feat(sns): adding support for firehose subscription protocol #15764
Conversation
|
|
|
Title does not follow the guidelines of Conventional Commits. Please adjust title before merge. |
david-doyle-as24
changed the title
peterwoodworth
added
the
@aws-cdk/aws-sns
|
@njlynch , is there anything that I can do on my side to move this forward? |
|
I am curious why the role is not managed automatically by the construct and it has to be setup manually? @david-doyle-as24 , shall it be instead managed? Also, we might want to think about adding a custom construct |
There was a problem hiding this comment.
Thanks for the contribution, and apologies for the delay in first response!
I tend to agree with @melek-inception 's comments here -- this change is fine as-is as the bare minimum needed to support Firehose, but it seems like the right API here is to add a FirehoseSubscription construct to the aws-sns-subscriptions package, which would at least have the option of automatically creating the correct role for you.
Would you be willing to give that a shot? If not, someone else might be able to pick it up. My one comment with this as-is is on the renaming of the test.
| @@ -176,7 +176,7 @@ describe('Subscription', () => { | |||
|
|
|||
| }); | |||
|
|
|||
| test('throws with raw delivery for protocol other than http, https or sqs', () => { | |||
| test('throws with raw delivery for lambda protocol', () => { | |||
There was a problem hiding this comment.
❓ Why did you make this change? While the text more accurately describes the specifics of the test, they lose the intent behind the test.
There was a problem hiding this comment.
@njlynch , the choice was between changing the name to "protocol other than http, https, sqs, or firehose" (since firehose supports raw delivery) or changing it to "lambda protocol", which has the advantage of being more accurate. As it is, the test name is misleading - it doesn't cover email or sms which also don't support raw delivery. Better just to name it more transparently.
There was a problem hiding this comment.
Ah. If Firehose supports raw delivery, then it looks like this check needs to be updated:
aws-cdk/packages/@aws-cdk/aws-sns/lib/subscription.ts
Lines 84 to 86 in b838f95
You're accurate the test name is now more accurate, but it points out the inadequacy of it. Could you swap it to use a test.each and enumerate the protocols that should throw?
| @@ -95,6 +95,20 @@ topic.addSubscription(new subs.LambdaSubscription(fn, { | |||
| })); | |||
| ``` | |||
|
|
|||
| ### Example of Firehose Subscription | |||
There was a problem hiding this comment.
~ (Nit) This is okay, if we're going to leave this implementation as the basics only. I'd greatly prefer we document it as part of a FirehoseSubscription in the aws-sns-subscriptions README instead though.
|
@njlynch and @melek-inception , would the FirehoseSubscription supplement this addition to the Subscription construct or replace it? I would prefer to build it on top of the Subscription construct in a separate PR. |
|
Sorry for the delayed response; this fell off my queue.
Supplement. See the existing constructs in https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-sns-subscriptions/lib for examples. |
Fixes an issue where unresolved Listener `priority` would resolve in Error: `Priority must have value greater than or equal to 1`. This adds support for cases where the Listener `priority` can be supplied through CloudFormation Template Parameters. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…packages (aws#15826) Remove all hard coded references to the @aws-cdk/aws-lambda and @aws-cdk/aws-lambda-go packages from the tests which should fix the issue that prevent building the aws-cdk-lib package. Resolves aws#15585 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
fixes: aws#15831 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… (under feature flag) (aws#15477) This pull request adds the new TLSv1.2_2021 security policy to the respective enum and adds the feature flag `@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021`, which, when enabled, causes distributions to use the new security policy by default. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Feature flags -- by definition -- don't introduce breaking changes to existing customers, simply alter behavior for new apps, or allow opting in to new behavior. Additionally, our linter does not allow breaking changes in stable modules, which means as stands it's impossible to satisfy this requirement and introduce a feature flag for stable modules. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The class `TemplateAssertions` is already part of the `@aws-cdk/assertions` module. The word 'assertions' is redundant. Further, this class now has the method `findResources()` which is not an assertion. All assertion methods are named in a way that makes it clear that it is an assertion, viz., `hasResource()`, `resourceCountIs()`, `templateMatches()`. BREAKING CHANGE: `TemplateAssertions` is now renamed to `Template`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add support for BucketDeployment accessControl property to aws-s3-deployment package. This is needed to run, for example, `aws s3 sync` with `--acl bucket-owner-full-control`. Without this feature there is no easy way (without hacking cdk nodes) to sync assets to bucket located in another account. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This will be used by a change in `tools/individual-pkg-gen/copy-files-removing-deps.ts` on the `v2-main` branch, so that the `transform` step can correctly set the `version` key and the version for each dependency in each alpha module's `package.json` file. See aws#16322 for usage. Part of aws#15591 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) The tests for `yarn-cling` currently reference what were imaginary package names as placeholders; those package names have now been registered. While this has no practical impact, switching the package names to be ones we own just so there's no ambiguity. An `npm install` is never done on these directories, so the packages chosen really doesn't matter. Just picked two of our favorites at random. :) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- This PR adds a new service extension, `SubscribeExtension`. This extension can be added to a service to create SQS Queues which can subscribe to the SNS Topics provided by the user. It creates a default SQS Queue called `eventsQueue` . It also supports creation of topic-specific queues and sets up the SNS subscriptions accordingly. The created topic-queue subscriptions can be accessed using `subscriptions` field of the extension and the default queue for this service can be accessed using the `eventsQueue` getter method. (This PR does not include autoscaling, will be adding it in a separate PR) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…CodeBuildStep (aws#16294) fix(pipelines): Fix documentation regarding rolePolicyStatements of CodeBuildStep ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This is the first PR implementing the ["Accelerated personal deployments" RFC](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0001-cdk-update.md). It adds a (boolean) `--hotswap` flag to the `deploy` command that attempts to perform a short-circuit deployment, updating the resource directly, and skipping CloudFormation. If we detect that the current change cannot be short-circuited (because it contains an infrastructure change to the CDK code, most likely), we fall back on performing a full CloudFormation deployment, same as if `cdk deploy` was called without the `--hotswap` flag. In this PR, the new switch supports only Lambda functions. Later PRs will add support for new resource types. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…to tasks.EvaluateExpression (aws#16290) Currently the way `EvaluateExpression` is set up, if you pass an async expression to it, it never waits for the execution to complete. By adding an `await` before the `eval()` call, async ops can be passed in. This also works for sync ops same as before (await works with sync code as well). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…aws#16348) Early on in the CDK history, a decision was made to delineate between subnets with Internet access (i.e., those with a NAT) and those without. The convention chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`, respectively. The intent was to make it clear that subnets without a NAT were completely isolated from the broader Internet (unless connected through another subnet). However, this introduction of a new subnet type that does not match EC2 documentation and naming conventions can cause confusion. Most critically, a user may select a `PRIVATE` subnet without realizing that it automatically requires one (or more) NAT gateways. As NAT gateways are not free, this can lead to unintended charges. To realign to the EC2 terminology -- while retaining the existing logic surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively. fixes aws#15929 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s#15652) Add method `fromLookup` in KMS key which provides the option to get a KMS key including its key id by an alias name. In some cases, aliases can't be used because access to the underlying key id is necessary. In this case, the `fromLookup` method can be used. The following packages were changed: - @aws-cdk/aws-kms: introduce new `fromLookup` method - @aws-cdk/cx-api: new KeyContextResponse - @aws-cdk/cloud-assembly-schema: new ContextProvider KEY_PROVIDER and KeyContextQuery - aws-cdk: implementation of key ContextProvider Closes aws#8822 ----- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… params (aws#16121) Resolves aws#16004 When using CloudformationInit, can opt to include the `--role` and `--url` argument to `cfn-init` and `cfn-signal` ([ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-init.html#cfn-init-Syntax)). User can do this by including [InitOptions](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.ApplyCloudFormationInitOptions.html) that include `includeUrl` and `includeRole` ```typescript ec2.Instance(this, 'MyInstance', { init: // init config, initOptions: { includeUrl: true, includeRole: true, } } ``` It's possible to _always_ include these added arguments, but not sure whether that would cause regressions. Open to any suggestions on a better way to implement ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds a static instance of InterfaceVpcEndpointAwsService for the AWS Keyspaces service so that users do not need to define it manually. Keyspaces uses a custom TCP port (9142), so this avoids confusion. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ws#15956) Allow specifying the ALPN Policy ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ecutionContext even when object is empty (aws#16141) fixes: aws#16133 As described in aws#16133, the empty `QueryExecutionContext`, which was included before this fix, leads to an error. To mitigate this, I implemented a check to exclude the `QueryExecutionContext`when both params are empty. This way, it behaves like a truly optional parameter. Additionally I integrated an easier way to merge an OutputLocation if provided. This means less redundancy than the original solution, which returned an object that was only different in one key in each branch. The unittest is based on the default unittest, but a bit "stripped down". It proofs that no empty `QueryExecutionContext` object is present. In my tests, this fixes the ``` { "resourceType": "athena", "resource": "startQueryExecution.sync", "error": "Athena.InvalidRequestException", "cause": "Both queryExecutionContext.catalog and queryExecutionContext.database are null or empty (Service: AmazonAthena; Status Code: 400; Error Code: InvalidRequestException; Request ID: [Censored]; Proxy: null)" } ``` error. This solution turned out to be a bit different than I envisioned in the issue. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
mergify
bot
dismissed
njlynch’s stale review
Pull request has been modified.
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
This PR adds support for the firehose subscription protocol by extending the protocol enum and by requiring the field "subscriptionRoleArn" if the protocol is set to firehose.
This is so that users can take advantage of the new SNS-to-Firehose integration introduced in February 2021 (see here for the announcement).
Here also is a link to the sample cloudformation, documenting the SNS-to-Firehose integration.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license