Co-authored-by: AWS CDK Team <aws-cdk@amazon.com>

…13423)

See CDK RFC 253 (aws/aws-cdk-rfcs#254) for background and details.

Currently -- if a user has not opted out -- an AWS::CDK::Metadata resource
is added to each generated stack template with details about each loaded module
and version that matches an Amazon-specific allow list.

This modules list is used to:

- Track what library versions customers are using so they can be contacted in
  the event of a severe (security) issue with a library.
- Get business metrics on the adoption of CDK and its libraries.

This modules list is sometimes inaccurate (a module may be loaded into memory
without actually being used) and too braod to support CDK v2.

This feature (mostly) implements the specification proposed in RFC 253 to
include metadata about what constructs are present in each stack, rather than
modules loaded into memory. The allow-list is still used to ensure only CDK/AWS
constructs are reported on.

Implementation notes:
- The format of the Analytics property has changed slightly since the RFC. See
  the service-side code for justification and latest spec.
- How to handle the jsii runtime information was left un-spec'd. I've chosen to
  create a psuedo-Construct to add to the list as the simplest solution.
- `runtime-info.test.ts` leaps through some serious hoops to work equally well
  for both v1 and v2, and to fail somewhat gracefully locally if `tsc` was used
  to compile the module instead of `jsii`. Critques of this approach welcome!
- I removed an annoyance from `resolve-version-lib.js` that produced error
  messages when running unit tests.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Our previous implementation of `toJSON()` was quite hacky.

It replaced values inside the structure with objects that had a custom
`toJSON()` serializer, and then called `JSON.stringify()` on the result.

The resulting JSON would have special markers in it where the Token
values would be string-substituted back in.

It's actually easier and gives us more control to just implement
JSONification ourselves in a Token-aware recursive function.

This change has been split off from a larger, upcoming PR in order
to make the individual reviews smaller.

Incidentally also fixes #13465, as the type of encoded tokens is assumed to match
the type of the encoded value (e.g., a `string[]`-encoded token is assumed to
produce a list at deploy-time and so will not be quoted).


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The parameter currently used for `find` in `link-all.sh`,
`-perm /111`, fails on my Mac.
Switch to using `-perm +111`, which works fine,
and that's also what JSII uses in
[its `link-all.sh` script](https://github.com/aws/jsii/blob/f8bde4a01bf7c707c87ab00748eeeb7632e7c820/scripts/link-all.sh#L26-L26).

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Looking for guidance on error messaging and/or docs to update
Fixes #13479

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

#13494)

Changes:

* .NET: Namespace changed from `Amazon.CDK.Lib` -> `Amazon.CDK` (so `Stack` has the same FQN, same namespace as in Monocdk)
* Java: Package name changed from `software.amazon.awscdk.lib` -> `software.amazon.awscdk.core` (so `Stack` has the same FQN, same namespace as in Monocdk)
* Java: Changed artifact ID to match what's written in [RFC 6]
* Python: Changed dist name to match what's written in [RFC 6]
* Python: Change namespace to `aws_cdk` instead of `aws_cdk_lib` for minimal interference. Still need to test whether it's okay to change this to `aws_cdk.core` (like for Java) so `Stack` will keep the same FQN. Monocdk does something different for Python.

[RFC 6]: https://github.com/aws/aws-cdk-rfcs/blob/master/text/0006-monolothic-packaging.md

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…PIs (#13033)

feat(stepfunctions-tasks): Support calling APIGW REST and HTTP APIs

Taking ownership of the original PR #11565 by @Sumeet-Badyal 

API as per documentation here:
https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html


closes #11566
closes #11565


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adds route retry policies for http/http2 and gRPC routes.

Closes #11642

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The prefix-encoded trie could occasionally encode the tested resource
name in a way that prevents the test to match. Using a "fake" version
number ensures a unique prefix is always present, and hence the tested
entry will never be encoded in unexpected ways.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.93.0/CHANGELOG.md)

Ensure `imagePath` ends with `/.` so that the content at that location
is copied.

See https://docs.docker.com/engine/reference/commandline/cp/

Closes #13439


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/1.93.0/CHANGELOG.md)

Adds route priority, header matching and matching by scheme and method.

Closes #11645

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…cture (#12943)

@sshver:
 
> Client Policies are inherently not related to the Virtual Service. It should be thought of as the client (the VN) telling envoy what connections they want to allow to the server (the Virtual Service). The server shouldn't be the one to define what policies are used to enforce connections with itself.

## Description of changes
I refactored the client policy from Virtual Service to a separate backend structure. This mirrors how our API is designed. Also ran `npm run lint -- --fix` and removed some comments to fix lint warnings.

```ts
/* Old backend defaults */
backendsDefaultClientPolicy: appmesh.ClientPolicy.fileTrust({
  certificateChain: 'path-to-certificate',
}),

/* result of this PR */
backendDefaults: {
  clientPolicy: appmesh.ClientPolicy.fileTrust({
    certificateChain: 'path-to-certificate',
  }),
},
```

```ts
/* Old Virtual Service with client policy */
const service1 = new appmesh.VirtualService(stack, 'service-1', {
  virtualServiceName: 'service1.domain.local',
  virtualServiceProvider: appmesh.VirtualServiceProvider.none(mesh),
  clientPolicy: appmesh.ClientPolicy.fileTrust({
    certificateChain: 'path-to-certificate',
    ports: [8080, 8081],
  }),
});

/* result of this PR; client policy is defined in the Virtual Node */
const service1 = new appmesh.VirtualService(stack, 'service-1', {
  virtualServiceName: 'service1.domain.local',
  virtualServiceProvider: appmesh.VirtualServiceProvider.none(mesh),
});

const node = new appmesh.VirtualNode(stack, 'test-node', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('test'),
});

node.addBackend({
  virtualService: service1,
  clientPolicy: appmesh.ClientPolicy.fileTrust({
    certificateChain: 'path-to-certificate',
    ports: [8080, 8081],
  }),
});
```

BREAKING CHANGE: Backend, backend default and Virtual Service client policies structures are being altered
* **appmesh**: you must use the backend default interface to define backend defaults in `VirtualGateway`.
  The property name also changed from `backendsDefaultClientPolicy` to `backendDefaults`
* **appmesh**:  you must use the backend default interface to define backend defaults in `VirtualNode`,
  (the property name also changed from `backendsDefaultClientPolicy` to `backendDefaults`),
  and the `Backend` class to define a backend
* **appmesh**: you can no longer attach a client policy to a `VirtualService`

Resolves #11996

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… with a digit (#13560)

fixes #13434


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…README.md (#13521)

Currently addLambdaInvokeCommandPermissions method used to get the permissions,
which is a deprecated method now.
Use addToPolicy method to get necessary permissions

fix: #13444

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

)

AutoScaling on percentile metrics did not work because the
`MetricAggregationType` was trying to be derived from the metric, and it can
only be MIN, MAX or AVG.

Figure out what the metric aggregation type does, default it to
AVERAGE if no other suitable value can be determined, and also make
it and the evaluation periods configurable while we're at it.

Fixes #13144.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fix bunch of docstring, docs and param typos. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The region information for ap-northeast-3 was not correctly registered
as the region was missing from the `AWS_REGIONS` list in the
`aws-entities.ts` file.

This addresses the gap, and adds a validation at the beginning of
`generate-static-data.ts` to ensure no "new" region is introduced here
without also being introduced in the `AWS_REGIONS` list.

Fixes #13561

Credits to @robertd who had a draft PR with similar changes, which I
only saw once it was too late. I've retro-fitted all the good ideas they had
which I did not have on first intention - so thank you @robertd.

Co-Authored-By: @robertd 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…Groups (#13570)

Fixes #12869


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*