Merge branch 'master' into fix/correctly-set-ssm-reference-in-secretV…

…alue
aws · Jan 31, 2022 · e7a3e3b · e7a3e3b
2 parents 398a936 + afdc550
commit e7a3e3b
Show file tree

Hide file tree

Showing 10 changed files with 374 additions and 75 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,23 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.142.0](https://github.com/aws/aws-cdk/compare/v1.141.0...v1.142.0) (2022-01-28)
+
+
+### Features
+
+* **cfnspec:** cloudformation spec v53.1.0 ([#18680](https://github.com/aws/aws-cdk/issues/18680)) ([f385059](https://github.com/aws/aws-cdk/commit/f38505911a3e140a9cb6b269bdf22abe9803c515))
+* **cloudfront-origins:** extend `readTimeout` maximum value for `HttpOriginProps` ([#18697](https://github.com/aws/aws-cdk/issues/18697)) ([e64de67](https://github.com/aws/aws-cdk/commit/e64de677cdfc014f68e92b204f4728e60a8bb111)), closes [#18628](https://github.com/aws/aws-cdk/issues/18628)
+* **eks:** cluster logging ([#18112](https://github.com/aws/aws-cdk/issues/18112)) ([872277b](https://github.com/aws/aws-cdk/commit/872277b9e853dbf5f2cac84b5afb6d26e0ed5659)), closes [#4159](https://github.com/aws/aws-cdk/issues/4159)
+* **iotevents:** allow setting description, evaluation method and key of DetectorModel ([#18644](https://github.com/aws/aws-cdk/issues/18644)) ([2eeaebc](https://github.com/aws/aws-cdk/commit/2eeaebc3cdc9c5c7ef3fa312b3d1abca265dcbb6))
+* **lambda-python:** support setting environment vars for bundling ([#18635](https://github.com/aws/aws-cdk/issues/18635)) ([30e2233](https://github.com/aws/aws-cdk/commit/30e223333fef0b0d7f12287dab170a34e092d7fa))
+
+
+### Bug Fixes
+
+* **aws-lambda-nodejs:** pre compilation with tsc is not being run ([#18062](https://github.com/aws/aws-cdk/issues/18062)) ([7ac7221](https://github.com/aws/aws-cdk/commit/7ac7221aff3c612ab80e7812c371b11c56e5db0a)), closes [#18002](https://github.com/aws/aws-cdk/issues/18002)
+* **pipelines:** undeployable due to dependency cycle ([#18686](https://github.com/aws/aws-cdk/issues/18686)) ([009d689](https://github.com/aws/aws-cdk/commit/009d68912267de9dcf4136a7d80a652a891b7bb9)), closes [#18492](https://github.com/aws/aws-cdk/issues/18492) [#18673](https://github.com/aws/aws-cdk/issues/18673)
+
 ## [1.141.0](https://github.com/aws/aws-cdk/compare/v1.140.0...v1.141.0) (2022-01-27)
 
 

diff --git a/package.json b/package.json
@@ -32,7 +32,8 @@
   },
   "resolutions": {
     "colors": "1.4.0",
-    "string-width": "^4.2.3"
+    "string-width": "^4.2.3",
+    "markdown-it": "^12.3.2"
   },
   "repository": {
     "type": "git",

diff --git a/packages/@aws-cdk/aws-dynamodb/lib/table.ts b/packages/@aws-cdk/aws-dynamodb/lib/table.ts
@@ -117,6 +117,12 @@ export enum TableEncryption {
   /**
    * Server-side KMS encryption with a customer master key managed by customer.
    * If `encryptionKey` is specified, this key will be used, otherwise, one will be defined.
+   *
+   * > **NOTE**: if `encryptionKey` is not specified and the `Table` construct creates
+   * > a KMS key for you, the key will be created with default permissions. If you are using
+   * > CDKv2, these permissions will be sufficient to enable the key for use with DynamoDB tables.
+   * > If you are using CDKv1, make sure the feature flag `@aws-cdk/aws-kms:defaultKeyPolicies`
+   * > is set to `true` in your `cdk.json`.
    */
   CUSTOMER_MANAGED = 'CUSTOMER_MANAGED',
 
@@ -198,6 +204,13 @@ export interface TableOptions extends SchemaOptions {
    *
    * This property cannot be set if `serverSideEncryption` is set.
    *
+   * > **NOTE**: if you set this to `CUSTOMER_MANAGED` and `encryptionKey` is not
+   * > specified, the key that the Tablet generates for you will be created with
+   * > default permissions. If you are using CDKv2, these permissions will be
+   * > sufficient to enable the key for use with DynamoDB tables.  If you are
+   * > using CDKv1, make sure the feature flag
+   * > `@aws-cdk/aws-kms:defaultKeyPolicies` is set to `true` in your `cdk.json`.
+   *
    * @default - server-side encryption is enabled with an AWS owned customer master key
    */
   readonly encryption?: TableEncryption;

diff --git a/packages/@aws-cdk/aws-ec2/lib/user-data.ts b/packages/@aws-cdk/aws-ec2/lib/user-data.ts
@@ -1,5 +1,5 @@
 import { IBucket } from '@aws-cdk/aws-s3';
-import { CfnElement, Fn, Resource, Stack } from '@aws-cdk/core';
+import { Fn, Resource, Stack, CfnResource } from '@aws-cdk/core';
 import { OperatingSystemType } from './machine-image';
 
 /**
@@ -178,7 +178,7 @@ class LinuxUserData extends UserData {
 
   public addSignalOnExitCommand( resource: Resource ): void {
     const stack = Stack.of(resource);
-    const resourceID = stack.getLogicalId(resource.node.defaultChild as CfnElement);
+    const resourceID = (resource.node.defaultChild as CfnResource).logicalId;
     this.addOnExitCommands(`/opt/aws/bin/cfn-signal --stack ${stack.stackName} --resource ${resourceID} --region ${stack.region} -e $exitCode || echo 'Failed to send Cloudformation Signal'`);
   }
 
@@ -235,7 +235,7 @@ class WindowsUserData extends UserData {
 
   public addSignalOnExitCommand( resource: Resource ): void {
     const stack = Stack.of(resource);
-    const resourceID = stack.getLogicalId(resource.node.defaultChild as CfnElement);
+    const resourceID = (resource.node.defaultChild as CfnResource).logicalId;
 
     this.addOnExitCommands(`cfn-signal --stack ${stack.stackName} --resource ${resourceID} --region ${stack.region} --success ($success.ToString().ToLower())`);
   }

diff --git a/packages/@aws-cdk/aws-ec2/test/userdata.test.ts b/packages/@aws-cdk/aws-ec2/test/userdata.test.ts
@@ -1,5 +1,6 @@
 import { Bucket } from '@aws-cdk/aws-s3';
-import { Aws, Stack } from '@aws-cdk/core';
+import { Template, Match } from '@aws-cdk/assertions';
+import { Aws, Stack, CfnResource } from '@aws-cdk/core';
 import * as ec2 from '../lib';
 
 describe('user data', () => {
@@ -41,6 +42,7 @@ describe('user data', () => {
     const stack = new Stack();
     const resource = new ec2.Vpc(stack, 'RESOURCE');
     const userData = ec2.UserData.forWindows();
+    const logicalId = (resource.node.defaultChild as CfnResource).logicalId;
 
     // WHEN
     userData.addSignalOnExitCommand( resource );
@@ -49,16 +51,55 @@ describe('user data', () => {
     // THEN
     const rendered = userData.render();
 
+    expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552F');
     expect(rendered).toEqual('<powershell>trap {\n' +
         '$success=($PSItem.Exception.Message -eq "Success")\n' +
-        `cfn-signal --stack Default --resource RESOURCE1989552F --region ${Aws.REGION} --success ($success.ToString().ToLower())\n` +
+        `cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} --success ($success.ToString().ToLower())\n` +
         'break\n' +
         '}\n' +
         'command1\n' +
         'throw "Success"</powershell>',
     );
 
   });
+  test('can create Windows with Signal Command and userDataCausesReplacement', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new ec2.Vpc(stack, 'Vpc');
+    const userData = ec2.UserData.forWindows();
+    const resource = new ec2.Instance(stack, 'RESOURCE', {
+      vpc,
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.LARGE),
+      machineImage: ec2.MachineImage.genericWindows({ ['us-east-1']: 'ami-12345678' }),
+      userDataCausesReplacement: true,
+      userData,
+    });
+
+    const logicalId = (resource.node.defaultChild as CfnResource).logicalId;
+
+    // WHEN
+    userData.addSignalOnExitCommand( resource );
+    userData.addCommands('command1');
+
+    // THEN
+    Template.fromStack(stack).templateMatches({
+      Resources: Match.objectLike({
+        RESOURCE1989552Fdfd505305f427919: {
+          Type: 'AWS::EC2::Instance',
+        },
+      }),
+    });
+    expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552Fdfd505305f427919');
+    const rendered = userData.render();
+    expect(rendered).toEqual('<powershell>trap {\n' +
+        '$success=($PSItem.Exception.Message -eq "Success")\n' +
+        `cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} --success ($success.ToString().ToLower())\n` +
+        'break\n' +
+        '}\n' +
+        'command1\n' +
+        'throw "Success"</powershell>',
+    );
+  });
   test('can windows userdata download S3 files', () => {
     // GIVEN
     const stack = new Stack();
@@ -174,6 +215,7 @@ describe('user data', () => {
     // GIVEN
     const stack = new Stack();
     const resource = new ec2.Vpc(stack, 'RESOURCE');
+    const logicalId = (resource.node.defaultChild as CfnResource).logicalId;
 
     // WHEN
     const userData = ec2.UserData.forLinux();
@@ -182,15 +224,53 @@ describe('user data', () => {
 
     // THEN
     const rendered = userData.render();
+    expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552F');
     expect(rendered).toEqual('#!/bin/bash\n' +
         'function exitTrap(){\n' +
         'exitCode=$?\n' +
-        `/opt/aws/bin/cfn-signal --stack Default --resource RESOURCE1989552F --region ${Aws.REGION} -e $exitCode || echo \'Failed to send Cloudformation Signal\'\n` +
+        `/opt/aws/bin/cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} -e $exitCode || echo \'Failed to send Cloudformation Signal\'\n` +
         '}\n' +
         'trap exitTrap EXIT\n' +
         'command1');
 
   });
+  test('can create Linux with Signal Command and userDataCausesReplacement', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new ec2.Vpc(stack, 'Vpc');
+    const userData = ec2.UserData.forLinux();
+    const resource = new ec2.Instance(stack, 'RESOURCE', {
+      vpc,
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.LARGE),
+      machineImage: ec2.MachineImage.genericLinux({ ['us-east-1']: 'ami-12345678' }),
+      userDataCausesReplacement: true,
+      userData,
+    });
+
+    const logicalId = (resource.node.defaultChild as CfnResource).logicalId;
+
+    // WHEN
+    userData.addSignalOnExitCommand( resource );
+    userData.addCommands('command1');
+
+    // THEN
+    Template.fromStack(stack).templateMatches({
+      Resources: Match.objectLike({
+        RESOURCE1989552F74a24ef4fbc89422: {
+          Type: 'AWS::EC2::Instance',
+        },
+      }),
+    });
+    expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552F74a24ef4fbc89422');
+    const rendered = userData.render();
+    expect(rendered).toEqual('#!/bin/bash\n' +
+        'function exitTrap(){\n' +
+        'exitCode=$?\n' +
+        `/opt/aws/bin/cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} -e $exitCode || echo \'Failed to send Cloudformation Signal\'\n` +
+        '}\n' +
+        'trap exitTrap EXIT\n' +
+        'command1');
+  });
   test('can linux userdata download S3 files', () => {
     // GIVEN
     const stack = new Stack();