySafeStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/SafeProduction/MySafeStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json deleted file mode 100644 index 8451cee8dc082..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298": { - "source": { - "path": "PipelineSecurityStackSingleStageMyStack29962269.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json deleted file mode 100644 index ed0acd6607770..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/PipelineSecurityStackSingleStageMyStack29962269.template.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "Resources": { - "TopicBFC7AF6E": { - "Type": "AWS::SNS::Topic" - }, - "TopicPolicyA1747468": { - "Type": "AWS::SNS::TopicPolicy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Ref": "TopicBFC7AF6E" - }, - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "Topics": [ - { - "Ref": "TopicBFC7AF6E" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json deleted file mode 100644 index dbe924b8efbae..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/assembly-PipelineSecurityStack-SingleStage/manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineSecurityStackSingleStageMyStack29962269.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineSecurityStackSingleStageMyStack29962269.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineSecurityStackSingleStageMyStack29962269": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineSecurityStackSingleStageMyStack29962269.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffc5fc9cc4b8adb9a7f48881c59bb3fd49df23a11ccdd37bec21c8ca47cbf298.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineSecurityStackSingleStageMyStack29962269.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "SingleStage-MyStack" - }, - "dependencies": [ - "PipelineSecurityStackSingleStageMyStack29962269.assets" - ], - "metadata": { - "/PipelineSecurityStack/SingleStage/MyStack/Topic/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicBFC7AF6E" - } - ], - "/PipelineSecurityStack/SingleStage/MyStack/Topic/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "TopicPolicyA1747468" - } - ], - "/PipelineSecurityStack/SingleStage/MyStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineSecurityStack/SingleStage/MyStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineSecurityStack/SingleStage/MyStack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js deleted file mode 100644 index 1002ba018e9fb..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var f=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t};var l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t);var q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H});module.exports=B(q);var h=require("@aws-sdk/client-s3");var y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}0&&(module.exports={autoDeleteHandler,handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js deleted file mode 100644 index c9fe4b293ebbf..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/asset.c2adac8ea3baf51ce56c33ef5da361ea693f7ed128ddbc9777c557e9e7c741a6/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var l=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var w=Object.prototype.hasOwnProperty;var S=(t,e)=>{for(var n in e)l(t,n,{get:e[n],enumerable:!0})},v=(t,e,n,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let a of f(e))!w.call(t,a)&&a!==n&&l(t,a,{get:()=>e[a],enumerable:!(s=y(e,a))||s.enumerable});return t};var h=t=>v(l({},"__esModule",{value:!0}),t);var b={};S(b,{handler:()=>T});module.exports=h(b);var d=require("@aws-sdk/client-codepipeline"),u=new d.CodePipeline,A=5,P=t=>new Promise(e=>setTimeout(e,t*1e3));async function T(t,e){let{PipelineName:n,StageName:s,ActionName:a}=t;function g(o){let m=o.stageStates?.filter(r=>r.stageName===s),c=m.length&&m[0].actionStates.filter(r=>r.actionName===a),p=c&&c.length&&c[0].latestExecution;return p?p.token:void 0}let N=Date.now()+A*6e4;for(;Date.now() undefined, - stackOutputArtifact: () => undefined, - }, - }); - - const topic = new sns.Topic(this, 'SecurityChangesTopic'); - topic.addSubscription(new subscriptions.EmailSubscription('test@email.com')); - - unattachedStage.addApplication(new MyStage(this, 'SingleStage', { - }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); - - const stage1 = pipeline.addApplicationStage(new MyStage(this, 'PreProduction', { - }), { confirmBroadeningPermissions: true, securityNotificationTopic: topic }); - - stage1.addApplication(new MySafeStage(this, 'SafeProduction', { - })); - - stage1.addApplication(new MySafeStage(this, 'DisableSecurityCheck', { - }), { confirmBroadeningPermissions: false }); - - const stage2 = pipeline.addApplicationStage(new MyStage(this, 'NoSecurityCheck', { - })); - - stage2.addApplication(new MyStage(this, 'EnableSecurityCheck', { }), { confirmBroadeningPermissions: true }); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); -const stack = new TestCdkStack(app, 'PipelineSecurityStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new integ.IntegTest(app, 'PipelineSecurityTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json deleted file mode 100644 index 2c35bdd4a6304..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.assets.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { - "source": { - "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "d638ba18659142158a20f892d018e0ed7ea71928d1859cbece1b4d50f7f514f5": { - "source": { - "path": "PipelineStack.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d638ba18659142158a20f892d018e0ed7ea71928d1859cbece1b4d50f7f514f5.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json deleted file mode 100644 index 3b4d32b92b138..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json +++ /dev/null @@ -1,2148 +0,0 @@ -{ - "Resources": { - "SourceBucketDDD2130A": { - "Type": "AWS::S3::Bucket", - "Properties": { - "Tags": [ - { - "Key": "aws-cdk:auto-delete-objects", - "Value": "true" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "SourceBucketPolicy703DFBF9": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { - "Type": "Custom::S3AutoDeleteObjects", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", - "Arn" - ] - }, - "BucketName": { - "Ref": "SourceBucketDDD2130A" - } - }, - "DependsOn": [ - "SourceBucketPolicy703DFBF9" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "PipelineArtifactsBucketEncryptionKeyF5BF0670": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketEncryptionKeyAlias94A07392": { - "Type": "AWS::KMS::Alias", - "Properties": { - "AliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "TargetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketAEA9A052": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "PipelineArtifactsBucketPolicyF53CCC52": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleB27FAA37": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleDefaultPolicy7BDC1ABB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "Roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "Pipeline9850B417": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Type": "KMS" - }, - "Location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "Type": "S3" - }, - "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "S3", - "Version": "1" - }, - "Configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "Name": "S3", - "OutputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "Synth", - "OutputArtifacts": [ - { - "Name": "CloudAsm" - }, - { - "Name": "IntegTests" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Build" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SelfMutate", - "RoleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "UpdatePipeline" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineAssetsFileAsset5D8C5DA6" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "FileAsset", - "RoleArn": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Assets" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "UseSource", - "RoleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - "RunOrder": 100 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "Stack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "Stack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 2 - } - ], - "Name": "PreProd" - } - ] - }, - "DependsOn": [ - "PipelineRoleDefaultPolicy7BDC1ABB", - "PipelineRoleB27FAA37" - ] - }, - "PipelineSourceS3CodePipelineActionRole83895A58": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "Roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "Roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "Roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProject6BEFA8E6": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "NPM_CONFIG_UNSAFE_PERM", - "Type": "PLAINTEXT", - "Value": "true" - } - ], - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "Name": "MyServicePipeline-synth", - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "PipelinePreProdUseSourceProjectRole69B20A71": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "PipelinePreProdUseSourceProject2E711EB4": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutationRole57E559E8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "PipelineUpdatePipelineSelfMutationDAA41400": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineAssetsFileRole59943A77": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - }, - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineAssetsFileRoleDefaultPolicy14DB8755": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineAssetsFileRoleDefaultPolicy14DB8755", - "Roles": [ - { - "Ref": "PipelineAssetsFileRole59943A77" - } - ] - } - }, - "PipelineAssetsFileAsset5D8C5DA6": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - "Source": { - "BuildSpec": "buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml", - "Type": "CODEPIPELINE" - } - } - } - }, - "Mappings": { - "LatestNodeRuntimeMap": { - "af-south-1": { - "value": "nodejs20.x" - }, - "ap-east-1": { - "value": "nodejs20.x" - }, - "ap-northeast-1": { - "value": "nodejs20.x" - }, - "ap-northeast-2": { - "value": "nodejs20.x" - }, - "ap-northeast-3": { - "value": "nodejs20.x" - }, - "ap-south-1": { - "value": "nodejs20.x" - }, - "ap-south-2": { - "value": "nodejs20.x" - }, - "ap-southeast-1": { - "value": "nodejs20.x" - }, - "ap-southeast-2": { - "value": "nodejs20.x" - }, - "ap-southeast-3": { - "value": "nodejs20.x" - }, - "ap-southeast-4": { - "value": "nodejs20.x" - }, - "ap-southeast-5": { - "value": "nodejs20.x" - }, - "ap-southeast-7": { - "value": "nodejs20.x" - }, - "ca-central-1": { - "value": "nodejs20.x" - }, - "ca-west-1": { - "value": "nodejs20.x" - }, - "cn-north-1": { - "value": "nodejs18.x" - }, - "cn-northwest-1": { - "value": "nodejs18.x" - }, - "eu-central-1": { - "value": "nodejs20.x" - }, - "eu-central-2": { - "value": "nodejs20.x" - }, - "eu-isoe-west-1": { - "value": "nodejs18.x" - }, - "eu-north-1": { - "value": "nodejs20.x" - }, - "eu-south-1": { - "value": "nodejs20.x" - }, - "eu-south-2": { - "value": "nodejs20.x" - }, - "eu-west-1": { - "value": "nodejs20.x" - }, - "eu-west-2": { - "value": "nodejs20.x" - }, - "eu-west-3": { - "value": "nodejs20.x" - }, - "il-central-1": { - "value": "nodejs20.x" - }, - "me-central-1": { - "value": "nodejs20.x" - }, - "me-south-1": { - "value": "nodejs20.x" - }, - "mx-central-1": { - "value": "nodejs20.x" - }, - "sa-east-1": { - "value": "nodejs20.x" - }, - "us-east-1": { - "value": "nodejs20.x" - }, - "us-east-2": { - "value": "nodejs20.x" - }, - "us-gov-east-1": { - "value": "nodejs18.x" - }, - "us-gov-west-1": { - "value": "nodejs18.x" - }, - "us-iso-east-1": { - "value": "nodejs18.x" - }, - "us-iso-west-1": { - "value": "nodejs18.x" - }, - "us-isob-east-1": { - "value": "nodejs18.x" - }, - "us-west-1": { - "value": "nodejs20.x" - }, - "us-west-2": { - "value": "nodejs20.x" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json deleted file mode 100644 index 8f0029884a021..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json deleted file mode 100644 index 6343ec9323d0c..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5": { - "source": { - "path": "../asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e": { - "source": { - "path": "../asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4": { - "source": { - "path": "PipelineStackPreProdStack65A0AD1F.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json deleted file mode 100644 index 5f37c46ccf4b5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "Resources": { - "Resource": { - "Type": "AWS::Test::SomeResource" - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json deleted file mode 100644 index a85b758286df0..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/assembly-PipelineStack-PreProd/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineStackPreProdStack65A0AD1F.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackPreProdStack65A0AD1F.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackPreProdStack65A0AD1F": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackPreProdStack65A0AD1F.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "PreProd-Stack" - }, - "dependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "metadata": { - "/PipelineStack/PreProd/Stack/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Resource" - } - ], - "/PipelineStack/PreProd/Stack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/PreProd/Stack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack/PreProd/Stack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js deleted file mode 100644 index 1002ba018e9fb..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var f=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t};var l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t);var q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H});module.exports=B(q);var h=require("@aws-sdk/client-s3");var y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}0&&(module.exports={autoDeleteHandler,handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt deleted file mode 100644 index 95e9dcd2e3bf0..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5.txt +++ /dev/null @@ -1 +0,0 @@ -This is a file asset that's just here for kicks. \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt deleted file mode 100644 index 8b1c7231bf2f4..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/asset.ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e.txt +++ /dev/null @@ -1 +0,0 @@ -Here's a second file asset. \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml deleted file mode 100644 index 06708bb7e14f9..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{ - "version": "0.2", - "phases": { - "install": { - "commands": [ - "npm install -g cdk-assets@2" - ] - }, - "build": { - "commands": [ - "cdk-assets --path \"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\" --verbose publish \"8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5:current_account-current_region\"", - "cdk-assets --path \"assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json\" --verbose publish \"ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e:current_account-current_region\"" - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json deleted file mode 100644 index 5315ad6d43743..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/integ.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "PipelineStackTest/DefaultTest": { - "stacks": [ - "PipelineStack" - ], - "diffAssets": true, - "assertionStack": "PipelineStackTest/DefaultTest/DeployAssert", - "assertionStackName": "PipelineStackTestDefaultTestDeployAssertBC780F98" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json deleted file mode 100644 index e3dd3aa926f06..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/manifest.json +++ /dev/null @@ -1,318 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "assembly-PipelineStack-PreProd": { - "type": "cdk:cloud-assembly", - "properties": { - "directoryName": "assembly-PipelineStack-PreProd", - "displayName": "PipelineStack/PreProd" - } - }, - "PipelineStack.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStack.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStack.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d638ba18659142158a20f892d018e0ed7ea71928d1859cbece1b4d50f7f514f5.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStack.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStack.assets" - ], - "metadata": { - "/PipelineStack/SourceBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketDDD2130A" - } - ], - "/PipelineStack/SourceBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketPolicy703DFBF9" - } - ], - "/PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketAutoDeleteObjectsCustomResourceC68FC040" - } - ], - "/PipelineStack/LatestNodeRuntimeMap": [ - { - "type": "aws:cdk:logicalId", - "data": "LatestNodeRuntimeMap" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" - } - ], - "/PipelineStack/Pipeline/Pipeline": [ - { - "type": "aws:cdk:warning", - "data": "V1 pipeline type is implicitly selected when `pipelineType` is not set. If you want to use V2 type, set `PipelineType.V2`. [ack: @aws-cdk/aws-codepipeline:unspecifiedPipelineType]" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyF5BF0670" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyAlias94A07392" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketAEA9A052" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketPolicyF53CCC52" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleB27FAA37" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleDefaultPolicy7BDC1ABB" - } - ], - "/PipelineStack/Pipeline/Pipeline/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Pipeline9850B417" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProject2E711EB4" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ], - "/PipelineStack/Pipeline/Assets/FileRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineAssetsFileRole59943A77" - } - ], - "/PipelineStack/Pipeline/Assets/FileRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineAssetsFileRoleDefaultPolicy14DB8755" - } - ], - "/PipelineStack/Pipeline/Assets/FileAsset/Default/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineAssetsFileAsset5D8C5DA6" - } - ], - "/PipelineStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack" - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "metadata": { - "/PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStackTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json deleted file mode 100644 index 2f8c1da478a39..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/tree.json +++ /dev/null @@ -1,2946 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "PipelineStack": { - "id": "PipelineStack", - "path": "PipelineStack", - "children": { - "SourceBucket": { - "id": "SourceBucket", - "path": "PipelineStack/SourceBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "aws-cdk:auto-delete-objects", - "value": "true" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/SourceBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - }, - "AutoDeleteObjectsCustomResource": { - "id": "AutoDeleteObjectsCustomResource", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "LatestNodeRuntimeMap": { - "id": "LatestNodeRuntimeMap", - "path": "PipelineStack/LatestNodeRuntimeMap", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" - } - }, - "Custom::S3AutoDeleteObjectsCustomResourceProvider": { - "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline", - "children": { - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline/Pipeline", - "children": { - "ArtifactsBucketEncryptionKey": { - "id": "ArtifactsBucketEncryptionKey", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Key", - "aws:cdk:cloudformation:props": { - "keyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" - } - }, - "ArtifactsBucketEncryptionKeyAlias": { - "id": "ArtifactsBucketEncryptionKeyAlias", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Alias", - "aws:cdk:cloudformation:props": { - "aliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "targetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnAlias", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Alias", - "version": "0.0.0" - } - }, - "ArtifactsBucket": { - "id": "ArtifactsBucket", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "bucketEncryption": { - "serverSideEncryptionConfiguration": [ - { - "serverSideEncryptionByDefault": { - "sseAlgorithm": "aws:kms", - "kmsMasterKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - } - ] - }, - "publicAccessBlockConfiguration": { - "blockPublicAcls": true, - "blockPublicPolicy": true, - "ignorePublicAcls": true, - "restrictPublicBuckets": true - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "policyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", - "aws:cdk:cloudformation:props": { - "artifactStore": { - "type": "S3", - "location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "encryptionKey": { - "type": "KMS", - "id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "restartExecutionOnUpdate": true, - "roleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "stages": [ - { - "name": "Source", - "actions": [ - { - "name": "S3", - "outputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Source", - "version": "1", - "owner": "AWS", - "provider": "S3" - }, - "configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - } - } - ] - }, - { - "name": "Build", - "actions": [ - { - "name": "Synth", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "outputArtifacts": [ - { - "name": "CloudAsm" - }, - { - "name": "IntegTests" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - } - ] - }, - { - "name": "UpdatePipeline", - "actions": [ - { - "name": "SelfMutate", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - } - ] - }, - { - "name": "Assets", - "actions": [ - { - "name": "FileAsset", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineAssetsFileAsset5D8C5DA6" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - } - } - ] - }, - { - "name": "PreProd", - "actions": [ - { - "name": "UseSource", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "runOrder": 100, - "roleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "name": "Stack.Prepare", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "runOrder": 1, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - { - "name": "Stack.Deploy", - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "runOrder": 2, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - } - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", - "version": "0.0.0" - } - }, - "Source": { - "id": "Source", - "path": "PipelineStack/Pipeline/Pipeline/Source", - "children": { - "S3": { - "id": "S3", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Build": { - "id": "Build", - "path": "PipelineStack/Pipeline/Pipeline/Build", - "children": { - "Synth": { - "id": "Synth", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "CdkBuildProject": { - "id": "CdkBuildProject", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL", - "environmentVariables": [ - { - "name": "NPM_CONFIG_UNSAFE_PERM", - "type": "PLAINTEXT", - "value": "true" - } - ] - }, - "name": "MyServicePipeline-synth", - "serviceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline", - "children": { - "SelfMutate": { - "id": "SelfMutate", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/Pipeline/PreProd", - "children": { - "UseSource": { - "id": "UseSource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Project": { - "id": "Project", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Deploy": { - "id": "Stack.Deploy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Deploy", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Prepare": { - "id": "Stack.Prepare", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Prepare", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Assets": { - "id": "Assets", - "path": "PipelineStack/Pipeline/Pipeline/Assets", - "children": { - "FileAsset": { - "id": "FileAsset", - "path": "PipelineStack/Pipeline/Pipeline/Assets/FileAsset", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", - "version": "0.0.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/UpdatePipeline", - "children": { - "SelfMutation": { - "id": "SelfMutation", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.UpdatePipelineAction", - "version": "0.0.0" - } - }, - "Assets": { - "id": "Assets", - "path": "PipelineStack/Pipeline/Assets", - "children": { - "FileRole": { - "id": "FileRole", - "path": "PipelineStack/Pipeline/Assets/FileRole", - "children": { - "ImportFileRole": { - "id": "ImportFileRole", - "path": "PipelineStack/Pipeline/Assets/FileRole/ImportFileRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Assets/FileRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - }, - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Assets/FileRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Assets/FileRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/*" - ] - ] - } - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineAssetsFileRoleDefaultPolicy14DB8755", - "roles": [ - { - "Ref": "PipelineAssetsFileRole59943A77" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "FileAsset": { - "id": "FileAsset", - "path": "PipelineStack/Pipeline/Assets/FileAsset", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStack/Pipeline/Assets/FileAsset/Default", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Assets/FileAsset/Default/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "buildspec-assets-PipelineStack-Pipeline-Assets-FileAsset.yaml" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.PublishAssetsAction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/PreProd", - "children": { - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "children": { - "8389e75f-0810-4838-bf64-d6f85a95cf83": { - "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}/8389e75f-0810-4838-bf64-d6f85a95cf83", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkStage", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkPipeline", - "version": "0.0.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/PreProd", - "children": { - "Stack": { - "id": "Stack", - "path": "PipelineStack/PreProd/Stack", - "children": { - "Asset": { - "id": "Asset", - "path": "PipelineStack/PreProd/Stack/Asset", - "children": { - "Stage": { - "id": "Stage", - "path": "PipelineStack/PreProd/Stack/Asset/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "PipelineStack/PreProd/Stack/Asset/AssetBucket", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" - } - }, - "Asset2": { - "id": "Asset2", - "path": "PipelineStack/PreProd/Stack/Asset2", - "children": { - "Stage": { - "id": "Stage", - "path": "PipelineStack/PreProd/Stack/Asset2/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "PipelineStack/PreProd/Stack/Asset2/AssetBucket", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/PreProd/Stack/Resource", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/PreProd/Stack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/PreProd/Stack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stage", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "PipelineStackTest": { - "id": "PipelineStackTest", - "path": "PipelineStackTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "PipelineStackTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStackTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "PipelineStackTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts deleted file mode 100644 index c05a52e685eba..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.ts +++ /dev/null @@ -1,107 +0,0 @@ -/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import * as path from 'path'; -import * as codepipeline from 'aws-cdk-lib/aws-codepipeline'; -import * as codepipeline_actions from 'aws-cdk-lib/aws-codepipeline-actions'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import * as s3_assets from 'aws-cdk-lib/aws-s3-assets'; -import { App, CfnResource, RemovalPolicy, DefaultStackSynthesizer, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; -import { Construct } from 'constructs'; -import * as cdkp from 'aws-cdk-lib/pipelines'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -class MyStage extends Stage { - constructor(scope: Construct, id: string, props?: StageProps) { - super(scope, id, props); - - const stack = new Stack(this, 'Stack', { - ...props, - synthesizer: new DefaultStackSynthesizer(), - }); - - new s3_assets.Asset(stack, 'Asset', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset.txt'), - }); - new s3_assets.Asset(stack, 'Asset2', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset-two.txt'), - }); - - new CfnResource(stack, 'Resource', { - type: 'AWS::Test::SomeResource', - }); - } -} - -/** - * The stack that defines the application pipeline - */ -class CdkpipelinesDemoPipelineStack extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - - const sourceBucket = new s3.Bucket(this, 'SourceBucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { - crossAccountKeys: true, - cloudAssemblyArtifact, - singlePublisherPerType: true, - - // Where the source can be found - sourceAction: new codepipeline_actions.S3SourceAction({ - bucket: sourceBucket, - output: sourceArtifact, - bucketKey: 'key', - actionName: 'S3', - }), - - // How it will be built - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - projectName: 'MyServicePipeline-synth', - additionalArtifacts: [ - { - directory: 'test', - artifact: integTestArtifact, - }, - ], - }), - }); - - // This is where we add the application stages - // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); - stage.addActions( - new cdkp.ShellScriptAction({ - actionName: 'UseSource', - commands: [ - // Comes from source - 'cat README.md', - ], - additionalArtifacts: [sourceArtifact], - }), - ); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); -const stack = new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new IntegTest(app, 'PipelineStackTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts deleted file mode 100644 index 3c71922e1e02d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.ts +++ /dev/null @@ -1,106 +0,0 @@ -/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import * as path from 'path'; -import * as codepipeline from 'aws-cdk-lib/aws-codepipeline'; -import * as codepipeline_actions from 'aws-cdk-lib/aws-codepipeline-actions'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import * as s3_assets from 'aws-cdk-lib/aws-s3-assets'; -import { App, CfnResource, DefaultStackSynthesizer, RemovalPolicy, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; -import { Construct } from 'constructs'; -import * as cdkp from 'aws-cdk-lib/pipelines'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -class MyStage extends Stage { - constructor(scope: Construct, id: string, props?: StageProps) { - super(scope, id, props); - - const stack = new Stack(this, 'Stack', { - ...props, - synthesizer: new DefaultStackSynthesizer(), - }); - - new s3_assets.Asset(stack, 'Asset', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset.txt'), - }); - new s3_assets.Asset(stack, 'Asset2', { - path: path.join(__dirname, 'testhelpers/assets/test-file-asset-two.txt'), - }); - - new CfnResource(stack, 'Resource', { - type: 'AWS::Test::SomeResource', - }); - } -} - -/** - * The stack that defines the application pipeline - */ -class CdkpipelinesDemoPipelineStack extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - - const sourceBucket = new s3.Bucket(this, 'SourceBucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { - crossAccountKeys: true, - cloudAssemblyArtifact, - - // Where the source can be found - sourceAction: new codepipeline_actions.S3SourceAction({ - bucket: sourceBucket, - output: sourceArtifact, - bucketKey: 'key', - actionName: 'S3', - }), - - // How it will be built - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - projectName: 'MyServicePipeline-synth', - additionalArtifacts: [ - { - directory: 'test', - artifact: integTestArtifact, - }, - ], - }), - }); - - // This is where we add the application stages - // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); - stage.addActions( - new cdkp.ShellScriptAction({ - actionName: 'UseSource', - commands: [ - // Comes from source - 'cat README.md', - ], - additionalArtifacts: [sourceArtifact], - }), - ); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); -const stack = new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new IntegTest(app, 'PipelineStackTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json deleted file mode 100644 index d96305350050e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.assets.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { - "source": { - "path": "asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "e7f81f8bda67ff3e586b06697af53694f5743a8e161a832b871afb6b753f90a9": { - "source": { - "path": "PipelineStack.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e7f81f8bda67ff3e586b06697af53694f5743a8e161a832b871afb6b753f90a9.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json deleted file mode 100644 index b95f0f452e79f..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json +++ /dev/null @@ -1,1910 +0,0 @@ -{ - "Resources": { - "SourceBucketDDD2130A": { - "Type": "AWS::S3::Bucket", - "Properties": { - "Tags": [ - { - "Key": "aws-cdk:auto-delete-objects", - "Value": "true" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "SourceBucketPolicy703DFBF9": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { - "Type": "Custom::S3AutoDeleteObjects", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", - "Arn" - ] - }, - "BucketName": { - "Ref": "SourceBucketDDD2130A" - } - }, - "DependsOn": [ - "SourceBucketPolicy703DFBF9" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": { - "Fn::FindInMap": [ - "LatestNodeRuntimeMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "PipelineArtifactsBucketEncryptionKeyF5BF0670": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketEncryptionKeyAlias94A07392": { - "Type": "AWS::KMS::Alias", - "Properties": { - "AliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "TargetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PipelineArtifactsBucketAEA9A052": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "PipelineArtifactsBucketPolicyF53CCC52": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleB27FAA37": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineRoleDefaultPolicy7BDC1ABB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "Roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "Pipeline9850B417": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Type": "KMS" - }, - "Location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "Type": "S3" - }, - "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "S3", - "Version": "1" - }, - "Configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "Name": "S3", - "OutputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "Synth", - "OutputArtifacts": [ - { - "Name": "CloudAsm" - }, - { - "Name": "IntegTests" - } - ], - "RoleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "Build" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "SelfMutate", - "RoleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - "RunOrder": 1 - } - ], - "Name": "UpdatePipeline" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - }, - "Configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "InputArtifacts": [ - { - "Name": "Artifact_Source_S3" - } - ], - "Name": "UseSource", - "RoleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - "RunOrder": 100 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "InputArtifacts": [ - { - "Name": "CloudAsm" - } - ], - "Name": "Stack.Prepare", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 1 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "Name": "Stack.Deploy", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "RunOrder": 2 - } - ], - "Name": "PreProd" - } - ] - }, - "DependsOn": [ - "PipelineRoleDefaultPolicy7BDC1ABB", - "PipelineRoleB27FAA37" - ] - }, - "PipelineSourceS3CodePipelineActionRole83895A58": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "Roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "PipelineBuildSynthCodePipelineActionRole4E7A6C97": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "Roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "Roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "PipelineBuildSynthCdkBuildProject6BEFA8E6": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "NPM_CONFIG_UNSAFE_PERM", - "Type": "PLAINTEXT", - "Value": "true" - } - ], - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "Name": "MyServicePipeline-synth", - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "PipelinePreProdUseSourceProjectRole69B20A71": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "Roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "PipelinePreProdUseSourceProject2E711EB4": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - }, - "PipelineUpdatePipelineSelfMutationRole57E559E8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "Roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "PipelineUpdatePipelineSelfMutationDAA41400": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "Source": { - "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}", - "Type": "CODEPIPELINE" - } - } - } - }, - "Mappings": { - "LatestNodeRuntimeMap": { - "af-south-1": { - "value": "nodejs20.x" - }, - "ap-east-1": { - "value": "nodejs20.x" - }, - "ap-northeast-1": { - "value": "nodejs20.x" - }, - "ap-northeast-2": { - "value": "nodejs20.x" - }, - "ap-northeast-3": { - "value": "nodejs20.x" - }, - "ap-south-1": { - "value": "nodejs20.x" - }, - "ap-south-2": { - "value": "nodejs20.x" - }, - "ap-southeast-1": { - "value": "nodejs20.x" - }, - "ap-southeast-2": { - "value": "nodejs20.x" - }, - "ap-southeast-3": { - "value": "nodejs20.x" - }, - "ap-southeast-4": { - "value": "nodejs20.x" - }, - "ap-southeast-5": { - "value": "nodejs20.x" - }, - "ap-southeast-7": { - "value": "nodejs20.x" - }, - "ca-central-1": { - "value": "nodejs20.x" - }, - "ca-west-1": { - "value": "nodejs20.x" - }, - "cn-north-1": { - "value": "nodejs18.x" - }, - "cn-northwest-1": { - "value": "nodejs18.x" - }, - "eu-central-1": { - "value": "nodejs20.x" - }, - "eu-central-2": { - "value": "nodejs20.x" - }, - "eu-isoe-west-1": { - "value": "nodejs18.x" - }, - "eu-north-1": { - "value": "nodejs20.x" - }, - "eu-south-1": { - "value": "nodejs20.x" - }, - "eu-south-2": { - "value": "nodejs20.x" - }, - "eu-west-1": { - "value": "nodejs20.x" - }, - "eu-west-2": { - "value": "nodejs20.x" - }, - "eu-west-3": { - "value": "nodejs20.x" - }, - "il-central-1": { - "value": "nodejs20.x" - }, - "me-central-1": { - "value": "nodejs20.x" - }, - "me-south-1": { - "value": "nodejs20.x" - }, - "mx-central-1": { - "value": "nodejs20.x" - }, - "sa-east-1": { - "value": "nodejs20.x" - }, - "us-east-1": { - "value": "nodejs20.x" - }, - "us-east-2": { - "value": "nodejs20.x" - }, - "us-gov-east-1": { - "value": "nodejs18.x" - }, - "us-gov-west-1": { - "value": "nodejs18.x" - }, - "us-iso-east-1": { - "value": "nodejs18.x" - }, - "us-iso-west-1": { - "value": "nodejs18.x" - }, - "us-isob-east-1": { - "value": "nodejs18.x" - }, - "us-west-1": { - "value": "nodejs20.x" - }, - "us-west-2": { - "value": "nodejs20.x" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json deleted file mode 100644 index 8f0029884a021..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStackTestDefaultTestDeployAssertBC780F98.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json deleted file mode 100644 index f4cee0d9b9779..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4": { - "source": { - "path": "PipelineStackPreProdStack65A0AD1F.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json deleted file mode 100644 index 5f37c46ccf4b5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "Resources": { - "Resource": { - "Type": "AWS::Test::SomeResource" - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json deleted file mode 100644 index a85b758286df0..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/assembly-PipelineStack-PreProd/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "PipelineStackPreProdStack65A0AD1F.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackPreProdStack65A0AD1F.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackPreProdStack65A0AD1F": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackPreProdStack65A0AD1F.template.json", - "terminationProtection": false, - "validateOnSynth": true, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17b50ab4e61e5c19d1e2d14ccc136d8c1ae3b77a4236035ac6ac6273619764a4.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - }, - "stackName": "PreProd-Stack" - }, - "dependencies": [ - "PipelineStackPreProdStack65A0AD1F.assets" - ], - "metadata": { - "/PipelineStack/PreProd/Stack/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Resource" - } - ], - "/PipelineStack/PreProd/Stack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/PreProd/Stack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack/PreProd/Stack" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js deleted file mode 100644 index 1002ba018e9fb..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var f=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t};var l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t);var q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H});module.exports=B(q);var h=require("@aws-sdk/client-s3");var y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}0&&(module.exports={autoDeleteHandler,handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json deleted file mode 100644 index 5315ad6d43743..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/integ.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "PipelineStackTest/DefaultTest": { - "stacks": [ - "PipelineStack" - ], - "diffAssets": true, - "assertionStack": "PipelineStackTest/DefaultTest/DeployAssert", - "assertionStackName": "PipelineStackTestDefaultTestDeployAssertBC780F98" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json deleted file mode 100644 index 515495bbbc66a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/manifest.json +++ /dev/null @@ -1,300 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "assembly-PipelineStack-PreProd": { - "type": "cdk:cloud-assembly", - "properties": { - "directoryName": "assembly-PipelineStack-PreProd", - "displayName": "PipelineStack/PreProd" - } - }, - "PipelineStack.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStack.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStack": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStack.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e7f81f8bda67ff3e586b06697af53694f5743a8e161a832b871afb6b753f90a9.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStack.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStack.assets" - ], - "metadata": { - "/PipelineStack/SourceBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketDDD2130A" - } - ], - "/PipelineStack/SourceBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketPolicy703DFBF9" - } - ], - "/PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "SourceBucketAutoDeleteObjectsCustomResourceC68FC040" - } - ], - "/PipelineStack/LatestNodeRuntimeMap": [ - { - "type": "aws:cdk:logicalId", - "data": "LatestNodeRuntimeMap" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - } - ], - "/PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" - } - ], - "/PipelineStack/Pipeline/Pipeline": [ - { - "type": "aws:cdk:warning", - "data": "V1 pipeline type is implicitly selected when `pipelineType` is not set. If you want to use V2 type, set `PipelineType.V2`. [ack: @aws-cdk/aws-codepipeline:unspecifiedPipelineType]" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyF5BF0670" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketEncryptionKeyAlias94A07392" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketAEA9A052" - } - ], - "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineArtifactsBucketPolicyF53CCC52" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleB27FAA37" - } - ], - "/PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineRoleDefaultPolicy7BDC1ABB" - } - ], - "/PipelineStack/Pipeline/Pipeline/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Pipeline9850B417" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ], - "/PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C" - } - ], - "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ], - "/PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3" - } - ], - "/PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelinePreProdUseSourceProject2E711EB4" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E" - } - ], - "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ], - "/PipelineStack/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStack/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStack" - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "PipelineStackTestDefaultTestDeployAssertBC780F98.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "PipelineStackTestDefaultTestDeployAssertBC780F98": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "PipelineStackTestDefaultTestDeployAssertBC780F98.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "PipelineStackTestDefaultTestDeployAssertBC780F98.assets" - ], - "metadata": { - "/PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "PipelineStackTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json deleted file mode 100644 index ffb2d51e18c94..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/tree.json +++ /dev/null @@ -1,2564 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "PipelineStack": { - "id": "PipelineStack", - "path": "PipelineStack", - "children": { - "SourceBucket": { - "id": "SourceBucket", - "path": "PipelineStack/SourceBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "aws-cdk:auto-delete-objects", - "value": "true" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/SourceBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/SourceBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - }, - "AutoDeleteObjectsCustomResource": { - "id": "AutoDeleteObjectsCustomResource", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStack/SourceBucket/AutoDeleteObjectsCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "LatestNodeRuntimeMap": { - "id": "LatestNodeRuntimeMap", - "path": "PipelineStack/LatestNodeRuntimeMap", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" - } - }, - "Custom::S3AutoDeleteObjectsCustomResourceProvider": { - "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "PipelineStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline", - "children": { - "Pipeline": { - "id": "Pipeline", - "path": "PipelineStack/Pipeline/Pipeline", - "children": { - "ArtifactsBucketEncryptionKey": { - "id": "ArtifactsBucketEncryptionKey", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Key", - "aws:cdk:cloudformation:props": { - "keyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" - } - }, - "ArtifactsBucketEncryptionKeyAlias": { - "id": "ArtifactsBucketEncryptionKeyAlias", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Alias", - "aws:cdk:cloudformation:props": { - "aliasName": "alias/codepipeline-pipelinestack-pipeline-e95eedaa", - "targetKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnAlias", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Alias", - "version": "0.0.0" - } - }, - "ArtifactsBucket": { - "id": "ArtifactsBucket", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "bucketEncryption": { - "serverSideEncryptionConfiguration": [ - { - "serverSideEncryptionByDefault": { - "sseAlgorithm": "aws:kms", - "kmsMasterKeyId": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - } - ] - }, - "publicAccessBlockConfiguration": { - "blockPublicAcls": true, - "blockPublicPolicy": true, - "ignorePublicAcls": true, - "restrictPublicBuckets": true - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", - "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "policyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "roles": [ - { - "Ref": "PipelineRoleB27FAA37" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", - "aws:cdk:cloudformation:props": { - "artifactStore": { - "type": "S3", - "location": { - "Ref": "PipelineArtifactsBucketAEA9A052" - }, - "encryptionKey": { - "type": "KMS", - "id": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - }, - "restartExecutionOnUpdate": true, - "roleArn": { - "Fn::GetAtt": [ - "PipelineRoleB27FAA37", - "Arn" - ] - }, - "stages": [ - { - "name": "Source", - "actions": [ - { - "name": "S3", - "outputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Source", - "version": "1", - "owner": "AWS", - "provider": "S3" - }, - "configuration": { - "S3Bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "S3ObjectKey": "key" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole83895A58", - "Arn" - ] - } - } - ] - }, - { - "name": "Build", - "actions": [ - { - "name": "Synth", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "outputArtifacts": [ - { - "name": "CloudAsm" - }, - { - "name": "IntegTests" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"7f66814704b7757367a6ec706823d271fb9c6fceda866eee4260d1e76b73967b\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - } - ] - }, - { - "name": "UpdatePipeline", - "actions": [ - { - "name": "SelfMutate", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "EnvironmentVariables": "[{\"name\":\"CDK_CLI_VERSION\",\"type\":\"PLAINTEXT\",\"value\":\"2\"}]" - }, - "runOrder": 1, - "roleArn": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - } - ] - }, - { - "name": "PreProd", - "actions": [ - { - "name": "UseSource", - "inputArtifacts": [ - { - "name": "Artifact_Source_S3" - } - ], - "actionTypeId": { - "category": "Build", - "version": "1", - "owner": "AWS", - "provider": "CodeBuild" - }, - "configuration": { - "ProjectName": { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - }, - "runOrder": 100, - "roleArn": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "name": "Stack.Prepare", - "inputArtifacts": [ - { - "name": "CloudAsm" - } - ], - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", - "RoleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-cfn-exec-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "PipelineChange", - "TemplatePath": "CloudAsm::assembly-PipelineStack-PreProd/PipelineStackPreProdStack65A0AD1F.template.json" - }, - "runOrder": 1, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - }, - { - "name": "Stack.Deploy", - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "PreProd-Stack", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "PipelineChange" - }, - "runOrder": 2, - "roleArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } - ] - ] - } - } - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", - "version": "0.0.0" - } - }, - "Source": { - "id": "Source", - "path": "PipelineStack/Pipeline/Pipeline/Source", - "children": { - "S3": { - "id": "S3", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Source/S3/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineSourceS3CodePipelineActionRoleDefaultPolicyB176A07F", - "roles": [ - { - "Ref": "PipelineSourceS3CodePipelineActionRole83895A58" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Build": { - "id": "Build", - "path": "PipelineStack/Pipeline/Pipeline/Build", - "children": { - "Synth": { - "id": "Synth", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProject6BEFA8E6", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290", - "roles": [ - { - "Ref": "PipelineBuildSynthCodePipelineActionRole4E7A6C97" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "CdkBuildProject": { - "id": "CdkBuildProject", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "roles": [ - { - "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL", - "environmentVariables": [ - { - "name": "NPM_CONFIG_UNSAFE_PERM", - "type": "PLAINTEXT", - "value": "true" - } - ] - }, - "name": "MyServicePipeline-synth", - "serviceRole": { - "Fn::GetAtt": [ - "PipelineBuildSynthCdkBuildProjectRole231EEA2A", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"npm ci\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"secondary-artifacts\": {\n \"CloudAsm\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n },\n \"IntegTests\": {\n \"base-directory\": \"test\",\n \"files\": \"**/*\"\n }\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline", - "children": { - "SelfMutate": { - "id": "SelfMutate", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationDAA41400", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/Pipeline/PreProd", - "children": { - "UseSource": { - "id": "UseSource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole", - "children": { - "ImportCodePipelineActionRole": { - "id": "ImportCodePipelineActionRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/ImportCodePipelineActionRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProject2E711EB4", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceCodePipelineActionRoleDefaultPolicy9BE325AD", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Project": { - "id": "Project", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - "-*" - ] - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelinePreProdUseSourceProjectRoleDefaultPolicy50F68DF3", - "roles": [ - { - "Ref": "PipelinePreProdUseSourceProjectRole69B20A71" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/UseSource/Project/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceProjectRole69B20A71", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"set -eu\",\n \"cat README.md\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Deploy": { - "id": "Stack.Deploy", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Deploy", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Stack.Prepare": { - "id": "Stack.Prepare", - "path": "PipelineStack/Pipeline/Pipeline/PreProd/Stack.Prepare", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", - "version": "0.0.0" - } - }, - "UpdatePipeline": { - "id": "UpdatePipeline", - "path": "PipelineStack/Pipeline/UpdatePipeline", - "children": { - "SelfMutation": { - "id": "SelfMutation", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation", - "children": { - "Role": { - "id": "Role", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role", - "children": { - "ImportRole": { - "id": "ImportRole", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/ImportRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:BatchPutCodeCoverages", - "codebuild:BatchPutTestCases", - "codebuild:CreateReport", - "codebuild:CreateReportGroup", - "codebuild:UpdateReport" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - "-*" - ] - ] - } - }, - { - "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ - "image-publishing", - "file-publishing", - "deploy" - ] - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:*:iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/*" - ] - ] - } - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucketAEA9A052", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "roles": [ - { - "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", - "aws:cdk:cloudformation:props": { - "artifacts": { - "type": "CODEPIPELINE" - }, - "cache": { - "type": "NO_CACHE" - }, - "encryptionKey": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - }, - "environment": { - "type": "LINUX_CONTAINER", - "image": "aws/codebuild/standard:7.0", - "imagePullCredentialsType": "CODEBUILD", - "privilegedMode": false, - "computeType": "BUILD_GENERAL1_SMALL" - }, - "serviceRole": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutationRole57E559E8", - "Arn" - ] - }, - "source": { - "type": "CODEPIPELINE", - "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.UpdatePipelineAction", - "version": "0.0.0" - } - }, - "Assets": { - "id": "Assets", - "path": "PipelineStack/Pipeline/Assets", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/Pipeline/PreProd", - "children": { - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "children": { - "8389e75f-0810-4838-bf64-d6f85a95cf83": { - "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}/8389e75f-0810-4838-bf64-d6f85a95cf83", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { - "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "path": "PipelineStack/Pipeline/PreProd/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkStage", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.pipelines.CdkPipeline", - "version": "0.0.0" - } - }, - "PreProd": { - "id": "PreProd", - "path": "PipelineStack/PreProd", - "children": { - "Stack": { - "id": "Stack", - "path": "PipelineStack/PreProd/Stack", - "children": { - "Resource": { - "id": "Resource", - "path": "PipelineStack/PreProd/Stack/Resource", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/PreProd/Stack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/PreProd/Stack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stage", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "PipelineStackTest": { - "id": "PipelineStackTest", - "path": "PipelineStackTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "PipelineStackTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "PipelineStackTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "PipelineStackTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "PipelineStackTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts deleted file mode 100644 index b8afeedfc285d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.ts +++ /dev/null @@ -1,97 +0,0 @@ -/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true -import * as codepipeline from 'aws-cdk-lib/aws-codepipeline'; -import * as codepipeline_actions from 'aws-cdk-lib/aws-codepipeline-actions'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import { App, CfnResource, DefaultStackSynthesizer, RemovalPolicy, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; -import { Construct } from 'constructs'; -import * as cdkp from 'aws-cdk-lib/pipelines'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - -class MyStage extends Stage { - constructor(scope: Construct, id: string, props?: StageProps) { - super(scope, id, props); - - const stack = new Stack(this, 'Stack', { - ...props, - synthesizer: new DefaultStackSynthesizer(), - }); - new CfnResource(stack, 'Resource', { - type: 'AWS::Test::SomeResource', - }); - } -} - -/** - * The stack that defines the application pipeline - */ -class CdkpipelinesDemoPipelineStack extends Stack { - constructor(scope: Construct, id: string, props?: StackProps) { - super(scope, id, props); - - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - - const sourceBucket = new s3.Bucket(this, 'SourceBucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - const pipeline = new cdkp.CdkPipeline(this, 'Pipeline', { - crossAccountKeys: true, - cloudAssemblyArtifact, - - // Where the source can be found - sourceAction: new codepipeline_actions.S3SourceAction({ - bucket: sourceBucket, - output: sourceArtifact, - bucketKey: 'key', - actionName: 'S3', - }), - - // How it will be built - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - projectName: 'MyServicePipeline-synth', - additionalArtifacts: [ - { - directory: 'test', - artifact: integTestArtifact, - }, - ], - }), - }); - - // This is where we add the application stages - // ... - const stage = pipeline.addApplicationStage(new MyStage(this, 'PreProd')); - stage.addActions( - new cdkp.ShellScriptAction({ - actionName: 'UseSource', - commands: [ - // Comes from source - 'cat README.md', - ], - additionalArtifacts: [sourceArtifact], - }), - ); - } -} - -const app = new App({ - postCliContext: { - '@aws-cdk/core:newStyleStackSynthesis': 'true', - '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, - }, -}); - -const stack = new CdkpipelinesDemoPipelineStack(app, 'PipelineStack', { - synthesizer: new DefaultStackSynthesizer(), -}); - -new IntegTest(app, 'PipelineStackTest', { - testCases: [stack], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index aad87ef49fbde..9e980cc71faae 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -71,7 +71,6 @@ Flags come in three types: | [@aws-cdk/pipelines:reduceAssetRoleTrustScope](#aws-cdkpipelinesreduceassetroletrustscope) | Remove the root account principal from PipelineAssetsFileRole trust policy | 2.141.0 | (default) | | [@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm](#aws-cdkaws-ecsremovedefaultdeploymentalarm) | When enabled, remove default deployment alarm settings | 2.143.0 | (default) | | [@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault](#aws-cdkcustom-resourceslogapiresponsedatapropertytruedefault) | When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default | 2.145.0 | (fix) | -| [@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions](#aws-cdkaws-stepfunctions-tasksecsreduceruntaskpermissions) | When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. | 2.148.0 | (fix) | @@ -132,8 +131,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-eks:nodegroupNameAttribute": true, "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true, - "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false, - "@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions": true + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false } } ``` @@ -1340,19 +1338,4 @@ property from the event object. | 2.145.0 | `false` | `false` | -### @aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions - -*When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.* (fix) - -When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. -The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html -for more details. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| 2.148.0 | `false` | `true` | - - - \ No newline at end of file + diff --git a/packages/aws-cdk-lib/pipelines/README.md b/packages/aws-cdk-lib/pipelines/README.md index 2eceefc9e5236..40c06136e9dea 100644 --- a/packages/aws-cdk-lib/pipelines/README.md +++ b/packages/aws-cdk-lib/pipelines/README.md @@ -1,11 +1,10 @@ # CDK Pipelines - A construct library for painless Continuous Delivery of CDK applications. -CDK Pipelines is an *opinionated construct library*. It is purpose-built to +CDK Pipelines is an _opinionated construct library_. It is purpose-built to deploy one or more copies of your CDK applications using CloudFormation with a -minimal amount of effort on your part. It is *not* intended to support arbitrary +minimal amount of effort on your part. It is _not_ intended to support arbitrary deployment pipelines, and very specifically it is not built to use CodeDeploy to deploy applications to instances, or deploy your custom-built ECR images to an ECS cluster directly: use CDK file assets with CloudFormation Init for instances, or @@ -13,12 +12,12 @@ CDK container assets for ECS clusters instead. Give the CDK Pipelines way of doing things a shot first: you might find it does everything you need. If you need more control, or if you need `v2` support from -`aws-codepipeline`, we recommend you drop down to using the `aws-codepipeline` +`aws-codepipeline`, we recommend you drop down to using the `aws-codepipeline` construct library directly. > This module contains two sets of APIs: an **original** and a **modern** version of -> CDK Pipelines. The *modern* API has been updated to be easier to work with and -> customize, and will be the preferred API going forward. The *original* version +> CDK Pipelines. The _modern_ API has been updated to be easier to work with and +> customize, and will be the preferred API going forward. The _original_ version > of the API is still available for backwards compatibility, but we recommend migrating > to the new version if possible. > @@ -40,28 +39,28 @@ You then define a `Pipeline`, instantiate as many instances of `MyApplicationStage` as you want for your test and production environments, with different parameters for each, and calling `pipeline.addStage()` for each of them. You can deploy to the same account and Region, or to a different one, -with the same amount of code. The *CDK Pipelines* library takes care of the +with the same amount of code. The _CDK Pipelines_ library takes care of the details. -CDK Pipelines supports multiple *deployment engines* (see +CDK Pipelines supports multiple _deployment engines_ (see [Using a different deployment engine](#using-a-different-deployment-engine)), and comes with a deployment engine that deploys CDK apps using AWS CodePipeline. -To use the CodePipeline engine, define a `CodePipeline` construct. The following +To use the CodePipeline engine, define a `CodePipeline` construct. The following example creates a CodePipeline that deploys an application from GitHub: ```ts /** The stacks for our app are minimally defined here. The internals of these - * stacks aren't important, except that DatabaseStack exposes an attribute - * "table" for a database table it defines, and ComputeStack accepts a reference - * to this table in its properties. - */ + * stacks aren't important, except that DatabaseStack exposes an attribute + * "table" for a database table it defines, and ComputeStack accepts a reference + * to this table in its properties. + */ class DatabaseStack extends Stack { public readonly table: dynamodb.TableV2; constructor(scope: Construct, id: string) { super(scope, id); this.table = new dynamodb.TableV2(this, 'Table', { - partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING } + partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }, }); } } @@ -87,26 +86,29 @@ class MyPipelineStack extends Stack { synth: new pipelines.ShellStep('Synth', { // Use a connection created using the AWS console to authenticate to GitHub // Other sources are available. - input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', - }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + input: pipelines.CodePipelineSource.connection( + 'my-org/my-app', + 'main', + { + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + } + ), + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); // 'MyApplication' is defined below. Call `addStage` as many times as // necessary with any account and region (may be different from the // pipeline's). - pipeline.addStage(new MyApplication(this, 'Prod', { - env: { - account: '123456789012', - region: 'eu-west-1', - }, - })); + pipeline.addStage( + new MyApplication(this, 'Prod', { + env: { + account: '123456789012', + region: 'eu-west-1', + }, + }) + ); } } @@ -134,7 +136,7 @@ new MyPipelineStack(this, 'PipelineStack', { env: { account: '123456789012', region: 'eu-west-1', - } + }, }); ``` @@ -143,7 +145,7 @@ application stages in the source code, or new stacks to `MyApplication`, the pipeline will automatically reconfigure itself to deploy those new stages and stacks. -(Note that you have to *bootstrap* all environments before the above code +(Note that you have to _bootstrap_ all environments before the above code will work, and switch on "Modern synthesis" if you are using CDKv1. See the section **CDK Environment Bootstrapping** below for more information). @@ -152,7 +154,7 @@ more information). To provision the pipeline you have defined, make sure the target environment has been bootstrapped (see below), and then execute deploying the -`PipelineStack` *once*. Afterwards, the pipeline will keep itself up-to-date. +`PipelineStack` _once_. Afterwards, the pipeline will keep itself up-to-date. > **Important**: be sure to `git commit` and `git push` before deploying the > Pipeline stack using `cdk deploy`! @@ -183,27 +185,16 @@ To make the development more convenient, the self-mutation feature can be turned off temporarily, by passing `selfMutation: false` property, example: ```ts -// Modern API -const modernPipeline = new pipelines.CodePipeline(this, 'Pipeline', { +const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { selfMutation: false, synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); - -// Original API -const cloudAssemblyArtifact = new codepipeline.Artifact(); -const originalPipeline = new pipelines.CdkPipeline(this, 'Pipeline', { - selfMutating: false, - cloudAssemblyArtifact, -}); ``` ## Defining the pipeline @@ -232,11 +223,7 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -252,12 +239,7 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'cd mysubdir', - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['cd mysubdir', 'npm ci', 'npm run build', 'npx cdk synth'], primaryOutputDirectory: 'mysubdir/cdk.out', }), }); @@ -284,12 +266,8 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'yarn install --frozen-lockfile', - 'yarn build', - 'npx cdk synth', - ], - }) + commands: ['yarn install --frozen-lockfile', 'yarn build', 'npx cdk synth'], + }), }); ``` @@ -307,7 +285,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { 'npm install -g aws-cdk', 'cdk synth', ], - }) + }), }); ``` @@ -322,11 +300,8 @@ declare const source: pipelines.IFileSetProducer; // the repository source const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: source, - commands: [ - 'npm install -g aws-cdk', - 'cdk synth', - ], - }) + commands: ['npm install -g aws-cdk', 'cdk synth'], + }), }); ``` @@ -358,7 +333,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { // Abstract over doing the build './build.sh', ], - }) + }), }); ``` @@ -368,19 +343,20 @@ for developers at the same time. #### CodePipeline Sources -In CodePipeline, *Sources* define where the source of your application lives. +In CodePipeline, _Sources_ define where the source of your application lives. When a change to the source is detected, the pipeline will start executing. Source objects can be created by factory methods on the `CodePipelineSource` class: ##### GitHub, GitHub Enterprise, BitBucket using a connection -The recommended way of connecting to GitHub or BitBucket is by using a *connection*. +The recommended way of connecting to GitHub or BitBucket is by using a _connection_. You will first use the AWS Console to authenticate to the source control provider, and then use the connection ARN in your pipeline definition: ```ts pipelines.CodePipelineSource.connection('org/repo', 'branch', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', }); ``` @@ -406,7 +382,11 @@ that the CodeCommit repository and then use `CodePipelineSource.codeCommit` to reference it: ```ts -const repository = codecommit.Repository.fromRepositoryName(this, 'Repository', 'my-repository'); +const repository = codecommit.Repository.fromRepositoryName( + this, + 'Repository', + 'my-repository' +); pipelines.CodePipelineSource.codeCommit(repository, 'main'); ``` @@ -448,12 +428,12 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.gitHub('myorg/repo2', 'main'), additionalInputs: { - 'subdir': pipelines.CodePipelineSource.gitHub('myorg/repo3', 'main'), + subdir: pipelines.CodePipelineSource.gitHub('myorg/repo3', 'main'), '../siblingdir': prebuild, }, commands: ['./build.sh'], - }) + }), }); ``` @@ -467,12 +447,14 @@ so, call `pipeline.addStage()` on the Stage object: declare const pipeline: pipelines.CodePipeline; // Do this as many times as necessary with any account and region // Account and region may different from the pipeline's. -pipeline.addStage(new MyApplicationStage(this, 'Prod', { - env: { - account: '123456789012', - region: 'eu-west-1', - } -})); +pipeline.addStage( + new MyApplicationStage(this, 'Prod', { + env: { + account: '123456789012', + region: 'eu-west-1', + }, + }) +); ``` CDK Pipelines will automatically discover all `Stacks` in the given `Stage` @@ -491,7 +473,7 @@ correctly and any requisite replication Buckets are created. By default, all applications added to CDK Pipelines by calling `addStage()` will be deployed in sequence, one after the other. If you have a lot of stages, you can speed up the pipeline by choosing to deploy some stages in parallel. You do this -by calling `addWave()` instead of `addStage()`: a *wave* is a set of stages that +by calling `addWave()` instead of `addStage()`: a _wave_ is a set of stages that are all deployed in parallel instead of sequentially. Waves themselves are still deployed in sequence. For example, the following will deploy two copies of your application to `eu-west-1` and `eu-central-1` in parallel: @@ -499,19 +481,23 @@ application to `eu-west-1` and `eu-central-1` in parallel: ```ts declare const pipeline: pipelines.CodePipeline; const europeWave = pipeline.addWave('Europe'); -europeWave.addStage(new MyApplicationStage(this, 'Ireland', { - env: { region: 'eu-west-1' } -})); -europeWave.addStage(new MyApplicationStage(this, 'Germany', { - env: { region: 'eu-central-1' } -})); +europeWave.addStage( + new MyApplicationStage(this, 'Ireland', { + env: { region: 'eu-west-1' }, + }) +); +europeWave.addStage( + new MyApplicationStage(this, 'Germany', { + env: { region: 'eu-central-1' }, + }) +); ``` #### Deploying to other accounts / encrypting the Artifact Bucket CDK Pipelines can transparently deploy to other Regions and other accounts (provided those target environments have been -[*bootstrapped*](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)). +[_bootstrapped_](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)). However, deploying to another account requires one additional piece of configuration: you need to enable `crossAccountKeys: true` when creating the pipeline. @@ -530,13 +516,10 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { enableKeyRotation: true, // optional synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -592,9 +575,7 @@ pipeline.addStage(preprod, { ], }); pipeline.addStage(prod, { - pre: [ - new pipelines.ManualApprovalStep('PromoteToProd'), - ], + pre: [new pipelines.ManualApprovalStep('PromoteToProd')], }); ``` @@ -616,15 +597,18 @@ declare const pipeline: pipelines.CodePipeline; const prod = new MyStacksStage(this, 'Prod'); pipeline.addStage(prod, { - stackSteps: [{ - stack: prod.stack1, - pre: [new pipelines.ManualApprovalStep('Pre-Stack Check')], // Executed before stack is prepared - changeSet: [new pipelines.ManualApprovalStep('ChangeSet Approval')], // Executed after stack is prepared but before the stack is deployed - post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed - }, { - stack: prod.stack2, - post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed - }], + stackSteps: [ + { + stack: prod.stack1, + pre: [new pipelines.ManualApprovalStep('Pre-Stack Check')], // Executed before stack is prepared + changeSet: [new pipelines.ManualApprovalStep('ChangeSet Approval')], // Executed after stack is prepared but before the stack is deployed + post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed + }, + { + stack: prod.stack2, + post: [new pipelines.ManualApprovalStep('Post-Deploy Check')], // Executed after stack is deployed + }, + ], }); ``` @@ -664,7 +648,9 @@ class MyOutputStage extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); - this.loadBalancerAddress = new CfnOutput(this, 'Output', {value: 'value'}); + this.loadBalancerAddress = new CfnOutput(this, 'Output', { + value: 'value', + }); } } @@ -724,8 +710,12 @@ declare const vpc: ec2.Vpc; declare const mySecurityGroup: ec2.SecurityGroup; new pipelines.CodeBuildStep('Synth', { // ...standard ShellStep props... - commands: [/* ... */], - env: { /* ... */ }, + commands: [ + /* ... */ + ], + env: { + /* ... */ + }, // If you are using a CodeBuildStep explicitly, set the 'cdk.out' directory // to be the synth step's output. @@ -746,12 +736,14 @@ new pipelines.CodeBuildStep('Synth', { privileged: true, }, timeout: Duration.minutes(90), - fileSystemLocations: [codebuild.FileSystemLocation.efs({ - identifier: "myidentifier2", - location: "myclodation.mydnsroot.com:/loc", - mountPoint: "/media", - mountOptions: "opts", - })], + fileSystemLocations: [ + codebuild.FileSystemLocation.efs({ + identifier: 'myidentifier2', + location: 'myclodation.mydnsroot.com:/loc', + mountPoint: '/media', + mountOptions: 'opts', + }), + ], // Control Elastic Network Interface creation vpc: vpc, @@ -763,12 +755,14 @@ new pipelines.CodeBuildStep('Synth', { // Additional policy statements for the execution role rolePolicyStatements: [ - new iam.PolicyStatement({ /* ... */ }), + new iam.PolicyStatement({ + /* ... */ + }), ], }); ``` -You can also configure defaults for *all* CodeBuild projects by passing `codeBuildDefaults`, +You can also configure defaults for _all_ CodeBuild projects by passing `codeBuildDefaults`, or just for the synth, asset publishing, and self-mutation projects by passing `synthCodeBuildDefaults`, `assetPublishingCodeBuildDefaults`, or `selfMutationCodeBuildDefaults`: @@ -782,13 +776,10 @@ new pipelines.CodePipeline(this, 'Pipeline', { // Standard CodePipeline properties synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: [ - 'npm ci', - 'npm run build', - 'npx cdk synth', - ], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), // Defaults for all CodeBuild projects @@ -811,7 +802,9 @@ new pipelines.CodePipeline(this, 'Pipeline', { // Additional policy statements for the execution role rolePolicy: [ - new iam.PolicyStatement({ /* ... */ }), + new iam.PolicyStatement({ + /* ... */ + }), ], // Information about logs @@ -825,9 +818,15 @@ new pipelines.CodePipeline(this, 'Pipeline', { }, }, - synthCodeBuildDefaults: { /* ... */ }, - assetPublishingCodeBuildDefaults: { /* ... */ }, - selfMutationCodeBuildDefaults: { /* ... */ }, + synthCodeBuildDefaults: { + /* ... */ + }, + assetPublishingCodeBuildDefaults: { + /* ... */ + }, + selfMutationCodeBuildDefaults: { + /* ... */ + }, }); ``` @@ -840,10 +839,13 @@ doesn't have a matching class yet, you can define your own step class that exten Here's an example that adds a Jenkins step: ```ts -class MyJenkinsStep extends pipelines.Step implements pipelines.ICodePipelineActionFactory { +class MyJenkinsStep + extends pipelines.Step + implements pipelines.ICodePipelineActionFactory +{ constructor( private readonly provider: cpactions.JenkinsProvider, - private readonly input: pipelines.FileSet, + private readonly input: pipelines.FileSet ) { super('MyJenkinsStep'); @@ -851,27 +853,33 @@ class MyJenkinsStep extends pipelines.Step implements pipelines.ICodePipelineAct // that may contain outputs from other steps. It doesn't matter what the // structure is, as long as it contains the values that may contain outputs. this.discoverReferencedOutputs({ - env: { /* ... */ } + env: { + /* ... */ + }, }); } - public produceAction(stage: codepipeline.IStage, options: pipelines.ProduceActionOptions): pipelines.CodePipelineActionFactoryResult { - + public produceAction( + stage: codepipeline.IStage, + options: pipelines.ProduceActionOptions + ): pipelines.CodePipelineActionFactoryResult { // This is where you control what type of Action gets added to the // CodePipeline - stage.addAction(new cpactions.JenkinsAction({ - // Copy 'actionName' and 'runOrder' from the options - actionName: options.actionName, - runOrder: options.runOrder, - - // Jenkins-specific configuration - type: cpactions.JenkinsActionType.TEST, - jenkinsProvider: this.provider, - projectName: 'MyJenkinsProject', - - // Translate the FileSet into a codepipeline.Artifact - inputs: [options.artifacts.toCodePipeline(this.input)], - })); + stage.addAction( + new cpactions.JenkinsAction({ + // Copy 'actionName' and 'runOrder' from the options + actionName: options.actionName, + runOrder: options.runOrder, + + // Jenkins-specific configuration + type: cpactions.JenkinsActionType.TEST, + jenkinsProvider: this.provider, + projectName: 'MyJenkinsProject', + + // Translate the FileSet into a codepipeline.Artifact + inputs: [options.artifacts.toCodePipeline(this.input)], + }) + ); return { runOrdersConsumed: 1 }; } @@ -881,26 +889,35 @@ class MyJenkinsStep extends pipelines.Step implements pipelines.ICodePipelineAct Another example, adding a lambda step referencing outputs from a stack: ```ts -class MyLambdaStep extends pipelines.Step implements pipelines.ICodePipelineActionFactory { - private stackOutputReference: pipelines.StackOutputReference +class MyLambdaStep + extends pipelines.Step + implements pipelines.ICodePipelineActionFactory +{ + private stackOutputReference: pipelines.StackOutputReference; - constructor( - private readonly fn: lambda.Function, - stackOutput: CfnOutput, - ) { + constructor(private readonly fn: lambda.Function, stackOutput: CfnOutput) { super('MyLambdaStep'); - this.stackOutputReference = pipelines.StackOutputReference.fromCfnOutput(stackOutput); + this.stackOutputReference = + pipelines.StackOutputReference.fromCfnOutput(stackOutput); } - public produceAction(stage: codepipeline.IStage, options: pipelines.ProduceActionOptions): pipelines.CodePipelineActionFactoryResult { - - stage.addAction(new cpactions.LambdaInvokeAction({ - actionName: options.actionName, - runOrder: options.runOrder, - // Map the reference to the variable name the CDK has generated for you. - userParameters: {stackOutput: options.stackOutputsMap.toCodePipeline(this.stackOutputReference)}, - lambda: this.fn, - })); + public produceAction( + stage: codepipeline.IStage, + options: pipelines.ProduceActionOptions + ): pipelines.CodePipelineActionFactoryResult { + stage.addAction( + new cpactions.LambdaInvokeAction({ + actionName: options.actionName, + runOrder: options.runOrder, + // Map the reference to the variable name the CDK has generated for you. + userParameters: { + stackOutput: options.stackOutputsMap.toCodePipeline( + this.stackOutputReference + ), + }, + lambda: this.fn, + }) + ); return { runOrdersConsumed: 1 }; } @@ -924,7 +941,7 @@ This also gives you more direct control over the underlying `CodePipeline.Pipeli if the way the modern API creates it doesn't allow for desired configurations. Use `CodePipelineFileset` to convert CodePipeline **artifacts** into CDK Pipelines **file sets**, that can be used everywhere a file set or file set producer is expected. -Here's an example of passing in an existing pipeline and using a *source* that's already +Here's an example of passing in an existing pipeline and using a _source_ that's already in the pipeline: ```ts @@ -936,7 +953,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { codePipeline: codePipeline, synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineFileSet.fromArtifact(sourceArtifact), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -970,7 +987,7 @@ Docker can be used in 3 different places in the pipeline: - If you are using Docker to bundle file assets anywhere in your project (for example, if you are using such construct libraries as `aws-cdk-lib/aws-lambda-nodejs`): Docker will run in the - *synth* project. + _synth_ project. For the first case, you don't need to do anything special. For the other two cases, you need to make sure that **privileged mode** is enabled on the correct CodeBuild @@ -991,9 +1008,10 @@ you need to pass `dockerEnabledForSelfMutation: true` to the pipeline. For examp const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), // Turn this on because the pipeline uses Docker image assets @@ -1017,7 +1035,7 @@ pipeline.addWave('MyWave', { ``` > **Important**: You must turn on the `dockerEnabledForSelfMutation` flag, -> commit and allow the pipeline to self-update *before* adding the actual +> commit and allow the pipeline to self-update _before_ adding the actual > Docker asset. ### Using bundled file assets @@ -1030,9 +1048,10 @@ if you add a construct like `aws-cdk-lib/aws-lambda-nodejs`), you need to pass const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), // Turn this on because the application uses bundled file assets @@ -1041,7 +1060,7 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { ``` > **Important**: You must turn on the `dockerEnabledForSynth` flag, -> commit and allow the pipeline to self-update *before* adding the actual +> commit and allow the pipeline to self-update _before_ adding the actual > Docker asset. ### Authenticating to Docker registries @@ -1052,22 +1071,42 @@ any of the application stages — require authentication, either due to being in different environment (e.g., ECR repo) or to avoid throttling (e.g., DockerHub). ```ts -const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'DHSecret', 'arn:aws:...'); -const customRegSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'CRSecret', 'arn:aws:...'); -const repo1 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo1'); -const repo2 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo2'); +const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn( + this, + 'DHSecret', + 'arn:aws:...' +); +const customRegSecret = secretsmanager.Secret.fromSecretCompleteArn( + this, + 'CRSecret', + 'arn:aws:...' +); +const repo1 = ecr.Repository.fromRepositoryArn( + this, + 'Repo', + 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo1' +); +const repo2 = ecr.Repository.fromRepositoryArn( + this, + 'Repo', + 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo2' +); const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { dockerCredentials: [ pipelines.DockerCredential.dockerHub(dockerHubSecret), - pipelines.DockerCredential.customRegistry('dockerregistry.example.com', customRegSecret), + pipelines.DockerCredential.customRegistry( + 'dockerregistry.example.com', + customRegSecret + ), pipelines.DockerCredential.ecr([repo1, repo2]), ], synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), - commands: ['npm ci','npm run build','npx cdk synth'], + commands: ['npm ci', 'npm run build', 'npx cdk synth'], }), }); ``` @@ -1082,17 +1121,23 @@ optional role to assume before requesting the credentials. By default, the Docker credentials provided to the pipeline will be available to the **Synth**, **Self-Update**, and **Asset Publishing** actions within the -*pipeline. The scope of the credentials can be limited via the `DockerCredentialUsage` option. +\*pipeline. The scope of the credentials can be limited via the `DockerCredentialUsage` option. ```ts -const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'DHSecret', 'arn:aws:...'); +const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn( + this, + 'DHSecret', + 'arn:aws:...' +); // Only the image asset publishing actions will be granted read access to the secret. -const creds = pipelines.DockerCredential.dockerHub(dockerHubSecret, { usages: [pipelines.DockerCredentialUsage.ASSET_PUBLISHING] }); +const creds = pipelines.DockerCredential.dockerHub(dockerHubSecret, { + usages: [pipelines.DockerCredentialUsage.ASSET_PUBLISHING], +}); ``` ## CDK Environment Bootstrapping -An *environment* is an *(account, region)* pair where you want to deploy a +An _environment_ is an _(account, region)_ pair where you want to deploy a CDK stack (see [Environments](https://docs.aws.amazon.com/cdk/latest/guide/environments.html) in the CDK Developer Guide). In a Continuous Deployment pipeline, there are @@ -1102,16 +1147,16 @@ different stages of the application). These can be the same, though best practices recommend you isolate your different application stages from each other in different AWS accounts or regions. -Before you can provision the pipeline, you have to *bootstrap* the environment you want +Before you can provision the pipeline, you have to _bootstrap_ the environment you want to create it in. If you are deploying your application to different environments, you -also have to bootstrap those and be sure to add a *trust* relationship. +also have to bootstrap those and be sure to add a _trust_ relationship. After you have bootstrapped an environment and created a pipeline that deploys -to it, it's important that you don't delete the stack or change its *Qualifier*, +to it, it's important that you don't delete the stack or change its _Qualifier_, or future deployments to this environment will fail. If you want to upgrade the bootstrap stack to a newer version, do that by updating it in-place. -> This library requires the *modern* bootstrapping stack which has +> This library requires the _modern_ bootstrapping stack which has > been updated specifically to support cross-account continuous delivery. > > If you are using CDKv2, you do not need to do anything else. Modern @@ -1189,7 +1234,7 @@ These command lines explained: > Be aware that anyone who has access to the trusted Accounts **effectively has all > permissions conferred by the configured CloudFormation execution policies**, > allowing them to do things like read arbitrary S3 buckets and create arbitrary -> infrastructure in the bootstrapped account. Restrict the list of `--trust`ed Accounts, +> infrastructure in the bootstrapped account. Restrict the list of `--trust`ed Accounts, > or restrict the policies configured by `--cloudformation-execution-policies`.
@@ -1223,7 +1268,7 @@ The "new" bootstrap stack (obtained by running `cdk bootstrap` with contains: - An S3 bucket and ECR repository with predictable names, so that we can reference - assets in these storage locations *without* the use of CloudFormation template + assets in these storage locations _without_ the use of CloudFormation template parameters. - A set of roles with permissions to access these asset locations and to execute CloudFormation, assumable from whatever accounts you specify under `--trust`. @@ -1256,30 +1301,40 @@ declare const sharedXRegionUsWest2KeyArn: string; const usWest1Bucket = s3.Bucket.fromBucketAttributes(scope, 'UsEast1Bucket', { bucketArn: sharedXRegionUsWest1BucketArn, - encryptionKey: kms.Key.fromKeyArn(scope, 'UsEast1BucketKeyArn', sharedXRegionUsWest1BucketArn), + encryptionKey: kms.Key.fromKeyArn( + scope, + 'UsEast1BucketKeyArn', + sharedXRegionUsWest1BucketArn + ), }); const usWest2Bucket = s3.Bucket.fromBucketAttributes(scope, 'UsWest2Bucket', { bucketArn: sharedXRegionUsWest2BucketArn, - encryptionKey: kms.Key.fromKeyArn(scope, 'UsWest2BucketKeyArn', sharedXRegionUsWest2KeyArn), + encryptionKey: kms.Key.fromKeyArn( + scope, + 'UsWest2BucketKeyArn', + sharedXRegionUsWest2KeyArn + ), }); const crossRegionReplicationBuckets: Record = { 'us-west-1': usWest1Bucket, 'us-west-2': usWest2Bucket, // Support for additional regions. -} +}; const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.ShellStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', }), - commands: ['npm ci','npm run build','npx cdk synth'], - }), // Use shared buckets. + commands: ['npm ci', 'npm run build', 'npx cdk synth'], + }), // Use shared buckets. crossRegionReplicationBuckets, }); ``` + ## Context Lookups You might be using CDK constructs that need to look up [runtime @@ -1299,7 +1354,7 @@ contains the results of the context lookups. This will make sure your synthesized infrastructure is consistent and repeatable. If you do not commit `cdk.context.json`, the results of the lookups may suddenly be different in unexpected ways, and even produce results that cannot be deployed or will cause -data loss. To give an account permissions to perform lookups against an +data loss. To give an account permissions to perform lookups against an environment, without being able to deploy to it and make changes, run `cdk bootstrap --trust-for-lookup=`. @@ -1313,7 +1368,8 @@ lookup roles. As an example, doing so would look like this: new pipelines.CodePipeline(this, 'Pipeline', { synth: new pipelines.CodeBuildStep('Synth', { input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', { - connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', + connectionArn: + 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });', }), commands: [ // Commands to load cdk.context.json from somewhere here @@ -1405,9 +1461,7 @@ You can insert the security check by using a `ConfirmPermissionsBroadening` step declare const pipeline: pipelines.CodePipeline; const stage = new MyApplicationStage(this, 'MyApplication'); pipeline.addStage(stage, { - pre: [ - new pipelines.ConfirmPermissionsBroadening('Check', { stage }), - ], + pre: [new pipelines.ConfirmPermissionsBroadening('Check', { stage })], }); ``` @@ -1436,7 +1490,7 @@ check enabled. ## Using a different deployment engine -CDK Pipelines supports multiple *deployment engines*, but this module vends a +CDK Pipelines supports multiple _deployment engines_, but this module vends a construct for only one such engine: AWS CodePipeline. It is also possible to use CDK Pipelines to build pipelines backed by other deployment engines. @@ -1490,7 +1544,7 @@ but the directory wasn't there. There are two common causes for this: ### is in ROLLBACK_COMPLETE state and can not be updated -If you see the following error during execution of your pipeline: +If you see the following error during execution of your pipeline: ```plaintext Stack ... is in ROLLBACK_COMPLETE state and can not be updated. (Service: @@ -1520,7 +1574,7 @@ project that uses the AWS SDK for JavaScript, without the target application having been installed yet. For example, it can be triggered by `npx cdk synth` if `aws-cdk` is not in your `package.json`. -Work around this by either installing the target application using NPM *before* +Work around this by either installing the target application using NPM _before_ running `npx`, or set the environment variable `NPM_CONFIG_UNSAFE_PERM=true`. ### Cannot connect to the Docker daemon at unix:///var/run/docker.sock @@ -1539,21 +1593,6 @@ that bundles asset using tools run via Docker, like `aws-lambda-nodejs`, `aws-la Make sure you set the `privileged` environment variable to `true` in the synth definition: -```ts -const sourceArtifact = new codepipeline.Artifact(); -const cloudAssemblyArtifact = new codepipeline.Artifact(); -const pipeline = new pipelines.CdkPipeline(this, 'MyPipeline', { - cloudAssemblyArtifact, - synthAction: pipelines.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - environment: { - privileged: true, - }, - }), -}); -``` - After turning on `privilegedMode: true`, you will need to do a one-time manual cdk deploy of your pipeline to get it going again (as with a broken 'synth' the pipeline will not be able to self update to the right state). @@ -1606,27 +1645,6 @@ An "S3 Access Denied" error can have two causes: - Asset hashes have changed, but self-mutation has been disabled in the pipeline. - You have deleted and recreated the bootstrap stack, or changed its qualifier. -#### Self-mutation step has been removed - -Some constructs, such as EKS clusters, generate nested stacks. When CloudFormation tries -to deploy those stacks, it may fail with this error: - -```console -S3 error: Access Denied For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html -``` - -This happens because the pipeline is not self-mutating and, as a consequence, the `FileAssetX` -build projects get out-of-sync with the generated templates. To fix this, make sure the -`selfMutating` property is set to `true`: - -```ts -const cloudAssemblyArtifact = new codepipeline.Artifact(); -const pipeline = new pipelines.CdkPipeline(this, 'MyPipeline', { - selfMutating: true, - cloudAssemblyArtifact, -}); -``` - #### Bootstrap roles have been renamed or recreated While attempting to deploy an application stage, the "Prepare" or "Deploy" stage may fail with a cryptic error like: @@ -1656,7 +1674,7 @@ $ env CDK_NEW_BOOTSTRAP=1 npx cdk bootstrap \ ``` - Update all impacted stacks in the pipeline to use this new qualifier. -See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html for more info. + See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html for more info. ```ts new Stack(this, 'MyStack', { @@ -1681,13 +1699,13 @@ encryption key policy for the artifacts bucket may have a statement that looks l ```json { - "Effect" : "Allow", - "Principal" : { + "Effect": "Allow", + "Principal": { // "AWS" : "AROAYBRETNYCYV6ZF2R93" // Indicates this issue; replace this value - "AWS": "arn:aws:iam::0123456789012:role/cdk-hnb659fds-deploy-role-0123456789012-eu-west-1", // Correct value + "AWS": "arn:aws:iam::0123456789012:role/cdk-hnb659fds-deploy-role-0123456789012-eu-west-1" // Correct value }, - "Action" : [ "kms:Decrypt", "kms:DescribeKey" ], - "Resource" : "*" + "Action": ["kms:Decrypt", "kms:DescribeKey"], + "Resource": "*" } ``` @@ -1704,7 +1722,7 @@ framework version that your application uses. You either forgot to change the `cliVersion` parameter, or changed the `cliVersion` in the same commit in which you changed the framework version. Because a change to the pipeline settings needs a successful run of the `SelfMutate` step to be applied, the next iteration of the -`SelfMutate` step still executes with the *old* CLI version, and that old CLI version +`SelfMutate` step still executes with the _old_ CLI version, and that old CLI version is not able to read the cloud assembly produced by the new framework version. Solution: change the `cliVersion` first, commit, push and deploy, and only then @@ -1751,8 +1769,8 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { // Add the shell commands to install your drop-in Docker // replacement to the CodeBuild enviromment. commands: installCommands, - } - } + }, + }, }), buildEnvironment: { environmentVariables: { @@ -1760,8 +1778,8 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { // `docker` when building / publishing docker images. // e.g., `drop-in-replacement build . -f path/to/Dockerfile` CDK_DOCKER: { value: 'drop-in-replacement' }, - } - } + }, + }, }, }); ``` @@ -1789,14 +1807,16 @@ const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { buildEnvironment: { // Provide a custom build image containing your toolchain and the // pre-installed replacement for the `docker` command. - buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('your-docker-registry'), + buildImage: codebuild.LinuxBuildImage.fromDockerRegistry( + 'your-docker-registry' + ), environmentVariables: { // If you haven't provided an `ENV` in your Dockerfile that overrides // `CDK_DOCKER`, then you must provide the name of the command that // the AWS CDK should run instead of `docker` here. CDK_DOCKER: { value: 'drop-in-replacement' }, - } - } + }, + }, }, }); ``` diff --git a/packages/aws-cdk-lib/pipelines/lib/index.ts b/packages/aws-cdk-lib/pipelines/lib/index.ts index 5f469e9fd5ce6..e26c394c027cb 100644 --- a/packages/aws-cdk-lib/pipelines/lib/index.ts +++ b/packages/aws-cdk-lib/pipelines/lib/index.ts @@ -1,4 +1,3 @@ -export * from './legacy'; export * from './blueprint'; export * from './codepipeline'; export * from './main'; diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts deleted file mode 100644 index 3de0c99c3de23..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/deploy-cdk-stack-action.ts +++ /dev/null @@ -1,386 +0,0 @@ -import * as fs from 'fs'; -import * as path from 'path'; -import { Construct, Node } from 'constructs'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as cpactions from '../../../../aws-codepipeline-actions'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { Aws, CfnCapabilities, Stack } from '../../../../core'; -import * as cxapi from '../../../../cx-api'; -import { appOf, assemblyBuilderOf } from '../../private/construct-internals'; -import { toPosixPath } from '../../private/fs'; - -/** - * Customization options for a DeployCdkStackAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface DeployCdkStackActionOptions { - /** - * Base name of the action - * - * @default stackName - */ - readonly baseActionName?: string; - - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * Run order for the Prepare action - * - * @default 1 - */ - readonly prepareRunOrder?: number; - - /** - * Run order for the Execute action - * - * @default - prepareRunOrder + 1 - */ - readonly executeRunOrder?: number; - - /** - * Artifact to write Stack Outputs to - * - * @default - No outputs - */ - readonly output?: codepipeline.Artifact; - - /** - * Filename in output to write Stack outputs to - * - * @default - Required when 'output' is set - */ - readonly outputFileName?: string; - - /** - * Name of the change set to create and deploy - * - * @default 'PipelineChange' - */ - readonly changeSetName?: string; -} - -/** - * Properties for a DeployCdkStackAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface DeployCdkStackActionProps extends DeployCdkStackActionOptions { - /** - * Relative path of template in the input artifact - */ - readonly templatePath: string; - - /** - * Role for the action to assume - * - * This controls the account to deploy into - */ - readonly actionRole: iam.IRole; - - /** - * The name of the stack that should be created/updated - */ - readonly stackName: string; - - /** - * Role to execute CloudFormation under - * - * @default - Execute CloudFormation using the action role - */ - readonly cloudFormationExecutionRole?: iam.IRole; - - /** - * Region to deploy into - * - * @default - Same region as pipeline - */ - readonly region?: string; - - /** - * Artifact ID for the stack deployed here - * - * Used for pipeline order checking. - * - * @default - Order will not be checked - */ - readonly stackArtifactId?: string; - - /** - * Artifact ID for the stacks this stack depends on - * - * Used for pipeline order checking. - * - * @default - No dependencies - */ - readonly dependencyStackArtifactIds?: string[]; - - /** - * Template configuration path relative to the input artifact - * - * @default - No template configuration - */ - readonly templateConfigurationPath?: string; -} - -/** - * Options for the 'fromStackArtifact' operation - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface CdkStackActionFromArtifactOptions extends DeployCdkStackActionOptions { - /** - * The name of the stack that should be created/updated - * - * @default - Same as stack artifact - */ - readonly stackName?: string; -} - -/** - * Action to deploy a CDK Stack - * - * Adds two CodePipeline Actions to the pipeline: one to create a ChangeSet - * and one to execute it. - * - * You do not need to instantiate this action yourself -- it will automatically - * be added by the pipeline when you add stack artifacts or entire stages. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class DeployCdkStackAction implements codepipeline.IAction { - /** - * Construct a DeployCdkStackAction from a Stack artifact - */ - public static fromStackArtifact(scope: Construct, artifact: cxapi.CloudFormationStackArtifact, options: CdkStackActionFromArtifactOptions) { - if (!artifact.assumeRoleArn) { - throw new Error(`Stack '${artifact.stackName}' does not have deployment role information; use the 'DefaultStackSynthesizer' synthesizer, or set the '@aws-cdk/core:newStyleStackSynthesis' context key.`); - } - - const artRegion = artifact.environment.region; - const region = artRegion === Stack.of(scope).region || artRegion === cxapi.UNKNOWN_REGION ? undefined : artRegion; - const artAccount = artifact.environment.account; - const account = artAccount === Stack.of(scope).account || artAccount === cxapi.UNKNOWN_ACCOUNT ? undefined : artAccount; - - const actionRole = roleFromPlaceholderArn(scope, region, account, artifact.assumeRoleArn); - const cloudFormationExecutionRole = roleFromPlaceholderArn(scope, region, account, artifact.cloudFormationExecutionRoleArn); - - // We need the path of the template relative to the root Cloud Assembly - // It should be easier to get this, but for now it is what it is. - const appAsmRoot = assemblyBuilderOf(appOf(scope)).outdir; - const fullTemplatePath = path.join(artifact.assembly.directory, artifact.templateFile); - - let fullConfigPath; - if (Object.keys(artifact.tags).length > 0) { - fullConfigPath = `${fullTemplatePath}.config.json`; - - // Write the template configuration file (for parameters into CreateChangeSet call that - // cannot be configured any other way). They must come from a file, and there's unfortunately - // no better hook to write this file (`construct.onSynthesize()` would have been the prime candidate - // but that is being deprecated--and DeployCdkStackAction isn't even a construct). - writeTemplateConfiguration(fullConfigPath, { - Tags: artifact.tags, - }); - } - - return new DeployCdkStackAction({ - actionRole, - cloudFormationExecutionRole, - templatePath: toPosixPath(path.relative(appAsmRoot, fullTemplatePath)), - templateConfigurationPath: fullConfigPath ? toPosixPath(path.relative(appAsmRoot, fullConfigPath)) : undefined, - region, - stackArtifactId: artifact.id, - dependencyStackArtifactIds: artifact.dependencies.filter(isStackArtifact).map(s => s.id), - stackName: options.stackName ?? artifact.stackName, - ...options, - }); - } - - /** - * The runorder for the prepare action - */ - public readonly prepareRunOrder: number; - - /** - * The runorder for the execute action - */ - public readonly executeRunOrder: number; - - /** - * Name of the deployed stack - */ - public readonly stackName: string; - - /** - * Artifact id of the artifact this action was based on - */ - public readonly stackArtifactId?: string; - - /** - * Artifact ids of the artifact this stack artifact depends on - */ - public readonly dependencyStackArtifactIds: string[]; - - private readonly prepareChangeSetAction: cpactions.CloudFormationCreateReplaceChangeSetAction; - private readonly executeChangeSetAction: cpactions.CloudFormationExecuteChangeSetAction; - - constructor(props: DeployCdkStackActionProps) { - if (props.output && !props.outputFileName) { - throw new Error('If \'output\' is set, \'outputFileName\' is also required'); - } - - this.stackArtifactId = props.stackArtifactId; - this.dependencyStackArtifactIds = props.dependencyStackArtifactIds ?? []; - - this.prepareRunOrder = props.prepareRunOrder ?? 1; - this.executeRunOrder = props.executeRunOrder ?? this.prepareRunOrder + 1; - this.stackName = props.stackName; - const baseActionName = props.baseActionName ?? this.stackName; - const changeSetName = props.changeSetName ?? 'PipelineChange'; - - this.prepareChangeSetAction = new cpactions.CloudFormationCreateReplaceChangeSetAction({ - actionName: `${baseActionName}.Prepare`, - changeSetName, - runOrder: this.prepareRunOrder, - stackName: this.stackName, - templatePath: props.cloudAssemblyInput.atPath(props.templatePath), - adminPermissions: false, - role: props.actionRole, - deploymentRole: props.cloudFormationExecutionRole, - region: props.region, - cfnCapabilities: [CfnCapabilities.NAMED_IAM, CfnCapabilities.AUTO_EXPAND], - templateConfiguration: props.templateConfigurationPath ? props.cloudAssemblyInput.atPath(props.templateConfigurationPath) : undefined, - }); - this.executeChangeSetAction = new cpactions.CloudFormationExecuteChangeSetAction({ - actionName: `${baseActionName}.Deploy`, - changeSetName, - runOrder: this.executeRunOrder, - stackName: this.stackName, - role: props.actionRole, - region: props.region, - outputFileName: props.outputFileName, - output: props.output, - }); - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): - codepipeline.ActionConfig { - stage.addAction(this.prepareChangeSetAction); - - return this.executeChangeSetAction.bind(scope, stage, options); - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.executeChangeSetAction.onStateChange(name, target, options); - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - return this.executeChangeSetAction.actionProperties; - } -} - -function roleFromPlaceholderArn(scope: Construct, region: string | undefined, - account: string | undefined, arn: string): iam.IRole; -function roleFromPlaceholderArn(scope: Construct, region: string | undefined, - account: string | undefined, arn: string | undefined): iam.IRole | undefined; -function roleFromPlaceholderArn(scope: Construct, region: string | undefined, - account: string | undefined, arn: string | undefined): iam.IRole | undefined { - - if (!arn) { return undefined; } - - // Use placeholdered arn as construct ID. - const id = arn; - - // https://github.com/aws/aws-cdk/issues/7255 - let existingRole = Node.of(scope).tryFindChild(`ImmutableRole${id}`) as iam.IRole; - if (existingRole) { return existingRole; } - // For when #7255 is fixed. - existingRole = Node.of(scope).tryFindChild(id) as iam.IRole; - if (existingRole) { return existingRole; } - - const arnToImport = cxapi.EnvironmentPlaceholders.replace(arn, { - region: region ?? Aws.REGION, - accountId: account ?? Aws.ACCOUNT_ID, - partition: Aws.PARTITION, - }); - return iam.Role.fromRoleArn(scope, id, arnToImport, { mutable: false, addGrantsToResources: true }); -} - -/** - * Options for CdkDeployAction.fromStackArtifact - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface FromStackArtifactOptions { - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * Run order for the 2 actions that will be created - * - * @default 1 - */ - readonly prepareRunOrder?: number; - - /** - * Run order for the Execute action - * - * @default - prepareRunOrder + 1 - */ - readonly executeRunOrder?: number; - - /** - * Artifact to write Stack Outputs to - * - * @default - No outputs - */ - readonly output?: codepipeline.Artifact; - - /** - * Filename in output to write Stack outputs to - * - * @default - Required when 'output' is set - */ - readonly outputFileName?: string; -} - -function isStackArtifact(a: cxapi.CloudArtifact): a is cxapi.CloudFormationStackArtifact { - // instanceof is too risky, and we're at a too late stage to properly fix. - // return a instanceof cxapi.CloudFormationStackArtifact; - return a.constructor.name === 'CloudFormationStackArtifact'; -} - -/** - * Template configuration in a CodePipeline - * - * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/continuous-delivery-codepipeline-cfn-artifacts.html#w2ab1c13c17c15 - */ -interface TemplateConfiguration { - readonly Parameters?: Record; - readonly Tags?: Record; - readonly StackPolicy?: { - readonly Statements: Array>; - }; -} - -/** - * Write template configuration to the given file - */ -function writeTemplateConfiguration(filename: string, config: TemplateConfiguration) { - fs.writeFileSync(filename, JSON.stringify(config, undefined, 2), { encoding: 'utf-8' }); -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts deleted file mode 100644 index 834ded93472f2..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -export * from './deploy-cdk-stack-action'; -export * from './publish-assets-action'; -export * from './update-pipeline-action'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts deleted file mode 100644 index 89bd087101972..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts +++ /dev/null @@ -1,228 +0,0 @@ -import * as fs from 'fs'; -import * as path from 'path'; -import { IDependable, Construct } from 'constructs'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../../aws-codepipeline-actions'; -import * as ec2 from '../../../../aws-ec2'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { ISynthesisSession, Lazy, Stack, attachCustomSynthesis } from '../../../../core'; -import { AssetType } from '../../blueprint/asset-type'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; -import { toPosixPath } from '../../private/fs'; - -/** - * Props for a PublishAssetsAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface PublishAssetsActionProps { - /** - * Name of publishing action - */ - readonly actionName: string; - - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * AssetType we're publishing - */ - readonly assetType: AssetType; - - /** - * Version of CDK CLI to 'npm install'. - * - * @default - Latest version - */ - readonly cdkCliVersion?: string; - - /** - * Name of the CodeBuild project - * - * @default - Automatically generated - */ - readonly projectName?: string; - - /** - * Role to use for CodePipeline and CodeBuild to build and publish the assets. - * - * @default - Automatically generated - */ - readonly role?: iam.IRole; - - /** - * Any Dependable construct that the CodeBuild project needs to take a dependency on. - * - * @default - none - */ - readonly dependable?: IDependable; - - /** - * The VPC where to execute the PublishAssetsAction. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * Custom BuildSpec that is merged with generated one - * - * @default - none - */ - readonly buildSpec?: codebuild.BuildSpec; - - /** - * Use a file buildspec written to the cloud assembly instead of an inline buildspec. - * This prevents size limitation errors as inline specs have a max length of 25600 characters - * - * @default false - */ - readonly createBuildspecFile?: boolean; - - /** - * Additional commands to run before installing cdk-assert - * Use this to setup proxies or npm mirrors - * - * @default - - */ - readonly preInstallCommands?: string[]; -} - -/** - * Action to publish an asset in the pipeline - * - * Creates a CodeBuild project which will use the CDK CLI - * to prepare and publish the asset. - * - * You do not need to instantiate this action -- it will automatically - * be added by the pipeline when you add stacks that use assets. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class PublishAssetsAction extends Construct implements codepipeline.IAction { - private readonly action: codepipeline.IAction; - private readonly commands = new Array(); - - private readonly buildSpec: codebuild.BuildSpec; - - constructor(scope: Construct, id: string, private readonly props: PublishAssetsActionProps) { - super(scope, id); - - const installSuffix = props.cdkCliVersion ? `@${props.cdkCliVersion}` : ''; - const installCommand = `npm install -g cdk-assets${installSuffix}`; - - const buildSpec = codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - install: { - commands: props.preInstallCommands ? [...props.preInstallCommands, installCommand] : installCommand, - }, - build: { - commands: Lazy.list({ produce: () => this.commands }), - }, - }, - }); - this.buildSpec = props.buildSpec ? codebuild.mergeBuildSpecs(props.buildSpec, buildSpec) : buildSpec; - - const project = new codebuild.PipelineProject(this, 'Default', { - projectName: this.props.projectName, - environment: { - buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE, - privileged: (props.assetType === AssetType.DOCKER_IMAGE) ? true : undefined, - }, - vpc: props.vpc, - subnetSelection: props.subnetSelection, - buildSpec: props.createBuildspecFile ? codebuild.BuildSpec.fromSourceFilename(this.getBuildSpecFileName()) : this.buildSpec, - role: props.role, - }); - - if (props.dependable) { - project.node.addDependency(props.dependable); - } - - this.action = new codepipeline_actions.CodeBuildAction({ - actionName: props.actionName, - project, - input: this.props.cloudAssemblyInput, - role: props.role, - // Add this purely so that the pipeline will selfupdate if the CLI version changes - environmentVariables: props.cdkCliVersion ? { - CDK_CLI_VERSION: { value: props.cdkCliVersion }, - } : undefined, - }); - - attachCustomSynthesis(this, { - onSynthesize: this._onSynth.bind(this), - }); - } - - private getBuildSpecFileName(): string { - return `buildspec-assets-${this.node.path.replace(new RegExp('/', 'g'), '-')}.yaml`; - } - - private _onSynth(session: ISynthesisSession): void { - if (this.props.createBuildspecFile) { - const specFile = path.join(session.outdir, this.getBuildSpecFileName()); - fs.writeFileSync(specFile, Stack.of(this).resolve(this.buildSpec.toBuildSpec()), { encoding: 'utf-8' }); - } - } - - /** - * Add a single publishing command - * - * Manifest path should be relative to the root Cloud Assembly. - */ - public addPublishCommand(relativeManifestPath: string, assetSelector: string) { - const command = `cdk-assets --path "${toPosixPath(relativeManifestPath)}" --verbose publish "${assetSelector}"`; - if (!this.commands.includes(command)) { - this.commands.push(command); - } - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): - codepipeline.ActionConfig { - return this.action.bind(scope, stage, options); - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.action.onStateChange(name, target, options); - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - // FIXME: I have had to make this class a Construct, because: - // - // - It needs access to the Construct tree, because it is going to add a `PipelineProject`. - // - I would have liked to have done that in bind(), however, - // - `actionProperties` (this method) is called BEFORE bind() is called, and by that point I - // don't have the "inner" Action yet to forward the call to. - // - // I've therefore had to construct the inner CodeBuildAction in the constructor, which requires making this - // Action a Construct. - // - // Combined with how non-intuitive it is to make the "StackDeployAction", I feel there is something - // wrong with the Action abstraction here. - return this.action.actionProperties; - } -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts deleted file mode 100644 index 85672ab4a849f..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/update-pipeline-action.ts +++ /dev/null @@ -1,183 +0,0 @@ -import { Construct } from 'constructs'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as cpactions from '../../../../aws-codepipeline-actions'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { Stack } from '../../../../core'; -import { dockerCredentialsInstallCommands, DockerCredential, DockerCredentialUsage } from '../../docker-credentials'; -import { embeddedAsmPath } from '../../private/construct-internals'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; - -/** - * Props for the UpdatePipelineAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface UpdatePipelineActionProps { - /** - * The CodePipeline artifact that holds the Cloud Assembly. - */ - readonly cloudAssemblyInput: codepipeline.Artifact; - - /** - * Name of the pipeline stack - * - * @deprecated - Use `pipelineStackHierarchicalId` instead. - * @default - none - */ - readonly pipelineStackName?: string; - - /** - * Hierarchical id of the pipeline stack - */ - readonly pipelineStackHierarchicalId: string; - - /** - * Version of CDK CLI to 'npm install'. - * - * @default - Latest version - */ - readonly cdkCliVersion?: string; - - /** - * Name of the CodeBuild project - * - * @default - Automatically generated - */ - readonly projectName?: string; - - /** - * Whether the build step should run in privileged mode. - * - * @default - false - */ - readonly privileged?: boolean; - - /** - * Docker registries and associated credentials necessary during the pipeline - * self-update stage. - * - * @default [] - */ - readonly dockerCredentials?: DockerCredential[]; - - /** - * Custom BuildSpec that is merged with generated one - * - * @default - none - */ - readonly buildSpec?: codebuild.BuildSpec; -} - -/** - * Action to self-mutate the pipeline - * - * Creates a CodeBuild project which will use the CDK CLI - * to deploy the pipeline stack. - * - * You do not need to instantiate this action -- it will automatically - * be added by the pipeline. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class UpdatePipelineAction extends Construct implements codepipeline.IAction { - private readonly action: codepipeline.IAction; - - constructor(scope: Construct, id: string, props: UpdatePipelineActionProps) { - super(scope, id); - - const installSuffix = props.cdkCliVersion ? `@${props.cdkCliVersion}` : ''; - - const stackIdentifier = props.pipelineStackHierarchicalId ?? props.pipelineStackName; - const buildSpec = codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - install: { - commands: [ - `npm install -g aws-cdk${installSuffix}`, - ...dockerCredentialsInstallCommands(DockerCredentialUsage.SELF_UPDATE, props.dockerCredentials), - ], - }, - build: { - commands: [ - // Cloud Assembly is in *current* directory. - `cdk -a ${embeddedAsmPath(scope)} deploy ${stackIdentifier} --require-approval=never --verbose`, - ], - }, - }, - }); - const selfMutationProject = new codebuild.PipelineProject(this, 'SelfMutation', { - projectName: props.projectName, - environment: { - buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE, - privileged: props.privileged ?? false, - }, - buildSpec: props.buildSpec ? codebuild.mergeBuildSpecs(props.buildSpec, buildSpec) : buildSpec, - }); - - // allow the self-mutating project permissions to assume the bootstrap Action role - selfMutationProject.addToRolePolicy(new iam.PolicyStatement({ - actions: ['sts:AssumeRole'], - resources: [`arn:*:iam::${Stack.of(this).account}:role/*`], - conditions: { - 'ForAnyValue:StringEquals': { - 'iam:ResourceTag/aws-cdk:bootstrap-role': ['image-publishing', 'file-publishing', 'deploy'], - }, - }, - })); - selfMutationProject.addToRolePolicy(new iam.PolicyStatement({ - actions: ['cloudformation:DescribeStacks'], - resources: ['*'], // this is needed to check the status of the bootstrap stack when doing `cdk deploy` - })); - // S3 checks for the presence of the ListBucket permission - selfMutationProject.addToRolePolicy(new iam.PolicyStatement({ - actions: ['s3:ListBucket'], - resources: ['*'], - })); - (props.dockerCredentials ?? []).forEach(reg => reg.grantRead(selfMutationProject, DockerCredentialUsage.SELF_UPDATE)); - - this.action = new cpactions.CodeBuildAction({ - actionName: 'SelfMutate', - input: props.cloudAssemblyInput, - project: selfMutationProject, - // Add this purely so that the pipeline will selfupdate if the CLI version changes - environmentVariables: props.cdkCliVersion ? { - CDK_CLI_VERSION: { value: props.cdkCliVersion }, - } : undefined, - }); - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig { - return this.action.bind(scope, stage, options); - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.action.onStateChange(name, target, options); - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - // FIXME: I have had to make this class a Construct, because: - // - // - It needs access to the Construct tree, because it is going to add a `PipelineProject`. - // - I would have liked to have done that in bind(), however, - // - `actionProperties` (this method) is called BEFORE bind() is called, and by that point I - // don't have the "inner" Action yet to forward the call to. - // - // I've therefore had to construct the inner CodeBuildAction in the constructor, which requires making this - // Action a Construct. - // - // Combined with how non-intuitive it is to make the "StackDeployAction", I feel there is something - // wrong with the Action abstraction here. - return this.action.actionProperties; - } -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/index.ts deleted file mode 100644 index ca2b108fcb0d8..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/index.ts +++ /dev/null @@ -1,5 +0,0 @@ -export * from './pipeline'; -export * from './stage'; -export * from './synths'; -export * from './actions'; -export * from './validation'; diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts deleted file mode 100644 index ea87b74b2f4de..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts +++ /dev/null @@ -1,624 +0,0 @@ -import * as path from 'path'; -import { Construct } from 'constructs'; -import { DeployCdkStackAction, PublishAssetsAction, UpdatePipelineAction } from './actions'; -import { AddStageOptions, AssetPublishingCommand, BaseStageOptions, CdkStage, StackOutput } from './stage'; -import { SimpleSynthAction } from './synths'; -import * as codebuild from '../../../aws-codebuild'; -import * as codepipeline from '../../../aws-codepipeline'; -import * as ec2 from '../../../aws-ec2'; -import * as iam from '../../../aws-iam'; -import { Annotations, App, CfnOutput, PhysicalName, Stack, Stage } from '../../../core'; -import { AssetType } from '../blueprint/asset-type'; -import { dockerCredentialsInstallCommands, DockerCredential, DockerCredentialUsage } from '../docker-credentials'; -import { ApplicationSecurityCheck } from '../private/application-security-check'; -import { AssetSingletonRole } from '../private/asset-singleton-role'; -import { CachedFnSub } from '../private/cached-fnsub'; -import { preferredCliVersion } from '../private/cli-version'; -import { appOf, assemblyBuilderOf } from '../private/construct-internals'; - -const CODE_BUILD_LENGTH_LIMIT = 100; -/** - * Properties for a CdkPipeline - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface CdkPipelineProps { - /** - * The CodePipeline action used to retrieve the CDK app's source - * - * @default - Required unless `codePipeline` is given - */ - readonly sourceAction?: codepipeline.IAction; - - /** - * The CodePipeline action build and synthesis step of the CDK app - * - * @default - Required unless `codePipeline` or `sourceAction` is given - */ - readonly synthAction?: codepipeline.IAction; - - /** - * The artifact you have defined to be the artifact to hold the cloudAssemblyArtifact for the synth action - */ - readonly cloudAssemblyArtifact: codepipeline.Artifact; - - /** - * Existing CodePipeline to add deployment stages to - * - * Use this if you want more control over the CodePipeline that gets created. - * You can choose to not pass this value, in which case a new CodePipeline is - * created with default settings. - * - * If you pass an existing CodePipeline, it should have been created - * with `restartExecutionOnUpdate: true`. - * - * [disable-awslint:ref-via-interface] - * - * @default - A new CodePipeline is automatically generated - */ - readonly codePipeline?: codepipeline.Pipeline; - - /** - * Name of the pipeline - * - * Can only be set if `codePipeline` is not set. - * - * @default - A name is automatically generated - */ - readonly pipelineName?: string; - - /** - * Create KMS keys for cross-account deployments - * - * This controls whether the pipeline is enabled for cross-account deployments. - * - * Can only be set if `codePipeline` is not set. - * - * By default cross-account deployments are enabled, but this feature requires - * that KMS Customer Master Keys are created which have a cost of $1/month. - * - * If you do not need cross-account deployments, you can set this to `false` to - * not create those keys and save on that cost (the artifact bucket will be - * encrypted with an AWS-managed key). However, cross-account deployments will - * no longer be possible. - * - * @default true - */ - readonly crossAccountKeys?: boolean; - // @deprecated(v2): switch to default false - - /** - * Enables KMS key rotation for cross-account keys. - * - * Cannot be set if `crossAccountKeys` was set to `false`. - * - * Key rotation costs $1/month when enabled. - * - * @default - false (key rotation is disabled) - */ - readonly enableKeyRotation?: boolean; - - /** - * CDK CLI version to use in pipeline - * - * Some Actions in the pipeline will download and run a version of the CDK - * CLI. Specify the version here. - * - * @default - Latest version - */ - readonly cdkCliVersion?: string; - - /** - * The VPC where to execute the CdkPipeline actions. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * Whether the pipeline will update itself - * - * This needs to be set to `true` to allow the pipeline to reconfigure - * itself when assets or stages are being added to it, and `true` is the - * recommended setting. - * - * You can temporarily set this to `false` while you are iterating - * on the pipeline itself and prefer to deploy changes using `cdk deploy`. - * - * @default true - */ - readonly selfMutating?: boolean; - - /** - * Custom BuildSpec that is merged with generated one (for self-mutation stage) - * - * @default - none - */ - readonly selfMutationBuildSpec?: codebuild.BuildSpec; - - /** - * Whether this pipeline creates one asset upload action per asset type or one asset upload per asset - * - * @default false - */ - readonly singlePublisherPerType?: boolean; - - /** - * Additional commands to run before installing cdk-assets during the asset publishing step - * Use this to setup proxies or npm mirrors - * - * @default - - */ - readonly assetPreInstallCommands?: string[]; - - /** - * Custom BuildSpec that is merged with generated one (for asset publishing actions) - * - * @default - none - */ - readonly assetBuildSpec?: codebuild.BuildSpec; - - /** - * Whether the pipeline needs to build Docker images in the UpdatePipeline stage. - * - * If the UpdatePipeline stage tries to build a Docker image and this flag is not - * set to `true`, the build step will run in non-privileged mode and consequently - * will fail with a message like: - * - * > Cannot connect to the Docker daemon at unix:///var/run/docker.sock. - * > Is the docker daemon running? - * - * This flag has an effect only if `selfMutating` is also `true`. - * - * @default - false - */ - readonly supportDockerAssets?: boolean; - - /** - * A list of credentials used to authenticate to Docker registries. - * - * Specify any credentials necessary within the pipeline to build, synth, update, or publish assets. - * - * @default [] - */ - readonly dockerCredentials?: DockerCredential[]; -} - -/** - * A Pipeline to deploy CDK apps - * - * Defines an AWS CodePipeline-based Pipeline to deploy CDK applications. - * - * Automatically manages the following: - * - * - Stack dependency order. - * - Asset publishing. - * - Keeping the pipeline up-to-date as the CDK apps change. - * - Using stack outputs later on in the pipeline. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class CdkPipeline extends Construct { - private readonly _pipeline: codepipeline.Pipeline; - private readonly _assets: AssetPublishing; - private readonly _stages: CdkStage[] = []; - private readonly _outputArtifacts: Record = {}; - private readonly _cloudAssemblyArtifact: codepipeline.Artifact; - private readonly _dockerCredentials: DockerCredential[]; - private _applicationSecurityCheck?: ApplicationSecurityCheck; - private readonly cliVersion?: string; - - constructor(scope: Construct, id: string, props: CdkPipelineProps) { - super(scope, id); - this.cliVersion = props.cdkCliVersion ?? preferredCliVersion(); - - if (!App.isApp(this.node.root)) { - throw new Error('CdkPipeline must be created under an App'); - } - - this._cloudAssemblyArtifact = props.cloudAssemblyArtifact; - this._dockerCredentials = props.dockerCredentials ?? []; - const pipelineStack = Stack.of(this); - - if (props.codePipeline) { - if (props.pipelineName) { - throw new Error('Cannot set \'pipelineName\' if an existing CodePipeline is given using \'codePipeline\''); - } - if (props.crossAccountKeys !== undefined) { - throw new Error('Cannot set \'crossAccountKeys\' if an existing CodePipeline is given using \'codePipeline\''); - } - if (props.enableKeyRotation !== undefined) { - throw new Error('Cannot set \'enableKeyRotation\' if an existing CodePipeline is given using \'codePipeline\''); - } - - this._pipeline = props.codePipeline; - } else { - this._pipeline = new codepipeline.Pipeline(this, 'Pipeline', { - pipelineName: props.pipelineName, - crossAccountKeys: props.crossAccountKeys, - enableKeyRotation: props.enableKeyRotation, - restartExecutionOnUpdate: true, - }); - } - - if (props.sourceAction && !props.synthAction) { - // Because of ordering limitations, you can: bring your own Source, bring your own - // Both, or bring your own Nothing. You cannot bring your own Build (which because of the - // current CodePipeline API must go BEFORE what we're adding) and then having us add a - // Source after it. That doesn't make any sense. - throw new Error('When passing a \'sourceAction\' you must also pass a \'synthAction\' (or a \'codePipeline\' that already has both)'); - } - if (!props.sourceAction && (!props.codePipeline || props.codePipeline.stages.length < 1)) { - throw new Error('You must pass a \'sourceAction\' (or a \'codePipeline\' that already has a Source stage)'); - } - - if (props.sourceAction) { - this._pipeline.addStage({ - stageName: 'Source', - actions: [props.sourceAction], - }); - } - - if (props.synthAction) { - if (props.synthAction instanceof SimpleSynthAction && this._dockerCredentials.length > 0) { - props.synthAction._addDockerCredentials(this._dockerCredentials); - } - - this._pipeline.addStage({ - stageName: 'Build', - actions: [props.synthAction], - }); - } - - if (props.selfMutating ?? true) { - this._pipeline.addStage({ - stageName: 'UpdatePipeline', - actions: [new UpdatePipelineAction(this, 'UpdatePipeline', { - cloudAssemblyInput: this._cloudAssemblyArtifact, - pipelineStackHierarchicalId: pipelineStack.node.path, - cdkCliVersion: this.cliVersion, - projectName: maybeSuffix(props.pipelineName, '-selfupdate'), - privileged: props.supportDockerAssets, - dockerCredentials: this._dockerCredentials, - buildSpec: props.selfMutationBuildSpec, - })], - }); - } - - this._assets = new AssetPublishing(this, 'Assets', { - cloudAssemblyInput: this._cloudAssemblyArtifact, - cdkCliVersion: this.cliVersion, - pipeline: this._pipeline, - projectName: maybeSuffix(props.pipelineName, '-publish'), - vpc: props.vpc, - subnetSelection: props.subnetSelection, - singlePublisherPerType: props.singlePublisherPerType, - preInstallCommands: props.assetPreInstallCommands, - buildSpec: props.assetBuildSpec, - dockerCredentials: this._dockerCredentials, - }); - - this.node.addValidation({ validate: () => this.validatePipeline() }); - } - - /** - * The underlying CodePipeline object - * - * You can use this to add more Stages to the pipeline, or Actions - * to Stages. - */ - public get codePipeline(): codepipeline.Pipeline { - return this._pipeline; - } - - /** - * Access one of the pipeline's stages by stage name - * - * You can use this to add more Actions to a stage. - */ - public stage(stageName: string): codepipeline.IStage { - return this._pipeline.stage(stageName); - } - - /** - * Get a cached version of an Application Security Check, which consists of: - * - CodeBuild Project to check for security changes in a stage - * - Lambda Function that approves the manual approval if no security changes are detected - * - * @internal - */ - public _getApplicationSecurityCheck(): ApplicationSecurityCheck { - if (!this._applicationSecurityCheck) { - this._applicationSecurityCheck = new ApplicationSecurityCheck(this, 'PipelineApplicationSecurityCheck', { - codePipeline: this._pipeline, - }); - } - return this._applicationSecurityCheck; - } - - /** - * Add pipeline stage that will deploy the given application stage - * - * The application construct should subclass `Stage` and can contain any - * number of `Stacks` inside it that may have dependency relationships - * on one another. - * - * All stacks in the application will be deployed in the appropriate order, - * and all assets found in the application will be added to the asset - * publishing stage. - */ - public addApplicationStage(appStage: Stage, options: AddStageOptions = {}): CdkStage { - const stage = this.addStage(appStage.stageName, options); - stage.addApplication(appStage, options); - return stage; - } - - /** - * Add a new, empty stage to the pipeline - * - * Prefer to use `addApplicationStage` if you are intended to deploy a CDK - * application, but you can use this method if you want to add other kinds of - * Actions to a pipeline. - */ - public addStage(stageName: string, options?: BaseStageOptions) { - const pipelineStage = this._pipeline.addStage({ - stageName, - }); - - const stage = new CdkStage(this, stageName, { - cloudAssemblyArtifact: this._cloudAssemblyArtifact, - pipelineStage, - stageName, - host: { - publishAsset: this._assets.addPublishAssetAction.bind(this._assets), - stackOutputArtifact: (artifactId) => this._outputArtifacts[artifactId], - }, - ...options, - }); - this._stages.push(stage); - return stage; - } - - /** - * Get the StackOutput object that holds this CfnOutput's value in this pipeline - * - * `StackOutput` can be used in validation actions later in the pipeline. - */ - public stackOutput(cfnOutput: CfnOutput): StackOutput { - const stack = Stack.of(cfnOutput); - - if (!this._outputArtifacts[stack.artifactId]) { - // We should have stored the ArtifactPath in the map, but its Artifact - // property isn't publicly readable... - const artifactName = `${stack.artifactId}_Outputs`; - const compactName = artifactName.slice(artifactName.length - Math.min(artifactName.length, CODE_BUILD_LENGTH_LIMIT)); - this._outputArtifacts[stack.artifactId] = new codepipeline.Artifact(compactName); - } - - return new StackOutput(this._outputArtifacts[stack.artifactId].atPath('outputs.json'), cfnOutput.logicalId); - } - - /** - * Validate that we don't have any stacks violating dependency order in the pipeline - * - * Our own convenience methods will never generate a pipeline that does that (although - * this is a nice verification), but a user can also add the stacks by hand. - */ - private validatePipeline(): string[] { - const ret = new Array(); - - ret.push(...this.validateDeployOrder()); - ret.push(...this.validateRequestedOutputs()); - - return ret; - } - - /** - * Return all StackDeployActions in an ordered list - */ - private get stackActions(): DeployCdkStackAction[] { - return flatMap(this._pipeline.stages, s => s.actions.filter(isDeployAction)); - } - - private * validateDeployOrder(): IterableIterator { - const stackActions = this.stackActions; - for (const stackAction of stackActions) { - // For every dependency, it must be executed in an action before this one is prepared. - for (const depId of stackAction.dependencyStackArtifactIds) { - const depAction = stackActions.find(s => s.stackArtifactId === depId); - - if (depAction === undefined) { - Annotations.of(this).addWarningV2('@aws-cdk/pipelines:dependencyOnNonPipelineStack', `Stack '${stackAction.stackName}' depends on stack ` + - `'${depId}', but that dependency is not deployed through the pipeline!`); - } else if (!(depAction.executeRunOrder < stackAction.prepareRunOrder)) { - yield `Stack '${stackAction.stackName}' depends on stack ` + - `'${depAction.stackName}', but is deployed before it in the pipeline!`; - } - } - } - } - - private * validateRequestedOutputs(): IterableIterator { - const artifactIds = this.stackActions.map(s => s.stackArtifactId); - - for (const artifactId of Object.keys(this._outputArtifacts)) { - if (!artifactIds.includes(artifactId)) { - yield `Trying to use outputs for Stack '${artifactId}', but Stack is not deployed in this pipeline. Add it to the pipeline.`; - } - } - } -} - -function isDeployAction(a: codepipeline.IAction): a is DeployCdkStackAction { - return a instanceof DeployCdkStackAction; -} - -function flatMap(xs: A[], f: (x: A) => B[]): B[] { - return Array.prototype.concat([], ...xs.map(f)); -} - -interface AssetPublishingProps { - readonly cloudAssemblyInput: codepipeline.Artifact; - readonly pipeline: codepipeline.Pipeline; - readonly cdkCliVersion?: string; - readonly projectName?: string; - readonly vpc?: ec2.IVpc; - readonly subnetSelection?: ec2.SubnetSelection; - readonly singlePublisherPerType?: boolean; - readonly preInstallCommands?: string[]; - readonly buildSpec?: codebuild.BuildSpec; - readonly dockerCredentials: DockerCredential[]; -} - -/** - * Add appropriate publishing actions to the asset publishing stage - */ -class AssetPublishing extends Construct { - // CodePipelines has a hard limit of 50 actions per stage. See https://github.com/aws/aws-cdk/issues/9353 - private readonly MAX_PUBLISHERS_PER_STAGE = 50; - - private readonly publishers: Record = {}; - private readonly assetRoles: Map = new Map(); - private readonly assetAttachedPolicies: Record = {}; - private readonly myCxAsmRoot: string; - private readonly cachedFnSub = new CachedFnSub(); - - private readonly lastStageBeforePublishing?: codepipeline.IStage; - private readonly stages: codepipeline.IStage[] = []; - private readonly pipeline: codepipeline.Pipeline; - private readonly dockerCredentials: DockerCredential[]; - - private _fileAssetCtr = 0; - private _dockerAssetCtr = 0; - - constructor(scope: Construct, id: string, private readonly props: AssetPublishingProps) { - super(scope, id); - this.myCxAsmRoot = path.resolve(assemblyBuilderOf(appOf(this)).outdir); - - this.pipeline = this.props.pipeline; - // Hacks to get access to the innards of Pipeline - const stages: codepipeline.IStage[] = (this.props.pipeline as any)._stages; - // Any asset publishing stages will be added directly after the last stage that currently exists. - this.lastStageBeforePublishing = stages.slice(-1)[0]; - - this.dockerCredentials = props.dockerCredentials; - } - - /** - * Make sure there is an action in the stage to publish the given asset - * - * Assets are grouped by asset ID (which represent individual assets) so all assets - * are published in parallel. For each assets, all destinations are published sequentially - * so that we can reuse expensive operations between them (mostly: building a Docker image). - */ - public addPublishAssetAction(command: AssetPublishingCommand) { - // FIXME: this is silly, we need the relative path here but no easy way to get it - const relativePath = path.relative(this.myCxAsmRoot, command.assetManifestPath); - - // The path cannot be outside the asm root. I don't really understand how this could ever - // come to pass, but apparently it has (see https://github.com/aws/aws-cdk/issues/9766). - // Add a sanity check here so we can catch it more quickly next time. - if (relativePath.startsWith(`..${path.sep}`)) { - throw new Error(`The asset manifest (${command.assetManifestPath}) cannot be outside the Cloud Assembly directory (${this.myCxAsmRoot}). Please report this error at https://github.com/aws/aws-cdk/issues to help us debug why this is happening.`); - } - - // Late-binding here (rather than in the constructor) to prevent creating the role in cases where no asset actions are created. - const assetRole = this.generateAssetRole(command.assetType); - // The ARNs include raw AWS pseudo parameters (e.g., ${AWS::Partition}), which need to be substituted. - assetRole.addAssumeRole(this.cachedFnSub.fnSub(command.assetPublishingRoleArn)); - const publisherKey = this.props.singlePublisherPerType ? command.assetType.toString() : command.assetId; - - let action = this.publishers[publisherKey]; - if (!action) { - // Dynamically create new stages as needed, with `MAX_PUBLISHERS_PER_STAGE` assets per stage. - const stageIndex = this.props.singlePublisherPerType ? 0 : - Math.floor((this._fileAssetCtr + this._dockerAssetCtr) / this.MAX_PUBLISHERS_PER_STAGE); - - if (!this.props.singlePublisherPerType && stageIndex >= this.stages.length) { - const previousStage = this.stages.slice(-1)[0] ?? this.lastStageBeforePublishing; - this.stages.push(this.pipeline.addStage({ - stageName: `Assets${stageIndex > 0 ? stageIndex + 1 : ''}`, - placement: { justAfter: previousStage }, - })); - } else if (this.props.singlePublisherPerType && this.stages.length == 0) { - this.stages.push(this.pipeline.addStage({ - stageName: 'Assets', - placement: { justAfter: this.lastStageBeforePublishing }, - })); - } - - // The asset ID would be a logical candidate for the construct path and project names, but if the asset - // changes it leads to recreation of a number of Role/Policy/Project resources which is slower than - // necessary. Number sequentially instead. - // - // FIXME: The ultimate best solution is probably to generate a single Project per asset type - // and reuse that for all assets. - const id = this.props.singlePublisherPerType ? - command.assetType === AssetType.FILE ? 'FileAsset' : 'DockerAsset' : - command.assetType === AssetType.FILE ? `FileAsset${++this._fileAssetCtr}` : `DockerAsset${++this._dockerAssetCtr}`; - - const credsInstallCommands = dockerCredentialsInstallCommands(DockerCredentialUsage.ASSET_PUBLISHING, this.dockerCredentials); - - // NOTE: It's important that asset changes don't force a pipeline self-mutation. - // This can cause an infinite loop of updates (see https://github.com/aws/aws-cdk/issues/9080). - // For that reason, we use the id as the actionName below, rather than the asset hash. - action = this.publishers[publisherKey] = new PublishAssetsAction(this, id, { - actionName: id, - cloudAssemblyInput: this.props.cloudAssemblyInput, - cdkCliVersion: this.props.cdkCliVersion, - assetType: command.assetType, - role: this.assetRoles.get(command.assetType), - dependable: this.assetAttachedPolicies[command.assetType], - vpc: this.props.vpc, - subnetSelection: this.props.subnetSelection, - buildSpec: this.props.buildSpec, - createBuildspecFile: this.props.singlePublisherPerType, - preInstallCommands: [...(this.props.preInstallCommands ?? []), ...credsInstallCommands], - }); - this.stages[stageIndex].addAction(action); - } - - action.addPublishCommand(relativePath, command.assetSelector); - } - - /** - * This role is used by both the CodePipeline build action and related CodeBuild project. Consolidating these two - * roles into one, and re-using across all assets, saves significant size of the final synthesized output. - * Modeled after the CodePipeline role and 'CodePipelineActionRole' roles. - * Generates one role per asset type to separate file and Docker/image-based permissions. - */ - private generateAssetRole(assetType: AssetType) { - const existing = this.assetRoles.get(assetType); - if (existing) { - return existing; - } - - const rolePrefix = assetType === AssetType.DOCKER_IMAGE ? 'Docker' : 'File'; - const assetRole = new AssetSingletonRole(this, `${rolePrefix}Role`, { - roleName: PhysicalName.GENERATE_IF_NEEDED, - assumedBy: new iam.CompositePrincipal(new iam.ServicePrincipal('codebuild.amazonaws.com'), new iam.AccountPrincipal(Stack.of(this).account)), - }); - - // Grant pull access for any ECR registries and secrets that exist - if (assetType === AssetType.DOCKER_IMAGE) { - this.dockerCredentials.forEach(reg => reg.grantRead(assetRole, DockerCredentialUsage.ASSET_PUBLISHING)); - } - - this.assetRoles.set(assetType, assetRole); - return assetRole; - } -} - -function maybeSuffix(x: string | undefined, suffix: string): string | undefined { - if (x === undefined) { return undefined; } - return `${x}${suffix}`; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts deleted file mode 100644 index 79f224b87e583..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts +++ /dev/null @@ -1,586 +0,0 @@ -import { Construct, Node } from 'constructs'; -import { DeployCdkStackAction } from './actions'; -import { CdkPipeline } from './pipeline'; -import * as codebuild from '../../../aws-codebuild'; -import * as codepipeline from '../../../aws-codepipeline'; -import * as cpactions from '../../../aws-codepipeline-actions'; -import { CodeBuildAction } from '../../../aws-codepipeline-actions'; -import * as sns from '../../../aws-sns'; -import { Stage, Aspects } from '../../../core'; -import * as cxapi from '../../../cx-api'; -import { AssetType } from '../blueprint/asset-type'; -import { ApplicationSecurityCheck } from '../private/application-security-check'; -import { AssetManifestReader, DockerImageManifestEntry, FileManifestEntry } from '../private/asset-manifest'; -import { pipelineSynth } from '../private/construct-internals'; -import { topologicalSort } from '../private/toposort'; - -/** - * Construction properties for a CdkStage - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface CdkStageProps { - /** - * Name of the stage that should be created - */ - readonly stageName: string; - - /** - * The underlying Pipeline Stage associated with thisCdkStage - */ - readonly pipelineStage: codepipeline.IStage; - - /** - * The CodePipeline Artifact with the Cloud Assembly - */ - readonly cloudAssemblyArtifact: codepipeline.Artifact; - - /** - * Features the Stage needs from its environment - */ - readonly host: IStageHost; - - /** - * Run a security check before every application prepare/deploy actions. - * - * Note: Stage level security check can be overriden per application as follows: - * `stage.addApplication(app, { confirmBroadeningPermissions: false })` - * - * @default false - */ - readonly confirmBroadeningPermissions?: boolean; - - /** - * Optional SNS topic to send notifications to when any security check registers - * changes within a application. - * - * Note: The Stage Notification Topic can be overriden per application as follows: - * `stage.addApplication(app, { securityNotificationTopic: newTopic })` - * - * @default undefined no stage level notification topic - */ - readonly securityNotificationTopic?: sns.ITopic; -} - -/** - * Stage in a CdkPipeline - * - * You don't need to instantiate this class directly. Use - * `cdkPipeline.addStage()` instead. - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class CdkStage extends Construct { - private _nextSequentialRunOrder = 1; // Must start at 1 eh - private _manualApprovalCounter = 1; - private readonly pipelineStage: codepipeline.IStage; - private readonly cloudAssemblyArtifact: codepipeline.Artifact; - private readonly stacksToDeploy = new Array(); - private readonly stageName: string; - private readonly host: IStageHost; - private readonly confirmBroadeningPermissions: boolean; - private readonly pipeline?: CdkPipeline; - private readonly securityNotificationTopic?: sns.ITopic; - private _applicationSecurityCheck?: ApplicationSecurityCheck; - private _prepared = false; - - constructor(scope: Construct, id: string, props: CdkStageProps) { - super(scope, id); - - if (scope instanceof CdkPipeline) { - this.pipeline = scope; - } - - this.stageName = props.stageName; - this.pipelineStage = props.pipelineStage; - this.cloudAssemblyArtifact = props.cloudAssemblyArtifact; - this.host = props.host; - this.confirmBroadeningPermissions = props.confirmBroadeningPermissions ?? false; - this.securityNotificationTopic = props.securityNotificationTopic; - - Aspects.of(this).add({ visit: () => this.prepareStage() }); - } - - /** - * Add all stacks in the application Stage to this stage - * - * The application construct should subclass `Stage` and can contain any - * number of `Stacks` inside it that may have dependency relationships - * on one another. - * - * All stacks in the application will be deployed in the appropriate order, - * and all assets found in the application will be added to the asset - * publishing stage. - */ - public addApplication(appStage: Stage, options: AddStageOptions = {}) { - const asm = pipelineSynth(appStage); - const extraRunOrderSpace = options.extraRunOrderSpace ?? 0; - - if (options.confirmBroadeningPermissions ?? this.confirmBroadeningPermissions) { - this.addSecurityCheck(appStage, options); - } - - if (asm.stacks.length === 0) { - // If we don't check here, a more puzzling "stage contains no actions" - // error will be thrown come deployment time. - throw new Error(`The given Stage construct ('${appStage.node.path}') should contain at least one Stack`); - } - - const sortedTranches = topologicalSort(asm.stacks, - stack => stack.id, - stack => stack.dependencies.map(d => d.id)); - - for (const stacks of sortedTranches) { - const runOrder = this.nextSequentialRunOrder(extraRunOrderSpace + 2); // 2 actions for Prepare/Execute ChangeSet - let executeRunOrder = runOrder + extraRunOrderSpace + 1; - - // If we need to insert a manual approval action, then what's the executeRunOrder - // now is where we add a manual approval step, and we allocate 1 more runOrder - // for the execute. - if (options.manualApprovals) { - this.addManualApprovalAction({ runOrder: runOrder + 1 }); - executeRunOrder = this.nextSequentialRunOrder(); - } - - // These don't have a dependency on each other, so can all be added in parallel - for (const stack of stacks) { - this.addStackArtifactDeployment(stack, { runOrder, executeRunOrder }); - } - } - } - - /** - * Get a cached version of an ApplicationSecurityCheck, which consists of: - * - CodeBuild Project to check for security changes in a stage - * - Lambda Function that approves the manual approval if no security changes are detected - * - * The ApplicationSecurityCheck is cached from the pipeline **if** this stage is scoped - * to a CDK Pipeline. If this stage **is not** scoped to a pipeline, create an ApplicationSecurityCheck - * scoped to the stage itself. - * - * @internal - */ - private getApplicationSecurityCheck(): ApplicationSecurityCheck { - if (this._applicationSecurityCheck) { - return this._applicationSecurityCheck; - } - - this._applicationSecurityCheck = this.pipeline - ? this.pipeline._getApplicationSecurityCheck() - : new ApplicationSecurityCheck(this, 'StageApplicationSecurityCheck', { - codePipeline: this.pipelineStage.pipeline as codepipeline.Pipeline, - }); - return this._applicationSecurityCheck; - } - - /** - * Add a deployment action based on a stack artifact - */ - public addStackArtifactDeployment(stackArtifact: cxapi.CloudFormationStackArtifact, options: AddStackOptions = {}) { - // Get all assets manifests and add the assets in 'em to the asset publishing stage. - this.publishAssetDependencies(stackArtifact); - - // Remember for later, see 'prepare()' - // We know that deploying a stack is going to take up 2 runorder slots later on. - const runOrder = options.runOrder ?? this.nextSequentialRunOrder(2); - const executeRunOrder = options.executeRunOrder ?? runOrder + 1; - this.stacksToDeploy.push({ - prepareRunOrder: runOrder, - executeRunOrder, - stackArtifact, - }); - - this.advanceRunOrderPast(runOrder); - this.advanceRunOrderPast(executeRunOrder); - } - - /** - * Add a manual approval action - * - * If you need more flexibility than what this method offers, - * use `addAction` with a `ManualApprovalAction`. - */ - public addManualApprovalAction(options: AddManualApprovalOptions = {}) { - let actionName = options.actionName; - if (!actionName) { - actionName = `ManualApproval${this._manualApprovalCounter > 1 ? this._manualApprovalCounter : ''}`; - this._manualApprovalCounter += 1; - } - - this.addActions(new cpactions.ManualApprovalAction({ - actionName, - runOrder: options.runOrder ?? this.nextSequentialRunOrder(), - })); - } - - /** - * Add one or more CodePipeline Actions - * - * You need to make sure it is created with the right runOrder. Call `nextSequentialRunOrder()` - * for every action to get actions to execute in sequence. - */ - public addActions(...actions: codepipeline.IAction[]) { - for (const action of actions) { - this.pipelineStage.addAction(action); - } - } - - /** - * Return the runOrder number necessary to run the next Action in sequence with the rest - * - * FIXME: This is here because Actions are immutable and can't be reordered - * after creation, nor is there a way to specify relative priorities, which - * is a limitation that we should take away in the base library. - */ - public nextSequentialRunOrder(count: number = 1): number { - const ret = this._nextSequentialRunOrder; - this._nextSequentialRunOrder += count; - return ret; - } - - /** - * Whether this Stage contains an action to deploy the given stack, identified by its artifact ID - */ - public deploysStack(artifactId: string) { - return this.stacksToDeploy.map(s => s.stackArtifact.id).includes(artifactId); - } - - /** - * Actually add all the DeployStack actions to the stage. - * - * We do this late because before we can render the actual DeployActions, - * we need to know whether or not we need to capture the stack outputs. - * - * FIXME: This is here because Actions are immutable and can't be reordered - * after creation, nor is there a way to specify relative priorities, which - * is a limitation that we should take away in the base library. - */ - private prepareStage() { - // FIXME: Make sure this only gets run once. There seems to be an issue in the reconciliation - // loop that may trigger this more than once if it throws an error somewhere, and the exception - // that gets thrown here will then override the actual failure. - if (this._prepared) { return; } - this._prepared = true; - - for (const { prepareRunOrder, stackArtifact, executeRunOrder } of this.stacksToDeploy) { - const artifact = this.host.stackOutputArtifact(stackArtifact.id); - - this.pipelineStage.addAction(DeployCdkStackAction.fromStackArtifact(this, stackArtifact, { - baseActionName: this.simplifyStackName(stackArtifact.stackName), - cloudAssemblyInput: this.cloudAssemblyArtifact, - output: artifact, - outputFileName: artifact ? 'outputs.json' : undefined, - prepareRunOrder, - executeRunOrder, - })); - } - } - - /** - * Advance the runorder counter so that the next sequential number is higher than the given one - */ - private advanceRunOrderPast(lastUsed: number) { - this._nextSequentialRunOrder = Math.max(lastUsed + 1, this._nextSequentialRunOrder); - } - - /** - * Simplify the stack name by removing the `Stage-` prefix if it exists. - */ - private simplifyStackName(s: string) { - return stripPrefix(s, `${this.stageName}-`); - } - - /** - * Add a security check before the prepare/deploy actions of an CDK stage. - * The security check consists of two actions: - * - CodeBuild Action to check for security changes in a stage - * - Manual Approval Action that is auto approved via a Lambda if no security changes detected - */ - private addSecurityCheck(appStage: Stage, options?: BaseStageOptions) { - const { cdkDiffProject } = this.getApplicationSecurityCheck(); - const notificationTopic: sns.ITopic | undefined = options?.securityNotificationTopic ?? this.securityNotificationTopic; - notificationTopic?.grantPublish(cdkDiffProject); - - const appStageName = appStage.stageName; - const approveActionName = `${appStageName}ManualApproval`; - const diffAction = new CodeBuildAction({ - runOrder: this.nextSequentialRunOrder(), - actionName: `${appStageName}SecurityCheck`, - input: this.cloudAssemblyArtifact, - project: cdkDiffProject, - variablesNamespace: `${appStageName}SecurityCheck`, - environmentVariables: { - STAGE_PATH: { - value: Node.of(appStage).path, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - STAGE_NAME: { - value: this.stageName, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - ACTION_NAME: { - value: approveActionName, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - ...notificationTopic ? { - NOTIFICATION_ARN: { - value: notificationTopic.topicArn, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - NOTIFICATION_SUBJECT: { - value: `Confirm permission broadening in ${appStageName}`, - type: codebuild.BuildEnvironmentVariableType.PLAINTEXT, - }, - } : {}, - }, - }); - - const approve = new cpactions.ManualApprovalAction({ - actionName: approveActionName, - runOrder: this.nextSequentialRunOrder(), - additionalInformation: `#{${appStageName}SecurityCheck.MESSAGE}`, - externalEntityLink: `#{${appStageName}SecurityCheck.LINK}`, - }); - - this.addActions(diffAction, approve); - } - - /** - * Make sure all assets depended on by this stack are published in this pipeline - * - * Taking care to exclude the stack template itself -- it is being published - * as an asset because the CLI needs to know the asset publishing role when - * pushing the template to S3, but in the case of CodePipeline we always - * reference the template from the artifact bucket. - * - * (NOTE: this is only true for top-level stacks, not nested stacks. Nested - * Stack templates are always published as assets). - */ - private publishAssetDependencies(stackArtifact: cxapi.CloudFormationStackArtifact) { - const assetManifests = stackArtifact.dependencies.filter(isAssetManifest); - - for (const manifestArtifact of assetManifests) { - const manifest = AssetManifestReader.fromFile(manifestArtifact.file); - - for (const entry of manifest.entries) { - let assetType: AssetType; - if (entry instanceof DockerImageManifestEntry) { - assetType = AssetType.DOCKER_IMAGE; - } else if (entry instanceof FileManifestEntry) { - // Don't publish the template for this stack - if (entry.source.packaging === 'file' && entry.source.path === stackArtifact.templateFile) { - continue; - } - - assetType = AssetType.FILE; - } else { - throw new Error(`Unrecognized asset type: ${entry.type}`); - } - - if (!entry.destination.assumeRoleArn) { - throw new Error('assumeRoleArn is missing on asset and required'); - } - - this.host.publishAsset({ - assetManifestPath: manifestArtifact.file, - assetId: entry.id.assetId, - assetSelector: entry.id.toString(), - assetType, - assetPublishingRoleArn: entry.destination.assumeRoleArn, - }); - } - } - } -} - -/** - * Additional options for adding a stack deployment - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AddStackOptions { - /** - * Base runorder - * - * @default - Next sequential runorder - */ - readonly runOrder?: number; - - /** - * Base runorder - * - * @default - runOrder + 1 - */ - readonly executeRunOrder?: number; -} - -/** - * A single output of a Stack - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class StackOutput { - /** - * The artifact and file the output is stored in - */ - public readonly artifactFile: codepipeline.ArtifactPath; - - /** - * The name of the output in the JSON object in the file - */ - public readonly outputName: string; - - /** - * Build a StackOutput from a known artifact and an output name - */ - constructor(artifactFile: codepipeline.ArtifactPath, outputName: string) { - this.artifactFile = artifactFile; - this.outputName = outputName; - } -} - -function stripPrefix(s: string, prefix: string) { - return s.startsWith(prefix) ? s.slice(prefix.length) : s; -} - -function isAssetManifest(s: cxapi.CloudArtifact): s is cxapi.AssetManifestArtifact { - // instanceof is too risky, and we're at a too late stage to properly fix. - // return s instanceof cxapi.AssetManifestArtifact; - return s.constructor.name === 'AssetManifestArtifact'; -} - -/** - * Features that the Stage needs from its environment - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface IStageHost { - /** - * Make sure all the assets from the given manifest are published - */ - publishAsset(command: AssetPublishingCommand): void; - - /** - * Return the Artifact the given stack has to emit its outputs into, if any - */ - stackOutputArtifact(stackArtifactId: string): codepipeline.Artifact | undefined; -} - -/** - * Instructions to publish certain assets - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AssetPublishingCommand { - /** - * Asset manifest path - */ - readonly assetManifestPath: string; - - /** - * Asset identifier - */ - readonly assetId: string; - - /** - * Asset selector to pass to `cdk-assets`. - */ - readonly assetSelector: string; - - /** - * Type of asset to publish - */ - readonly assetType: AssetType; - - /** - * ARN of the IAM Role used to publish this asset. - */ - readonly assetPublishingRoleArn: string; -} - -/** - * Base options for a pipelines stage - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface BaseStageOptions { - /** - * Runs a `cdk diff --security-only --fail` to pause the pipeline if there - * are any security changes. - * - * If the stage is configured with `confirmBroadeningPermissions` enabled, you can use this - * property to override the stage configuration. For example, Pipeline Stage - * "Prod" has confirmBroadeningPermissions enabled, with applications "A", "B", "C". All three - * applications will run a security check, but if we want to disable the one for "C", - * we run `stage.addApplication(C, { confirmBroadeningPermissions: false })` to override the pipeline - * stage behavior. - * - * Adds 1 to the run order space. - * - * @default false - */ - readonly confirmBroadeningPermissions?: boolean; - /** - * Optional SNS topic to send notifications to when the security check registers - * changes within the application. - * - * @default undefined no notification topic for security check manual approval action - */ - readonly securityNotificationTopic?: sns.ITopic; -} - -/** - * Options for adding an application stage to a pipeline - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AddStageOptions extends BaseStageOptions { - /** - * Add manual approvals before executing change sets - * - * This gives humans the opportunity to confirm the change set looks alright - * before deploying it. - * - * @default false - */ - readonly manualApprovals?: boolean; - /** - * Add room for extra actions - * - * You can use this to make extra room in the runOrder sequence between the - * changeset 'prepare' and 'execute' actions and insert your own actions there. - * - * @default 0 - */ - readonly extraRunOrderSpace?: number; -} - -/** - * Options for addManualApproval - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AddManualApprovalOptions { - /** - * The name of the manual approval action - * - * @default 'ManualApproval' with a rolling counter - */ - readonly actionName?: string; - - /** - * The runOrder for this action - * - * @default - The next sequential runOrder - */ - readonly runOrder?: number; -} - -/** - * Queued "deploy stack" command that is reified during prepare() - */ -interface DeployStackCommand { - prepareRunOrder: number; - executeRunOrder: number; - stackArtifact: cxapi.CloudFormationStackArtifact; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts deleted file mode 100644 index 0a5a34c6f0eaa..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/_util.ts +++ /dev/null @@ -1,15 +0,0 @@ -import * as codebuild from '../../../../aws-codebuild'; - -export function copyEnvironmentVariables(...names: string[]): Record { - const ret: Record = {}; - for (const name of names) { - if (process.env[name]) { - ret[name] = { value: process.env[name] }; - } - } - return ret; -} - -export function filterEmpty(xs: Array): string[] { - return xs.filter(x => x) as any; -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts deleted file mode 100644 index 4764f7d9647c6..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './simple-synth-action'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts deleted file mode 100644 index 8381668962d52..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/synths/simple-synth-action.ts +++ /dev/null @@ -1,591 +0,0 @@ -import * as crypto from 'crypto'; -import * as path from 'path'; -import { Construct } from 'constructs'; -import { copyEnvironmentVariables, filterEmpty } from './_util'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../../aws-codepipeline-actions'; -import * as ec2 from '../../../../aws-ec2'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { Stack } from '../../../../core'; -import { dockerCredentialsInstallCommands, DockerCredential, DockerCredentialUsage } from '../../docker-credentials'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; -import { toPosixPath } from '../../private/fs'; - -const DEFAULT_OUTPUT_DIR = 'cdk.out'; - -/** - * Configuration options for a SimpleSynth - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface SimpleSynthOptions { - /** - * The source artifact of the CodePipeline - */ - readonly sourceArtifact: codepipeline.Artifact; - - /** - * The artifact where the CloudAssembly should be emitted - */ - readonly cloudAssemblyArtifact: codepipeline.Artifact; - - /** - * Environment variables to send into build - * - * NOTE: You may run into the 1000-character limit for the Action configuration if you have a large - * number of variables or if their names or values are very long. - * If you do, pass them to the underlying CodeBuild project directly in `environment` instead. - * However, you will not be able to use CodePipeline Variables in this case. - * - * @default - No additional environment variables - */ - readonly environmentVariables?: Record; - - /** - * Environment variables to copy over from parent env - * - * These are environment variables that are being used by the build. - * - * @default - No environment variables copied - */ - readonly copyEnvironmentVariables?: string[]; - - /** - * Name of the build action - * - * @default 'Synth' - */ - readonly actionName?: string; - - /** - * Name of the CodeBuild project - * - * @default - Automatically generated - */ - readonly projectName?: string; - - /** - * Build environment to use for CodeBuild job - * - * @default BuildEnvironment.LinuxBuildImage.STANDARD_6_0 - */ - readonly environment?: codebuild.BuildEnvironment; - - /** - * Directory inside the source where package.json and cdk.json are located - * - * @default - Repository root - */ - readonly subdirectory?: string; - - /** - * Produce additional output artifacts after the build based on the given directories - * - * Can be used to produce additional artifacts during the build step, - * separate from the cloud assembly, which can be used further on in the - * pipeline. - * - * Directories are evaluated with respect to `subdirectory`. - * - * @default - No additional artifacts generated - */ - readonly additionalArtifacts?: AdditionalArtifact[]; - - /** - * Policy statements to add to role used during the synth - * - * Can be used to add acces to a CodeArtifact repository etc. - * - * @default - No policy statements added to CodeBuild Project Role - */ - readonly rolePolicyStatements?: iam.PolicyStatement[]; - - /** - * The VPC where to execute the SimpleSynth. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * custom BuildSpec that is merged with the generated one - * - * @default - none - */ - readonly buildSpec?: codebuild.BuildSpec; -} - -/** - * Construction props for SimpleSynthAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface SimpleSynthActionProps extends SimpleSynthOptions { - /** - * The synth command - */ - readonly synthCommand: string; - - /** - * The install command - * - * If not provided by the build image or another dependency - * management tool, at least install the CDK CLI here using - * `npm install -g aws-cdk`. - * - * @default - No install required - * @deprecated Use `installCommands` instead - */ - readonly installCommand?: string; - - /** - * The build command - * - * If your programming language requires a compilation step, put the - * compilation command here. - * - * @default - No build required - * @deprecated Use `buildCommands` instead - */ - readonly buildCommand?: string; - - /** - * Install commands - * - * If not provided by the build image or another dependency - * management tool, at least install the CDK CLI here using - * `npm install -g aws-cdk`. - * - * @default - No install required - */ - readonly installCommands?: string[]; - - /** - * The build commands - * - * If your programming language requires a compilation step, put the - * compilation command here. - * - * @default - No build required - */ - readonly buildCommands?: string[]; - - /** - * Test commands - * - * These commands are run after the build commands but before the - * synth command. - * - * @default - No test commands - */ - readonly testCommands?: string[]; -} - -/** - * Specification of an additional artifact to generate - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface AdditionalArtifact { - /** - * Directory to be packaged - */ - readonly directory: string; - - /** - * Artifact to represent the build directory in the pipeline - */ - readonly artifact: codepipeline.Artifact; -} - -/** - * A standard synth with a generated buildspec - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class SimpleSynthAction implements codepipeline.IAction, iam.IGrantable { - - /** - * Create a standard NPM synth action - * - * Uses `npm ci` to install dependencies and `npx cdk synth` to synthesize. - * - * If you need a build step, add `buildCommand: 'npm run build'`. - */ - public static standardNpmSynth(options: StandardNpmSynthOptions) { - return new SimpleSynthAction({ - ...options, - installCommand: options.installCommand ?? 'npm ci', - synthCommand: options.synthCommand ?? 'npx cdk synth', - vpc: options.vpc, - subnetSelection: options.subnetSelection, - environment: { - ...options.environment, - environmentVariables: { - // Need this in case the CDK CLI is not in the 'package.json' of the project, - // and 'npx' is going to download it; without this setting, 'npx' will not properly - // install the package into the root user's home directory - NPM_CONFIG_UNSAFE_PERM: { value: 'true' }, - ...options.environment?.environmentVariables, - }, - }, - }); - } - - /** - * Create a standard Yarn synth action - * - * Uses `yarn install --frozen-lockfile` to install dependencies and `npx cdk synth` to synthesize. - * - * If you need a build step, add `buildCommand: 'yarn build'`. - */ - public static standardYarnSynth(options: StandardYarnSynthOptions) { - return new SimpleSynthAction({ - ...options, - installCommand: options.installCommand ?? 'yarn install --frozen-lockfile', - synthCommand: options.synthCommand ?? 'npx cdk synth', - vpc: options.vpc, - subnetSelection: options.subnetSelection, - environment: { - ...options.environment, - environmentVariables: { - // Need this in case the CDK CLI is not in the 'package.json' of the project, - // and 'npx' is going to download it; without this setting, 'npx' will not properly - // install the package into the root user's home directory - NPM_CONFIG_UNSAFE_PERM: { value: 'true' }, - ...options.environment?.environmentVariables, - }, - }, - }); - } - - private _action?: codepipeline_actions.CodeBuildAction; - private _actionProperties: codepipeline.ActionProperties; - private _project?: codebuild.IProject; - private _dockerCredentials?: DockerCredential[]; - - constructor(private readonly props: SimpleSynthActionProps) { - // A number of actionProperties get read before bind() is even called (so before we - // have made the Project and can construct the actual CodeBuildAction) - // - // - actionName - // - resource - // - region - // - category - // - role - // - owner - this._actionProperties = { - actionName: props.actionName ?? 'Synth', - category: codepipeline.ActionCategory.BUILD, - provider: 'CodeBuild', - artifactBounds: { minInputs: 0, maxInputs: 5, minOutputs: 0, maxOutputs: 5 }, - inputs: [props.sourceArtifact], - outputs: [props.cloudAssemblyArtifact, ...(props.additionalArtifacts ?? []).map(a => a.artifact)], - }; - - if (this.props.installCommand && this.props.installCommands) { - throw new Error('Pass either \'installCommand\' or \'installCommands\', but not both'); - } - - if (this.props.buildCommand && this.props.buildCommands) { - throw new Error('Pass either \'buildCommand\' or \'buildCommands\', but not both'); - } - - const addls = props.additionalArtifacts ?? []; - if (Object.keys(addls).length > 0) { - if (!props.cloudAssemblyArtifact.artifactName) { - throw new Error('You must give all output artifacts, including the \'cloudAssemblyArtifact\', names when using \'additionalArtifacts\''); - } - for (const addl of addls) { - if (!addl.artifact.artifactName) { - throw new Error('You must give all output artifacts passed to SimpleSynthAction names when using \'additionalArtifacts\''); - } - } - } - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - return this._actionProperties; - } - - /** - * Project generated to run the synth command - */ - public get project(): codebuild.IProject { - if (!this._project) { - throw new Error('Project becomes available after SimpleSynthAction has been bound to a stage'); - } - return this._project; - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig { - const buildCommands = this.props.buildCommands ?? [this.props.buildCommand]; - const installCommands = this.props.installCommands ?? [this.props.installCommand]; - const testCommands = this.props.testCommands ?? []; - const synthCommand = this.props.synthCommand; - - const environment = { buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE, ...this.props.environment }; - const osType = (environment.buildImage instanceof codebuild.WindowsBuildImage) - ? ec2.OperatingSystemType.WINDOWS - : ec2.OperatingSystemType.LINUX; - - const buildSpec = codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - pre_build: { - commands: filterEmpty([ - this.props.subdirectory ? `cd ${this.props.subdirectory}` : '', - ...installCommands, - ...dockerCredentialsInstallCommands(DockerCredentialUsage.SYNTH, this._dockerCredentials, osType), - ]), - }, - build: { - commands: filterEmpty([ - ...buildCommands, - ...testCommands, - synthCommand, - ]), - }, - }, - artifacts: renderArtifacts(this), - }); - - const environmentVariables = { - ...copyEnvironmentVariables(...this.props.copyEnvironmentVariables || []), - }; - - const mergedBuildSpec = this.props.buildSpec ? codebuild.mergeBuildSpecs(this.props.buildSpec, buildSpec) : buildSpec; - - // A hash over the values that make the CodeBuild Project unique (and necessary - // to restart the pipeline if one of them changes). projectName is not necessary to include - // here because the pipeline will definitely restart if projectName changes. - // (Resolve tokens) - const projectConfigHash = hash(Stack.of(scope).resolve({ - environment: serializeBuildEnvironment(environment), - buildSpecString: mergedBuildSpec.toBuildSpec(), - environmentVariables, - })); - - const project = new codebuild.PipelineProject(scope, 'CdkBuildProject', { - projectName: this.props.projectName, - environment, - vpc: this.props.vpc, - subnetSelection: this.props.subnetSelection, - buildSpec: mergedBuildSpec, - environmentVariables, - }); - - if (this.props.rolePolicyStatements !== undefined) { - this.props.rolePolicyStatements.forEach(policyStatement => { - project.addToRolePolicy(policyStatement); - }); - } - - this._project = project; - - this._dockerCredentials?.forEach(reg => reg.grantRead(project.grantPrincipal, DockerCredentialUsage.SYNTH)); - - this._action = new codepipeline_actions.CodeBuildAction({ - actionName: this.actionProperties.actionName, - input: this.props.sourceArtifact, - outputs: [this.props.cloudAssemblyArtifact, ...(this.props.additionalArtifacts ?? []).map(a => a.artifact)], - - // Inclusion of the hash here will lead to the pipeline structure for any changes - // made the config of the underlying CodeBuild Project. - // Hence, the pipeline will be restarted. This is necessary if the users - // adds (for example) build or test commands to the buildspec. - environmentVariables: { - ...this.props.environmentVariables, - _PROJECT_CONFIG_HASH: { value: projectConfigHash }, - }, - project, - }); - this._actionProperties = this._action.actionProperties; - - return this._action.bind(scope, stage, options); - - function renderArtifacts(self: SimpleSynthAction) { - // save the generated files in the output artifact - // This part of the buildspec has to look completely different depending on whether we're - // using secondary artifacts or not. - - const cloudAsmArtifactSpec = { - 'base-directory': toPosixPath(path.join(self.props.subdirectory ?? '.', DEFAULT_OUTPUT_DIR)), - 'files': '**/*', - }; - - if (self.props.additionalArtifacts) { - const secondary: Record = {}; - if (!self.props.cloudAssemblyArtifact.artifactName) { - throw new Error('When using additional output artifacts, you must also name the CloudAssembly artifact'); - } - secondary[self.props.cloudAssemblyArtifact.artifactName] = cloudAsmArtifactSpec; - self.props.additionalArtifacts.forEach((art) => { - if (!art.artifact.artifactName) { - throw new Error('You must give the output artifact a name'); - } - secondary[art.artifact.artifactName] = { - 'base-directory': toPosixPath(path.join(self.props.subdirectory ?? '.', art.directory)), - 'files': '**/*', - }; - }); - - return { 'secondary-artifacts': secondary }; - } - - return cloudAsmArtifactSpec; - } - } - - /** - * The CodeBuild Project's principal - */ - public get grantPrincipal(): iam.IPrincipal { - return this.project.grantPrincipal; - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - if (!this._action) { - throw new Error('Need bind() first'); - } - - return this._action.onStateChange(name, target, options); - } - - /** - * Associate one or more Docker registries and associated credentials with the synth action. - * This will be used to inject installation commands to set up `cdk-assets`, - * and grant read access to the credentials. - * @internal - */ - public _addDockerCredentials(dockerCredentials: DockerCredential[]) { - this._dockerCredentials = dockerCredentials; - } -} - -/** - * Options for a convention-based synth using NPM - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface StandardNpmSynthOptions extends SimpleSynthOptions { - /** - * The install command - * - * @default 'npm ci' - */ - readonly installCommand?: string; - - /** - * The build command - * - * By default, we assume NPM projects are either written in JavaScript or are - * using `ts-node`, so don't need a build command. - * - * Otherwise, put the build command here, for example `npm run build`. - * - * @default - No build required - */ - readonly buildCommand?: string; - - /** - * The synth command - * - * @default 'npx cdk synth' - */ - readonly synthCommand?: string; - - /** - * Test commands - * - * These commands are run after the build commands but before the - * synth command. - * - * @default - No test commands - */ - readonly testCommands?: string[]; -} - -/** - * Options for a convention-based synth using Yarn - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface StandardYarnSynthOptions extends SimpleSynthOptions { - /** - * The install command - * - * @default 'yarn install --frozen-lockfile' - */ - readonly installCommand?: string; - - /** - * The build command - * - * By default, we assume NPM projects are either written in JavaScript or are - * using `ts-node`, so don't need a build command. - * - * Otherwise, put the build command here, for example `npm run build`. - * - * @default - No build required - */ - readonly buildCommand?: string; - - /** - * The synth command - * - * @default 'npx cdk synth' - */ - readonly synthCommand?: string; - - /** - * Test commands - * - * These commands are run after the build commands but before the - * synth command. - * - * @default - No test commands - */ - readonly testCommands?: string[]; -} - -function hash(obj: A) { - const d = crypto.createHash('sha256'); - d.update(JSON.stringify(obj)); - return d.digest('hex'); -} - -/** - * Serialize a build environment to data (get rid of constructs & objects), so we can JSON.stringify it - */ -function serializeBuildEnvironment(env: codebuild.BuildEnvironment) { - return { - privileged: env.privileged, - environmentVariables: env.environmentVariables, - type: env.buildImage?.type, - imageId: env.buildImage?.imageId, - computeType: env.computeType, - imagePullPrincipalType: env.buildImage?.imagePullPrincipalType, - secretsManagerArn: env.buildImage?.secretsManagerCredentials?.secretArn, - }; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts deleted file mode 100644 index 20192332e3b78..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/_files.ts +++ /dev/null @@ -1,97 +0,0 @@ -import { Construct } from 'constructs'; -import * as codepipeline from '../../../../aws-codepipeline'; -import { IGrantable } from '../../../../aws-iam'; -import * as s3assets from '../../../../aws-s3-assets'; - -/** - * Additional files to use in a shell script - */ -export abstract class Files { - /** - * Use the files from a CodePipeline artifact - */ - public static fromArtifact(artifact: codepipeline.Artifact): Files { - if (!artifact) { - // Typechecking may mess up - throw new Error('Files.fromArtifact(): input artifact is required, got undefined'); - } - - return { - bind: () => ({ artifact }), - grantRead: () => { /* Not necessary */ }, - }; - } - - /** - * Create a new asset to bundle up the files in a directory on disk - */ - public static fromDirectory(directoryPath: string): Files { - let realFiles: Files; - return { - bind(scope: Construct) { - realFiles = Files.fromAsset(new s3assets.Asset(scope, directoryPath, { - path: directoryPath, - })); - - return realFiles.bind(scope); - }, - grantRead(grantee: IGrantable) { - if (!realFiles) { - throw new Error('bind() must be called first'); - } - realFiles.grantRead(grantee); - }, - }; - } - - /** - * Use an existing asset as a file source - */ - public static fromAsset(asset: s3assets.Asset): Files { - return { - bind: () => ({ - commands: [ - `echo "Downloading additional files from ${asset.s3ObjectUrl}"`, - `aws s3 cp ${asset.s3ObjectUrl} /tmp/dl.zip`, - 'unzip /tmp/dl.zip -d .', - ], - }), - grantRead: (grantee) => asset.grantRead(grantee), - }; - } - - protected constructor() { - } - - /** - * Bind the Files to a usage location - */ - public abstract bind(scope: Construct): FilesConfig; - - /** - * Grant read permissions to the file set to the given grantable - * - * Must be called after bind(). - */ - - public abstract grantRead(grantee: IGrantable): void; -} - -/** - * Config for a Files source - */ -export interface FilesConfig { - /** - * CodePipeline artifact to add to the set of input artifacts for the project - * - * @default - No artifact - */ - readonly artifact?: codepipeline.Artifact; - - /** - * Commands to add to the set of commands for the project - * - * @default - No commands - */ - readonly commands?: string[]; -} diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts deleted file mode 100644 index f2751fc92af49..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './shell-script-action'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts deleted file mode 100644 index fa24517321942..0000000000000 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/validation/shell-script-action.ts +++ /dev/null @@ -1,253 +0,0 @@ -import { Construct } from 'constructs'; -import * as codebuild from '../../../../aws-codebuild'; -import * as codepipeline from '../../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../../aws-codepipeline-actions'; -import * as ec2 from '../../../../aws-ec2'; -import * as events from '../../../../aws-events'; -import * as iam from '../../../../aws-iam'; -import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../private/default-codebuild-image'; -import { StackOutput } from '../stage'; - -/** - * Properties for ShellScriptAction - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export interface ShellScriptActionProps { - /** - * Name of the validation action in the pipeline - */ - readonly actionName: string; - - /** - * Stack outputs to make available as environment variables - * - * @default - No outputs used - */ - readonly useOutputs?: Record; - - /** - * Commands to run - */ - readonly commands: string[]; - - /** - * Bash options to set at the start of the script - * - * @default '-eu' (errexit and nounset) - */ - readonly bashOptions?: string; - - /** - * Additional artifacts to use as input for the CodeBuild project - * - * You can use these files to load more complex test sets into the - * shellscript build environment. - * - * The files artifact given here will be unpacked into the current - * working directory, the other ones will be unpacked into directories - * which are available through the environment variables - * $CODEBUILD_SRC_DIR_. - * - * The CodeBuild job must have at least one input artifact, so you - * must provide either at least one additional artifact here or one - * stack output using `useOutput`. - * - * @default - No additional artifacts - */ - readonly additionalArtifacts?: codepipeline.Artifact[]; - - /** - * The CodeBuild environment where scripts are executed. - * - * @default LinuxBuildImage.STANDARD_7_0 - */ - readonly environment?: codebuild.BuildEnvironment; - - /** - * Environment variables to send into build - * - * @default - No additional environment variables - */ - readonly environmentVariables?: Record; - - /** - * RunOrder for this action - * - * Use this to sequence the shell script after the deployments. - * - * The default value is 100 so you don't have to supply the value if you just - * want to run this after the application stacks have been deployed, and you - * don't have more than 100 stacks. - * - * @default 100 - */ - readonly runOrder?: number; - - /** - * Additional policy statements to add to the execution role - * - * @default - No policy statements - */ - readonly rolePolicyStatements?: iam.PolicyStatement[]; - - /** - * The VPC where to execute the specified script. - * - * @default - No VPC - */ - readonly vpc?: ec2.IVpc; - - /** - * Which subnets to use. - * - * Only used if 'vpc' is supplied. - * - * @default - All private subnets. - */ - readonly subnetSelection?: ec2.SubnetSelection; - - /** - * Which security group to associate with the script's project network interfaces. - * If no security group is identified, one will be created automatically. - * - * Only used if 'vpc' is supplied. - * - * @default - Security group will be automatically created. - * - */ - readonly securityGroups?: ec2.ISecurityGroup[]; -} - -/** - * Validate a revision using shell commands - * - * @deprecated This class is part of the old API. Use the API based on the `CodePipeline` class instead - */ -export class ShellScriptAction implements codepipeline.IAction, iam.IGrantable { - private _project?: codebuild.IProject; - - private _action?: codepipeline_actions.CodeBuildAction; - private _actionProperties: codepipeline.ActionProperties; - - constructor(private readonly props: ShellScriptActionProps) { - // A number of actionProperties get read before bind() is even called (so before we - // have made the Project and can construct the actual CodeBuildAction) - // - // - actionName - // - resource - // - region - // - category - // - role - // - owner - this._actionProperties = { - actionName: props.actionName, - category: codepipeline.ActionCategory.BUILD, - provider: 'CodeBuild', - artifactBounds: { minInputs: 0, maxInputs: 5, minOutputs: 0, maxOutputs: 5 }, - inputs: [], - outputs: [], - }; - - if (Object.keys(props.useOutputs ?? {}).length + (props.additionalArtifacts ?? []).length === 0) { - throw new Error('You must supply either \'useOutputs\' or \'additionalArtifacts\', since a CodeBuild Action must always have at least one input artifact.'); - } - } - - /** - * The CodeBuild Project's principal - */ - public get grantPrincipal(): iam.IPrincipal { - return this.project.grantPrincipal; - } - - /** - * Exists to implement IAction - */ - public get actionProperties(): codepipeline.ActionProperties { - return this._actionProperties; - } - - /** - * Exists to implement IAction - */ - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig { - const inputs = new Array(); - inputs.push(...this.props.additionalArtifacts ?? []); - - const envVarCommands = new Array(); - - const bashOptions = this.props.bashOptions ?? '-eu'; - if (bashOptions) { - envVarCommands.push(`set ${bashOptions}`); - } - for (const [varName, output] of Object.entries(this.props.useOutputs ?? {})) { - const outputArtifact = output.artifactFile; - - // Add the artifact to the list of inputs, if it's not in there already. Determine - // the location where CodeBuild is going to stick it based on whether it's the first (primary) - // input or an 'extra input', then parse. - let artifactIndex = inputs.findIndex(a => a.artifactName === outputArtifact.artifact.artifactName); - if (artifactIndex === -1) { - artifactIndex = inputs.push(outputArtifact.artifact) - 1; - } - const dirEnv = artifactIndex === 0 ? 'CODEBUILD_SRC_DIR' : `CODEBUILD_SRC_DIR_${outputArtifact.artifact.artifactName}`; - envVarCommands.push(`export ${varName}="$(node -pe 'require(process.env.${dirEnv} + "/${outputArtifact.fileName}")["${output.outputName}"]')"`); - } - - this._project = new codebuild.PipelineProject(scope, 'Project', { - environment: this.props.environment || { buildImage: CDKP_DEFAULT_CODEBUILD_IMAGE }, - vpc: this.props.vpc, - securityGroups: this.props.securityGroups, - subnetSelection: this.props.subnetSelection, - buildSpec: codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - build: { - commands: [ - ...envVarCommands, - ...this.props.commands, - ], - }, - }, - }), - }); - for (const statement of this.props.rolePolicyStatements ?? []) { - this._project.addToRolePolicy(statement); - } - - this._action = new codepipeline_actions.CodeBuildAction({ - actionName: this.props.actionName, - input: inputs[0], - extraInputs: inputs.slice(1), - runOrder: this.props.runOrder ?? 100, - project: this._project, - environmentVariables: this.props.environmentVariables, - }); - // Replace the placeholder actionProperties at the last minute - this._actionProperties = this._action.actionProperties; - - return this._action.bind(scope, stage, options); - } - - /** - * Project generated to run the shell script in - */ - public get project(): codebuild.IProject { - if (!this._project) { - throw new Error('Project becomes available after ShellScriptAction has been bound to a stage'); - } - return this._project; - } - - /** - * Exists to implement IAction - */ - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - if (!this._action) { - throw new Error('Need bind() first'); - } - - return this._action.onStateChange(name, target, options); - } -} diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts deleted file mode 100644 index cce5bd87ae81e..0000000000000 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts +++ /dev/null @@ -1,126 +0,0 @@ -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; -import { Stack } from '../../../core'; -import { mkdict } from '../../lib/private/javascript'; -import { PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, MegaAssetsApp, stackTemplate } from '../testhelpers'; - -let legacyApp: TestApp; -let modernApp: TestApp; - -let legacyPipelineStack: Stack; -let modernPipelineStack: Stack; - -describeDeprecated('logical id stability', () => { - // this test suite verifies logical id between the new and old (deprecated) APIs. - // so it must be in a 'describeDeprecated' block - - beforeEach(() => { - legacyApp = new TestApp({ - context: { - '@aws-cdk/core:newStyleStackSynthesis': '1', - 'aws:cdk:enable-path-metadata': true, - }, - }); - modernApp = new TestApp({ - context: { - '@aws-cdk/core:newStyleStackSynthesis': '1', - 'aws:cdk:enable-path-metadata': true, - }, - }); - legacyPipelineStack = new Stack(legacyApp, 'PipelineStack', { env: PIPELINE_ENV }); - modernPipelineStack = new Stack(modernApp, 'PipelineStack', { env: PIPELINE_ENV }); - }); - - afterEach(() => { - legacyApp.cleanup(); - modernApp.cleanup(); - }); - - test('stateful or nameable resources have the same logicalID between old and new API', () => { - const legacyPipe = new LegacyTestGitHubNpmPipeline(legacyPipelineStack, 'Cdk'); - legacyPipe.addApplicationStage(new MegaAssetsApp(legacyPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const modernPipe = new ModernTestGitHubNpmPipeline(modernPipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - modernPipe.addStage(new MegaAssetsApp(modernPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const legacyTemplate = stackTemplate(legacyPipelineStack).template; - const modernTemplate = stackTemplate(modernPipelineStack).template; - - const legacyStateful = filterR(legacyTemplate.Resources, isStateful); - const modernStateful = filterR(modernTemplate.Resources, isStateful); - - expect(mapR(modernStateful, typeOfRes)).toEqual(mapR(legacyStateful, typeOfRes)); - }); - - test('nameable resources have the same names between old and new API', () => { - const legacyPipe = new LegacyTestGitHubNpmPipeline(legacyPipelineStack, 'Cdk', { - pipelineName: 'asdf', - }); - legacyPipe.addApplicationStage(new MegaAssetsApp(legacyPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const modernPipe = new ModernTestGitHubNpmPipeline(modernPipelineStack, 'Cdk', { - pipelineName: 'asdf', - crossAccountKeys: true, - }); - modernPipe.addStage(new MegaAssetsApp(modernPipelineStack, 'MyApp', { - numAssets: 2, - })); - - const legacyTemplate = stackTemplate(legacyPipelineStack).template; - const modernTemplate = stackTemplate(modernPipelineStack).template; - - const legacyNamed = filterR(legacyTemplate.Resources, hasName); - const modernNamed = filterR(modernTemplate.Resources, hasName); - - expect(mapR(modernNamed, nameProps)).toEqual(mapR(legacyNamed, nameProps)); - }); -}); - -const STATEFUL_TYPES = [ - // Holds state - 'AWS::S3::Bucket', - 'AWS::KMS::Key', - 'AWS::KMS::Alias', - // Can be physical-named so will be impossible to replace - 'AWS::CodePipeline::Pipeline', - 'AWS::CodeBuild::Project', -]; - -function filterR(resources: Record, fn: (x: Resource) => boolean): Record { - return mkdict(Object.entries(resources).filter(([, resource]) => fn(resource))); -} - -function mapR(resources: Record, fn: (x: Resource) => A): Record { - return mkdict(Object.entries(resources).map(([lid, resource]) => [lid, fn(resource)] as const)); -} - -function typeOfRes(r: Resource) { - return r.Type; -} - -function isStateful(r: Resource) { - return STATEFUL_TYPES.includes(r.Type); -} - -function nameProps(r: Resource) { - return Object.entries(r.Properties).filter(([prop, _]) => - // Don't care about policy names - prop.endsWith('Name') && prop !== 'PolicyName'); -} - -function hasName(r: Resource) { - return nameProps(r).length > 0; -} - -interface Resource { - readonly Type: string; - readonly Properties: Record; - readonly Metadata?: Record; -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts deleted file mode 100644 index 1da9b4ecfb71e..0000000000000 --- a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-existing.test.ts +++ /dev/null @@ -1,65 +0,0 @@ -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; -import * as codePipeline from '../../../aws-codepipeline'; -import * as cdk from '../../../core'; -import * as cdkp from '../../lib'; - -describeDeprecated('codepipeline existing', () => { - - test('Does not allow setting a pipelineName if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CdkPipeline(stack, 'CDKPipeline', { - pipelineName: 'CustomPipelineName', - codePipeline: existingCodePipeline, - cloudAssemblyArtifact: new codePipeline.Artifact(), - }); - }).toThrow("Cannot set 'pipelineName' if an existing CodePipeline is given using 'codePipeline'"); - }); - - test('Does not allow enabling crossAccountKeys if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CdkPipeline(stack, 'CDKPipeline', { - crossAccountKeys: true, - codePipeline: existingCodePipeline, - cloudAssemblyArtifact: new codePipeline.Artifact(), - }); - }).toThrow("Cannot set 'crossAccountKeys' if an existing CodePipeline is given using 'codePipeline'"); - }); - - test('Does not allow enabling key rotation if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CdkPipeline(stack, 'CDKPipeline', { - enableKeyRotation: true, - codePipeline: existingCodePipeline, - cloudAssemblyArtifact: new codePipeline.Artifact(), - }); - }).toThrow("Cannot set 'enableKeyRotation' if an existing CodePipeline is given using 'codePipeline'"); - }); - - test('Does not allow setting crossRegionReplicationBuckets if an existing CodePipeline is given', () => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'PipelineStack'); - const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); - - expect(() => { - new cdkp.CodePipeline(stack, 'CDKPipeline', { - crossRegionReplicationBuckets: {}, // Even the empty set is forbidden. - codePipeline: existingCodePipeline, - synth: new cdkp.ShellStep('Synth', { - commands: ['echo hello'], - }), - }).buildPipeline(); - }).toThrow("Cannot set 'crossRegionReplicationBuckets' if an existing CodePipeline is given using 'codePipeline'"); - }); -}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts index 1f222fee6c439..87c1ace7e9515 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts @@ -5,7 +5,7 @@ import * as cb from '../../../aws-codebuild'; import * as ec2 from '../../../aws-ec2'; import { Stack, Stage } from '../../../core'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, FileAssetApp, MegaAssetsApp, TwoFileAssetsApp, DockerAssetApp, PlainStackApp, stringLike } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, FileAssetApp, MegaAssetsApp, TwoFileAssetsApp, DockerAssetApp, PlainStackApp, stringLike } from '../testhelpers'; const FILE_ASSET_SOURCE_HASH = '8289faf53c7da377bb2b90615999171adef5e1d8f6b88810e5fef75e6ca09ba5'; const FILE_ASSET_SOURCE_HASH2 = 'ac76997971c3f6ddf37120660003f1ced72b4fc58c498dfd99c78fa77e721e0e'; @@ -16,6 +16,61 @@ const IMAGE_PUBLISHING_ROLE = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role let app: TestApp; let pipelineStack: Stack; +function expectedAssetRolePolicy(assumeRolePattern: string | string[], attachedRole: string) { + if (typeof assumeRolePattern === 'string') { assumeRolePattern = [assumeRolePattern]; } + + return { + PolicyDocument: { + Statement: [{ + Action: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'], + Effect: 'Allow', + Resource: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:logs:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:log-group:/aws/codebuild/*`, + ]], + }, + }, + { + Action: ['codebuild:CreateReportGroup', 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases', 'codebuild:BatchPutCodeCoverages'], + Effect: 'Allow', + Resource: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:codebuild:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:report-group/*`, + ]], + }, + }, + { + Action: ['codebuild:BatchGetBuilds', 'codebuild:StartBuild', 'codebuild:StopBuild'], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Resource: unsingleton(assumeRolePattern.map(arn => { return { 'Fn::Sub': arn }; })), + }, + { + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Effect: 'Allow', + Resource: [ + { 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, + { 'Fn::Join': ['', [{ 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, '/*']] }, + ], + }, + { + Action: ['kms:Decrypt', 'kms:DescribeKey'], + Effect: 'Allow', + Resource: { 'Fn::GetAtt': ['CdkPipelineArtifactsBucketEncryptionKeyDDD3258C', 'Arn'] }, + }], + }, + Roles: [{ Ref: attachedRole }], + }; +} + beforeEach(() => { app = new TestApp(); pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); @@ -26,550 +81,170 @@ afterEach(() => { }); describe('basic pipeline', () => { - behavior('no assets stage if the application has no assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new PlainStackApp(app, 'App')); - THEN_codePipelineExpectation(); - }); + test('no assets stage if the application has no assets', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new PlainStackApp(app, 'App')); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new PlainStackApp(app, 'App')); - - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.not(Match.arrayWith([Match.objectLike({ + Name: 'Assets', + })])), }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.not(Match.arrayWith([Match.objectLike({ - Name: 'Assets', - })])), - }); - } }); - describe('asset stage placement', () => { - behavior('assets stage comes before any user-defined stages', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: 'Assets' }), - Match.objectLike({ Name: 'App' }), - ], - }); - } - }); - - behavior('up to 50 assets fit in a single stage', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new MegaAssetsApp(app, 'App', { numAssets: 50 })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 50 })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: 'Assets' }), - Match.objectLike({ Name: 'App' }), - ], - }); - } - }); - - behavior('51 assets triggers a second stage', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new MegaAssetsApp(app, 'App', { numAssets: 51 })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 51 })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: stringLike('Assets*') }), - Match.objectLike({ Name: stringLike('Assets*2') }), - Match.objectLike({ Name: 'App' }), - ], - }); - } - }); - - behavior('101 assets triggers a third stage', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new MegaAssetsApp(app, 'App', { numAssets: 101 })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 101 })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - Match.objectLike({ Name: stringLike('Assets*') }), // 'Assets' vs 'Assets.1' - Match.objectLike({ Name: stringLike('Assets*2') }), - Match.objectLike({ Name: stringLike('Assets*3') }), - Match.objectLike({ Name: 'App' }), - ], - }); - } + test('assets stage comes before any user-defined stages', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new FileAssetApp(app, 'App')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: 'Assets' }), + Match.objectLike({ Name: 'App' }), + ], }); }); - behavior('command line properly locates assets in subassembly', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); + test('up to 50 assets fit in a single stage', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 50 })); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: 'Assets' }), + Match.objectLike({ Name: 'App' }), + ], }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith([`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`]), - }, - }, - })), - }, - }); - } }); - behavior('multiple assets are published in parallel', (suite) => { - suite.legacy(() => { + describe('asset stage placement', () => { + test('51 assets triggers a second stage', () => { // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 51 })); - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - Match.objectLike({ RunOrder: 1 }), - Match.objectLike({ RunOrder: 1 }), - ], - }]), + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: stringLike('Assets*') }), + Match.objectLike({ Name: stringLike('Assets*2') }), + Match.objectLike({ Name: 'App' }), + ], }); - } - }); - - behavior('assets are also published when using the lower-level addStackArtifactDeployment', (suite) => { - suite.legacy(() => { - // GIVEN - const asm = new FileAssetApp(app, 'FileAssetApp').synth(); + }, + ); - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage('SomeStage').addStackArtifactDeployment(asm.getStackByName('FileAssetApp-Stack')); + test('101 assets triggers a third stage', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new MegaAssetsApp(app, 'App', { numAssets: 101 })); - // THEN Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - Match.objectLike({ - Name: 'FileAsset1', - RunOrder: 1, - }), - ], - }]), + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + Match.objectLike({ Name: stringLike('Assets*') }), // 'Assets' vs 'Assets.1' + Match.objectLike({ Name: stringLike('Assets*2') }), + Match.objectLike({ Name: stringLike('Assets*3') }), + Match.objectLike({ Name: 'App' }), + ], }); - }); - - // This function does not exist in the modern API - suite.doesNotApply.modern(); + }, + ); }); - behavior('file image asset publishers do not use privilegedmode', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); + test('command line properly locates assets in subassembly', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith([stringLike('cdk-assets *')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: Match.arrayWith([`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`]), }, - })), - }, - Environment: Match.objectLike({ - PrivilegedMode: false, - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }), - }); - } - }); - - behavior('docker image asset publishers use privilegedmode', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); + }, + })), + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith([stringLike('cdk-assets *')]), - }, - }, - })), - }, - Environment: Match.objectLike({ - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - PrivilegedMode: true, - }), - }); - } }); - behavior('can control fix/CLI version used in asset publishing', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - cdkCliVersion: '1.2.3', - }); - pipeline.addApplicationStage(new FileAssetApp(pipelineStack, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - cliVersion: '1.2.3', - }); - pipeline.addStage(new FileAssetApp(pipelineStack, 'FileAssetApp')); + test('multiple assets are published in parallel', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Assets', + Actions: [ + Match.objectLike({ RunOrder: 1 }), + Match.objectLike({ RunOrder: 1 }), + ], + }]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm install -g cdk-assets@1.2.3'], - }, - }, - })), - }, - }); - } }); - describe('asset roles and policies', () => { - behavior('includes file publishing assets role for apps with file assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new FileAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { - AssumeRolePolicyDocument: { - Statement: [ - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Principal: { - Service: 'codebuild.amazonaws.com', - }, - }, - ], - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); - } - }); - - behavior('publishing assets role may assume roles from multiple environments', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - pipeline.addApplicationStage(new FileAssetApp(app, 'App2', { - env: { - account: '0123456789012', - region: 'eu-west-1', - }, - })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - - pipeline.addStage(new FileAssetApp(app, 'App1')); - pipeline.addStage(new FileAssetApp(app, 'App2', { - env: { - account: '0123456789012', - region: 'eu-west-1', - }, - })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy([FILE_PUBLISHING_ROLE, 'arn:${AWS::Partition}:iam::0123456789012:role/cdk-hnb659fds-file-publishing-role-0123456789012-eu-west-1'], - 'CdkAssetsFileRole6BE17A07')); - } - }); - - behavior('publishing assets role de-dupes assumed roles', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - pipeline.addApplicationStage(new FileAssetApp(app, 'App2')); - pipeline.addApplicationStage(new FileAssetApp(app, 'App3')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new FileAssetApp(app, 'App1')); - pipeline.addStage(new FileAssetApp(app, 'App2')); - pipeline.addStage(new FileAssetApp(app, 'App3')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); - } - }); - - behavior('includes image publishing assets role for apps with Docker assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); - }); + test('file image asset publishers do not use privilegedmode', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { - AssumeRolePolicyDocument: { - Statement: [ - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Principal: { - Service: 'codebuild.amazonaws.com', - }, - }, - ], + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: Match.arrayWith([stringLike('cdk-assets *')]), + }, }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); - } - }); - - behavior('includes both roles for apps with both file and Docker assets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new FileAssetApp(app, 'App1')); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App2')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - // Expectation expects to see KMS key policy permissions - crossAccountKeys: true, - }); - pipeline.addStage(new FileAssetApp(app, 'App1')); - pipeline.addStage(new DockerAssetApp(app, 'App2')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', - expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); - } + })), + }, + Environment: Match.objectLike({ + PrivilegedMode: false, + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }), }); }); -}); -behavior('can supply pre-install scripts to asset upload', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - assetPreInstallCommands: [ - 'npm config set registry https://registry.com', - ], - }); - pipeline.addApplicationStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); + test('docker image asset publishers use privilegedmode', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - assetPublishingCodeBuildDefaults: { - partialBuildSpec: cb.BuildSpec.fromObject({ - version: '0.2', + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ phases: { - install: { - commands: [ - 'npm config set registry https://registry.com', - ], + build: { + commands: Match.arrayWith([stringLike('cdk-assets *')]), }, }, - }), + })), }, + Environment: Match.objectLike({ + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + PrivilegedMode: true, + }), }); - pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); }); - function THEN_codePipelineExpectation() { + test('can control fix/CLI version used in asset publishing', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + cliVersion: '1.2.3', + }); + pipeline.addStage(new FileAssetApp(pipelineStack, 'FileAssetApp')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, @@ -578,379 +253,297 @@ behavior('can supply pre-install scripts to asset upload', (suite) => { BuildSpec: Match.serializedJson(Match.objectLike({ phases: { install: { - commands: ['npm config set registry https://registry.com', 'npm install -g cdk-assets@2'], + commands: ['npm install -g cdk-assets@1.2.3'], }, }, - })), - }, - }); - } -}); - -describe('pipeline with VPC', () => { - let vpc: ec2.Vpc; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'Vpc'); - }); - - behavior('asset CodeBuild Project uses VPC subnets', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - vpc, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - VpcConfig: Match.objectLike({ - SecurityGroupIds: [ - { 'Fn::GetAtt': ['CdkAssetsDockerAsset1SecurityGroup078F5C66', 'GroupId'] }, - ], - Subnets: [ - { Ref: 'VpcPrivateSubnet1Subnet536B997A' }, - { Ref: 'VpcPrivateSubnet2Subnet3788AAA1' }, - { Ref: 'VpcPrivateSubnet3SubnetF258B56E' }, - ], - VpcId: { Ref: 'Vpc8378EB38' }, - }), - }); - } - }); - - behavior('Pipeline-generated CodeBuild Projects have appropriate execution role permissions', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - vpc, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - THEN_codePipelineExpectation(); + })), + }, }); - - function THEN_codePipelineExpectation() { - // Assets Project - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - Roles: [ - { Ref: 'CdkAssetsDockerRole484B6DD3' }, - ], - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), - Effect: 'Allow', - Resource: '*', - }]), - }, - }); - } }); - behavior('Asset publishing CodeBuild Projects have correct VPC permissions', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - vpc, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'DockerAssetApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { + describe('asset roles and policies', () => { + test('includes file publishing assets role for apps with file assets', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - THEN_codePipelineExpectation(); - }); + pipeline.addStage(new FileAssetApp(app, 'App1')); - function THEN_codePipelineExpectation() { - // Assets Project - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { Statement: [ - Match.objectLike({ - Resource: '*', - Action: [ - 'ec2:CreateNetworkInterface', - 'ec2:DescribeNetworkInterfaces', - 'ec2:DeleteNetworkInterface', - 'ec2:DescribeSubnets', - 'ec2:DescribeSecurityGroups', - 'ec2:DescribeDhcpOptions', - 'ec2:DescribeVpcs', - ], - }), + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codebuild.amazonaws.com', + }, + }, ], }, - Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], }); - Template.fromStack(pipelineStack).hasResource('AWS::CodeBuild::Project', { - Properties: { - ServiceRole: { 'Fn::GetAtt': ['CdkAssetsDockerRole484B6DD3', 'Arn'] }, - }, - DependsOn: [ - 'CdkAssetsDockerAsset1PolicyDocument8DA96A22', - ], - }); - } - }); -}); - -describe('pipeline with single asset publisher', () => { - behavior('multiple assets are using the same job in singlePublisherMode', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - singlePublisherPerType: true, - }); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); + }, + ); - suite.modern(() => { + test('publishing assets role may assume roles from multiple environments', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - publishAssetsInParallel: false, + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - THEN_codePipelineExpectation(); - }); - function THEN_codePipelineExpectation() { - // THEN - const buildSpecName = new Capture(stringLike('buildspec-*.yaml')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - // Only one file asset action - Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), - ], - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: buildSpecName, + pipeline.addStage(new FileAssetApp(app, 'App1')); + pipeline.addStage(new FileAssetApp(app, 'App2', { + env: { + account: '0123456789012', + region: 'eu-west-1', }, - }); - const assembly = synthesize(pipelineStack); - - const actualFileName = buildSpecName.asString(); + })); - const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, actualFileName), { encoding: 'utf-8' })); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); - } - }); - - behavior('other pipeline writes to separate assets build spec file', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - singlePublisherPerType: true, - }); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy([FILE_PUBLISHING_ROLE, 'arn:${AWS::Partition}:iam::0123456789012:role/cdk-hnb659fds-file-publishing-role-0123456789012-eu-west-1'], + 'CdkAssetsFileRole6BE17A07')); + }, + ); - const pipelineStack2 = new Stack(app, 'PipelineStack2', { env: PIPELINE_ENV }); - const otherPipeline = new LegacyTestGitHubNpmPipeline(pipelineStack2, 'Cdk', { - singlePublisherPerType: true, + test('publishing assets role de-dupes assumed roles', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - otherPipeline.addApplicationStage(new TwoFileAssetsApp(app, 'OtherFileAssetApp')); + pipeline.addStage(new FileAssetApp(app, 'App1')); + pipeline.addStage(new FileAssetApp(app, 'App2')); + pipeline.addStage(new FileAssetApp(app, 'App3')); - THEN_codePipelineExpectation(pipelineStack2); - }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); + }, + ); - suite.modern(() => { + test('includes image publishing assets role for apps with Docker assets', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - publishAssetsInParallel: false, - }); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - - const pipelineStack2 = new Stack(app, 'PipelineStack2', { env: PIPELINE_ENV }); - const otherPipeline = new ModernTestGitHubNpmPipeline(pipelineStack2, 'Cdk', { - publishAssetsInParallel: false, + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); - otherPipeline.addStage(new TwoFileAssetsApp(app, 'OtherFileAssetApp')); - - THEN_codePipelineExpectation(pipelineStack2); - }); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - function THEN_codePipelineExpectation(pipelineStack2: Stack) { - // THEN - const buildSpecName1 = new Capture(stringLike('buildspec-*.yaml')); - const buildSpecName2 = new Capture(stringLike('buildspec-*.yaml')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: buildSpecName1, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'codebuild.amazonaws.com', + }, + }, + ], }, }); - Template.fromStack(pipelineStack2).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: buildSpecName2, - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); + }, + ); + + test('includes both roles for apps with both file and Docker assets', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + // Expectation expects to see KMS key policy permissions + crossAccountKeys: true, }); + pipeline.addStage(new FileAssetApp(app, 'App1')); + pipeline.addStage(new DockerAssetApp(app, 'App2')); - expect(buildSpecName1.asString()).not.toEqual(buildSpecName2.asString()); - } + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(FILE_PUBLISHING_ROLE, 'CdkAssetsFileRole6BE17A07')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', + expectedAssetRolePolicy(IMAGE_PUBLISHING_ROLE, 'CdkAssetsDockerRole484B6DD3')); + }, + ); }); }); -describe('pipeline with custom asset publisher BuildSpec', () => { - - behavior('custom buildspec is merged correctly', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - singlePublisherPerType: true, - assetBuildSpec: cb.BuildSpec.fromObject({ - phases: { - pre_install: { - commands: 'preinstall', - }, +test('can supply pre-install scripts to asset upload', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + assetPublishingCodeBuildDefaults: { + partialBuildSpec: cb.BuildSpec.fromObject({ + version: '0.2', + phases: { + install: { + commands: [ + 'npm config set registry https://registry.com', + ], }, - cache: { - paths: 'node_modules', + }, + }), + }, + }); + pipeline.addStage(new FileAssetApp(app, 'FileAssetApp')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm config set registry https://registry.com', 'npm install -g cdk-assets@2'], }, - }), - }); - pipeline.addApplicationStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + }, + })), + }, + }); +}); + +describe('pipeline with VPC', () => { + let vpc: ec2.Vpc; + beforeEach(() => { + vpc = new ec2.Vpc(pipelineStack, 'Vpc'); + }); - THEN_codePipelineExpectation(); + test('asset CodeBuild Project uses VPC subnets', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, }); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - publishAssetsInParallel: false, - assetPublishingCodeBuildDefaults: { - partialBuildSpec: cb.BuildSpec.fromObject({ - phases: { - pre_install: { - commands: 'preinstall', - }, - }, - cache: { - paths: 'node_modules', - }, - }), - }, - }); - pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: Match.objectLike({ + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkAssetsDockerAsset1SecurityGroup078F5C66', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'VpcPrivateSubnet1Subnet536B997A' }, + { Ref: 'VpcPrivateSubnet2Subnet3788AAA1' }, + { Ref: 'VpcPrivateSubnet3SubnetF258B56E' }, + ], + VpcId: { Ref: 'Vpc8378EB38' }, + }), + }); + }); - THEN_codePipelineExpectation(); + test('Pipeline-generated CodeBuild Projects have appropriate execution role permissions', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, + }); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); + // Assets Project + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkAssetsDockerRole484B6DD3' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, }); + }); - function THEN_codePipelineExpectation() { - const buildSpecName = new Capture(stringLike('buildspec-*')); + test('Asset publishing CodeBuild Projects have correct VPC permissions', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, + }); + pipeline.addStage(new DockerAssetApp(app, 'DockerAssetApp')); + // Assets Project + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + Match.objectLike({ + Resource: '*', + Action: [ + 'ec2:CreateNetworkInterface', + 'ec2:DescribeNetworkInterfaces', + 'ec2:DeleteNetworkInterface', + 'ec2:DescribeSubnets', + 'ec2:DescribeSecurityGroups', + 'ec2:DescribeDhcpOptions', + 'ec2:DescribeVpcs', + ], + }), + ], + }, + Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], + }); + Template.fromStack(pipelineStack).hasResource('AWS::CodeBuild::Project', { + Properties: { + ServiceRole: { 'Fn::GetAtt': ['CdkAssetsDockerRole484B6DD3', 'Arn'] }, + }, + DependsOn: [ + 'CdkAssetsDockerAsset1PolicyDocument8DA96A22', + ], + }); + }); +}); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Assets', - Actions: [ - // Only one file asset action - Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), - ], - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: buildSpecName, +test('adding environment variable to assets job adds SecretsManager permissions', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + assetPublishingCodeBuildDefaults: { + buildEnvironment: { + environmentVariables: { + FOOBAR: { + value: 'FoobarSecret', + type: cb.BuildEnvironmentVariableType.SECRETS_MANAGER, + }, }, - }); - const assembly = synthesize(pipelineStack); - const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, buildSpecName.asString())).toString()); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); - expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); - expect(buildSpec.phases.pre_install.commands).toContain('preinstall'); - expect(buildSpec.cache.paths).toContain('node_modules'); - } + }, + }, + }); + pipeline.addStage(new FileAssetApp(pipelineStack, 'MyApp')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + Match.objectLike({ + Action: 'secretsmanager:GetSecretValue', + Effect: 'Allow', + Resource: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':secretsmanager:us-pipeline:123pipeline:secret:FoobarSecret-??????', + ]], + }, + }), + ]), + }, }); }); -function expectedAssetRolePolicy(assumeRolePattern: string | string[], attachedRole: string) { - if (typeof assumeRolePattern === 'string') { assumeRolePattern = [assumeRolePattern]; } +describe('pipeline with single asset publisher', () => { + test('other pipeline writes to separate assets build spec file', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + publishAssetsInParallel: false, + }); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - return { - PolicyDocument: { - Statement: [{ - Action: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'], - Effect: 'Allow', - Resource: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - `:logs:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:log-group:/aws/codebuild/*`, - ]], - }, - }, - { - Action: ['codebuild:CreateReportGroup', 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases', 'codebuild:BatchPutCodeCoverages'], - Effect: 'Allow', - Resource: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - `:codebuild:${PIPELINE_ENV.region}:${PIPELINE_ENV.account}:report-group/*`, - ]], - }, - }, - { - Action: ['codebuild:BatchGetBuilds', 'codebuild:StartBuild', 'codebuild:StopBuild'], - Effect: 'Allow', - Resource: '*', - }, - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Resource: unsingleton(assumeRolePattern.map(arn => { return { 'Fn::Sub': arn }; })), + const pipelineStack2 = new Stack(app, 'PipelineStack2', { env: PIPELINE_ENV }); + const otherPipeline = new ModernTestGitHubNpmPipeline(pipelineStack2, 'Cdk-2', { + publishAssetsInParallel: false, + }); + otherPipeline.addStage(new TwoFileAssetsApp(app, 'OtherFileAssetApp')); + // THEN + const buildSpecName1 = new Capture(stringLike('buildspec-*.yaml')); + const buildSpecName2 = new Capture(stringLike('buildspec-*.yaml')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: buildSpecName1, }, - { - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Effect: 'Allow', - Resource: [ - { 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, - { 'Fn::Join': ['', [{ 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, '/*']] }, - ], + }); + Template.fromStack(pipelineStack2).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: buildSpecName2, }, - { - Action: ['kms:Decrypt', 'kms:DescribeKey'], - Effect: 'Allow', - Resource: { 'Fn::GetAtt': ['CdkPipelineArtifactsBucketEncryptionKeyDDD3258C', 'Arn'] }, - }], - }, - Roles: [{ Ref: attachedRole }], - }; -} + }); -behavior('necessary secrets manager permissions get added to asset roles', suite => { - // Not possible to configure this for legacy pipelines - suite.doesNotApply.legacy(); + expect(buildSpecName1.asString()).not.toEqual(buildSpecName2.asString()); + }); - suite.modern(() => { + test('necessary secrets manager permissions get added to asset roles', () => { const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { assetPublishingCodeBuildDefaults: { buildEnvironment: { @@ -965,10 +558,6 @@ behavior('necessary secrets manager permissions get added to asset roles', suite }); pipeline.addStage(new FileAssetApp(pipelineStack, 'MyApp')); - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { Statement: Match.arrayWith([{ @@ -990,50 +579,94 @@ behavior('necessary secrets manager permissions get added to asset roles', suite { Ref: 'PipelineAssetsFileRole59943A77' }, ], }); - } -}); + }); + + test('multiple assets are using the same job in singlePublisherMode', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + publishAssetsInParallel: false, + }); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); + + // THEN + const buildSpecName = new Capture(stringLike('buildspec-*.yaml')); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Assets', + Actions: [ + // Only one file asset action + Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), + ], + }]), + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: buildSpecName, + }, + }); + const assembly = synthesize(pipelineStack); -behavior('adding environment variable to assets job adds SecretsManager permissions', suite => { - // No way to manipulate buildEnvironment in legacy API - suite.doesNotApply.legacy(); + const actualFileName = buildSpecName.asString(); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, actualFileName), { encoding: 'utf-8' })); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); + }); +}); + +describe('pipeline with custom asset publisher BuildSpec', () => { + test('custom buildspec is merged correctly', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + publishAssetsInParallel: false, assetPublishingCodeBuildDefaults: { - buildEnvironment: { - environmentVariables: { - FOOBAR: { - value: 'FoobarSecret', - type: cb.BuildEnvironmentVariableType.SECRETS_MANAGER, + partialBuildSpec: cb.BuildSpec.fromObject({ + phases: { + pre_install: { + commands: 'preinstall', }, }, - }, + cache: { + paths: 'node_modules', + }, + }), }, }); - pipeline.addStage(new FileAssetApp(pipelineStack, 'MyApp')); + pipeline.addStage(new TwoFileAssetsApp(app, 'FileAssetApp')); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([ - Match.objectLike({ - Action: 'secretsmanager:GetSecretValue', - Effect: 'Allow', - Resource: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':secretsmanager:us-pipeline:123pipeline:secret:FoobarSecret-??????', - ]], - }, - }), - ]), + const buildSpecName = new Capture(stringLike('buildspec-*')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Assets', + Actions: [ + // Only one file asset action + Match.objectLike({ RunOrder: 1, Name: 'FileAsset' }), + ], + }]), + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: buildSpecName, }, }); + + const assembly = synthesize(pipelineStack); + const buildSpec = JSON.parse(fs.readFileSync(path.join(assembly.directory, buildSpecName.asString())).toString()); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH}:current_account-current_region"`); + expect(buildSpec.phases.build.commands).toContain(`cdk-assets --path "assembly-FileAssetApp/FileAssetAppStackEADD68C5.assets.json" --verbose publish "${FILE_ASSET_SOURCE_HASH2}:current_account-current_region"`); + expect(buildSpec.phases.pre_install.commands).toContain('preinstall'); + expect(buildSpec.cache.paths).toContain('node_modules'); }); }); function synthesize(stack: Stack) { - const root = stack.node.root; + const root = Stage.of(stack); if (!Stage.isStage(root)) { throw new Error('unexpected: all stacks must be part of a Stage'); } diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts index 75d58084dadfb..8ca4d83650a8f 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/basic-behavior.test.ts @@ -4,7 +4,7 @@ import * as path from 'path'; import { Construct } from 'constructs'; import { Capture, Match, Template } from '../../../assertions'; import { Stack, Stage, StageProps, Tags } from '../../../core'; -import { behavior, LegacyTestGitHubNpmPipeline, OneStackApp, BucketStack, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; +import { OneStackApp, BucketStack, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -18,204 +18,132 @@ afterEach(() => { app.cleanup(); }); -behavior('stack templates in nested assemblies are correctly addressed', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'App', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: stringLike('*Prepare'), - InputArtifacts: [Match.objectLike({})], - Configuration: Match.objectLike({ - StackName: 'App-Stack', - TemplatePath: stringLike('*::assembly-App/*.template.json'), - }), +test('stack templates in nested assemblies are correctly addressed', () => { + + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackApp(app, 'App')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'App', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: stringLike('*Prepare'), + InputArtifacts: [Match.objectLike({})], + Configuration: Match.objectLike({ + StackName: 'App-Stack', + TemplatePath: stringLike('*::assembly-App/*.template.json'), }), - ]), - }]), - }); - } + }), + ]), + }]), + }); }); -behavior('obvious error is thrown when stage contains no stacks', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - - // WHEN - expect(() => { - pipeline.addApplicationStage(new Stage(app, 'EmptyStage')); - }).toThrow(/should contain at least one Stack/); - }); +test('obvious error is thrown when stage contains no stacks', () => { - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - // WHEN - expect(() => { - pipeline.addStage(new Stage(app, 'EmptyStage')); - }).toThrow(/should contain at least one Stack/); - }); + // WHEN + expect(() => { + pipeline.addStage(new Stage(app, 'EmptyStage')); + }).toThrow(/should contain at least one Stack/); }); -behavior('overridden stack names are respected', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackAppWithCustomName(app, 'App1')); - pipeline.addApplicationStage(new OneStackAppWithCustomName(app, 'App2')); - - THEN_codePipelineExpectation(); - }); +test('overridden stack names are respected', () => { - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackAppWithCustomName(app, 'App1')); - pipeline.addStage(new OneStackAppWithCustomName(app, 'App2')); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackAppWithCustomName(app, 'App1')); + pipeline.addStage(new OneStackAppWithCustomName(app, 'App2')); - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'App1', + Actions: Match.arrayWith([Match.objectLike({ + Name: stringLike('*Prepare'), + Configuration: Match.objectLike({ + StackName: 'MyFancyStack', + }), + })]), + }, + { + Name: 'App2', + Actions: Match.arrayWith([Match.objectLike({ + Name: stringLike('*Prepare'), + Configuration: Match.objectLike({ + StackName: 'MyFancyStack', + }), + })]), + }, + ]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'App1', - Actions: Match.arrayWith([Match.objectLike({ - Name: stringLike('*Prepare'), - Configuration: Match.objectLike({ - StackName: 'MyFancyStack', - }), - })]), - }, - { - Name: 'App2', - Actions: Match.arrayWith([Match.objectLike({ - Name: stringLike('*Prepare'), - Configuration: Match.objectLike({ - StackName: 'MyFancyStack', - }), - })]), - }, - ]), - }); - } }); -behavior('changing CLI version leads to a different pipeline structure (restarting it)', (suite) => { - suite.legacy(() => { - // GIVEN - const stack2 = new Stack(app, 'Stack2', { env: PIPELINE_ENV }); - const stack3 = new Stack(app, 'Stack3', { env: PIPELINE_ENV }); +test('changing CLI version leads to a different pipeline structure (restarting it)', () => { - // WHEN - new LegacyTestGitHubNpmPipeline(stack2, 'Cdk', { - cdkCliVersion: '1.2.3', - }); - new LegacyTestGitHubNpmPipeline(stack3, 'Cdk', { - cdkCliVersion: '4.5.6', - }); + // GIVEN + const stack2 = new Stack(app, 'Stack2', { env: PIPELINE_ENV }); + const stack3 = new Stack(app, 'Stack3', { env: PIPELINE_ENV }); - THEN_codePipelineExpectation(stack2, stack3); + // WHEN + new ModernTestGitHubNpmPipeline(stack2, 'Cdk', { + cliVersion: '1.2.3', }); - - suite.modern(() => { - // GIVEN - const stack2 = new Stack(app, 'Stack2', { env: PIPELINE_ENV }); - const stack3 = new Stack(app, 'Stack3', { env: PIPELINE_ENV }); - - // WHEN - new ModernTestGitHubNpmPipeline(stack2, 'Cdk', { - cliVersion: '1.2.3', - }); - new ModernTestGitHubNpmPipeline(stack3, 'Cdk', { - cliVersion: '4.5.6', - }); - - THEN_codePipelineExpectation(stack2, stack3); + new ModernTestGitHubNpmPipeline(stack3, 'Cdk', { + cliVersion: '4.5.6', }); - function THEN_codePipelineExpectation(stack2: Stack, stack3: Stack) { - // THEN - const structure2 = new Capture(); - const structure3 = new Capture(); - - Template.fromStack(stack2).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: structure2, - }); - Template.fromStack(stack3).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: structure3, - }); - - expect(JSON.stringify(structure2.asArray())).not.toEqual(JSON.stringify(structure3.asArray())); - } -}); - -behavior('tags get reflected in pipeline', (suite) => { - suite.legacy(() => { - // WHEN - const stage = new OneStackApp(app, 'App'); - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - Tags.of(stage).add('CostCenter', 'F00B4R'); - pipeline.addApplicationStage(stage); + // THEN + const structure2 = new Capture(); + const structure3 = new Capture(); - THEN_codePipelineExpectation(); + Template.fromStack(stack2).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: structure2, }); - - suite.modern(() => { - // WHEN - const stage = new OneStackApp(app, 'App'); - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - Tags.of(stage).add('CostCenter', 'F00B4R'); - pipeline.addStage(stage); - THEN_codePipelineExpectation(); + Template.fromStack(stack3).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: structure3, }); - function THEN_codePipelineExpectation() { - // THEN - const templateConfig = new Capture(); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'App', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: stringLike('*Prepare'), - InputArtifacts: [Match.objectLike({})], - Configuration: Match.objectLike({ - StackName: 'App-Stack', - TemplateConfiguration: templateConfig, - }), + expect(JSON.stringify(structure2.asArray())).not.toEqual(JSON.stringify(structure3.asArray())); +}); + +test('tags get reflected in pipeline', () => { + + // WHEN + const stage = new OneStackApp(app, 'App'); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + Tags.of(stage).add('CostCenter', 'F00B4R'); + pipeline.addStage(stage); + + // THEN + const templateConfig = new Capture(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'App', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: stringLike('*Prepare'), + InputArtifacts: [Match.objectLike({})], + Configuration: Match.objectLike({ + StackName: 'App-Stack', + TemplateConfiguration: templateConfig, }), - ]), - }]), - }); + }), + ]), + }]), + }); - expect(templateConfig.asString()).toMatch(/::assembly-App\/.*\.template\..*json/); - const [, relConfigFile] = templateConfig.asString().split('::'); - const absConfigFile = path.join(app.outdir, relConfigFile); - const configFile = JSON.parse(fs.readFileSync(absConfigFile, { encoding: 'utf-8' })); - expect(configFile).toEqual(expect.objectContaining({ - Tags: { - CostCenter: 'F00B4R', - }, - })); - } + expect(templateConfig.asString()).toMatch(/::assembly-App\/.*\.template\..*json/); + const [, relConfigFile] = templateConfig.asString().split('::'); + const absConfigFile = path.join(app.outdir, relConfigFile); + const configFile = JSON.parse(fs.readFileSync(absConfigFile, { encoding: 'utf-8' })); + expect(configFile).toEqual(expect.objectContaining({ + Tags: { + CostCenter: 'F00B4R', + }, + })); }); class OneStackAppWithCustomName extends Stage { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts index e0266239dff2d..60f38abc0bd49 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/docker-credentials.test.ts @@ -6,7 +6,7 @@ import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CodeBuildStep } from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, DockerAssetApp, stringLike } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, DockerAssetApp, stringLike } from '../testhelpers'; const secretSynthArn = 'arn:aws:secretsmanager:eu-west-1:0123456789012:secret:synth-012345'; const secretUpdateArn = 'arn:aws:secretsmanager:eu-west-1:0123456789012:secret:update-012345'; @@ -30,248 +30,173 @@ afterEach(() => { app.cleanup(); }); -behavior('synth action receives install commands and access to relevant credentials', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); +test('synth action receives install commands and access to relevant credentials', () => { - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'App1')); + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - THEN_codePipelineExpectation(); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, }); - function THEN_codePipelineExpectation() { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: Match.arrayWith([ - 'mkdir $HOME/.cdk', - `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the Synth project - build: { - commands: Match.arrayWith([stringLike('*cdk*synth*')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir $HOME/.cdk', + `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, + ]), }, - })), - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], - Effect: 'Allow', - Resource: secretSynthArn, - }]), - Version: '2012-10-17', - }, - Roles: [{ Ref: stringLike('Cdk*BuildProjectRole*') }], - }); - } + // Prove we're looking at the Synth project + build: { + commands: Match.arrayWith([stringLike('*cdk*synth*')]), + }, + }, + })), + }, + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: secretSynthArn, + }]), + Version: '2012-10-17', + }, + Roles: [{ Ref: stringLike('Cdk*BuildProjectRole*') }], + }); }); -behavior('synth action receives Windows install commands if a Windows image is detected', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk2', { - npmSynthOptions: { - environment: { - buildImage: cb.WindowsBuildImage.WINDOWS_BASE_2_0, - }, +test('synth action receives Windows install commands if a Windows image is detected', () => { + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk2', { + synth: new CodeBuildStep('Synth', { + commands: ['cdk synth'], + primaryOutputDirectory: 'cdk.out', + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + buildEnvironment: { + buildImage: cb.WindowsBuildImage.WINDOWS_BASE_2_0, + computeType: cb.ComputeType.MEDIUM, }, - }); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); + }), }); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk2', { - synth: new CodeBuildStep('Synth', { - commands: ['cdk synth'], - primaryOutputDirectory: 'cdk.out', - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - buildEnvironment: { - buildImage: cb.WindowsBuildImage.WINDOWS_BASE_2_0, - computeType: cb.ComputeType.MEDIUM, - }, - }), - }); - pipeline.addStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation(); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, }); - function THEN_codePipelineExpectation() { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'synth.example.com': { secretsManagerSecretId: secretSynthArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: 'aws/codebuild/windows-base:2.0' }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: Match.arrayWith([ - 'mkdir %USERPROFILE%\\.cdk', - `echo '${expectedCredsConfig}' > %USERPROFILE%\\.cdk\\cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the Synth project - build: { - commands: Match.arrayWith([stringLike('*cdk*synth*')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: 'aws/codebuild/windows-base:2.0' }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir %USERPROFILE%\\.cdk', + `echo '${expectedCredsConfig}' > %USERPROFILE%\\.cdk\\cdk-docker-creds.json`, + ]), }, - })), - }, - }); - } -}); - -behavior('self-update receives install commands and access to relevant credentials', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation('install'); + // Prove we're looking at the Synth project + build: { + commands: Match.arrayWith([stringLike('*cdk*synth*')]), + }, + }, + })), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'App1')); +test('self-update receives install commands and access to relevant credentials', () => { + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - THEN_codePipelineExpectation('pre_build'); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'selfupdate.example.com': { secretsManagerSecretId: secretUpdateArn } }, }); - function THEN_codePipelineExpectation(expectedPhase: string) { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'selfupdate.example.com': { secretsManagerSecretId: secretUpdateArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [expectedPhase]: { - commands: Match.arrayWith([ - 'mkdir $HOME/.cdk', - `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the SelfMutate project - build: { - commands: Match.arrayWith([ - stringLike('cdk * deploy PipelineStack*'), - ]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir $HOME/.cdk', + `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, + ]), }, - })), - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], - Effect: 'Allow', - Resource: secretUpdateArn, - }]), - Version: '2012-10-17', - }, - Roles: [{ Ref: stringLike('*SelfMutat*Role*') }], - }); - } + // Prove we're looking at the SelfMutate project + build: { + commands: Match.arrayWith([ + stringLike('cdk * deploy PipelineStack*'), + ]), + }, + }, + })), + }, + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: secretUpdateArn, + }]), + Version: '2012-10-17', + }, + Roles: [{ Ref: stringLike('*SelfMutat*Role*') }], + }); }); -behavior('asset publishing receives install commands and access to relevant credentials', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new DockerAssetApp(app, 'App1')); - - THEN_codePipelineExpectation('install'); - }); +test('asset publishing receives install commands and access to relevant credentials', () => { - suite.modern(() => { - const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); - pipeline.addStage(new DockerAssetApp(app, 'App1')); + const pipeline = new ModernPipelineWithCreds(pipelineStack, 'Cdk'); + pipeline.addStage(new DockerAssetApp(app, 'App1')); - THEN_codePipelineExpectation('pre_build'); + const expectedCredsConfig = JSON.stringify({ + version: '1.0', + domainCredentials: { 'publish.example.com': { secretsManagerSecretId: secretPublishArn } }, }); - function THEN_codePipelineExpectation(expectedPhase: string) { - const expectedCredsConfig = JSON.stringify({ - version: '1.0', - domainCredentials: { 'publish.example.com': { secretsManagerSecretId: secretPublishArn } }, - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [expectedPhase]: { - commands: Match.arrayWith([ - 'mkdir $HOME/.cdk', - `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, - ]), - }, - // Prove we're looking at the Publishing project - build: { - commands: Match.arrayWith([stringLike('cdk-assets*')]), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + pre_build: { + commands: Match.arrayWith([ + 'mkdir $HOME/.cdk', + `echo '${expectedCredsConfig}' > $HOME/.cdk/cdk-docker-creds.json`, + ]), }, - })), - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], - Effect: 'Allow', - Resource: secretPublishArn, - }]), - Version: '2012-10-17', - }, - Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], - }); - } + // Prove we're looking at the Publishing project + build: { + commands: Match.arrayWith([stringLike('cdk-assets*')]), + }, + }, + })), + }, + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: secretPublishArn, + }]), + Version: '2012-10-17', + }, + Roles: [{ Ref: 'CdkAssetsDockerRole484B6DD3' }], + }); }); -class LegacyPipelineWithCreds extends LegacyTestGitHubNpmPipeline { - constructor(scope: Construct, id: string, props?: ConstructorParameters[2]) { - super(scope, id, { - dockerCredentials: [ - cdkp.DockerCredential.customRegistry('synth.example.com', secretSynth, { - usages: [cdkp.DockerCredentialUsage.SYNTH], - }), - cdkp.DockerCredential.customRegistry('selfupdate.example.com', secretUpdate, { - usages: [cdkp.DockerCredentialUsage.SELF_UPDATE], - }), - cdkp.DockerCredential.customRegistry('publish.example.com', secretPublish, { - usages: [cdkp.DockerCredentialUsage.ASSET_PUBLISHING], - }), - ], - ...props, - }); - } -} - class ModernPipelineWithCreds extends ModernTestGitHubNpmPipeline { constructor(scope: Construct, id: string, props?: ConstructorParameters[2]) { super(scope, id, { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts index 777ffb83a0d2c..7af68c900ff43 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts @@ -1,7 +1,7 @@ /* eslint-disable import/no-extraneous-dependencies */ import { Match, Template } from '../../../assertions'; import { Stack } from '../../../core'; -import { behavior, LegacyTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; +import { OneStackApp, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, stringLike } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -15,378 +15,387 @@ afterEach(() => { app.cleanup(); }); -behavior('action has right settings for same-env deployment', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'Same')); - - THEN_codePipelineExpection(agnosticRole); - }); - - suite.additional('legacy: even if env is specified but the same as the pipeline', () => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'Same', { - env: PIPELINE_ENV, - })); - - THEN_codePipelineExpection(pipelineEnvRole); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackApp(app, 'Same')); - - THEN_codePipelineExpection(agnosticRole); - }); - - suite.additional('modern: even if env is specified but the same as the pipeline', () => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new OneStackApp(app, 'Same', { - env: PIPELINE_ENV, - })); - - THEN_codePipelineExpection(pipelineEnvRole); - }); - - function THEN_codePipelineExpection(roleArn: (x: string) => any) { - // THEN: pipeline structure is correct - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Same', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), - RoleArn: roleArn('deploy-role'), - Configuration: Match.objectLike({ - StackName: 'Same-Stack', - RoleArn: roleArn('cfn-exec-role'), - }), - }), - Match.objectLike({ - Name: stringLike('*Deploy'), - RoleArn: roleArn('deploy-role'), - Configuration: Match.objectLike({ - StackName: 'Same-Stack', - }), - }), - ], - }]), - }); - - // THEN: artifact bucket can be read by deploy role - Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Principal: { - AWS: roleArn('deploy-role'), +test('action has right settings for same-env deployment', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackApp(app, 'Same')); + + // THEN: pipeline structure is correct + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Same', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-', + { Ref: 'AWS::Region' }, + ]], }, - })]), - }, - }); - } -}); - -behavior('action has right settings for cross-account deployment', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'CrossAccount', { env: { account: 'you' } })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - pipeline.addStage(new OneStackApp(app, 'CrossAccount', { env: { account: 'you' } })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN: Pipelien structure is correct - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'CrossAccount', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), + Configuration: Match.objectLike({ + StackName: 'Same-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-', + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-cfn-exec-role-', + { Ref: 'AWS::AccountId' }, + '-', { Ref: 'AWS::Region' }, ]], }, - Configuration: Match.objectLike({ - StackName: 'CrossAccount-Stack', - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-', - { Ref: 'AWS::Region' }, - ]], - }, - }), }), - Match.objectLike({ - Name: stringLike('*Deploy'), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-', + { Ref: 'AWS::Region' }, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'Same-Stack', + }), + }), + ], + }]), + }); + + // THEN: artifact bucket can be read by deploy role + Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-', + { Ref: 'AWS::Region' }, + ]], + }, + }, + })]), + }, + }); +}); + +test('even if env is specified but the same as the pipeline', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new OneStackApp(app, 'Same', { + env: PIPELINE_ENV, + })); + + // THEN: pipeline structure is correct + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Same', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-deploy-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'Same-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-', - { Ref: 'AWS::Region' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-cfn-exec-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, ]], }, - Configuration: Match.objectLike({ - StackName: 'CrossAccount-Stack', - }), }), - ], - }]), - }); + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-deploy-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'Same-Stack', + }), + }), + ], + }]), + }); + + // THEN: artifact bucket can be read by deploy role + Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-deploy-role-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, + ]], + }, + }, + })]), + }, + }); +}); - // THEN: Artifact bucket can be read by deploy role - Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Principal: { - AWS: { +test('action has right settings for cross-account deployment', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + crossAccountKeys: true, + }); + pipeline.addStage(new OneStackApp(app, 'CrossAccount', { env: { account: 'you' } })); + + // THEN: Pipelien structure is correct + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'CrossAccount', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-', + { Ref: 'AWS::Region' }, + ]], + }, + Configuration: Match.objectLike({ + StackName: 'CrossAccount-Stack', + RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - stringLike('*-deploy-role-*'), + ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-', { Ref: 'AWS::Region' }, ]], }, + }), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-', + { Ref: 'AWS::Region' }, + ]], }, - })]), - }, - }); - } -}); - -behavior('action has right settings for cross-region deployment', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'CrossRegion', { env: { region: 'elsewhere' } })); + Configuration: Match.objectLike({ + StackName: 'CrossAccount-Stack', + }), + }), + ], + }]), + }); - THEN_codePipelineExpectation(); + // THEN: Artifact bucket can be read by deploy role + Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + stringLike('*-deploy-role-*'), + { Ref: 'AWS::Region' }, + ]], + }, + }, + })]), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - pipeline.addStage(new OneStackApp(app, 'CrossRegion', { env: { region: 'elsewhere' } })); +test('action has right settings for cross-region deployment', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + crossAccountKeys: true, }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'CrossRegion', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), + pipeline.addStage(new OneStackApp(app, 'CrossRegion', { env: { region: 'elsewhere' } })); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'CrossRegion', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossRegion-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, ':iam::', { Ref: 'AWS::AccountId' }, - ':role/cdk-hnb659fds-deploy-role-', + ':role/cdk-hnb659fds-cfn-exec-role-', { Ref: 'AWS::AccountId' }, '-elsewhere', ]], }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossRegion-Stack', - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::', - { Ref: 'AWS::AccountId' }, - ':role/cdk-hnb659fds-cfn-exec-role-', - { Ref: 'AWS::AccountId' }, - '-elsewhere', - ]], - }, - }), }), - Match.objectLike({ - Name: stringLike('*Deploy'), - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::', - { Ref: 'AWS::AccountId' }, - ':role/cdk-hnb659fds-deploy-role-', - { Ref: 'AWS::AccountId' }, - '-elsewhere', - ]], - }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossRegion-Stack', - }), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::', + { Ref: 'AWS::AccountId' }, + ':role/cdk-hnb659fds-deploy-role-', + { Ref: 'AWS::AccountId' }, + '-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossRegion-Stack', }), - ], - }]), - }); - } -}); - -behavior('action has right settings for cross-account/cross-region deployment', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'CrossBoth', { - env: { - account: 'you', - region: 'elsewhere', - }, - })); - - THEN_codePipelineExpectations(); + }), + ], + }]), }); +}); - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - crossAccountKeys: true, - }); - pipeline.addStage(new OneStackApp(app, 'CrossBoth', { - env: { - account: 'you', - region: 'elsewhere', - }, - })); - - THEN_codePipelineExpectations(); +test('action has right settings for cross-account/cross-region deployment', () => { + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + crossAccountKeys: true, }); - - function THEN_codePipelineExpectations() { - // THEN: pipeline structure must be correct - const stack = app.stackArtifact(pipelineStack); - expect(stack).toBeDefined(); - Template.fromStack(stack!).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'CrossBoth', - Actions: [ - Match.objectLike({ - Name: stringLike('*Prepare'), + pipeline.addStage(new OneStackApp(app, 'CrossBoth', { + env: { + account: 'you', + region: 'elsewhere', + }, + })); + + // THEN: pipeline structure must be correct + const stack = app.stackArtifact(pipelineStack); + expect(stack).toBeDefined(); + Template.fromStack(stack!).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'CrossBoth', + Actions: [ + Match.objectLike({ + Name: stringLike('*Prepare'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossBoth-Stack', RoleArn: { 'Fn::Join': ['', [ 'arn:', { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', + ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-elsewhere', ]], }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossBoth-Stack', - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-cfn-exec-role-you-elsewhere', - ]], - }, - }), }), - Match.objectLike({ - Name: stringLike('*Deploy'), - RoleArn: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', - ]], - }, - Region: 'elsewhere', - Configuration: Match.objectLike({ - StackName: 'CrossBoth-Stack', - }), + }), + Match.objectLike({ + Name: stringLike('*Deploy'), + RoleArn: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::you:role/cdk-hnb659fds-deploy-role-you-elsewhere', + ]], + }, + Region: 'elsewhere', + Configuration: Match.objectLike({ + StackName: 'CrossBoth-Stack', }), - ], - }]), - }); + }), + ], + }]), + }); - // THEN: artifact bucket can be read by deploy role - const supportStack = app.stackArtifact('PipelineStack-support-elsewhere'); - expect(supportStack).toBeDefined(); - Template.fromStack(supportStack!).hasResourceProperties('AWS::S3::BucketPolicy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: Match.arrayWith(['s3:GetObject*', 's3:GetBucket*', 's3:List*']), - Principal: { - AWS: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - stringLike('*-deploy-role-*'), - ]], - }, + // THEN: artifact bucket can be read by deploy role + const supportStack = app.stackArtifact('PipelineStack-support-elsewhere'); + expect(supportStack).toBeDefined(); + Template.fromStack(supportStack!).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: Match.arrayWith(['s3:GetObject*', 's3:GetBucket*', 's3:List*']), + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + stringLike('*-deploy-role-*'), + ]], }, - })]), - }, - }); + }, + })]), + }, + }); - // And the key to go along with it - Template.fromStack(supportStack!).hasResourceProperties('AWS::KMS::Key', { - KeyPolicy: { - Statement: Match.arrayWith([Match.objectLike({ - Action: Match.arrayWith(['kms:Decrypt', 'kms:DescribeKey']), - Principal: { - AWS: { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - stringLike('*-deploy-role-*'), - ]], - }, + // And the key to go along with it + Template.fromStack(supportStack!).hasResourceProperties('AWS::KMS::Key', { + KeyPolicy: { + Statement: Match.arrayWith([Match.objectLike({ + Action: Match.arrayWith(['kms:Decrypt', 'kms:DescribeKey']), + Principal: { + AWS: { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + stringLike('*-deploy-role-*'), + ]], }, - })]), - }, - }); - } -}); - -function agnosticRole(roleName: string) { - return { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iam::', - { Ref: 'AWS::AccountId' }, - `:role/cdk-hnb659fds-${roleName}-`, - { Ref: 'AWS::AccountId' }, - '-', - { Ref: 'AWS::Region' }, - ]], - }; -} - -function pipelineEnvRole(roleName: string) { - return { - 'Fn::Join': ['', [ - 'arn:', - { Ref: 'AWS::Partition' }, - `:iam::${PIPELINE_ENV.account}:role/cdk-hnb659fds-${roleName}-${PIPELINE_ENV.account}-${PIPELINE_ENV.region}`, - ]], - }; -} \ No newline at end of file + }, + })]), + }, + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts index a6bf349aee638..8130e6d23cf95 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts @@ -1,23 +1,19 @@ -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; import { Match, Template } from '../../../assertions'; import * as cp from '../../../aws-codepipeline'; import * as cpa from '../../../aws-codepipeline-actions'; import { SecretValue, Stack } from '../../../core'; import * as cdkp from '../../lib'; -import { CodePipelineFileSet } from '../../lib'; -import { behavior, FileAssetApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, PIPELINE_ENV, TestApp, TestGitHubAction } from '../testhelpers'; +import { ModernTestGitHubNpmPipeline, PIPELINE_ENV, TestApp } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; let sourceArtifact: cp.Artifact; -let cloudAssemblyArtifact: cp.Artifact; let codePipeline: cp.Pipeline; beforeEach(() => { app = new TestApp(); pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); sourceArtifact = new cp.Artifact(); - cloudAssemblyArtifact = new cp.Artifact(); }); afterEach(() => { @@ -29,247 +25,90 @@ describe('with empty existing CodePipeline', () => { codePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline'); }); - behavior('both actions are required', (suite) => { - suite.legacy(() => { - // WHEN - expect(() => { - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { cloudAssemblyArtifact, codePipeline }); - }).toThrow(/You must pass a 'sourceAction'/); - }); - - // 'synth' is not optional so this doesn't apply - suite.doesNotApply.modern(); - }); + test('can give both actions', () => { - behavior('can give both actions', (suite) => { - suite.legacy(() => { - // WHEN - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { - cloudAssemblyArtifact, - codePipeline, - sourceAction: new TestGitHubAction(sourceArtifact), - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - new cdkp.CodePipeline(pipelineStack, 'Cdk', { - codePipeline, - synth: new cdkp.ShellStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - commands: ['true'], - }), - }); - - THEN_codePipelineExpectation(); + // WHEN + new cdkp.CodePipeline(pipelineStack, 'Cdk', { + codePipeline, + synth: new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + commands: ['true'], + }), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - ], - }); - } - }); -}); - -describe('with custom Source stage in existing Pipeline', () => { - beforeEach(() => { - codePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline', { - stages: [ - { - stageName: 'CustomSource', - actions: [new TestGitHubAction(sourceArtifact)], - }, + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: [ + Match.objectLike({ Name: 'Source' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), ], }); - }); - - behavior('Work with synthAction', (suite) => { - suite.legacy(() => { - // WHEN - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { - codePipeline, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - new cdkp.CodePipeline(pipelineStack, 'Cdk', { - codePipeline, - synth: new cdkp.ShellStep('Synth', { - input: cdkp.CodePipelineFileSet.fromArtifact(sourceArtifact), - commands: ['true'], - }), - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'CustomSource' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - ], - }); - } - }); + }, + ); }); -describeDeprecated('with Source and Build stages in existing Pipeline', () => { +describe('with custom Source stage in existing Pipeline', () => { beforeEach(() => { codePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline', { stages: [ { stageName: 'CustomSource', - actions: [new TestGitHubAction(sourceArtifact)], - }, - { - stageName: 'CustomBuild', - actions: [cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact })], + actions: [new cpa.GitHubSourceAction({ + actionName: 'GitHub', + output: sourceArtifact, + oauthToken: SecretValue.unsafePlainText('$3kr1t'), + owner: 'test', + repo: 'test', + trigger: cpa.GitHubTrigger.POLL, + })], }, ], }); }); - behavior('can supply no actions', (suite) => { - suite.legacy(() => { - // WHEN - new cdkp.CdkPipeline(pipelineStack, 'Cdk', { - codePipeline, - cloudAssemblyArtifact, - }); + test('Work with synthAction', () => { - THEN_codePipelineExpectation(); + new cdkp.CodePipeline(pipelineStack, 'Cdk', { + codePipeline, + synth: new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineFileSet.fromArtifact(sourceArtifact), + commands: ['true'], + }), }); - suite.modern(() => { - new cdkp.CodePipeline(pipelineStack, 'Cdk', { - codePipeline, - synth: cdkp.CodePipelineFileSet.fromArtifact(cloudAssemblyArtifact), - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'CustomSource' }), - Match.objectLike({ Name: 'CustomBuild' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - ], - }); - } - }); -}); - -behavior('can add another action to an existing stage', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.stage('Source').addAction(new cpa.GitHubSourceAction({ - actionName: 'GitHub2', - oauthToken: SecretValue.unsafePlainText('oops'), - output: new cp.Artifact(), - owner: 'OWNER', - repo: 'REPO', - })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.buildPipeline(); - - pipeline.pipeline.stages[0].addAction(new cpa.GitHubSourceAction({ - actionName: 'GitHub2', - oauthToken: SecretValue.unsafePlainText('oops'), - output: new cp.Artifact(), - owner: 'OWNER', - repo: 'REPO', - })); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { + // THEN Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Source', - Actions: [ - Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }) }), - Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }), Name: 'GitHub2' }), - ], - }]), + Stages: [ + Match.objectLike({ Name: 'CustomSource' }), + Match.objectLike({ Name: 'Build' }), + Match.objectLike({ Name: 'UpdatePipeline' }), + ], }); - } + }, + ); }); -behavior('assets stage inserted after existing pipeline actions', (suite) => { - let existingCodePipeline: cp.Pipeline; - beforeEach(() => { - existingCodePipeline = new cp.Pipeline(pipelineStack, 'CodePipeline', { - stages: [ - { - stageName: 'CustomSource', - actions: [new TestGitHubAction(sourceArtifact)], - }, - { - stageName: 'CustomBuild', - actions: [cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact })], - }, +test('can add another action to an existing stage', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.buildPipeline(); + + pipeline.pipeline.stages[0].addAction(new cpa.GitHubSourceAction({ + actionName: 'GitHub2', + oauthToken: SecretValue.unsafePlainText('oops'), + output: new cp.Artifact(), + owner: 'OWNER', + repo: 'REPO', + })); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Source', + Actions: [ + Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }) }), + Match.objectLike({ ActionTypeId: Match.objectLike({ Provider: 'GitHub' }), Name: 'GitHub2' }), ], - }); - }); - - suite.legacy(() => { - const pipeline = new cdkp.CdkPipeline(pipelineStack, 'CdkEmptyPipeline', { - cloudAssemblyArtifact: cloudAssemblyArtifact, - selfMutating: false, - codePipeline: existingCodePipeline, - // No source/build actions - }); - pipeline.addApplicationStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new cdkp.CodePipeline(pipelineStack, 'CdkEmptyPipeline', { - codePipeline: existingCodePipeline, - selfMutation: false, - synth: CodePipelineFileSet.fromArtifact(cloudAssemblyArtifact), - // No source/build actions - }); - pipeline.addStage(new FileAssetApp(app, 'App')); - - THEN_codePipelineExpectation(); + }]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - Match.objectLike({ Name: 'CustomSource' }), - Match.objectLike({ Name: 'CustomBuild' }), - Match.objectLike({ Name: 'Assets' }), - Match.objectLike({ Name: 'App' }), - ], - }); - } }); + diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts index 88138cb2b840f..a6d75ea6cdbd4 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/security-check.test.ts @@ -3,8 +3,7 @@ import { Topic } from '../../../aws-sns'; import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, TestApp, stringLike } from '../testhelpers'; -import { behavior } from '../testhelpers/compliance'; +import { ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, TestApp, stringLike } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -18,417 +17,205 @@ afterEach(() => { app.cleanup(); }); -behavior('security check option generates lambda/codebuild at pipeline scope', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'App'), { confirmBroadeningPermissions: true }); +test('security check option generates lambda/codebuild at pipeline scope', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new OneStackApp(app, 'App'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Check', { + stage, + }), + ], }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new OneStackApp(app, 'App'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Check', { - stage, - }), + const template = Template.fromStack(pipelineStack); + template.resourceCountIs('AWS::Lambda::Function', 1); + template.hasResourceProperties('AWS::Lambda::Function', { + Role: { + 'Fn::GetAtt': [ + stringLike('CdkPipeline*SecurityCheckCDKPipelinesAutoApproveServiceRole*'), + 'Arn', ], - }); - - THEN_codePipelineExpectation(); + }, }); - - function THEN_codePipelineExpectation() { - const template = Template.fromStack(pipelineStack); - template.resourceCountIs('AWS::Lambda::Function', 1); - template.hasResourceProperties('AWS::Lambda::Function', { - Role: { - 'Fn::GetAtt': [ - stringLike('CdkPipeline*SecurityCheckCDKPipelinesAutoApproveServiceRole*'), - 'Arn', - ], + // 1 for github build, 1 for synth stage, and 1 for the application security check + template.resourceCountIs('AWS::CodeBuild::Project', 3); + + // No CodeBuild project has a build image that is not the standard iamge + const projects = template.findResources('AWS::CodeBuild::Project', { + Properties: { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, }, - }); - // 1 for github build, 1 for synth stage, and 1 for the application security check - template.resourceCountIs('AWS::CodeBuild::Project', 3); - - // No CodeBuild project has a build image that is not the standard iamge - const projects = template.findResources('AWS::CodeBuild::Project', { - Properties: { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - }, - }); - expect(Object.keys(projects).length).toEqual(3); - } -}); - -behavior('security check option passes correct environment variables to check project', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(pipelineStack, 'App'), { confirmBroadeningPermissions: true }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new OneStackApp(pipelineStack, 'App'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Check', { - stage, - }), - ], - }); - - THEN_codePipelineExpectation(); + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'App', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: stringLike('*Check'), - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { name: 'STAGE_PATH', type: 'PLAINTEXT', value: 'PipelineSecurityStack/App' }, - { name: 'STAGE_NAME', type: 'PLAINTEXT', value: 'App' }, - { name: 'ACTION_NAME', type: 'PLAINTEXT', value: Match.anyValue() }, - ]), - }), - }), - ]), - }, - ]), - }); - } + expect(Object.keys(projects).length).toEqual(3); }); -behavior('pipeline created with auto approve tags and lambda/codebuild w/ valid permissions', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'App'), { confirmBroadeningPermissions: true }); +test('security check option passes correct environment variables to check project', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new OneStackApp(pipelineStack, 'App'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Check', { + stage, + }), + ], }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new OneStackApp(app, 'App'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Check', { - stage, - }), - ], - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // CodePipeline must be tagged as SECURITY_CHECK=ALLOW_APPROVE - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Tags: [ - { - Key: 'SECURITY_CHECK', - Value: 'ALLOW_APPROVE', - }, - ], - }); - // Lambda Function only has access to pipelines tagged SECURITY_CHECK=ALLOW_APPROVE - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: [ - { - Action: ['codepipeline:GetPipelineState', 'codepipeline:PutApprovalResult'], - Condition: { - StringEquals: { 'aws:ResourceTag/SECURITY_CHECK': 'ALLOW_APPROVE' }, - }, - Effect: 'Allow', - Resource: '*', - }, - ], - }, - }); - // CodeBuild must have access to the stacks and invoking the lambda function - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([ - { - Action: 'sts:AssumeRole', - Condition: { - 'ForAnyValue:StringEquals': { - 'iam:ResourceTag/aws-cdk:bootstrap-role': [ - 'deploy', - ], - }, - }, - Effect: 'Allow', - Resource: '*', - }, - { - Action: 'lambda:InvokeFunction', - Effect: 'Allow', - Resource: [ - { - 'Fn::GetAtt': [ - stringLike('*AutoApprove*'), - 'Arn', - ], - }, - { - 'Fn::Join': [ - '', - [ - { - 'Fn::GetAtt': [ - stringLike('*AutoApprove*'), - 'Arn', - ], - }, - ':*', - ], - ], - }, - ], - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'App', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: stringLike('*Check'), + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { name: 'STAGE_PATH', type: 'PLAINTEXT', value: 'PipelineSecurityStack/App' }, + { name: 'STAGE_NAME', type: 'PLAINTEXT', value: 'App' }, + { name: 'ACTION_NAME', type: 'PLAINTEXT', value: Match.anyValue() }, + ]), + }), + }), ]), }, - }); - } + ]), + }); }); -behavior('confirmBroadeningPermissions option at addApplicationStage runs security check on all apps unless overriden', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const securityStage = pipeline.addApplicationStage(new OneStackApp(app, 'StageSecurityCheckStack'), { confirmBroadeningPermissions: true }); - securityStage.addApplication(new OneStackApp(app, 'AnotherStack')); - securityStage.addApplication(new OneStackApp(app, 'SkipCheckStack'), { confirmBroadeningPermissions: false }); +test('pipeline created with auto approve tags and lambda/codebuild w/ valid permissions', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new OneStackApp(app, 'App'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Check', { + stage, + }), + ], }); - // For the modern API, there is no inheritance - suite.doesNotApply.modern(); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - { - Actions: [Match.objectLike({ Name: 'GitHub', RunOrder: 1 })], - Name: 'Source', - }, - { - Actions: [Match.objectLike({ Name: 'Synth', RunOrder: 1 })], - Name: 'Build', - }, - { - Actions: [Match.objectLike({ Name: 'SelfMutate', RunOrder: 1 })], - Name: 'UpdatePipeline', - }, + // CodePipeline must be tagged as SECURITY_CHECK=ALLOW_APPROVE + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Tags: [ + { + Key: 'SECURITY_CHECK', + Value: 'ALLOW_APPROVE', + }, + ], + }); + // Lambda Function only has access to pipelines tagged SECURITY_CHECK=ALLOW_APPROVE + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ { - Actions: [ - Match.objectLike({ Name: 'StageSecurityCheckStackSecurityCheck', RunOrder: 1 }), - Match.objectLike({ Name: 'StageSecurityCheckStackManualApproval', RunOrder: 2 }), - Match.objectLike({ Name: 'AnotherStackSecurityCheck', RunOrder: 5 }), - Match.objectLike({ Name: 'AnotherStackManualApproval', RunOrder: 6 }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), - Match.objectLike({ Name: 'AnotherStack-Stack.Prepare', RunOrder: 7 }), - Match.objectLike({ Name: 'AnotherStack-Stack.Deploy', RunOrder: 8 }), - Match.objectLike({ Name: 'SkipCheckStack-Stack.Prepare', RunOrder: 9 }), - Match.objectLike({ Name: 'SkipCheckStack-Stack.Deploy', RunOrder: 10 }), - ], - Name: 'StageSecurityCheckStack', + Action: ['codepipeline:GetPipelineState', 'codepipeline:PutApprovalResult'], + Condition: { + StringEquals: { 'aws:ResourceTag/SECURITY_CHECK': 'ALLOW_APPROVE' }, + }, + Effect: 'Allow', + Resource: '*', }, ], - }); - } -}); - -behavior('confirmBroadeningPermissions option at addApplication runs security check only on selected application', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const noSecurityStage = pipeline.addApplicationStage(new OneStackApp(app, 'NoSecurityCheckStack')); - noSecurityStage.addApplication(new OneStackApp(app, 'EnableCheckStack'), { confirmBroadeningPermissions: true }); - - THEN_codePipelineExpectation(); + }, }); - - // For the modern API, there is no inheritance - suite.doesNotApply.modern(); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: [ - { - Actions: [Match.objectLike({ Name: 'GitHub', RunOrder: 1 })], - Name: 'Source', - }, + // CodeBuild must have access to the stacks and invoking the lambda function + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ { - Actions: [Match.objectLike({ Name: 'Synth', RunOrder: 1 })], - Name: 'Build', - }, - { - Actions: [Match.objectLike({ Name: 'SelfMutate', RunOrder: 1 })], - Name: 'UpdatePipeline', + Action: 'sts:AssumeRole', + Condition: { + 'ForAnyValue:StringEquals': { + 'iam:ResourceTag/aws-cdk:bootstrap-role': [ + 'deploy', + ], + }, + }, + Effect: 'Allow', + Resource: '*', }, { - Actions: [ - Match.objectLike({ Name: 'EnableCheckStackSecurityCheck', RunOrder: 3 }), - Match.objectLike({ Name: 'EnableCheckStackManualApproval', RunOrder: 4 }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 1 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 2 }), - Match.objectLike({ Name: 'EnableCheckStack-Stack.Prepare', RunOrder: 5 }), - Match.objectLike({ Name: 'EnableCheckStack-Stack.Deploy', RunOrder: 6 }), + Action: 'lambda:InvokeFunction', + Effect: 'Allow', + Resource: [ + { + 'Fn::GetAtt': [ + stringLike('*AutoApprove*'), + 'Arn', + ], + }, + { + 'Fn::Join': [ + '', + [ + { + 'Fn::GetAtt': [ + stringLike('*AutoApprove*'), + 'Arn', + ], + }, + ':*', + ], + ], + }, ], - Name: 'NoSecurityCheckStack', }, - ], - }); - } -}); - -behavior('confirmBroadeningPermissions and notification topic options generates the right resources', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const topic = new Topic(pipelineStack, 'NotificationTopic'); - pipeline.addApplicationStage(new OneStackApp(app, 'MyStack'), { - confirmBroadeningPermissions: true, - securityNotificationTopic: topic, - }); - - THEN_codePipelineExpectation(); + ]), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const topic = new Topic(pipelineStack, 'NotificationTopic'); - const stage = new OneStackApp(app, 'MyStack'); - pipeline.addStage(stage, { - pre: [ - new cdkp.ConfirmPermissionsBroadening('Approve', { - stage, - notificationTopic: topic, - }), - ], - }); - - THEN_codePipelineExpectation(); +test('confirmBroadeningPermissions and notification topic options generates the right resources', () => { + + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const topic = new Topic(pipelineStack, 'NotificationTopic'); + const stage = new OneStackApp(app, 'MyStack'); + pipeline.addStage(stage, { + pre: [ + new cdkp.ConfirmPermissionsBroadening('Approve', { + stage, + notificationTopic: topic, + }), + ], }); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).resourceCountIs('AWS::SNS::Topic', 1); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'MyStack', - Actions: [ - Match.objectLike({ - Configuration: { - ProjectName: { Ref: stringLike('*SecurityCheck*') }, - EnvironmentVariables: { - 'Fn::Join': ['', [ - stringLike('*'), - { Ref: 'NotificationTopicEB7A0DF1' }, - stringLike('*'), - ]], - }, - }, - Name: stringLike('*Check'), - Namespace: stringLike('*'), - RunOrder: 1, - }), - Match.objectLike({ - Configuration: { - CustomData: stringLike('#{*.MESSAGE}'), - ExternalEntityLink: stringLike('#{*.LINK}'), + Template.fromStack(pipelineStack).resourceCountIs('AWS::SNS::Topic', 1); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'MyStack', + Actions: [ + Match.objectLike({ + Configuration: { + ProjectName: { Ref: stringLike('*SecurityCheck*') }, + EnvironmentVariables: { + 'Fn::Join': ['', [ + stringLike('*'), + { Ref: 'NotificationTopicEB7A0DF1' }, + stringLike('*'), + ]], }, - Name: stringLike('*Approv*'), - RunOrder: 2, - }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), - ], - }, - ]), - }); - } -}); - -behavior('Stages declared outside the pipeline create their own ApplicationSecurityCheck', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const pipelineStage = pipeline.codePipeline.addStage({ - stageName: 'UnattachedStage', - }); - - const unattachedStage = new cdkp.CdkStage(pipelineStack, 'UnattachedStage', { - stageName: 'UnattachedStage', - pipelineStage, - cloudAssemblyArtifact: pipeline.cloudAssemblyArtifact, - host: { - publishAsset: () => undefined, - stackOutputArtifact: () => undefined, + }, + Name: stringLike('*Check'), + Namespace: stringLike('*'), + RunOrder: 1, + }), + Match.objectLike({ + Configuration: { + CustomData: stringLike('#{*.MESSAGE}'), + ExternalEntityLink: stringLike('#{*.LINK}'), + }, + Name: stringLike('*Approv*'), + RunOrder: 2, + }), + Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), + Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), + ], }, - }); - - unattachedStage.addApplication(new OneStackApp(app, 'UnattachedStage'), { - confirmBroadeningPermissions: true, - }); - - THEN_codePipelineExpectation(); + ]), }); - - // Not a valid use of the modern API - suite.doesNotApply.modern(); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).resourceCountIs('AWS::Lambda::Function', 1); - // 1 for github build, 1 for synth stage, and 1 for the application security check - Template.fromStack(pipelineStack).resourceCountIs('AWS::CodeBuild::Project', 3); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Tags: [ - { - Key: 'SECURITY_CHECK', - Value: 'ALLOW_APPROVE', - }, - ], - Stages: [ - Match.objectLike({ Name: 'Source' }), - Match.objectLike({ Name: 'Build' }), - Match.objectLike({ Name: 'UpdatePipeline' }), - { - Actions: [ - Match.objectLike({ - Configuration: { - ProjectName: { Ref: 'UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B' }, - }, - Name: 'UnattachedStageSecurityCheck', - RunOrder: 1, - }), - Match.objectLike({ - Configuration: { - CustomData: '#{UnattachedStageSecurityCheck.MESSAGE}', - ExternalEntityLink: '#{UnattachedStageSecurityCheck.LINK}', - }, - Name: 'UnattachedStageManualApproval', - RunOrder: 2, - }), - Match.objectLike({ Name: 'Stack.Prepare', RunOrder: 3 }), - Match.objectLike({ Name: 'Stack.Deploy', RunOrder: 4 }), - ], - Name: 'UnattachedStage', - }, - ], - }); - } }); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts index 98828dc57eb47..6b62207ba9bc7 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts @@ -4,7 +4,7 @@ import * as cb from '../../../aws-codebuild'; import * as cp from '../../../aws-codepipeline'; import { Stack, Stage } from '../../../core'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, LegacyTestGitHubNpmPipeline, PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -18,288 +18,186 @@ afterEach(() => { app.cleanup(); }); -behavior('CodePipeline has self-mutation stage', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); - }); +test('CodePipeline has self-mutation stage', () => { - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); - }); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'UpdatePipeline', - Actions: [ - Match.objectLike({ - Name: 'SelfMutate', - Configuration: Match.objectLike({ - ProjectName: { Ref: Match.anyValue() }, - }), + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'UpdatePipeline', + Actions: [ + Match.objectLike({ + Name: 'SelfMutate', + Configuration: Match.objectLike({ + ProjectName: { Ref: Match.anyValue() }, }), - ], - }]), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm install -g aws-cdk@2'], - }, - build: { - commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), - }, - }, - })), - Type: 'CODEPIPELINE', - }, - }); - } -}); - -behavior('selfmutation stage correctly identifies nested assembly of pipeline stack', (suite) => { - suite.legacy(() => { - const pipelineStage = new Stage(app, 'PipelineStage'); - const nestedPipelineStack = new Stack(pipelineStage, 'PipelineStack', { env: PIPELINE_ENV }); - new LegacyTestGitHubNpmPipeline(nestedPipelineStack, 'Cdk'); - - THEN_codePipelineExpectation(nestedPipelineStack); - }); - - suite.modern(() => { - const pipelineStage = new Stage(app, 'PipelineStage'); - const nestedPipelineStack = new Stack(pipelineStage, 'PipelineStack', { env: PIPELINE_ENV }); - new ModernTestGitHubNpmPipeline(nestedPipelineStack, 'Cdk'); - - THEN_codePipelineExpectation(nestedPipelineStack); + }), + ], + }]), }); - function THEN_codePipelineExpectation(nestedPipelineStack: Stack) { - Template.fromStack(nestedPipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: Match.arrayWith(['cdk -a assembly-PipelineStage deploy PipelineStage/PipelineStack --require-approval=never --verbose']), - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm install -g aws-cdk@2'], + }, + build: { + commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), }, - })), - }, - }); - } + }, + })), + Type: 'CODEPIPELINE', + }, + }); }); -behavior('selfmutation feature can be turned off', (suite) => { - suite.legacy(() => { - const cloudAssemblyArtifact = new cp.Artifact(); - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - cloudAssemblyArtifact, - selfMutating: false, - }); +test('selfmutation stage correctly identifies nested assembly of pipeline stack', () => { - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - selfMutation: false, - }); + const pipelineStage = new Stage(app, 'PipelineStage'); + const nestedPipelineStack = new Stack(pipelineStage, 'PipelineStack', { env: PIPELINE_ENV }); + new ModernTestGitHubNpmPipeline(nestedPipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); + Template.fromStack(nestedPipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: Match.arrayWith(['cdk -a assembly-PipelineStage deploy PipelineStage/PipelineStack --require-approval=never --verbose']), + }, + }, + })), + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.not(Match.arrayWith([{ - Name: 'UpdatePipeline', - Actions: Match.anyValue(), - }])), - }); - } }); -behavior('can control fix/CLI version used in pipeline selfupdate', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - pipelineName: 'vpipe', - cdkCliVersion: '1.2.3', - }); +test('selfmutation feature can be turned off', () => { - THEN_codePipelineExpectation(); + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + selfMutation: false, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - pipelineName: 'vpipe', - cliVersion: '1.2.3', - }); - - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.not(Match.arrayWith([{ + Name: 'UpdatePipeline', + Actions: Match.anyValue(), + }])), }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Name: 'vpipe-selfupdate', - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm install -g aws-cdk@1.2.3'], - }, - }, - })), - }, - }); - } }); -behavior('Pipeline stack itself can use assets (has implications for selfupdate)', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'PrivilegedPipeline', { - supportDockerAssets: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - PrivilegedMode: true, - }, - }); +test('can control fix/CLI version used in pipeline selfupdate', () => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + pipelineName: 'vpipe', + cliVersion: '1.2.3', }); - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'PrivilegedPipeline', { - dockerEnabledForSelfMutation: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - PrivilegedMode: true, - }, - }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Name: 'vpipe-selfupdate', + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm install -g aws-cdk@1.2.3'], + }, + }, + })), + }, }); }); -behavior('self-update project role uses tagged bootstrap-role permissions', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); +test('Pipeline stack itself can use assets (has implications for selfupdate)', () => { - THEN_codePipelineExpectations(); + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'PrivilegedPipeline', { + dockerEnabledForSelfMutation: true, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectations(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + PrivilegedMode: true, + }, }); +}); - function THEN_codePipelineExpectations() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([ - { - Action: 'sts:AssumeRole', - Effect: 'Allow', - Resource: 'arn:*:iam::123pipeline:role/*', - Condition: { - 'ForAnyValue:StringEquals': { - 'iam:ResourceTag/aws-cdk:bootstrap-role': ['image-publishing', 'file-publishing', 'deploy'], - }, +test('self-update project role uses tagged bootstrap-role permissions', () => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Resource: 'arn:*:iam::123pipeline:role/*', + Condition: { + 'ForAnyValue:StringEquals': { + 'iam:ResourceTag/aws-cdk:bootstrap-role': ['image-publishing', 'file-publishing', 'deploy'], }, }, - { - Action: 'cloudformation:DescribeStacks', - Effect: 'Allow', - Resource: '*', - }, - { - Action: 's3:ListBucket', - Effect: 'Allow', - Resource: '*', - }, - ]), - }, - }); - } + }, + { + Action: 'cloudformation:DescribeStacks', + Effect: 'Allow', + Resource: '*', + }, + { + Action: 's3:ListBucket', + Effect: 'Allow', + Resource: '*', + }, + ]), + }, + }); }); -behavior('self-mutation stage can be customized with BuildSpec', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - selfMutationBuildSpec: cb.BuildSpec.fromObject({ +test('self-mutation stage can be customized with BuildSpec', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + selfMutationCodeBuildDefaults: { + partialBuildSpec: cb.BuildSpec.fromObject({ phases: { install: { - commands: 'npm config set registry example.com', + commands: ['npm config set registry example.com'], }, }, cache: { - paths: 'node_modules', + paths: ['node_modules'], }, }), - }); - - THEN_codePipelineExpectation(); + }, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - selfMutationCodeBuildDefaults: { - partialBuildSpec: cb.BuildSpec.fromObject({ - phases: { - install: { - commands: ['npm config set registry example.com'], - }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + PrivilegedMode: false, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['npm config set registry example.com', 'npm install -g aws-cdk@2'], }, - cache: { - paths: ['node_modules'], + build: { + commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), }, - }), - }, - }); - - THEN_codePipelineExpectation(); + }, + cache: { + paths: ['node_modules'], + }, + })), + Type: 'CODEPIPELINE', + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - PrivilegedMode: false, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: ['npm config set registry example.com', 'npm install -g aws-cdk@2'], - }, - build: { - commands: Match.arrayWith(['cdk -a . deploy PipelineStack --require-approval=never --verbose']), - }, - }, - cache: { - paths: ['node_modules'], - }, - })), - Type: 'CODEPIPELINE', - }, - }); - } }); diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts index 827c2839a6462..489bd2a295289 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/stack-ordering.test.ts @@ -1,6 +1,6 @@ import { Match, Template } from '../../../assertions'; import { App, Stack } from '../../../core'; -import { behavior, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, sortByRunOrder, TestApp, ThreeStackApp, TwoStackApp } from '../testhelpers'; +import { ModernTestGitHubNpmPipeline, PIPELINE_ENV, sortByRunOrder, TestApp, ThreeStackApp, TwoStackApp } from '../testhelpers'; let app: App; let pipelineStack: Stack; @@ -10,169 +10,41 @@ beforeEach(() => { pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); }); -behavior('interdependent stacks are in the right order', (suite) => { - suite.legacy(() => { - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); +test('interdependent stacks are in the right order', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'MyApp')); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyApp', + Actions: sortByRunOrder([ + Match.objectLike({ Name: 'Stack1.Prepare' }), + Match.objectLike({ Name: 'Stack1.Deploy' }), + Match.objectLike({ Name: 'Stack2.Prepare' }), + Match.objectLike({ Name: 'Stack2.Deploy' }), + ]), + }]), }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - ]), - }]), - }); - } }); -behavior('multiple independent stacks go in parallel', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new ThreeStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); +test('multiple independent stacks go in parallel', () => { + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new ThreeStackApp(app, 'MyApp')); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyApp', + Actions: sortByRunOrder([ + // 1 and 2 in parallel + Match.objectLike({ Name: 'Stack1.Prepare' }), + Match.objectLike({ Name: 'Stack2.Prepare' }), + Match.objectLike({ Name: 'Stack1.Deploy' }), + Match.objectLike({ Name: 'Stack2.Deploy' }), + // Then 3 + Match.objectLike({ Name: 'Stack3.Prepare' }), + Match.objectLike({ Name: 'Stack3.Deploy' }), + ]), + }]), }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new ThreeStackApp(app, 'MyApp')); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - // 1 and 2 in parallel - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - // Then 3 - Match.objectLike({ Name: 'Stack3.Prepare' }), - Match.objectLike({ Name: 'Stack3.Deploy' }), - ]), - }]), - }); - } -}); - -behavior('user can request manual change set approvals', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoStackApp(app, 'MyApp'), { - manualApprovals: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'ManualApproval' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'ManualApproval2' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - ]), - }]), - }); - }); - - // No change set approvals in Modern API for now. - suite.doesNotApply.modern(); -}); - -behavior('user can request extra runorder space between prepare and deploy', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new TwoStackApp(app, 'MyApp'), { - extraRunOrderSpace: 1, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ - Name: 'Stack1.Prepare', - RunOrder: 1, - }), - Match.objectLike({ - Name: 'Stack1.Deploy', - RunOrder: 3, - }), - Match.objectLike({ - Name: 'Stack2.Prepare', - RunOrder: 4, - }), - Match.objectLike({ - Name: 'Stack2.Deploy', - RunOrder: 6, - }), - ]), - }]), - }); - }); - - // No change set approvals in Modern API for now. - suite.doesNotApply.modern(); -}); - -behavior('user can request both manual change set approval and extraRunOrderSpace', (suite) => { - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addApplicationStage(new OneStackApp(app, 'MyApp'), { - extraRunOrderSpace: 1, - manualApprovals: true, - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ - Name: 'Stack.Prepare', - RunOrder: 1, - }), - Match.objectLike({ - Name: 'ManualApproval', - RunOrder: 2, - }), - Match.objectLike({ - Name: 'Stack.Deploy', - RunOrder: 4, - }), - ]), - }]), - }); - }); - - // No change set approvals in Modern API for now. - suite.doesNotApply.modern(); }); diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts index 30cbed9db1faf..ce52f6a2df0a8 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts @@ -9,7 +9,7 @@ import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CodeBuildStep } from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { behavior, PIPELINE_ENV, TestApp, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, ModernTestGitHubNpmPipelineProps, OneStackApp } from '../testhelpers'; +import { PIPELINE_ENV, TestApp, ModernTestGitHubNpmPipeline, ModernTestGitHubNpmPipelineProps, OneStackApp } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -19,10 +19,6 @@ let cloudAssemblyArtifact: codepipeline.Artifact; // Must be unique across all test files, but preferably also consistent const OUTDIR = 'testcdk0.out'; -// What phase install commands get rendered to -const LEGACY_INSTALLS = 'pre_build'; -const MODERN_INSTALLS = 'install'; - beforeEach(() => { app = new TestApp({ outdir: OUTDIR }); pipelineStack = new Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); @@ -34,1124 +30,737 @@ afterEach(() => { app.cleanup(); }); -behavior('synth takes arrays of commands', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, - installCommands: ['install1', 'install2'], - buildCommands: ['build1', 'build2'], - testCommands: ['test1', 'test2'], - synthCommand: 'cdk synth', - }), - }); - - THEN_codePipelineExpectation(LEGACY_INSTALLS); - }); - - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['install1', 'install2'], - commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], - }); - - THEN_codePipelineExpectation(MODERN_INSTALLS); - }); - - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: [ - 'install1', - 'install2', - ], - }, - build: { - commands: [ - 'build1', - 'build2', - 'test1', - 'test2', - 'cdk synth', - ], - }, +test('synth takes arrays of commands', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['install1', 'install2'], + commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: [ + 'install1', + 'install2', + ], }, - })), - }, - }); - } + build: { + commands: [ + 'build1', + 'build2', + 'test1', + 'test2', + 'cdk synth', + ], + }, + }, + })), + }, + }); }); -behavior('synth sets artifact base-directory to cdk.out', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - THEN_codePipelineExpectation(); - }); +test('synth sets artifact base-directory to cdk.out', () => { - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + artifacts: { + 'base-directory': 'cdk.out', + }, + })), + }, }); +}); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - artifacts: { - 'base-directory': 'cdk.out', +test('synth supports setting subdirectory', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['cd subdir'], + commands: ['true'], + primaryOutputDirectory: 'subdir/cdk.out', + }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: Match.arrayWith(['cd subdir']), }, - })), - }, - }); - } + }, + artifacts: { + 'base-directory': 'subdir/cdk.out', + }, + })), + }, + }); }); -behavior('synth supports setting subdirectory', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - subdirectory: 'subdir', - }), - }); +test('npm synth sets, or allows setting, UNSAFE_PERM=true', () => { - THEN_codePipelineExpectation(LEGACY_INSTALLS); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + env: { + NPM_CONFIG_UNSAFE_PERM: 'true', + }, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['cd subdir'], - commands: ['true'], - primaryOutputDirectory: 'subdir/cdk.out', - }); - THEN_codePipelineExpectation(MODERN_INSTALLS); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + EnvironmentVariables: [ + { + Name: 'NPM_CONFIG_UNSAFE_PERM', + Type: 'PLAINTEXT', + Value: 'true', + }, + ], + }, }); - - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: Match.arrayWith(['cd subdir']), - }, - }, - artifacts: { - 'base-directory': 'subdir/cdk.out', - }, - })), - }, - }); - } }); -behavior('npm synth sets, or allows setting, UNSAFE_PERM=true', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - }), - }); - - THEN_codePipelineExpectation(); +test('Magic CodePipeline variables passed to synth envvars must be rendered in the action', () => { + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + env: { + VERSION: codepipeline.GlobalVariables.executionId, + }, + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Build', + Actions: [ + Match.objectLike({ + Name: 'Synth', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson(Match.arrayWith([ + { + name: 'VERSION', + type: 'PLAINTEXT', + value: '#{codepipeline.PipelineExecutionId}', + }, + ])), + }), + }), + ], + }]), }); +}); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { +test('CodeBuild: environment variables specified in multiple places are correctly merged', () => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + synth: new CodeBuildStep('Synth', { env: { - NPM_CONFIG_UNSAFE_PERM: 'true', + SOME_ENV_VAR: 'SomeValue', }, - }); - - THEN_codePipelineExpectation(); + installCommands: [ + 'install1', + 'install2', + ], + commands: ['synth'], + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + environmentVariables: { + INNER_VAR: { value: 'InnerValue' }, + }, + privileged: true, + }, + }), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - EnvironmentVariables: [ - { - Name: 'NPM_CONFIG_UNSAFE_PERM', - Type: 'PLAINTEXT', - Value: 'true', + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + EnvironmentVariables: Match.arrayWith([ + { + Name: 'INNER_VAR', + Type: 'PLAINTEXT', + Value: 'InnerValue', + }, + { + Name: 'SOME_ENV_VAR', + Type: 'PLAINTEXT', + Value: 'SomeValue', + }, + ]), + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['install1', 'install2'], }, - ], - }, - }); - } -}); - -behavior('synth assumes a JavaScript project by default (no build, yes synth)', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ sourceArtifact, cloudAssemblyArtifact }), - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: ['npm ci'], - }, - build: { - commands: ['npx cdk synth'], - }, + build: { + commands: ['synth'], }, - })), - }, - }); - }); - - // Modern pipeline does not assume anything anymore - suite.doesNotApply.modern(); -}); - -behavior('Magic CodePipeline variables passed to synth envvars must be rendered in the action', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, - environmentVariables: { - VERSION: { value: codepipeline.GlobalVariables.executionId }, }, - synthCommand: 'synth', - }), - }); - THEN_codePipelineExpectation(); + })), + }, }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-2', { + synth: new cdkp.CodeBuildStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: '.', env: { - VERSION: codepipeline.GlobalVariables.executionId, + SOME_ENV_VAR: 'SomeValue', }, - }); - - THEN_codePipelineExpectation(); + installCommands: [ + 'install1', + 'install2', + ], + commands: ['synth'], + buildEnvironment: { + environmentVariables: { + INNER_VAR: { value: 'InnerValue' }, + }, + privileged: true, + }, + }), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Build', - Actions: [ - Match.objectLike({ - Name: 'Synth', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson(Match.arrayWith([ - { - name: 'VERSION', - type: 'PLAINTEXT', - value: '#{codepipeline.PipelineExecutionId}', - }, - ])), - }), - }), - ], - }]), - }); - } -}); - -behavior('CodeBuild: environment variables specified in multiple places are correctly merged', (suite) => { - // We don't support merging environment variables in this way in the legacy API - suite.doesNotApply.legacy(); - - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new CodeBuildStep('Synth', { - env: { - SOME_ENV_VAR: 'SomeValue', + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + EnvironmentVariables: Match.arrayWith([ + { + Name: 'INNER_VAR', + Type: 'PLAINTEXT', + Value: 'InnerValue', }, - installCommands: [ - 'install1', - 'install2', - ], - commands: ['synth'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, + { + Name: 'SOME_ENV_VAR', + Type: 'PLAINTEXT', + Value: 'SomeValue', + }, + ]), + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['install1', 'install2'], + }, + build: { + commands: ['synth'], }, - privileged: true, }, - }), - }); - THEN_codePipelineExpectation(MODERN_INSTALLS); + })), + }, }); +}); - suite.additional('modern2, using the specific CodeBuild action', () => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: '.', - env: { - SOME_ENV_VAR: 'SomeValue', - }, - installCommands: [ - 'install1', - 'install2', - ], - commands: ['synth'], - buildEnvironment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, +test('install command can be overridden/specified', () => { + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['/bin/true'], + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: ['/bin/true'], }, - privileged: true, }, - }), - }); - THEN_codePipelineExpectation(MODERN_INSTALLS); + })), + }, }); +}); - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: Match.objectLike({ - PrivilegedMode: true, - EnvironmentVariables: Match.arrayWith([ - { - Name: 'INNER_VAR', - Type: 'PLAINTEXT', - Value: 'InnerValue', - }, - { - Name: 'SOME_ENV_VAR', - Type: 'PLAINTEXT', - Value: 'SomeValue', - }, - ]), - }), - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: ['install1', 'install2'], +test('Synth can output additional artifacts', () => { + + // WHEN + const synth = new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + commands: ['cdk synth'], + }); + synth.addOutputDirectory('test'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: synth, + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + artifacts: { + 'secondary-artifacts': { + Synth_Output: { + 'base-directory': 'cdk.out', + 'files': '**/*', }, - build: { - commands: ['synth'], + Synth_test: { + 'base-directory': 'test', + 'files': '**/*', }, }, - })), - }, - }); - } + }, + })), + }, + }); }); -behavior('install command can be overridden/specified', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - installCommand: '/bin/true', - }), - }); +test('Synth can be made to run in a VPC', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); - THEN_codePipelineExpectation(LEGACY_INSTALLS); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + codeBuildDefaults: { vpc }, }); - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['/bin/true'], - }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, + ], + VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + }, + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, + }); +}); - THEN_codePipelineExpectation(MODERN_INSTALLS); +test('Modern, using the synthCodeBuildDefaults', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synthCodeBuildDefaults: { vpc }, }); - function THEN_codePipelineExpectation(installPhase: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - [installPhase]: { - commands: ['/bin/true'], - }, - }, - })), - }, - }); - } + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, + ], + VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + }, + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, + }); }); -behavior('synth can have its test commands set', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - installCommand: '/bin/true', - testCommands: ['echo "Running tests"'], - }), - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - pre_build: { - commands: ['/bin/true'], - }, - build: { - commands: ['echo "Running tests"', 'npx cdk synth'], - }, - }, - })), +test('Modern, using CodeBuildStep', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new CodeBuildStep('Synth', { + commands: ['asdf'], + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + computeType: cbuild.ComputeType.LARGE, }, - }); + }), + codeBuildDefaults: { vpc }, }); - // There are no implicit commands in modern synth - suite.doesNotApply.modern(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, + ], + Subnets: [ + { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, + { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, + ], + VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + }, + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + Roles: [ + { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, + ], + PolicyDocument: { + Statement: Match.arrayWith([{ + Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), + Effect: 'Allow', + Resource: '*', + }]), + }, + }); }); -behavior('Synth can output additional artifacts', (suite) => { - suite.legacy(() => { - // WHEN - const addlArtifact = new codepipeline.Artifact('IntegTest'); - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - additionalArtifacts: [ - { - artifact: addlArtifact, - directory: 'test', - }, - ], - }), - }); +test('Pipeline action contains a hash that changes as the buildspec changes', () => { + const hash1 = modernSynthWithAction(() => ({ commands: ['asdf'] })); - THEN_codePipelineExpectation('CloudAsm', 'IntegTest'); - }); + // To make sure the hash is not just random :) + const hash1prime = modernSynthWithAction(() => ({ commands: ['asdf'] })); - suite.modern(() => { - // WHEN - const synth = new cdkp.ShellStep('Synth', { + const hash2 = modernSynthWithAction(() => ({ + installCommands: ['do install'], + })); + const hash3 = modernSynthWithAction(() => ({ + synth: new CodeBuildStep('Synth', { + commands: ['asdf'], input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - commands: ['cdk synth'], - }); - synth.addOutputDirectory('test'); - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: synth, - }); - - THEN_codePipelineExpectation('Synth_Output', 'Synth_test'); - }); - - function THEN_codePipelineExpectation(asmArtifact: string, testArtifact: string) { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - artifacts: { - 'secondary-artifacts': { - [asmArtifact]: { - 'base-directory': 'cdk.out', - 'files': '**/*', - }, - [testArtifact]: { - 'base-directory': 'test', - 'files': '**/*', - }, - }, - }, - })), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + computeType: cbuild.ComputeType.LARGE, }, - }); - } + }), + })); + + const hash4 = modernSynthWithAction(() => ({ + env: { + xyz: 'SOME-VALUE', + }, + })); + + expect(hash1).toEqual(hash1prime); + + expect(hash1).not.toEqual(hash2); + expect(hash1).not.toEqual(hash3); + expect(hash1).not.toEqual(hash4); + expect(hash2).not.toEqual(hash3); + expect(hash2).not.toEqual(hash4); + expect(hash3).not.toEqual(hash4); }); -behavior('Synth can be made to run in a VPC', (suite) => { - let vpc: ec2.Vpc; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'NpmSynthTestVpc'); +function modernSynthWithAction(cb: () => ModernTestGitHubNpmPipelineProps) { + const _app = new TestApp({ outdir: OUTDIR }); + const _pipelineStack = new Stack(_app, 'PipelineStack', { env: PIPELINE_ENV }); + + new ModernTestGitHubNpmPipeline(_pipelineStack, 'Cdk', cb()); + + return captureProjectConfigHash(_pipelineStack); +} + +function captureProjectConfigHash(_pipelineStack: Stack) { + const theHash = new Capture(); + Template.fromStack(_pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Build', + Actions: [ + Match.objectLike({ + Name: 'Synth', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { + name: '_PROJECT_CONFIG_HASH', + type: 'PLAINTEXT', + value: theHash, + }, + ]), + }), + }), + ], + }]), }); - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - vpc, - sourceArtifact, - cloudAssemblyArtifact, - }), - }); + return theHash.asString(); +} - THEN_codePipelineExpectation(); - }); +test('Synth CodeBuild project role can be granted permissions', () => { + const bucket: s3.IBucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); + // GIVEN + const pipe = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipe.buildPipeline(); - THEN_codePipelineExpectation(); - }); + // WHEN + bucket.grantRead(pipe.synthProject); - suite.additional('Modern, using the synthCodeBuildDefaults', () => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synthCodeBuildDefaults: { vpc }, - }); - - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], + })]), + }, }); +}); - suite.additional('Modern, using CodeBuildStep', () => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new CodeBuildStep('Synth', { - commands: ['asdf'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - computeType: cbuild.ComputeType.LARGE, - }, - }), - codeBuildDefaults: { vpc }, - }); - - THEN_codePipelineExpectation(); - }); +test('Synth can reference an imported ECR repo', () => { - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - VpcConfig: { - SecurityGroupIds: [ - { 'Fn::GetAtt': ['CdkPipelineBuildSynthCdkBuildProjectSecurityGroupEA44D7C2', 'GroupId'] }, - ], - Subnets: [ - { Ref: 'NpmSynthTestVpcPrivateSubnet1Subnet81E3AA56' }, - { Ref: 'NpmSynthTestVpcPrivateSubnet2SubnetC1CA3EF0' }, - { Ref: 'NpmSynthTestVpcPrivateSubnet3SubnetA04163EE' }, - ], - VpcId: { Ref: 'NpmSynthTestVpc5E703F25' }, + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.CodeBuildStep('Synth', { + commands: ['build'], + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: 'cdk.out', + buildEnvironment: { + buildImage: cbuild.LinuxBuildImage.fromEcrRepository( + ecr.Repository.fromRepositoryName(pipelineStack, 'ECRImage', 'my-repo-name'), + ), }, - }); + }), + }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - Roles: [ - { Ref: 'CdkPipelineBuildSynthCdkBuildProjectRole5E173C62' }, - ], - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: Match.arrayWith(['ec2:DescribeSecurityGroups']), - Effect: 'Allow', - Resource: '*', - }]), - }, - }); - } + // THEN -- no exception (necessary for linter) + expect(true).toBeTruthy(); }); -behavior('Pipeline action contains a hash that changes as the buildspec changes', (suite) => { - suite.legacy(() => { - const hash1 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - })); - - // To make sure the hash is not just random :) - const hash1prime = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - })); - - const hash2 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - installCommand: 'do install', - })); - const hash3 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - environment: { - computeType: cbuild.ComputeType.LARGE, - }, - })); - const hash4 = legacySynthWithAction((sa, cxa) => cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact: sa, - cloudAssemblyArtifact: cxa, - environment: { - environmentVariables: { - xyz: { value: 'SOME-VALUE' }, - }, - }, - })); +test('CodeBuild: Can specify additional policy statements', () => { - expect(hash1).toEqual(hash1prime); + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.CodeBuildStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + primaryOutputDirectory: '.', + commands: ['synth'], + rolePolicyStatements: [ + new iam.PolicyStatement({ + actions: ['codeartifact:*', 'sts:GetServiceBearerToken'], + resources: ['arn:my:arn'], + }), + ], + }), + }); - expect(hash1).not.toEqual(hash2); - expect(hash1).not.toEqual(hash3); - expect(hash1).not.toEqual(hash4); - expect(hash2).not.toEqual(hash3); - expect(hash2).not.toEqual(hash4); - expect(hash3).not.toEqual(hash4); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: [ + 'codeartifact:*', + 'sts:GetServiceBearerToken', + ], + Resource: 'arn:my:arn', + })]), + }, }); +}); - suite.modern(() => { - const hash1 = modernSynthWithAction(() => ({ commands: ['asdf'] })); - - // To make sure the hash is not just random :) - const hash1prime = modernSynthWithAction(() => ({ commands: ['asdf'] })); - - const hash2 = modernSynthWithAction(() => ({ - installCommands: ['do install'], - })); - const hash3 = modernSynthWithAction(() => ({ - synth: new CodeBuildStep('Synth', { - commands: ['asdf'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - computeType: cbuild.ComputeType.LARGE, - }, - }), - })); +test('Multiple input sources in side-by-side directories', () => { - const hash4 = modernSynthWithAction(() => ({ - env: { - xyz: 'SOME-VALUE', + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.ShellStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + commands: ['false'], + additionalInputs: { + '../sibling': cdkp.CodePipelineSource.gitHub('foo/bar', 'main'), + 'sub': new cdkp.ShellStep('Prebuild', { + input: cdkp.CodePipelineSource.gitHub('pre/build', 'main'), + commands: ['true'], + primaryOutputDirectory: 'built', + }), }, - })); - - expect(hash1).toEqual(hash1prime); - - expect(hash1).not.toEqual(hash2); - expect(hash1).not.toEqual(hash3); - expect(hash1).not.toEqual(hash4); - expect(hash2).not.toEqual(hash3); - expect(hash2).not.toEqual(hash4); - expect(hash3).not.toEqual(hash4); + }), }); - // eslint-disable-next-line max-len - function legacySynthWithAction(cb: (sourceArtifact: codepipeline.Artifact, cloudAssemblyArtifact: codepipeline.Artifact) => codepipeline.IAction) { - const _app = new TestApp({ outdir: OUTDIR }); - const _pipelineStack = new Stack(_app, 'PipelineStack', { env: PIPELINE_ENV }); - const _sourceArtifact = new codepipeline.Artifact(); - const _cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - - new LegacyTestGitHubNpmPipeline(_pipelineStack, 'Cdk', { - sourceArtifact: _sourceArtifact, - cloudAssemblyArtifact: _cloudAssemblyArtifact, - synthAction: cb(_sourceArtifact, _cloudAssemblyArtifact), - }); - - return captureProjectConfigHash(_pipelineStack); - } - - function modernSynthWithAction(cb: () => ModernTestGitHubNpmPipelineProps) { - const _app = new TestApp({ outdir: OUTDIR }); - const _pipelineStack = new Stack(_app, 'PipelineStack', { env: PIPELINE_ENV }); - - new ModernTestGitHubNpmPipeline(_pipelineStack, 'Cdk', cb()); - - return captureProjectConfigHash(_pipelineStack); - } - - function captureProjectConfigHash(_pipelineStack: Stack) { - const theHash = new Capture(); - Template.fromStack(_pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([ + { + Name: 'Source', + Actions: [ + Match.objectLike({ Configuration: Match.objectLike({ Repo: 'bar' }) }), + Match.objectLike({ Configuration: Match.objectLike({ Repo: 'build' }) }), + Match.objectLike({ Configuration: Match.objectLike({ Repo: 'test' }) }), + ], + }, + { Name: 'Build', Actions: [ + Match.objectLike({ Name: 'Prebuild', RunOrder: 1 }), Match.objectLike({ Name: 'Synth', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { - name: '_PROJECT_CONFIG_HASH', - type: 'PLAINTEXT', - value: theHash, - }, - ]), - }), + RunOrder: 2, + InputArtifacts: [ + // 3 input artifacts + Match.anyValue(), + Match.anyValue(), + Match.anyValue(), + ], }), ], - }]), - }); - - return theHash.asString(); - } -}); - -behavior('Synth CodeBuild project role can be granted permissions', (suite) => { - let bucket: s3.IBucket; - beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); - }); - - suite.legacy(() => { - // GIVEN - const synthAction = cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - }); - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction, - }); - - // WHEN - bucket.grantRead(synthAction); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // GIVEN - const pipe = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipe.buildPipeline(); - - // WHEN - bucket.grantRead(pipe.synthProject); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], - })]), }, - }); - } -}); - -behavior('Synth can reference an imported ECR repo', (suite) => { - // Repro from https://github.com/aws/aws-cdk/issues/10535 - - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - environment: { - buildImage: cbuild.LinuxBuildImage.fromEcrRepository( - ecr.Repository.fromRepositoryName(pipelineStack, 'ECRImage', 'my-repo-name'), - ), - }, - }), - }); - - // THEN -- no exception (necessary for linter) - expect(true).toBeTruthy(); - }); - - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - commands: ['build'], - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: 'cdk.out', - buildEnvironment: { - buildImage: cbuild.LinuxBuildImage.fromEcrRepository( - ecr.Repository.fromRepositoryName(pipelineStack, 'ECRImage', 'my-repo-name'), - ), + ]), + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + install: { + commands: [ + '[ ! -d "../sibling" ] || { echo \'additionalInputs: "../sibling" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_foo_bar_Source" "../sibling"', + '[ ! -d "sub" ] || { echo \'additionalInputs: "sub" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_Prebuild_Output" "sub"', + ], + }, + build: { + commands: [ + 'false', + ], + }, }, - }), - }); - - // THEN -- no exception (necessary for linter) - expect(true).toBeTruthy(); - }); -}); - -behavior('CodeBuild: Can specify additional policy statements', (suite) => { - suite.legacy(() => { - // WHEN - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['codeartifact:*', 'sts:GetServiceBearerToken'], - resources: ['arn:my:arn'], - }), - ], - }), - }); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - primaryOutputDirectory: '.', - commands: ['synth'], - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['codeartifact:*', 'sts:GetServiceBearerToken'], - resources: ['arn:my:arn'], - }), - ], - }), - }); - - THEN_codePipelineExpectation(); + })), + }, }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: [ - 'codeartifact:*', - 'sts:GetServiceBearerToken', - ], - Resource: 'arn:my:arn', - })]), - }, - }); - } }); -behavior('Multiple input sources in side-by-side directories', (suite) => { - // Legacy API does not support this - suite.doesNotApply.legacy(); - - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.ShellStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - commands: ['false'], - additionalInputs: { - '../sibling': cdkp.CodePipelineSource.gitHub('foo/bar', 'main'), - 'sub': new cdkp.ShellStep('Prebuild', { - input: cdkp.CodePipelineSource.gitHub('pre/build', 'main'), - commands: ['true'], - primaryOutputDirectory: 'built', - }), - }, - }), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - { - Name: 'Source', - Actions: [ - Match.objectLike({ Configuration: Match.objectLike({ Repo: 'bar' }) }), - Match.objectLike({ Configuration: Match.objectLike({ Repo: 'build' }) }), - Match.objectLike({ Configuration: Match.objectLike({ Repo: 'test' }) }), - ], - }, - { - Name: 'Build', - Actions: [ - Match.objectLike({ Name: 'Prebuild', RunOrder: 1 }), - Match.objectLike({ - Name: 'Synth', - RunOrder: 2, - InputArtifacts: [ - // 3 input artifacts - Match.anyValue(), - Match.anyValue(), - Match.anyValue(), - ], - }), - ], - }, - ]), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - install: { - commands: [ - '[ ! -d "../sibling" ] || { echo \'additionalInputs: "../sibling" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_foo_bar_Source" "../sibling"', - '[ ! -d "sub" ] || { echo \'additionalInputs: "sub" must not exist yet. If you want to merge multiple artifacts, use a "cp" command.\'; exit 1; } && ln -s -- "$CODEBUILD_SRC_DIR_Prebuild_Output" "sub"', - ], - }, - build: { - commands: [ - 'false', - ], - }, +test('Can easily switch on privileged mode for synth', () => { + + // WHEN + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + dockerEnabledForSynth: true, + commands: ['LookAtMe'], + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'LookAtMe', + ], }, - })), - }, - }); + }, + })), + }, }); }); -behavior('Can easily switch on privileged mode for synth', (suite) => { - // Legacy API does not support this - suite.doesNotApply.legacy(); +test('can provide custom BuildSpec that is merged with generated one', () => { - suite.modern(() => { - // WHEN - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - dockerEnabledForSynth: true, - commands: ['LookAtMe'], - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: Match.objectLike({ - PrivilegedMode: true, - }), - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'LookAtMe', - ], - }, - }, - })), + new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth: new cdkp.CodeBuildStep('Synth', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), + env: { + SOME_ENV_VAR: 'SomeValue', }, - }); - }); -}); - -behavior('can provide custom BuildSpec that is merged with generated one', (suite) => { - suite.legacy(() => { - new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, + buildEnvironment: { environmentVariables: { - SOME_ENV_VAR: { value: 'SomeValue' }, + INNER_VAR: { value: 'InnerValue' }, }, - environment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, + privileged: true, + }, + installCommands: [ + 'install1', + 'install2', + ], + commands: ['synth'], + partialBuildSpec: cbuild.BuildSpec.fromObject({ + env: { + variables: { + FOO: 'bar', }, - privileged: true, }, - installCommands: [ - 'install1', - 'install2', - ], - synthCommand: 'synth', - buildSpec: cbuild.BuildSpec.fromObject({ - env: { - variables: { - FOO: 'bar', - }, + phases: { + pre_build: { + commands: ['installCustom'], }, - phases: { - pre_build: { - commands: 'installCustom', - }, - }, - cache: { - paths: ['node_modules'], - }, - }), + }, + cache: { + paths: ['node_modules'], + }, }), - }); - - THEN_codePipelineExpectation(); + }), }); - suite.modern(() => { - new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth: new cdkp.CodeBuildStep('Synth', { - input: cdkp.CodePipelineSource.gitHub('test/test', 'main'), - env: { - SOME_ENV_VAR: 'SomeValue', + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: Match.objectLike({ + PrivilegedMode: true, + EnvironmentVariables: Match.arrayWith([ + { + Name: 'INNER_VAR', + Type: 'PLAINTEXT', + Value: 'InnerValue', }, - buildEnvironment: { - environmentVariables: { - INNER_VAR: { value: 'InnerValue' }, + ]), + }), + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + env: { + variables: { + FOO: 'bar', }, - privileged: true, }, - installCommands: [ - 'install1', - 'install2', - ], - commands: ['synth'], - partialBuildSpec: cbuild.BuildSpec.fromObject({ - env: { - variables: { - FOO: 'bar', - }, - }, - phases: { - pre_build: { - commands: ['installCustom'], - }, + phases: { + pre_build: { + commands: Match.arrayWith(['installCustom']), }, - cache: { - paths: ['node_modules'], + build: { + commands: ['synth'], }, - }), - }), - }); - - THEN_codePipelineExpectation(); + }, + cache: { + paths: ['node_modules'], + }, + })), + }, }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: Match.objectLike({ - PrivilegedMode: true, - EnvironmentVariables: Match.arrayWith([ - { - Name: 'INNER_VAR', - Type: 'PLAINTEXT', - Value: 'InnerValue', - }, - ]), - }), - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - env: { - variables: { - FOO: 'bar', - }, - }, - phases: { - pre_build: { - commands: Match.arrayWith(['installCustom']), - }, - build: { - commands: ['synth'], - }, - }, - cache: { - paths: ['node_modules'], - }, - })), - }, - }); - } }); -behavior('stacks synthesized for pipeline will be checked during synth', (suite) => { - let stage: OneStackApp; - beforeEach(() => { - stage = new OneStackApp(pipelineStack, 'MyApp'); - }); - - suite.legacy(() => { - // WHEN - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: new cdkp.SimpleSynthAction({ - sourceArtifact, - cloudAssemblyArtifact, - installCommands: ['install1', 'install2'], - buildCommands: ['build1', 'build2'], - testCommands: ['test1', 'test2'], - synthCommand: 'cdk synth', - }), - }); - pipeline.addApplicationStage(stage); - - THEN(); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - installCommands: ['install1', 'install2'], - commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], - }); - pipeline.addStage(stage); +test('stacks synthesized for pipeline will be checked during synth', () => { + let stage: OneStackApp = new OneStackApp(pipelineStack, 'MyApp'); - THEN(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + installCommands: ['install1', 'install2'], + commands: ['build1', 'build2', 'test1', 'test2', 'cdk synth'], }); + pipeline.addStage(stage); - function THEN() { - // All stacks in the ASM have been synthesized with 'validateOnSynth: true' - const asm = stage.synth(); - for (const stack of asm.stacks) { - expect(stack.validateOnSynth).toEqual(true); - } + // All stacks in the ASM have been synthesized with 'validateOnSynth: true' + const asm = stage.synth(); + for (const stack of asm.stacks) { + expect(stack.validateOnSynth).toEqual(true); } }); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts index f1a560fdae911..5af4eb5733394 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts @@ -9,7 +9,7 @@ import { Stack } from '../../../core'; import * as cdkp from '../../lib'; import { CodePipelineSource, ShellStep } from '../../lib'; import { CDKP_DEFAULT_CODEBUILD_IMAGE } from '../../lib/private/default-codebuild-image'; -import { AppWithOutput, behavior, LegacyTestGitHubNpmPipeline, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, sortByRunOrder, StageWithStackOutput, stringNoLongerThan, TestApp, TwoStackApp } from '../testhelpers'; +import { AppWithOutput, ModernTestGitHubNpmPipeline, OneStackApp, PIPELINE_ENV, sortByRunOrder, StageWithStackOutput, stringNoLongerThan, TestApp, TwoStackApp } from '../testhelpers'; let app: TestApp; let pipelineStack: Stack; @@ -23,775 +23,471 @@ afterEach(() => { app.cleanup(); }); -behavior('can add manual approval after app', (suite) => { - // No need to be backwards compatible - suite.doesNotApply.legacy(); +test('can add manual approval after app', () => { - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'MyApp'), { - post: [ - new cdkp.ManualApprovalStep('Approve'), - ], - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stack1.Prepare' }), - Match.objectLike({ Name: 'Stack1.Deploy' }), - Match.objectLike({ Name: 'Stack2.Prepare' }), - Match.objectLike({ Name: 'Stack2.Deploy' }), - Match.objectLike({ Name: 'Approve' }), - ]), - }]), - }); + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'MyApp'), { + post: [ + new cdkp.ManualApprovalStep('Approve'), + ], + }); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyApp', + Actions: sortByRunOrder([ + Match.objectLike({ Name: 'Stack1.Prepare' }), + Match.objectLike({ Name: 'Stack1.Deploy' }), + Match.objectLike({ Name: 'Stack2.Prepare' }), + Match.objectLike({ Name: 'Stack2.Deploy' }), + Match.objectLike({ Name: 'Approve' }), + ]), + }]), }); }); -behavior('can add steps to wave', (suite) => { - // No need to be backwards compatible - suite.doesNotApply.legacy(); +test('can add steps to wave', () => { - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const wave = pipeline.addWave('MyWave', { - post: [ - new cdkp.ManualApprovalStep('Approve'), - ], - }); - wave.addStage(new OneStackApp(pipelineStack, 'Stage1')); - wave.addStage(new OneStackApp(pipelineStack, 'Stage2')); - wave.addStage(new OneStackApp(pipelineStack, 'Stage3')); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyWave', - Actions: sortByRunOrder([ - Match.objectLike({ Name: 'Stage1.Stack.Prepare' }), - Match.objectLike({ Name: 'Stage2.Stack.Prepare' }), - Match.objectLike({ Name: 'Stage3.Stack.Prepare' }), - Match.objectLike({ Name: 'Stage1.Stack.Deploy' }), - Match.objectLike({ Name: 'Stage2.Stack.Deploy' }), - Match.objectLike({ Name: 'Stage3.Stack.Deploy' }), - Match.objectLike({ Name: 'Approve' }), - ]), - }]), - }); + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const wave = pipeline.addWave('MyWave', { + post: [ + new cdkp.ManualApprovalStep('Approve'), + ], + }); + wave.addStage(new OneStackApp(pipelineStack, 'Stage1')); + wave.addStage(new OneStackApp(pipelineStack, 'Stage2')); + wave.addStage(new OneStackApp(pipelineStack, 'Stage3')); + + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'MyWave', + Actions: sortByRunOrder([ + Match.objectLike({ Name: 'Stage1.Stack.Prepare' }), + Match.objectLike({ Name: 'Stage2.Stack.Prepare' }), + Match.objectLike({ Name: 'Stage3.Stack.Prepare' }), + Match.objectLike({ Name: 'Stage1.Stack.Deploy' }), + Match.objectLike({ Name: 'Stage2.Stack.Deploy' }), + Match.objectLike({ Name: 'Stage3.Stack.Deploy' }), + Match.objectLike({ Name: 'Approve' }), + ]), + }]), }); }); -behavior('script validation steps can use stack outputs as environment variables', (suite) => { - suite.legacy(() => { - // GIVEN - const { pipeline } = legacySetup(); - const stage = new StageWithStackOutput(app, 'MyApp'); - - // WHEN - const pipeStage = pipeline.addApplicationStage(stage); - pipeStage.addActions(new cdkp.ShellScriptAction({ - actionName: 'TestOutput', - useOutputs: { - BUCKET_NAME: pipeline.stackOutput(stage.output), - }, - commands: ['echo $BUCKET_NAME'], - })); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'MyApp', - Actions: Match.arrayWith([ - Match.objectLike({ - ActionTypeId: { - Provider: 'CodeBuild', - }, - Configuration: { - ProjectName: Match.anyValue(), - }, - InputArtifacts: [{ Name: Match.anyValue() }], - Name: 'TestOutput', - }), - Match.objectLike({ - Name: 'Stack.Deploy', - OutputArtifacts: [{ Name: Match.anyValue() }], - Configuration: { - OutputFileName: 'outputs.json', - }, - }), - ]), - }]), - }); +test('script validation steps can use stack outputs as environment variables', () => { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'export BUCKET_NAME="$(node -pe \'require(process.env.CODEBUILD_SRC_DIR + "/outputs.json")["BucketName"]\')"', - 'echo $BUCKET_NAME', - ], - }, - }, - })), - Type: 'CODEPIPELINE', - }, - }); - }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const myApp = new AppWithOutput(app, 'Alpha'); - pipeline.addStage(myApp, { - post: [ - new cdkp.ShellStep('Approve', { - commands: ['/bin/true'], - envFromCfnOutputs: { - THE_OUTPUT: myApp.theOutput, - }, - }), - ], - }); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Alpha', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'Stack.Deploy', - Namespace: 'AlphaStack6B3389FA', - }), - Match.objectLike({ - Name: 'Approve', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { name: 'THE_OUTPUT', value: '#{AlphaStack6B3389FA.MyOutput}', type: 'PLAINTEXT' }, - ]), - }), - }), - ]), - }]), - }); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const myApp = new AppWithOutput(app, 'Alpha'); + pipeline.addStage(myApp, { + post: [ + new cdkp.ShellStep('Approve', { + commands: ['/bin/true'], + envFromCfnOutputs: { + THE_OUTPUT: myApp.theOutput, + }, + }), + ], }); -}); -behavior('stackOutput generates names limited to 100 characters', (suite) => { - suite.legacy(() => { - const { pipeline } = legacySetup(); - const stage = new StageWithStackOutput(app, 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild'); - const pipeStage = pipeline.addApplicationStage(stage); - pipeStage.addActions(new cdkp.ShellScriptAction({ - actionName: 'TestOutput', - useOutputs: { - BUCKET_NAME: pipeline.stackOutput(stage.output), - }, - commands: ['echo $BUCKET_NAME'], - })); - - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild', - Actions: Match.arrayWith([ - Match.objectLike({ - ActionTypeId: { - Provider: 'CodeBuild', - }, - Configuration: { - ProjectName: Match.anyValue(), - }, - InputArtifacts: [{ Name: stringNoLongerThan(100) }], - Name: 'TestOutput', - }), - Match.objectLike({ - Name: 'Stack.Deploy', - OutputArtifacts: [{ Name: stringNoLongerThan(100) }], - Configuration: { - OutputFileName: 'outputs.json', - }, - }), - ]), - }]), - }); - }); - - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - const stage = new StageWithStackOutput(app, 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild'); - pipeline.addStage(stage, { - post: [ - new cdkp.ShellStep('TestOutput', { - commands: ['echo $BUCKET_NAME'], - envFromCfnOutputs: { - BUCKET_NAME: stage.output, - }, + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Alpha', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'Stack.Deploy', + Namespace: 'AlphaStack6B3389FA', }), - ], - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'Stack.Deploy', - Namespace: stringNoLongerThan(100), + Match.objectLike({ + Name: 'Approve', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { name: 'THE_OUTPUT', value: '#{AlphaStack6B3389FA.MyOutput}', type: 'PLAINTEXT' }, + ]), }), - ]), - }]), - }); + }), + ]), + }]), }); }); -behavior('validation step can run from scripts in source', (suite) => { - suite.legacy(() => { - const { pipeline, sourceArtifact } = legacySetup(); - - // WHEN - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'UseSources', - additionalArtifacts: [sourceArtifact], - commands: ['true'], - })); +test('stackOutput generates names limited to 100 characters', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + const stage = new StageWithStackOutput(app, 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild'); + pipeline.addStage(stage, { + post: [ + new cdkp.ShellStep('TestOutput', { + commands: ['echo $BUCKET_NAME'], + envFromCfnOutputs: { + BUCKET_NAME: stage.output, + }, + }), + ], }); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [ - new cdkp.ShellStep('UseSources', { - input: pipeline.gitHubSource, - commands: ['set -eu', 'true'], + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'APreposterouslyLongAndComplicatedNameMadeUpJustToMakeItExceedTheLimitDefinedByCodeBuild', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'Stack.Deploy', + Namespace: stringNoLongerThan(100), }), - ], - }); - - THEN_codePipelineExpectation(); + ]), + }]), }); - - function THEN_codePipelineExpectation() { - const sourceArtifact = new Capture(); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Source', - Actions: [ - Match.objectLike({ - OutputArtifacts: [{ Name: sourceArtifact }], - }), - ], - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'UseSources', - InputArtifacts: [{ Name: sourceArtifact.asString() }], - }), - ]), - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'true', - ], - }, - }, - })), - }, - }); - } }); -behavior('can use additional output artifacts from build', (suite) => { - suite.legacy(() => { - // WHEN - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'UseBuildArtifact', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - })); +test('validation step can run from scripts in source', () => { - THEN_codePipelineExpectation(); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [ + new cdkp.ShellStep('UseSources', { + input: pipeline.gitHubSource, + commands: ['set -eu', 'true'], + }), + ], }); - suite.modern(() => { - const synth = new ShellStep('Synth', { - input: CodePipelineSource.gitHub('test/test', 'main'), - commands: ['synth'], - }); + const sourceArtifact = new Capture(); - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - synth, - }); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [ - new cdkp.ShellStep('UseBuildArtifact', { - input: synth.addOutputDirectory('test'), - commands: ['set -eu', 'true'], + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Source', + Actions: [ + Match.objectLike({ + OutputArtifacts: [{ Name: sourceArtifact }], }), ], - }); - - THEN_codePipelineExpectation(); + }]), }); - - function THEN_codePipelineExpectation() { - const integArtifact = new Capture(); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Build', - Actions: [ - Match.objectLike({ - Name: 'Synth', - OutputArtifacts: [ - { Name: Match.anyValue() }, // It's not the first output - { Name: integArtifact }, + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'UseSources', + InputArtifacts: [{ Name: sourceArtifact.asString() }], + }), + ]), + }]), + }); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'set -eu', + 'true', ], - }), - ], - }]), - }); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'UseBuildArtifact', - InputArtifacts: [{ Name: integArtifact.asString() }], - }), - ]), - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'true', - ], - }, }, - })), - }, - }); - } + }, + })), + }, + }); }); -behavior('can add policy statements to shell script action', (suite) => { - suite.legacy(() => { - // WHEN - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'Boop', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['s3:Banana'], - resources: ['*'], - }), - ], - })); - - THEN_codePipelineExpectation(); - }); - - suite.modern(() => { - // WHEN - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [ - new cdkp.CodeBuildStep('Boop', { - commands: ['true'], - rolePolicyStatements: [ - new iam.PolicyStatement({ - actions: ['s3:Banana'], - resources: ['*'], - }), +test('can use additional output artifacts from build', () => { + const synth = new ShellStep('Synth', { + input: CodePipelineSource.gitHub('test/test', 'main'), + commands: ['synth'], + }); + + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { + synth, + }); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [ + new cdkp.ShellStep('UseBuildArtifact', { + input: synth.addOutputDirectory('test'), + commands: ['set -eu', 'true'], + }), + ], + }); + + const integArtifact = new Capture(); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Build', + Actions: [ + Match.objectLike({ + Name: 'Synth', + OutputArtifacts: [ + { Name: Match.anyValue() }, // It's not the first output + { Name: integArtifact }, ], }), ], - }); - - THEN_codePipelineExpectation(); + }]), }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: 's3:Banana', - Resource: '*', - })]), - }, - }); - } -}); - -behavior('can grant permissions to shell script action', (suite) => { - let bucket: s3.IBucket; - beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'UseBuildArtifact', + InputArtifacts: [{ Name: integArtifact.asString() }], + }), + ]), + }]), }); - - suite.legacy(() => { - const { pipeline, integTestArtifact } = legacySetup(); - const action = new cdkp.ShellScriptAction({ - actionName: 'Boop', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - }); - pipeline.addStage('Test').addActions(action); - - // WHEN - bucket.grantRead(action); - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'set -eu', + 'true', + ], + }, + }, + })), + }, }); +}); - suite.modern(() => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); +test('can add policy statements to shell script action', () => { - const codeBuildStep = new cdkp.CodeBuildStep('Boop', { - commands: ['true'], - }); + // WHEN + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [ + new cdkp.CodeBuildStep('Boop', { + commands: ['true'], + rolePolicyStatements: [ + new iam.PolicyStatement({ + actions: ['s3:Banana'], + resources: ['*'], + }), + ], + }), + ], + }); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [codeBuildStep], - }); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: 's3:Banana', + Resource: '*', + })]), + }, + }); +}); - pipeline.buildPipeline(); +test('can grant permissions to shell script action', () => { + const bucket: s3.IBucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); - // WHEN - bucket.grantRead(codeBuildStep.project); + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - THEN_codePipelineExpectation(); + const codeBuildStep = new cdkp.CodeBuildStep('Boop', { + commands: ['true'], }); - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], - })]), - }, - }); - } -}); - -behavior('can run shell script actions in a VPC', (suite) => { - let vpc: ec2.Vpc; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'VPC'); + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [codeBuildStep], }); - suite.legacy(() => { - const { pipeline, integTestArtifact } = legacySetup(); + pipeline.buildPipeline(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - vpc, - actionName: 'VpcAction', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - })); + // WHEN + bucket.grantRead(codeBuildStep.project); - THEN_codePipelineExpectation(); + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([Match.objectLike({ + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], + })]), + }, }); +}); - suite.modern(() => { - // All CodeBuild jobs automatically go into the VPC - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { vpc }, - }); +test('can run shell script actions in a VPC', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'VPC'); - pipeline.addStage(new TwoStackApp(app, 'MyApp'), { - post: [new cdkp.ShellStep('VpcAction', { - commands: ['set -eu', 'true'], - })], - }); - - THEN_codePipelineExpectation(); + // All CodeBuild jobs automatically go into the VPC + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + codeBuildDefaults: { vpc }, }); - suite.additional('modern, alternate API', () => { - // Can also explicitly specify a VPC when going to the "full config" class - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'MyApp-1'), { + post: [new cdkp.ShellStep('VpcAction', { + commands: ['set -eu', 'true'], + })], + }); - pipeline.addStage(new TwoStackApp(app, 'MyApp'), { - post: [new cdkp.CodeBuildStep('VpcAction', { - commands: ['set -eu', 'true'], - vpc, - })], - }); + // Can also explicitly specify a VPC when going to the "full config" class + const pipeline2 = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-2'); - THEN_codePipelineExpectation(); + pipeline2.addStage(new TwoStackApp(app, 'MyApp-2'), { + post: [new cdkp.CodeBuildStep('VpcAction', { + commands: ['set -eu', 'true'], + vpc, + })], }); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, - }, - VpcConfig: { - Subnets: [ - { - Ref: 'VPCPrivateSubnet1Subnet8BCA10E0', - }, - { - Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A', - }, - { - Ref: 'VPCPrivateSubnet3Subnet3EDCD457', - }, - ], - VpcId: { - Ref: 'VPCB9E5F0B4', + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: CDKP_DEFAULT_CODEBUILD_IMAGE.imageId, + }, + VpcConfig: { + Subnets: [ + { + Ref: 'VPCPrivateSubnet1Subnet8BCA10E0', }, + { + Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A', + }, + { + Ref: 'VPCPrivateSubnet3Subnet3EDCD457', + }, + ], + VpcId: { + Ref: 'VPCB9E5F0B4', }, - Source: { - BuildSpec: Match.serializedJson(Match.objectLike({ - phases: { - build: { - commands: [ - 'set -eu', - 'true', - ], - }, + }, + Source: { + BuildSpec: Match.serializedJson(Match.objectLike({ + phases: { + build: { + commands: [ + 'set -eu', + 'true', + ], }, - })), - }, - }); - } + }, + })), + }, + }); }); -behavior('can run shell script actions with a specific SecurityGroup', (suite) => { - let vpc: ec2.Vpc; - let sg: ec2.SecurityGroup; - beforeEach(() => { - vpc = new ec2.Vpc(pipelineStack, 'VPC'); - sg = new ec2.SecurityGroup(pipelineStack, 'SG', { vpc }); - }); +test('can run shell script actions with a specific SecurityGroup', () => { + const vpc: ec2.Vpc = new ec2.Vpc(pipelineStack, 'VPC'); + const sg: ec2.SecurityGroup = new ec2.SecurityGroup(pipelineStack, 'SG', { vpc }); + + // All CodeBuild jobs automatically go into the VPC + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - suite.legacy(() => { - // WHEN - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [new cdkp.CodeBuildStep('sgAction', { + commands: ['set -eu', 'true'], vpc, securityGroups: [sg], - actionName: 'sgAction', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - })); - - THEN_codePipelineExpectation(); + })], }); - suite.modern(() => { - // All CodeBuild jobs automatically go into the VPC - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.CodeBuildStep('sgAction', { - commands: ['set -eu', 'true'], - vpc, - securityGroups: [sg], - })], - }); - - THEN_codePipelineExpectation(); + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'sgAction', + }), + ]), + }]), }); - - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'sgAction', - }), - ]), - }]), - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - VpcConfig: { - SecurityGroupIds: [ - { - 'Fn::GetAtt': [ - 'SGADB53937', - 'GroupId', - ], - }, - ], - VpcId: { - Ref: 'VPCB9E5F0B4', + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + VpcConfig: { + SecurityGroupIds: [ + { + 'Fn::GetAtt': [ + 'SGADB53937', + 'GroupId', + ], }, + ], + VpcId: { + Ref: 'VPCB9E5F0B4', }, - }); - } + }, + }); }); -behavior('can run scripts with specified BuildEnvironment', (suite) => { - suite.legacy(() => { - let { pipeline, integTestArtifact } = legacySetup(); - - // WHEN - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'imageAction', - additionalArtifacts: [integTestArtifact], - commands: ['true'], - environment: { buildImage: codebuild.LinuxBuildImage.STANDARD_2_0 }, - })); - - THEN_codePipelineExpectation(); - }); +test('can run scripts with specified BuildEnvironment', () => { - suite.modern(() => { - // Run all Build jobs with the given image - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - codeBuildDefaults: { - buildEnvironment: { - buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, - }, + // Run all Build jobs with the given image + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-1', { + codeBuildDefaults: { + buildEnvironment: { + buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, }, - }); - - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.ShellStep('imageAction', { - commands: ['true'], - })], - }); - - THEN_codePipelineExpectation(); + }, }); - suite.additional('modern, alternative API', () => { - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + pipeline.addStage(new TwoStackApp(app, 'Test-1'), { + post: [new cdkp.ShellStep('imageAction', { + commands: ['true'], + })], + }); - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.CodeBuildStep('imageAction', { - commands: ['true'], - buildEnvironment: { - buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, - }, - })], - }); + const pipeline2 = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk-2'); - THEN_codePipelineExpectation(); + pipeline2.addStage(new TwoStackApp(app, 'Test-2'), { + post: [new cdkp.CodeBuildStep('imageAction', { + commands: ['true'], + buildEnvironment: { + buildImage: codebuild.LinuxBuildImage.STANDARD_2_0, + }, + })], }); - function THEN_codePipelineExpectation() { - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { - Environment: { - Image: 'aws/codebuild/standard:2.0', - }, - }); - } + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodeBuild::Project', { + Environment: { + Image: 'aws/codebuild/standard:2.0', + }, + }); }); -behavior('can run scripts with magic environment variables', (suite) => { - suite.legacy(() => { - const { pipeline, integTestArtifact } = legacySetup(); - pipeline.addStage('Test').addActions(new cdkp.ShellScriptAction({ - actionName: 'imageAction', - additionalArtifacts: [integTestArtifact], +test('can run scripts with magic environment variables', () => { + + // Run all Build jobs with the given image + const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); + + pipeline.addStage(new TwoStackApp(app, 'Test'), { + post: [new cdkp.ShellStep('imageAction', { commands: ['true'], - environmentVariables: { - VERSION: { value: codepipeline.GlobalVariables.executionId }, + env: { + VERSION: codepipeline.GlobalVariables.executionId, }, - })); - - THEN_codePipelineExpectation(); + })], }); - suite.modern(() => { - // Run all Build jobs with the given image - const pipeline = new ModernTestGitHubNpmPipeline(pipelineStack, 'Cdk'); - - pipeline.addStage(new TwoStackApp(app, 'Test'), { - post: [new cdkp.ShellStep('imageAction', { - commands: ['true'], - env: { - VERSION: codepipeline.GlobalVariables.executionId, - }, - })], - }); - - THEN_codePipelineExpectation(); - }); - - function THEN_codePipelineExpectation() { - // THEN - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([{ - Name: 'Test', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'imageAction', - Configuration: Match.objectLike({ - EnvironmentVariables: Match.serializedJson([ - { - name: 'VERSION', - type: 'PLAINTEXT', - value: '#{codepipeline.PipelineExecutionId}', - }, - ]), - }), + // THEN + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Test', + Actions: Match.arrayWith([ + Match.objectLike({ + Name: 'imageAction', + Configuration: Match.objectLike({ + EnvironmentVariables: Match.serializedJson([ + { + name: 'VERSION', + type: 'PLAINTEXT', + value: '#{codepipeline.PipelineExecutionId}', + }, + ]), }), - ]), - }]), - }); - } -}); - -/** - * Some shared setup for legacy API tests - */ -function legacySetup() { - const sourceArtifact = new codepipeline.Artifact(); - const cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm'); - const integTestArtifact = new codepipeline.Artifact('IntegTests'); - const pipeline = new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { - sourceArtifact, - cloudAssemblyArtifact, - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - additionalArtifacts: [{ directory: 'test', artifact: integTestArtifact }], - }), - }); - - return { sourceArtifact, cloudAssemblyArtifact, integTestArtifact, pipeline }; -} \ No newline at end of file + }), + ]), + }]), + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/legacy/fs.test.ts b/packages/aws-cdk-lib/pipelines/test/fs.test.ts similarity index 85% rename from packages/aws-cdk-lib/pipelines/test/legacy/fs.test.ts rename to packages/aws-cdk-lib/pipelines/test/fs.test.ts index da49fa9cf2986..49cbe2458e64a 100644 --- a/packages/aws-cdk-lib/pipelines/test/legacy/fs.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/fs.test.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { toPosixPath } from '../../lib/private/fs'; +import { toPosixPath } from '../lib/private/fs'; test('translate path.sep', () => { expect(toPosixPath(`a${path.sep}b${path.sep}c`)).toEqual('a/b/c'); diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts index 2d3c4ebed35ba..d50366234083f 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts @@ -1,68 +1,13 @@ import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; interface SkippedSuite { - legacy(reason?: string): void; - modern(reason?: string): void; } interface Suite { readonly doesNotApply: SkippedSuite; - legacy(fn: () => void): void; - modern(fn: () => void): void; additional(description: string, fn: () => void): void; -} - -// eslint-disable-next-line jest/no-export -export function behavior(name: string, cb: (suite: Suite) => void) { - // Since the goal of the compliance test suites is to compare modern and legacy (i.e. deprecated) APIs, - // use `describeDeprecated()` block here since usage of the legacy API is inevitable. - describeDeprecated(name, () => { - const unwritten = new Set(['modern', 'legacy']); - - function scratchOff(flavor: string) { - if (!unwritten.has(flavor)) { - throw new Error(`Already had test for ${flavor}. Use .additional() to add more tests.`); - } - unwritten.delete(flavor); - } - - cb({ - legacy: (testFn) => { - scratchOff('legacy'); - test('legacy', testFn); - }, - modern: (testFn) => { - scratchOff('modern'); - test('modern', testFn); - }, - additional: test, - doesNotApply: { - modern: (reason?: string) => { - scratchOff('modern'); - - if (reason != null) { - // eslint-disable-next-line jest/no-disabled-tests - test.skip(`modern - ${reason}`, () => {}); - } - }, - - legacy: (reason?: string) => { - scratchOff('legacy'); - - if (reason != null) { - // eslint-disable-next-line jest/no-disabled-tests - test.skip(`legacy - ${reason}`, () => {}); - } - }, - }, - }); - - for (const missing of unwritten) { - test.todo(missing); - } - }); -} +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts index fbc50d3b1a003..866d791e45856 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/index.ts @@ -1,5 +1,4 @@ export * from './compliance'; -export * from './legacy-pipeline'; export * from './modern-pipeline'; export * from './test-app'; export * from './matchers'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts deleted file mode 100644 index cc5340b74e7c8..0000000000000 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts +++ /dev/null @@ -1,47 +0,0 @@ -import { Construct } from 'constructs'; -import * as codepipeline from '../../../aws-codepipeline'; -import * as codepipeline_actions from '../../../aws-codepipeline-actions'; -import { SecretValue } from '../../../core'; -import * as cdkp from '../../lib'; - -export interface LegacyTestGitHubNpmPipelineExtraProps { - readonly sourceArtifact?: codepipeline.Artifact; - readonly npmSynthOptions?: Partial; -} - -export class LegacyTestGitHubNpmPipeline extends cdkp.CdkPipeline { - public readonly sourceArtifact: codepipeline.Artifact; - public readonly cloudAssemblyArtifact: codepipeline.Artifact; - - constructor(scope: Construct, id: string, props?: Partial & LegacyTestGitHubNpmPipelineExtraProps) { - const sourceArtifact = props?.sourceArtifact ?? new codepipeline.Artifact(); - const cloudAssemblyArtifact = props?.cloudAssemblyArtifact ?? new codepipeline.Artifact(); - - super(scope, id, { - sourceAction: new TestGitHubAction(sourceArtifact), - synthAction: cdkp.SimpleSynthAction.standardNpmSynth({ - sourceArtifact, - cloudAssemblyArtifact, - ...props?.npmSynthOptions, - }), - cloudAssemblyArtifact, - ...props, - }); - - this.sourceArtifact = sourceArtifact; - this.cloudAssemblyArtifact = cloudAssemblyArtifact; - } -} - -export class TestGitHubAction extends codepipeline_actions.GitHubSourceAction { - constructor(sourceArtifact: codepipeline.Artifact) { - super({ - actionName: 'GitHub', - output: sourceArtifact, - oauthToken: SecretValue.unsafePlainText('$3kr1t'), - owner: 'test', - repo: 'test', - trigger: codepipeline_actions.GitHubTrigger.POLL, - }); - } -} From 0007a29714cf04abb307845874dde27c813d45dd Mon Sep 17 00:00:00 2001 From: shikha372 Date: Wed, 14 Aug 2024 12:16:33 -0700 Subject: [PATCH 36/40] fix(vpc-v2): fixing default scope id (#31102) ### Issue # (if applicable) Closes . ### Reason for this change Fix current default scope ids for IPAM. ### Description of changes Fix current default scope ids for IPAM.. ### Description of how you validated changes Integration test deployment ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts | 5 ++ .../aws-cdk-vpcv2-alpha-new.assets.json | 6 +-- .../aws-cdk-vpcv2-alpha-new.template.json | 7 ++- .../test/integ.subnet-v2.js.snapshot/cdk.out | 2 +- .../integ.subnet-v2.js.snapshot/integ.json | 2 +- ...efaultTestDeployAssertCF40BD53.assets.json | 2 +- .../integ.subnet-v2.js.snapshot/manifest.json | 13 +---- .../integ.subnet-v2.js.snapshot/tree.json | 13 +++-- .../aws-ec2-alpha/test/integ.subnet-v2.ts | 1 - .../aws-cdk-vpcv2-alpha.assets.json | 6 +-- .../aws-cdk-vpcv2-alpha.template.json | 14 +++++- .../integ.vpc-v2-alpha.js.snapshot/cdk.out | 2 +- .../integ.vpc-v2-alpha.js.snapshot/integ.json | 2 +- ...efaultTestDeployAssertCF40BD53.assets.json | 2 +- .../manifest.json | 49 +------------------ .../integ.vpc-v2-alpha.js.snapshot/tree.json | 26 +++++++--- .../aws-ec2-alpha/test/integ.vpc-v2-alpha.ts | 2 +- .../@aws-cdk/aws-ec2-alpha/test/ipam.test.ts | 16 ++++-- .../aws-ec2-alpha/test/subnet-v2.test.ts | 4 +- .../aws-ec2-alpha/test/vpc-v2.test.ts | 4 +- 20 files changed, 84 insertions(+), 94 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts index 0d420603fee9d..c6600d43315f0 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts @@ -415,6 +415,11 @@ class IpamScopeBase implements IIpamScopeBase { readonly scopeType?: IpamScopeType, ) { this.scopeType = IpamScopeType.DEFAULT; + if (!props.ipamScopeId) { + throw new Error('ipamScopeId is required'); + } else { + this.scopeId = props.ipamScopeId; + } } /** diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json index 21b01be95b3c6..8fa7b0508afb2 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { - "ccdbd85132bedf38aeb99e5b0c700f48494d3b7c344a96232f29b48a5279b6ef": { + "936d55c8ae74b8dbe0de8c85d4bec3718ce3f73a71342f5852a5a5586485c23c": { "source": { "path": "aws-cdk-vpcv2-alpha-new.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ccdbd85132bedf38aeb99e5b0c700f48494d3b7c344a96232f29b48a5279b6ef.json", + "objectKey": "936d55c8ae74b8dbe0de8c85d4bec3718ce3f73a71342f5852a5a5586485c23c.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json index 575219310d27f..f6cffbdb23c5d 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json @@ -15,7 +15,12 @@ "Properties": { "AddressFamily": "ipv6", "AwsService": "ec2", - "IpamScopeId": "DefaultPublicScope", + "IpamScopeId": { + "Fn::GetAtt": [ + "Ipam50346F82", + "PublicDefaultScopeId" + ] + }, "Locale": "eu-west-2", "PublicIpSource": "amazon" } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json index 321da99978a8c..50d9ec54ae49a 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { "integtest-model/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json index 3dba4ef9b8bab..e93a555169b11 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json index 5979efcf9a0da..f6b54e8178156 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "aws-cdk-vpcv2-alpha-new.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ccdbd85132bedf38aeb99e5b0c700f48494d3b7c344a96232f29b48a5279b6ef.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/936d55c8ae74b8dbe0de8c85d4bec3718ce3f73a71342f5852a5a5586485c23c.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -141,15 +141,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "VPCTestSecondaryIp48408C993194": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCTestSecondaryIp48408C993194", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "aws-cdk-vpcv2-alpha-new" diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json index c1ff499051b89..f1f62b0a8a30e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json @@ -42,7 +42,12 @@ "aws:cdk:cloudformation:props": { "addressFamily": "ipv6", "awsService": "ec2", - "ipamScopeId": "DefaultPublicScope", + "ipamScopeId": { + "Fn::GetAtt": [ + "Ipam50346F82", + "PublicDefaultScopeId" + ] + }, "locale": "eu-west-2", "publicIpSource": "amazon" } @@ -80,7 +85,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.Ipam", + "fqn": "@aws-cdk/aws-ec2-alpha.Ipam", "version": "0.0.0" } }, @@ -200,7 +205,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2", "version": "0.0.0" } }, @@ -278,7 +283,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", "version": "0.0.0" } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts index d30e47b2d9129..529b1cdcc5f40 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.ts @@ -11,7 +11,6 @@ import * as vpc_v2 from '../lib/vpc-v2'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; import { AddressFamily, AwsServiceName, IpCidr, Ipam, IpamPoolPublicIpSource, SubnetV2 } from '../lib'; -//import { Ipv6Cidr } from '../lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import * as cdk from 'aws-cdk-lib'; import { SubnetType } from 'aws-cdk-lib/aws-ec2'; diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json index 073423dd71829..edea907079f09 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { - "6af0c32b7b4dcf4566eda1afa97ddb6dc00a4597f5633e0d826df8642bc069f4": { + "a7489230071452bf2d95e6aff482ada8c6c5139402293c5aadfaa9821bd931a0": { "source": { "path": "aws-cdk-vpcv2-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6af0c32b7b4dcf4566eda1afa97ddb6dc00a4597f5633e0d826df8642bc069f4.json", + "objectKey": "a7489230071452bf2d95e6aff482ada8c6c5139402293c5aadfaa9821bd931a0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json index e1962661d5118..69b67454af10b 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json @@ -14,7 +14,12 @@ "Type": "AWS::EC2::IPAMPool", "Properties": { "AddressFamily": "ipv4", - "IpamScopeId": "DefaultPrivateScope", + "IpamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PrivateDefaultScopeId" + ] + }, "Locale": "eu-central-1", "ProvisionedCidrs": [ { @@ -28,7 +33,12 @@ "Properties": { "AddressFamily": "ipv6", "AwsService": "ec2", - "IpamScopeId": "DefaultPublicScope", + "IpamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PublicDefaultScopeId" + ] + }, "Locale": "eu-central-1", "PublicIpSource": "amazon" } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json index c583ba29c25f7..b73b42e18e04e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { "integtest-model/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json index 3dba4ef9b8bab..e93a555169b11 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json index bd084b1280480..07729bcb92768 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "aws-cdk-vpcv2-alpha.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6af0c32b7b4dcf4566eda1afa97ddb6dc00a4597f5633e0d826df8642bc069f4.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a7489230071452bf2d95e6aff482ada8c6c5139402293c5aadfaa9821bd931a0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -165,51 +165,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "VPCintegtest1SecondaryIp684795D0A306": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCintegtest1SecondaryIp684795D0A306", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCintegtest1SecondaryIp757851A2E166": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCintegtest1SecondaryIp757851A2E166", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "Vpcintegtest2SecondaryIp4840275314DC": [ - { - "type": "aws:cdk:logicalId", - "data": "Vpcintegtest2SecondaryIp4840275314DC", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "Vpcintegtest2SecondaryIp58F23280A479": [ - { - "type": "aws:cdk:logicalId", - "data": "Vpcintegtest2SecondaryIp58F23280A479", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "Vpcintegtest2SecondaryIpD363CCF2FF57": [ - { - "type": "aws:cdk:logicalId", - "data": "Vpcintegtest2SecondaryIpD363CCF2FF57", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "aws-cdk-vpcv2-alpha" diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json index d8432677382f0..4ef8722255a1d 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json @@ -41,7 +41,12 @@ "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", "aws:cdk:cloudformation:props": { "addressFamily": "ipv4", - "ipamScopeId": "DefaultPrivateScope", + "ipamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PrivateDefaultScopeId" + ] + }, "locale": "eu-central-1", "provisionedCidrs": [ { @@ -73,7 +78,12 @@ "aws:cdk:cloudformation:props": { "addressFamily": "ipv6", "awsService": "ec2", - "ipamScopeId": "DefaultPublicScope", + "ipamScopeId": { + "Fn::GetAtt": [ + "IpamTestIpam6C9298EF", + "PublicDefaultScopeId" + ] + }, "locale": "eu-central-1", "publicIpSource": "amazon" } @@ -111,7 +121,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.Ipam", + "fqn": "@aws-cdk/aws-ec2-alpha.Ipam", "version": "0.0.0" } }, @@ -184,7 +194,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2", "version": "0.0.0" } }, @@ -277,7 +287,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.VpcV2", + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2", "version": "0.0.0" } }, @@ -355,7 +365,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", "version": "0.0.0" } }, @@ -433,7 +443,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", "version": "0.0.0" } }, @@ -511,7 +521,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-vpcv2-alpha.SubnetV2", + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", "version": "0.0.0" } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts index 6074d53f5ea9e..b4174e8e3d2aa 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.ts @@ -92,7 +92,7 @@ new SubnetV2(stack, 'testsubnet', { subnetType: SubnetType.PRIVATE_ISOLATED, }); -//validate ipv6 +//Validate ipv6 IPAM new SubnetV2(stack, 'validateIpv6', { vpc, ipv4CidrBlock: new IpCidr('10.3.0.0/24'), diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts index 7d5db75bcd7e2..aa3fd7884bccd 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts @@ -43,7 +43,9 @@ describe('IPAM Test', () => { 'AWS::EC2::IPAMPool', { AddressFamily: 'ipv6', - IpamScopeId: 'DefaultPublicScope', + IpamScopeId: { + 'Fn::GetAtt': ['Ipam50346F82', 'PublicDefaultScopeId'], + }, Locale: 'us-west-2', }, ); //End Template @@ -69,7 +71,9 @@ describe('IPAM Test', () => { 'AWS::EC2::IPAMPool', { AddressFamily: 'ipv4', - IpamScopeId: 'DefaultPrivateScope', + IpamScopeId: { + 'Fn::GetAtt': ['Ipam50346F82', 'PrivateDefaultScopeId'], + }, Locale: 'us-west-2', }, ); //End Template @@ -97,7 +101,9 @@ describe('IPAM Test', () => { Type: 'AWS::EC2::IPAMPool', Properties: { AddressFamily: 'ipv6', - IpamScopeId: 'DefaultPublicScope', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, Locale: 'us-west-2', }, }, @@ -129,7 +135,9 @@ describe('IPAM Test', () => { Type: 'AWS::EC2::IPAMPool', Properties: { AddressFamily: 'ipv6', - IpamScopeId: 'DefaultPublicScope', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, Locale: 'us-west-2', }, }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts index 42289b359cece..bf1c3209dacce 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts @@ -201,7 +201,9 @@ describe('Subnet V2 with custom IP and routing', () => { Properties: { AddressFamily: 'ipv6', - IpamScopeId: 'DefaultPublicScope', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, }, }, TestVPCD26570D8: { Type: 'AWS::EC2::VPC' }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts index bd5e6fb7161a8..5b2167ae3007b 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts @@ -150,7 +150,7 @@ describe('Vpc V2 with full control', () => { Type: 'AWS::EC2::IPAMPool', Properties: { AddressFamily: 'ipv4', - IpamScopeId: 'DefaultPrivateScope', + IpamScopeId: { 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PrivateDefaultScopeId'] }, Locale: 'us-west-1', ProvisionedCidrs: [ { @@ -210,7 +210,7 @@ describe('Vpc V2 with full control', () => { Properties: { AddressFamily: 'ipv6', AwsService: 'ec2', - IpamScopeId: 'DefaultPublicScope', + IpamScopeId: { 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'] }, PublicIpSource: 'amazon', }, }, From 537d3b2f1bf9c56da9dd09c97cbb7f1bb408300e Mon Sep 17 00:00:00 2001 From: Kazuho Cryer-Shinozuka Date: Thu, 15 Aug 2024 05:24:29 +0900 Subject: [PATCH 37/40] chore(ec2): add `mac2-m1ultra` instance type (#30817) ### Issue # (if applicable) None ### Reason for this change EC2 instance supports `mac2-m1ultra` instance type but `InstanceType` class does not support it. ### Description of changes Add `MAC2_M1ULTRA` instance type ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts | 12 ++++++++++++ .../aws-cdk-lib/aws-ec2/test/instance-type.test.ts | 8 ++++++++ 2 files changed, 20 insertions(+) create mode 100644 packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts index 4a09f956145f7..f5fa84835d910 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts @@ -1170,6 +1170,16 @@ export enum InstanceClass { */ MAC2_M2PRO = 'mac2-m2pro', + /** + * Macintosh instances built on 2022 Mac Studio hardware powered by Apple silicon M1 Ultra processors + */ + MACINTOSH2_M1_ULTRA = 'macintosh2-m1-ultra', + + /** + * Macintosh instances built on 2022 Mac Studio hardware powered by Apple silicon M1 Ultra processors + */ + MAC2_M1ULTRA = 'mac2-m1ultra', + /** * Multi-stream video transcoding instances for resolutions up to 4K UHD, 1st generation */ @@ -1632,6 +1642,8 @@ export class InstanceType { [InstanceClass.MAC2_M2]: 'mac2-m2', [InstanceClass.MACINTOSH2_M2_PRO]: 'mac2-m2pro', [InstanceClass.MAC2_M2PRO]: 'mac2-m2pro', + [InstanceClass.MACINTOSH2_M1_ULTRA]: 'mac2-m1ultra', + [InstanceClass.MAC2_M1ULTRA]: 'mac2-m1ultra', [InstanceClass.VIDEO_TRANSCODING1]: 'vt1', [InstanceClass.VT1]: 'vt1', [InstanceClass.HIGH_PERFORMANCE_COMPUTING6_AMD]: 'hpc6a', diff --git a/packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts b/packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts new file mode 100644 index 0000000000000..97dee37418cc2 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ec2/test/instance-type.test.ts @@ -0,0 +1,8 @@ +import { InstanceClass, InstanceSize, InstanceType } from '../lib'; + +describe('InstanceType', () => { + test('mac2 m1 ultra', () => { + const instanceType = InstanceType.of(InstanceClass.MAC2_M1ULTRA, InstanceSize.METAL); + expect(instanceType.toString()).toEqual('mac2-m1ultra.metal'); + }); +}); \ No newline at end of file From 768145c356f0d7bd248f9c814f4ae6b9e8f41fb0 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Thu, 15 Aug 2024 00:05:14 +0300 Subject: [PATCH 38/40] chore: update Contributors File (#30995) Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action --- CONTRIBUTORS.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 5d85f5628d34b..a85d24901e71d 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -12,11 +12,11 @@ Shout out to our top contributors! - [shivlaks](https://github.com/shivlaks) - [otaviomacedo](https://github.com/otaviomacedo) - [mrgrain](https://github.com/mrgrain) -- [madeline-k](https://github.com/madeline-k) - [pahud](https://github.com/pahud) +- [madeline-k](https://github.com/madeline-k) - [comcalvi](https://github.com/comcalvi) -- [NetaNir](https://github.com/NetaNir) - [TheRealAmazonKendra](https://github.com/TheRealAmazonKendra) +- [NetaNir](https://github.com/NetaNir) - [robertd](https://github.com/robertd) - [MrArnoldPalmer](https://github.com/MrArnoldPalmer) - [go-to-k](https://github.com/go-to-k) @@ -24,9 +24,9 @@ Shout out to our top contributors! - [peterwoodworth](https://github.com/peterwoodworth) - [colifran](https://github.com/colifran) - [msambol](https://github.com/msambol) -- [nija-at](https://github.com/nija-at) - [watany-dev](https://github.com/watany-dev) +- [nija-at](https://github.com/nija-at) - [hoegertn](https://github.com/hoegertn) -_Last updated: Mon, 01 Jul 24 00:11:02 +0000_ \ No newline at end of file +_Last updated: Thu, 01 Aug 24 00:10:57 +0000_ \ No newline at end of file From 8d767786fe88d0ed60104ea6f48176e8981dd0fa Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Thu, 15 Aug 2024 07:25:41 +0900 Subject: [PATCH 39/40] feat(amplify): support custom certificate (#30791) ### Issue # (if applicable) Closes #30594. ### Reason for this change To use custom domain for Amplify by setting custom certificate. ### Description of changes Add `customCertificate` property. ### Description of how you validated changes Add unit test and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-amplify-alpha/README.md | 11 + .../@aws-cdk/aws-amplify-alpha/lib/domain.ts | 12 + .../rosetta/default.ts-fixture | 1 + .../aws-amplify-alpha/test/domain.test.ts | 73 +++ ...efaultTestDeployAssert5F8CD1EB.assets.json | 19 + ...aultTestDeployAssert5F8CD1EB.template.json | 36 ++ .../cdk-amplify-app-custom-domain.assets.json | 19 + ...dk-amplify-app-custom-domain.template.json | 210 +++++++++ .../cdk.out | 1 + .../integ.json | 14 + .../manifest.json | 158 +++++++ .../tree.json | 433 ++++++++++++++++++ .../test/integ.app-custom-domain.ts | 75 +++ 13 files changed, 1062 insertions(+) create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts diff --git a/packages/@aws-cdk/aws-amplify-alpha/README.md b/packages/@aws-cdk/aws-amplify-alpha/README.md index 0aa1e72e37726..d543b4090faff 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/README.md +++ b/packages/@aws-cdk/aws-amplify-alpha/README.md @@ -138,6 +138,17 @@ domain.mapSubDomain(main, 'www'); domain.mapSubDomain(dev); // sub domain prefix defaults to branch name ``` +To specify a custom certificate for your custom domain use the `customCertificate` property: + +```ts +declare const customCertificate: acm.Certificate; +declare const amplifyApp: amplify.App; + +const domain = amplifyApp.addDomain('example.com', { + customCertificate, // set your custom certificate +}); +``` + ## Restricting access Password protect the app with basic auth by specifying the `basicAuth` prop. diff --git a/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts b/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts index 6075d2b2a1a52..c90d2ed78a46b 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts +++ b/packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts @@ -1,3 +1,4 @@ +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; import * as iam from 'aws-cdk-lib/aws-iam'; import { Lazy, Resource, IResolvable } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; @@ -36,6 +37,13 @@ export interface DomainOptions { * @default - all repository branches ['*', 'pr*'] */ readonly autoSubdomainCreationPatterns?: string[]; + + /** + * The type of SSL/TLS certificate to use for your custom domain + * + * @default - Amplify uses the default certificate that it provisions and manages for you + */ + readonly customCertificate?: acm.ICertificate; } /** @@ -130,6 +138,10 @@ export class Domain extends Resource { enableAutoSubDomain: !!props.enableAutoSubdomain, autoSubDomainCreationPatterns: props.autoSubdomainCreationPatterns || ['*', 'pr*'], autoSubDomainIamRole: props.autoSubDomainIamRole?.roleArn, + certificateSettings: props.customCertificate ? { + certificateType: 'CUSTOM', + customCertificateArn: props.customCertificate.certificateArn, + } : undefined, }); this.arn = domain.attrArn; diff --git a/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture index dd27e406b3985..85e3aab9ce9f6 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture +++ b/packages/@aws-cdk/aws-amplify-alpha/rosetta/default.ts-fixture @@ -2,6 +2,7 @@ import { SecretValue, Stack } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as amplify from '@aws-cdk/aws-amplify-alpha'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; class Fixture extends Stack { constructor(scope: Construct, id: string) { diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts b/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts index 4ed31051277e6..cbf8d9d9a42d2 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts +++ b/packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts @@ -1,4 +1,5 @@ import { Template } from 'aws-cdk-lib/assertions'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; import * as iam from 'aws-cdk-lib/aws-iam'; import { App, SecretValue, Stack } from 'aws-cdk-lib'; import * as amplify from '../lib'; @@ -64,6 +65,78 @@ test('create a domain', () => { }); }); +test('create a domain with custom certificate', () => { + // GIVEN + const stack = new Stack(); + const app = new amplify.App(stack, 'App', { + sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ + owner: 'aws', + repository: 'aws-cdk', + oauthToken: SecretValue.unsafePlainText('secret'), + }), + }); + const prodBranch = app.addBranch('main'); + const devBranch = app.addBranch('dev'); + + const customCertificate = new acm.Certificate(stack, 'Cert', { + domainName: '*.example.com', + }); + + // WHEN + const domain = app.addDomain('example.com', { + subDomains: [ + { + branch: prodBranch, + prefix: 'prod', + }, + ], + customCertificate, + }); + domain.mapSubDomain(devBranch); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Amplify::Domain', { + AppId: { + 'Fn::GetAtt': [ + 'AppF1B96344', + 'AppId', + ], + }, + DomainName: 'example.com', + CertificateSettings: { + CertificateType: 'CUSTOM', + CustomCertificateArn: { + Ref: 'Cert5C9FAEC1', + }, + }, + SubDomainSettings: [ + { + BranchName: { + 'Fn::GetAtt': [ + 'AppmainF505BAED', + 'BranchName', + ], + }, + Prefix: 'prod', + }, + { + BranchName: { + 'Fn::GetAtt': [ + 'AppdevB328DAFC', + 'BranchName', + ], + }, + Prefix: { + 'Fn::GetAtt': [ + 'AppdevB328DAFC', + 'BranchName', + ], + }, + }, + ], + }); +}); + test('map a branch to the domain root', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json new file mode 100644 index 0000000000000..f02a474074771 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json new file mode 100644 index 0000000000000..f1c3c1e152115 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "5314d52dac3409b06902f1cf40df3d58dceb16146ad8cf66843edee0096d1d87": { + "source": { + "path": "cdk-amplify-app-custom-domain.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "5314d52dac3409b06902f1cf40df3d58dceb16146ad8cf66843edee0096d1d87.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json new file mode 100644 index 0000000000000..5909af114f54a --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk-amplify-app-custom-domain.template.json @@ -0,0 +1,210 @@ +{ + "Resources": { + "Repo02AC86CF": { + "Type": "AWS::CodeCommit::Repository", + "Properties": { + "RepositoryName": "integ-amplify-app" + } + }, + "AppRole1AF9B530": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "amplify.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppRoleDefaultPolicy9CADBAA1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "codecommit:GitPull", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppRoleDefaultPolicy9CADBAA1", + "Roles": [ + { + "Ref": "AppRole1AF9B530" + } + ] + } + }, + "AppF1B96344": { + "Type": "AWS::Amplify::App", + "Properties": { + "BasicAuthConfig": { + "EnableBasicAuth": false + }, + "IAMServiceRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "Name": "App", + "Platform": "WEB", + "Repository": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "CloneUrlHttp" + ] + } + } + }, + "AppmainF505BAED": { + "Type": "AWS::Amplify::Branch", + "Properties": { + "AppId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "BranchName": "main", + "EnableAutoBuild": true, + "EnablePullRequestPreview": true + } + }, + "AppdevB328DAFC": { + "Type": "AWS::Amplify::Branch", + "Properties": { + "AppId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "BranchName": "dev", + "EnableAutoBuild": true, + "EnablePullRequestPreview": true + } + }, + "Appexamplecom6AF1A3AD": { + "Type": "AWS::Amplify::Domain", + "Properties": { + "AppId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "AutoSubDomainCreationPatterns": [ + "*", + "pr*" + ], + "AutoSubDomainIAMRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "CertificateSettings": { + "CertificateType": "CUSTOM", + "CustomCertificateArn": { + "Ref": "Certificate4E7ABB08" + } + }, + "DomainName": "*.example.com", + "EnableAutoSubDomain": false, + "SubDomainSettings": [ + { + "BranchName": { + "Fn::GetAtt": [ + "AppmainF505BAED", + "BranchName" + ] + }, + "Prefix": "prod" + }, + { + "BranchName": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + }, + "Prefix": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + } + } + ] + } + }, + "Certificate4E7ABB08": { + "Type": "AWS::CertificateManager::Certificate", + "Properties": { + "DomainName": "*.*.example.com", + "DomainValidationOptions": [ + { + "DomainName": "*.*.example.com", + "HostedZoneId": "Z23ABC4XYZL05B" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "cdk-amplify-app-custom-domain/Certificate" + } + ], + "ValidationMethod": "DNS" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk.out b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json new file mode 100644 index 0000000000000..b8c953f413ca9 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/integ.json @@ -0,0 +1,14 @@ +{ + "enableLookups": true, + "version": "36.0.0", + "testCases": { + "amplify-app-custom-domain-integ/DefaultTest": { + "stacks": [ + "cdk-amplify-app-custom-domain" + ], + "stackUpdateWorkflow": false, + "assertionStack": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert", + "assertionStackName": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json new file mode 100644 index 0000000000000..1586bbb9fed72 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/manifest.json @@ -0,0 +1,158 @@ +{ + "version": "36.0.0", + "artifacts": { + "cdk-amplify-app-custom-domain.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdk-amplify-app-custom-domain.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdk-amplify-app-custom-domain": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdk-amplify-app-custom-domain.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5314d52dac3409b06902f1cf40df3d58dceb16146ad8cf66843edee0096d1d87.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdk-amplify-app-custom-domain.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdk-amplify-app-custom-domain.assets" + ], + "metadata": { + "/cdk-amplify-app-custom-domain/Repo/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Repo02AC86CF" + } + ], + "/cdk-amplify-app-custom-domain/App/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppRole1AF9B530" + } + ], + "/cdk-amplify-app-custom-domain/App/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppRoleDefaultPolicy9CADBAA1" + } + ], + "/cdk-amplify-app-custom-domain/App/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppF1B96344" + } + ], + "/cdk-amplify-app-custom-domain/App/main/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppmainF505BAED" + } + ], + "/cdk-amplify-app-custom-domain/App/dev/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppdevB328DAFC" + } + ], + "/cdk-amplify-app-custom-domain/App/*.example.com/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Appexamplecom6AF1A3AD" + } + ], + "/cdk-amplify-app-custom-domain/Certificate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Certificate4E7ABB08", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/cdk-amplify-app-custom-domain/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-amplify-app-custom-domain/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-amplify-app-custom-domain" + }, + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "amplifyappcustomdomainintegDefaultTestDeployAssert5F8CD1EB.assets" + ], + "metadata": { + "/amplify-app-custom-domain-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/amplify-app-custom-domain-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json new file mode 100644 index 0000000000000..d91f03344d460 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.js.snapshot/tree.json @@ -0,0 +1,433 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "cdk-amplify-app-custom-domain": { + "id": "cdk-amplify-app-custom-domain", + "path": "cdk-amplify-app-custom-domain", + "children": { + "Repo": { + "id": "Repo", + "path": "cdk-amplify-app-custom-domain/Repo", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/Repo/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeCommit::Repository", + "aws:cdk:cloudformation:props": { + "repositoryName": "integ-amplify-app" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codecommit.CfnRepository", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codecommit.Repository", + "version": "0.0.0" + } + }, + "App": { + "id": "App", + "path": "cdk-amplify-app-custom-domain/App", + "children": { + "Role": { + "id": "Role", + "path": "cdk-amplify-app-custom-domain/App/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "cdk-amplify-app-custom-domain/App/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "amplify.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "cdk-amplify-app-custom-domain/App/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "codecommit:GitPull", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppRoleDefaultPolicy9CADBAA1", + "roles": [ + { + "Ref": "AppRole1AF9B530" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::App", + "aws:cdk:cloudformation:props": { + "basicAuthConfig": { + "enableBasicAuth": false + }, + "iamServiceRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "name": "App", + "platform": "WEB", + "repository": { + "Fn::GetAtt": [ + "Repo02AC86CF", + "CloneUrlHttp" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnApp", + "version": "0.0.0" + } + }, + "main": { + "id": "main", + "path": "cdk-amplify-app-custom-domain/App/main", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/main/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::Branch", + "aws:cdk:cloudformation:props": { + "appId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "branchName": "main", + "enableAutoBuild": true, + "enablePullRequestPreview": true + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnBranch", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "dev": { + "id": "dev", + "path": "cdk-amplify-app-custom-domain/App/dev", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/dev/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::Branch", + "aws:cdk:cloudformation:props": { + "appId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "branchName": "dev", + "enableAutoBuild": true, + "enablePullRequestPreview": true + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnBranch", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "*.example.com": { + "id": "*.example.com", + "path": "cdk-amplify-app-custom-domain/App/*.example.com", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/App/*.example.com/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Amplify::Domain", + "aws:cdk:cloudformation:props": { + "appId": { + "Fn::GetAtt": [ + "AppF1B96344", + "AppId" + ] + }, + "autoSubDomainCreationPatterns": [ + "*", + "pr*" + ], + "autoSubDomainIamRole": { + "Fn::GetAtt": [ + "AppRole1AF9B530", + "Arn" + ] + }, + "certificateSettings": { + "certificateType": "CUSTOM", + "customCertificateArn": { + "Ref": "Certificate4E7ABB08" + } + }, + "domainName": "*.example.com", + "enableAutoSubDomain": false, + "subDomainSettings": [ + { + "branchName": { + "Fn::GetAtt": [ + "AppmainF505BAED", + "BranchName" + ] + }, + "prefix": "prod" + }, + { + "branchName": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + }, + "prefix": { + "Fn::GetAtt": [ + "AppdevB328DAFC", + "BranchName" + ] + } + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_amplify.CfnDomain", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "HostedZone": { + "id": "HostedZone", + "path": "cdk-amplify-app-custom-domain/HostedZone", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Certificate": { + "id": "Certificate", + "path": "cdk-amplify-app-custom-domain/Certificate", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-amplify-app-custom-domain/Certificate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CertificateManager::Certificate", + "aws:cdk:cloudformation:props": { + "domainName": "*.*.example.com", + "domainValidationOptions": [ + { + "domainName": "*.*.example.com", + "hostedZoneId": "Z23ABC4XYZL05B" + } + ], + "tags": [ + { + "key": "Name", + "value": "cdk-amplify-app-custom-domain/Certificate" + } + ], + "validationMethod": "DNS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.CfnCertificate", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_certificatemanager.Certificate", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-amplify-app-custom-domain/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-amplify-app-custom-domain/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "amplify-app-custom-domain-integ": { + "id": "amplify-app-custom-domain-integ", + "path": "amplify-app-custom-domain-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "amplify-app-custom-domain-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "amplify-app-custom-domain-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "amplify-app-custom-domain-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts new file mode 100644 index 0000000000000..2d38147cb0475 --- /dev/null +++ b/packages/@aws-cdk/aws-amplify-alpha/test/integ.app-custom-domain.ts @@ -0,0 +1,75 @@ +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; +import * as codecommit from 'aws-cdk-lib/aws-codecommit'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import { App, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as amplify from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +interface TestStackProps extends StackProps { + hostedZoneId: string; + hostedZoneName: string; + domainName: string; +} + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props: TestStackProps) { + super(scope, id, props); + + const repository = new codecommit.Repository(this, 'Repo', { + repositoryName: 'integ-amplify-app', + }); + + const app = new amplify.App(this, 'App', { + sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository }), + }); + + const prodBranch = app.addBranch('main'); + const devBranch = app.addBranch('dev'); + + const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', { + hostedZoneId: props.hostedZoneId, + zoneName: props.hostedZoneName, + }); + + const customCertificate = new acm.Certificate(this, 'Certificate', { + domainName: `*.${props.domainName}`, + validation: acm.CertificateValidation.fromDns(hostedZone), + }); + + const domain = app.addDomain(props.domainName, { + subDomains: [ + { + branch: prodBranch, + prefix: 'prod', + }, + ], + customCertificate, + }); + domain.mapSubDomain(devBranch); + } +} + +/** + * In order to test this you need to have a valid public hosted zone that you can use + * to request certificates for. +*/ +const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID; +if (!hostedZoneId) throw new Error('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.'); +const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME; +if (!hostedZoneName) throw new Error('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.'); +const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME; +if (!domainName) throw new Error('For this test you must provide your own DomainName as an env var "DOMAIN_NAME". See framework-integ/README.md for details.'); + +const app = new App(); +const stack = new TestStack(app, 'cdk-amplify-app-custom-domain', { + hostedZoneId, + hostedZoneName, + domainName, +}); + +new IntegTest(app, 'amplify-app-custom-domain-integ', { + testCases: [stack], + enableLookups: true, + stackUpdateWorkflow: false, +}); From ad1b7977768430da0ce262103e8a91f0e632ffe2 Mon Sep 17 00:00:00 2001 From: Tietew Date: Thu, 15 Aug 2024 09:27:08 +0900 Subject: [PATCH 40/40] fix(cognito-identitypool-alpha): validation error if provided id is a token (#30882) ### Issue # (if applicable) Closes #29780. Closes #28184. ### Description of changes Skips validations if provided id is an unresolved token. ### Description of how you validated changes Added unit tests not to throw errors even if the resolved value is incorrect. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/identitypool.ts | 13 ++++++++++--- .../test/identitypool.test.ts | 19 +++++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 9e65131f5cae8..1277bd682013f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -16,6 +16,7 @@ import { Stack, ArnFormat, Lazy, + Token, } from 'aws-cdk-lib/core'; import { Construct, @@ -329,9 +330,15 @@ export class IdentityPool extends Resource implements IIdentityPool { if (!res) { throw new Error('Invalid Identity Pool ARN'); } - const idParts = res.split(':'); - if (!(idParts.length === 2)) throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); - if (idParts[0] !== pool.region) throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + if (!Token.isUnresolved(res)) { + const idParts = res.split(':'); + if (!(idParts.length === 2)) { + throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); + } + if (!Token.isUnresolved(pool.region) && idParts[0] !== pool.region) { + throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + } + } class ImportedIdentityPool extends Resource implements IIdentityPool { public readonly identityPoolId = res; public readonly identityPoolArn = identityPoolArn; diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 3bacbeeb104ea..417c848c4407f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -19,6 +19,7 @@ import { } from 'aws-cdk-lib/aws-iam'; import { Fn, + Lazy, Stack, } from 'aws-cdk-lib'; import { @@ -203,14 +204,28 @@ describe('identity pool', () => { account: '1234567891011', }, }); - expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrowError('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); - expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrowError('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrow('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdRegionError', 'your-region:idPool')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); const idPool = IdentityPool.fromIdentityPoolId(stack, 'staticIdPool', 'my-region:idPool'); expect(idPool.identityPoolId).toEqual('my-region:idPool'); expect(idPool.identityPoolArn).toMatch(/cognito-identity:my-region:1234567891011:identitypool\/my-region:idPool/); }); + test('fromIdentityPoolId accept token', () => { + const stack = new Stack(); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-id' }))).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool2', 'id-region:pool-id')).not.toThrow(); + }); + + test('fromIdentityPoolArn accepts token', () => { + const stack = new Stack(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-arn' }))).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool2', `arn:aws:cognito-identity:${stack.region}:${stack.account}:identitypool/id-region:pool-id`)).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool3', `arn:aws:cognito-identity:arn-region:${stack.account}:identitypool/${Lazy.string({ produce: () => 'lazy-region' })}:pool-id`)).not.toThrow(); + }); + test('user pools are properly configured', () => { const stack = new Stack(); const poolProvider = UserPoolIdentityProvider.fromProviderName(stack, 'poolProvider', 'poolProvider');