Merge branch 'main' into adotlambda

packages/aws-cdk-lib/aws-codebuild/lib/project.ts

@@ -616,9 +616,18 @@ export interface CommonProjectProps {
   /**
    * Where to place the network interfaces within the VPC.
    *
-   * Only used if 'vpc' is supplied.
+   * To access AWS services, your CodeBuild project needs to be in one of the following types of subnets:
+   *
+   * 1. Subnets with access to the internet (of type PRIVATE_WITH_EGRESS).
+   * 2. Private subnets unconnected to the internet, but with [VPC endpoints](https://docs.aws.amazon.com/codebuild/latest/userguide/use-vpc-endpoints-with-codebuild.html) for the necessary services.
+   *
+   * If you don't specify a subnet selection, the default behavior is to use PRIVATE_WITH_EGRESS subnets first if they exist,
+   * then PRIVATE_WITHOUT_EGRESS, and finally PUBLIC subnets. If your VPC doesn't have PRIVATE_WITH_EGRESS subnets but you need
+   * AWS service access, add VPC Endpoints to your private subnets.
+   *
+   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.html for more details.
    *
-   * @default - All private subnets.
+   * @default - private subnets if available else public subnets
    */
   readonly subnetSelection?: ec2.SubnetSelection;
 

packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/scheduled-fargate-task.ts

@@ -1,6 +1,7 @@
 import { Construct } from 'constructs';
 import { FargateTaskDefinition } from '../../../aws-ecs';
 import { EcsTask } from '../../../aws-events-targets';
+import { Annotations } from '../../../core';
 import { FargateServiceBaseProps } from '../base/fargate-service-base';
 import { ScheduledTaskBase, ScheduledTaskBaseProps, ScheduledTaskImageProps } from '../base/scheduled-task-base';
 
@@ -23,7 +24,6 @@ export interface ScheduledFargateTaskProps extends ScheduledTaskBaseProps, Farga
    * @default none
    */
   readonly scheduledFargateTaskImageOptions?: ScheduledFargateTaskImageOptions;
-
 }
 
 /**
@@ -88,6 +88,19 @@ export class ScheduledFargateTask extends ScheduledTaskBase {
       throw new Error('You must specify one of: taskDefinition or image');
     }
 
+    if (props.taskDefinition) {
+      Annotations.of(this).addWarning('Property \'taskDefinition\' is ignored, use \'scheduledFargateTaskDefinitionOptions\' or \'scheduledFargateTaskImageOptions\' instead.');
+    }
+    if (props.cpu) {
+      Annotations.of(this).addWarning('Property \'cpu\' is ignored, use \'scheduledFargateTaskImageOptions.cpu\' instead.');
+    }
+    if (props.memoryLimitMiB) {
+      Annotations.of(this).addWarning('Property \'memoryLimitMiB\' is ignored, use \'scheduledFargateTaskImageOptions.memoryLimitMiB\' instead.');
+    }
+    if (props.runtimePlatform) {
+      Annotations.of(this).addWarning('Property \'runtimePlatform\' is ignored.');
+    }
+
     // Use the EcsTask as the target of the EventRule
     this.task = new EcsTask( {
       cluster: this.cluster,

packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts

@@ -548,3 +548,35 @@ test('Scheduled Fargate Task - with list of tags', () => {
     ],
   });
 });
+
+test('Scheduled Fargate Task - with unused properties', () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+  const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 1 });
+  const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+
+  new ScheduledFargateTask(stack, 'ScheduledFargateTask', {
+    cluster,
+    scheduledFargateTaskImageOptions: {
+      image: ecs.ContainerImage.fromRegistry('henk'),
+      memoryLimitMiB: 512,
+    },
+    schedule: events.Schedule.expression('rate(1 minute)'),
+    taskDefinition: new ecs.FargateTaskDefinition(stack, 'ScheduledFargateTaskDefinition'),
+    cpu: 256,
+    memoryLimitMiB: 512,
+    runtimePlatform: {
+      cpuArchitecture: ecs.CpuArchitecture.X86_64,
+    },
+  });
+
+  // THEN
+  Annotations.fromStack(stack).hasWarning(
+    '/Default/ScheduledFargateTask',
+    Match.stringLikeRegexp('Property \'taskDefinition\' is ignored, use \'scheduledFargateTaskDefinitionOptions\' or \'scheduledFargateTaskImageOptions\' instead.'),
+  );
+  Annotations.fromStack(stack).hasWarning('/Default/ScheduledFargateTask', Match.stringLikeRegexp('Property \'cpu\' is ignored, use \'scheduledFargateTaskImageOptions.cpu\' instead.'));
+  Annotations.fromStack(stack).hasWarning('/Default/ScheduledFargateTask', Match.stringLikeRegexp('Property \'memoryLimitMiB\' is ignored, use \'scheduledFargateTaskImageOptions.memoryLimitMiB\' instead.'));
+  Annotations.fromStack(stack).hasWarning('/Default/ScheduledFargateTask', Match.stringLikeRegexp('Property \'runtimePlatform\' is ignored.'));
+});
+

packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/cluster.ts

@@ -1,9 +1,7 @@
 /* eslint-disable no-console */
 
 // eslint-disable-next-line import/no-extraneous-dependencies
-import { ResourceNotFoundException } from '@aws-sdk/client-eks';
-// eslint-disable-next-line import/no-extraneous-dependencies
-import * as aws from 'aws-sdk';
+import * as EKS from '@aws-sdk/client-eks';
 import { EksClient, ResourceEvent, ResourceHandler } from './common';
 import { compareLoggingProps } from './compareLogging';
 import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types';
@@ -19,16 +17,16 @@ export class ClusterResourceHandler extends ResourceHandler {
     return this.physicalResourceId;
   }
 
-  private readonly newProps: aws.EKS.CreateClusterRequest;
-  private readonly oldProps: Partial<aws.EKS.CreateClusterRequest>;
+  private readonly newProps: EKS.CreateClusterCommandInput;
+  private readonly oldProps: Partial<EKS.CreateClusterCommandInput>;
 
   constructor(eks: EksClient, event: ResourceEvent) {
     super(eks, event);
 
     this.newProps = parseProps(this.event.ResourceProperties);
     this.oldProps = event.RequestType === 'Update' ? parseProps(event.OldResourceProperties) : {};
     // compare newProps and oldProps and update the newProps by appending disabled LogSetup if any
-    const compared: Partial<aws.EKS.CreateClusterRequest> = compareLoggingProps(this.oldProps, this.newProps);
+    const compared: Partial<EKS.CreateClusterCommandInput> = compareLoggingProps(this.oldProps, this.newProps);
     this.newProps.logging = compared.logging;
   }
 
@@ -71,7 +69,7 @@ export class ClusterResourceHandler extends ResourceHandler {
     try {
       await this.eks.deleteCluster({ name: this.clusterName });
     } catch (e: any) {
-      if (!(e instanceof ResourceNotFoundException)) {
+      if (!(e instanceof EKS.ResourceNotFoundException)) {
         throw e;
       } else {
         console.log(`cluster ${this.clusterName} not found, idempotently succeeded`);
@@ -90,7 +88,7 @@ export class ClusterResourceHandler extends ResourceHandler {
       console.log('describeCluster returned:', JSON.stringify(resp, undefined, 2));
     } catch (e: any) {
       // see https://aws.amazon.com/blogs/developer/service-error-handling-modular-aws-sdk-js/
-      if (e instanceof ResourceNotFoundException) {
+      if (e instanceof EKS.ResourceNotFoundException) {
         console.log('received ResourceNotFoundException, this means the cluster has been deleted (or never existed)');
         return { IsComplete: true };
       }
@@ -147,7 +145,7 @@ export class ClusterResourceHandler extends ResourceHandler {
     }
 
     if (updates.updateLogging || updates.updateAccess) {
-      const config: aws.EKS.UpdateClusterConfigRequest = {
+      const config: EKS.UpdateClusterConfigCommandInput = {
         name: this.clusterName,
       };
       if (updates.updateLogging) {
@@ -158,9 +156,9 @@ export class ClusterResourceHandler extends ResourceHandler {
         // https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html)
         // will fail, therefore we take only the access fields explicitly
         config.resourcesVpcConfig = {
-          endpointPrivateAccess: this.newProps.resourcesVpcConfig.endpointPrivateAccess,
-          endpointPublicAccess: this.newProps.resourcesVpcConfig.endpointPublicAccess,
-          publicAccessCidrs: this.newProps.resourcesVpcConfig.publicAccessCidrs,
+          endpointPrivateAccess: this.newProps.resourcesVpcConfig?.endpointPrivateAccess,
+          endpointPublicAccess: this.newProps.resourcesVpcConfig?.endpointPublicAccess,
+          publicAccessCidrs: this.newProps.resourcesVpcConfig?.publicAccessCidrs,
         };
       }
       const updateResponse = await this.eks.updateClusterConfig(config);
@@ -241,7 +239,7 @@ export class ClusterResourceHandler extends ResourceHandler {
           OpenIdConnectIssuer: cluster.identity?.oidc?.issuer?.substring(8) ?? '', // Strips off https:// from the issuer url
 
           // We can safely return the first item from encryption configuration array, because it has a limit of 1 item
-          // https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html#AmazonEKS-CreateCluster-request-encryptionConfig
+          // https://docs.amazon.com/eks/latest/APIReference/API_CreateCluster.html#AmazonEKS-CreateCluster-request-encryptionConfig
           EncryptionConfigKeyArn: cluster.encryptionConfig?.shift()?.provider?.keyArn ?? '',
         },
       };
@@ -283,7 +281,7 @@ export class ClusterResourceHandler extends ResourceHandler {
   }
 }
 
-function parseProps(props: any): aws.EKS.CreateClusterRequest {
+function parseProps(props: any): EKS.CreateClusterCommandInput {
 
   const parsed = props?.Config ?? {};
 
@@ -317,7 +315,7 @@ interface UpdateMap {
   updateAccess: boolean; // resourcesVpcConfig.endpointPrivateAccess and endpointPublicAccess
 }
 
-function analyzeUpdate(oldProps: Partial<aws.EKS.CreateClusterRequest>, newProps: aws.EKS.CreateClusterRequest): UpdateMap {
+function analyzeUpdate(oldProps: Partial<EKS.CreateClusterCommandInput>, newProps: EKS.CreateClusterCommandInput): UpdateMap {
   console.log('old props: ', JSON.stringify(oldProps));
   console.log('new props: ', JSON.stringify(newProps));
 

packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/common.ts

@@ -77,13 +77,13 @@ export abstract class ResourceHandler {
 
 export interface EksClient {
   configureAssumeRole(request: sts.AssumeRoleCommandInput): void;
-  createCluster(request: _eks.CreateClusterCommandInput): Promise<_eks.CreateClusterResponse>;
-  deleteCluster(request: _eks.DeleteClusterCommandInput): Promise<_eks.DeleteClusterResponse>;
-  describeCluster(request: _eks.DescribeClusterCommandInput): Promise<_eks.DescribeClusterResponse>;
-  updateClusterConfig(request: _eks.UpdateClusterConfigCommandInput): Promise<_eks.UpdateClusterConfigResponse>;
-  updateClusterVersion(request: _eks.UpdateClusterVersionCommandInput): Promise<_eks.UpdateClusterVersionResponse>;
-  describeUpdate(req: _eks.DescribeUpdateCommandInput): Promise<_eks.DescribeUpdateResponse>;
-  createFargateProfile(request: _eks.CreateFargateProfileCommandInput): Promise<_eks.CreateFargateProfileResponse>;
-  describeFargateProfile(request: _eks.DescribeFargateProfileCommandInput): Promise<_eks.DescribeFargateProfileResponse>;
-  deleteFargateProfile(request: _eks.DeleteFargateProfileCommandInput): Promise<_eks.DeleteFargateProfileResponse>;
+  createCluster(request: _eks.CreateClusterCommandInput): Promise<_eks.CreateClusterCommandOutput>;
+  deleteCluster(request: _eks.DeleteClusterCommandInput): Promise<_eks.DeleteClusterCommandOutput>;
+  describeCluster(request: _eks.DescribeClusterCommandInput): Promise<_eks.DescribeClusterCommandOutput>;
+  updateClusterConfig(request: _eks.UpdateClusterConfigCommandInput): Promise<_eks.UpdateClusterConfigCommandOutput>;
+  updateClusterVersion(request: _eks.UpdateClusterVersionCommandInput): Promise<_eks.UpdateClusterVersionCommandOutput>;
+  describeUpdate(req: _eks.DescribeUpdateCommandInput): Promise<_eks.DescribeUpdateCommandOutput>;
+  createFargateProfile(request: _eks.CreateFargateProfileCommandInput): Promise<_eks.CreateFargateProfileCommandOutput>;
+  describeFargateProfile(request: _eks.DescribeFargateProfileCommandInput): Promise<_eks.DescribeFargateProfileCommandOutput>;
+  deleteFargateProfile(request: _eks.DeleteFargateProfileCommandInput): Promise<_eks.DeleteFargateProfileCommandOutput>;
 }

packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/compareLogging.ts

@@ -6,12 +6,14 @@
  * @param newProps new properties
  * @returns result with LogSet with enabled:false if any
  */
+// eslint-disable-next-line import/no-extraneous-dependencies
+import * as EKS from '@aws-sdk/client-eks';
 
-export function compareLoggingProps(oldProps: Partial<AWS.EKS.CreateClusterRequest>,
-  newProps: Partial<AWS.EKS.CreateClusterRequest>): Partial<AWS.EKS.CreateClusterRequest> {
-  const result: Partial<AWS.EKS.CreateClusterRequest> = { logging: {} };
-  let enabledTypes: AWS.EKS.LogType[] = [];
-  let disabledTypes: AWS.EKS.LogType[] = [];
+export function compareLoggingProps(oldProps: Partial<EKS.CreateClusterCommandInput>,
+  newProps: Partial<EKS.CreateClusterCommandInput>): Partial<EKS.CreateClusterCommandInput> {
+  const result: Partial<EKS.CreateClusterCommandInput> = { logging: {} };
+  let enabledTypes: (EKS.LogType | string)[] = [];
+  let disabledTypes: (EKS.LogType | string)[] = [];
 
   if (newProps.logging?.clusterLogging === undefined && oldProps.logging?.clusterLogging === undefined) {
     return newProps;

packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/fargate.ts

@@ -1,6 +1,5 @@
 // eslint-disable-next-line import/no-extraneous-dependencies
-import { ResourceNotFoundException } from '@aws-sdk/client-eks';
-import * as aws from 'aws-sdk'; // eslint-disable-line import/no-extraneous-dependencies
+import * as EKS from '@aws-sdk/client-eks';
 import { ResourceHandler } from './common';
 
 const MAX_NAME_LEN = 63;
@@ -9,7 +8,7 @@ export class FargateProfileResourceHandler extends ResourceHandler {
   protected async onCreate() {
     const fargateProfileName = this.event.ResourceProperties.Config.fargateProfileName ?? this.generateProfileName();
 
-    const createFargateProfile: aws.EKS.CreateFargateProfileRequest = {
+    const createFargateProfile: EKS.CreateFargateProfileCommandInput = {
       fargateProfileName,
       ...this.event.ResourceProperties.Config,
     };
@@ -35,7 +34,7 @@ export class FargateProfileResourceHandler extends ResourceHandler {
       throw new Error('Cannot delete a profile without a physical id');
     }
 
-    const deleteFargateProfile: aws.EKS.DeleteFargateProfileRequest = {
+    const deleteFargateProfile: EKS.DeleteFargateProfileCommandInput = {
       clusterName: this.event.ResourceProperties.Config.clusterName,
       fargateProfileName: this.physicalResourceId,
     };
@@ -86,12 +85,12 @@ export class FargateProfileResourceHandler extends ResourceHandler {
    * Queries the Fargate profile's current status and returns the status or
    * NOT_FOUND if the profile doesn't exist (i.e. it has been deleted).
    */
-  private async queryStatus(): Promise<aws.EKS.FargateProfileStatus | 'NOT_FOUND' | undefined> {
+  private async queryStatus(): Promise<EKS.FargateProfileStatus | 'NOT_FOUND' | string | undefined> {
     if (!this.physicalResourceId) {
       throw new Error('Unable to determine status for fargate profile without a resource name');
     }
 
-    const describeFargateProfile: aws.EKS.DescribeFargateProfileRequest = {
+    const describeFargateProfile: EKS.DescribeFargateProfileCommandInput = {
       clusterName: this.event.ResourceProperties.Config.clusterName,
       fargateProfileName: this.physicalResourceId,
     };
@@ -109,7 +108,7 @@ export class FargateProfileResourceHandler extends ResourceHandler {
 
       return status;
     } catch (describeFargateProfileError: any) {
-      if (describeFargateProfileError instanceof ResourceNotFoundException) {
+      if (describeFargateProfileError instanceof EKS.ResourceNotFoundException) {
         this.log('received ResourceNotFoundException, this means the profile has been deleted (or never existed)');
         return 'NOT_FOUND';
       }