From 9c61c33199c1e5ed1fcf68b14bae2d33beac3949 Mon Sep 17 00:00:00 2001 From: Sean Beath Date: Wed, 20 Jul 2022 06:00:00 +0000 Subject: [PATCH 1/5] fix/added error when creating logging bucket without s3 key --- packages/@aws-cdk/aws-redshift/lib/cluster.ts | 6 +++++- .../aws-redshift/test/cluster.test.ts | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-redshift/lib/cluster.ts b/packages/@aws-cdk/aws-redshift/lib/cluster.ts index 31ed69811a795..f2884c41d781d 100644 --- a/packages/@aws-cdk/aws-redshift/lib/cluster.ts +++ b/packages/@aws-cdk/aws-redshift/lib/cluster.ts @@ -302,7 +302,7 @@ export interface ClusterProps { readonly loggingBucket?: s3.IBucket /** - * Prefix used for logging + * Prefix used for logging. Required if {@link ClusterProps.loggingBucket} is set. * * @default - no prefix */ @@ -474,6 +474,10 @@ export class Cluster extends ClusterBase { this.singleUserRotationApplication = secretsmanager.SecretRotationApplication.REDSHIFT_ROTATION_SINGLE_USER; this.multiUserRotationApplication = secretsmanager.SecretRotationApplication.REDSHIFT_ROTATION_MULTI_USER; + if (props.loggingBucket && !props.loggingKeyPrefix) { + throw new Error('Cannot set loggingBucket without including an loggingKeyPrefix!'); + } + let loggingProperties; if (props.loggingBucket) { loggingProperties = { diff --git a/packages/@aws-cdk/aws-redshift/test/cluster.test.ts b/packages/@aws-cdk/aws-redshift/test/cluster.test.ts index 45e44a736d1e8..dbe2e71a04acf 100644 --- a/packages/@aws-cdk/aws-redshift/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-redshift/test/cluster.test.ts @@ -339,6 +339,25 @@ test('can create a cluster with logging enabled', () => { }); }); +test('throws error when logging enabled without s3 prefix', () => { + // GIVEN + const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'logging-bucket'); + + // WHEN + const props = { + masterUser: { + masterUsername: 'admin', + }, + vpc, + loggingBucket: bucket, + }; + + // THEN + expect(() => { + new Cluster(stack, 'Redshift', props); + }).toThrowError(); +}); + test('throws when trying to add rotation to a cluster without secret', () => { // WHEN const cluster = new Cluster(stack, 'Redshift', { From e5721477b2ddb9ca88e6e6433247b5209a208562 Mon Sep 17 00:00:00 2001 From: Sean Beath Date: Tue, 2 Aug 2022 04:31:05 +0000 Subject: [PATCH 2/5] updated logging bucket to use new interface --- packages/@aws-cdk/aws-redshift/lib/cluster.ts | 42 +++++++++++-------- .../aws-redshift/test/cluster.test.ts | 25 ++--------- 2 files changed, 28 insertions(+), 39 deletions(-) diff --git a/packages/@aws-cdk/aws-redshift/lib/cluster.ts b/packages/@aws-cdk/aws-redshift/lib/cluster.ts index f2884c41d781d..a581587a9b442 100644 --- a/packages/@aws-cdk/aws-redshift/lib/cluster.ts +++ b/packages/@aws-cdk/aws-redshift/lib/cluster.ts @@ -95,6 +95,24 @@ export interface Login { readonly encryptionKey?: kms.IKey; } +/** + * Logging bucket and S3 prefix combination + */ +export interface LoggingProperties { + /** + * Bucket to send logs to. + * Logging information includes queries and connection attempts, for the specified Amazon Redshift cluster. + * + */ + readonly loggingBucket: s3.IBucket + + /** + * Prefix used for logging. + * + */ + readonly loggingKeyPrefix: string +} + /** * Options to add the multi user rotation */ @@ -294,19 +312,11 @@ export interface ClusterProps { readonly defaultDatabaseName?: string; /** - * Bucket to send logs to. - * Logging information includes queries and connection attempts, for the specified Amazon Redshift cluster. - * - * @default - No Logs - */ - readonly loggingBucket?: s3.IBucket - - /** - * Prefix used for logging. Required if {@link ClusterProps.loggingBucket} is set. + * Bucket details for log files to be sent to, including prefix. * - * @default - no prefix + * @default - No logging bucket is used */ - readonly loggingKeyPrefix?: string + readonly loggingProperties?: LoggingProperties; /** * The removal policy to apply when the cluster and its instances are removed @@ -474,15 +484,11 @@ export class Cluster extends ClusterBase { this.singleUserRotationApplication = secretsmanager.SecretRotationApplication.REDSHIFT_ROTATION_SINGLE_USER; this.multiUserRotationApplication = secretsmanager.SecretRotationApplication.REDSHIFT_ROTATION_MULTI_USER; - if (props.loggingBucket && !props.loggingKeyPrefix) { - throw new Error('Cannot set loggingBucket without including an loggingKeyPrefix!'); - } - let loggingProperties; - if (props.loggingBucket) { + if (props.loggingProperties) { loggingProperties = { - bucketName: props.loggingBucket.bucketName, - s3KeyPrefix: props.loggingKeyPrefix, + bucketName: props.loggingProperties.loggingBucket.bucketName, + s3KeyPrefix: props.loggingProperties.loggingKeyPrefix, }; } diff --git a/packages/@aws-cdk/aws-redshift/test/cluster.test.ts b/packages/@aws-cdk/aws-redshift/test/cluster.test.ts index dbe2e71a04acf..703abd29e1e84 100644 --- a/packages/@aws-cdk/aws-redshift/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-redshift/test/cluster.test.ts @@ -326,8 +326,10 @@ test('can create a cluster with logging enabled', () => { masterUsername: 'admin', }, vpc, - loggingBucket: bucket, - loggingKeyPrefix: 'prefix', + loggingProperties: { + loggingBucket: bucket, + loggingKeyPrefix: 'prefix', + }, }); // THEN @@ -339,25 +341,6 @@ test('can create a cluster with logging enabled', () => { }); }); -test('throws error when logging enabled without s3 prefix', () => { - // GIVEN - const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'logging-bucket'); - - // WHEN - const props = { - masterUser: { - masterUsername: 'admin', - }, - vpc, - loggingBucket: bucket, - }; - - // THEN - expect(() => { - new Cluster(stack, 'Redshift', props); - }).toThrowError(); -}); - test('throws when trying to add rotation to a cluster without secret', () => { // WHEN const cluster = new Cluster(stack, 'Redshift', { From 8033dac57ae9aaa88511af5bef1a02aa0c573c79 Mon Sep 17 00:00:00 2001 From: Sean Beath Date: Tue, 2 Aug 2022 05:05:25 +0000 Subject: [PATCH 3/5] updated README to show how to include logging --- packages/@aws-cdk/aws-redshift/README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/packages/@aws-cdk/aws-redshift/README.md b/packages/@aws-cdk/aws-redshift/README.md index f43949f3511d7..9c7897fb28e39 100644 --- a/packages/@aws-cdk/aws-redshift/README.md +++ b/packages/@aws-cdk/aws-redshift/README.md @@ -45,6 +45,29 @@ A default database named `default_db` will be created in the cluster. To change By default, the cluster will not be publicly accessible. Depending on your use case, you can make the cluster publicly accessible with the `publiclyAccessible` property. +## Adding a logging bucket for database audit logging to S3 + +Amazon Redshift logs information about connections and user activities in your database. These logs help you to monitor the database for security and troubleshooting purposes, a process called database auditing. To send these logs to an S3 bucket, specify the `loggingProperties` when creating a new cluster. + +```ts +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as s3 from '@aws-cdk/aws-s3'; + +const vpc = new ec2.Vpc(this, 'Vpc'); +const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'logging-bucket'); + +const cluster = new Cluster(this, 'Redshift', { + masterUser: { + masterUsername: 'admin', + }, + vpc, + loggingProperties: { + loggingBucket = bucket, + loggingKeyPrefix: 'prefix', + } +}); +``` + ## Connecting To control who can access the cluster, use the `.connections` attribute. Redshift Clusters have From 939494e459d86535a63b4d5c866522fabc2a5570 Mon Sep 17 00:00:00 2001 From: Sean Beath Date: Fri, 5 Aug 2022 06:45:37 +0000 Subject: [PATCH 4/5] added integ test for logging bucket --- packages/@aws-cdk/aws-redshift/package.json | 1 + ...aultTestDeployAssert2827ECC1.template.json | 1 + .../assertion-results.json | 1 + ...redshift-cluster-loggingbucket.assets.json | 19 + ...dshift-cluster-loggingbucket.template.json | 589 +++++++++++ .../cdk.out | 1 + .../integ.json | 11 + .../manifest.json | 205 ++++ ...redshift-loggingbucket-integ.template.json | 505 ++++++++++ .../tree.json | 929 ++++++++++++++++++ .../test/integ.cluster-loggingbucket.ts | 39 + 11 files changed, 2301 insertions(+) create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.assets.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.template.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/cdk.out create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/integ.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json create mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json create mode 100644 packages/@aws-cdk/aws-redshift/test/integ.cluster-loggingbucket.ts diff --git a/packages/@aws-cdk/aws-redshift/package.json b/packages/@aws-cdk/aws-redshift/package.json index da61c7b4b2ce3..c037a15bf4e67 100644 --- a/packages/@aws-cdk/aws-redshift/package.json +++ b/packages/@aws-cdk/aws-redshift/package.json @@ -85,6 +85,7 @@ "@aws-cdk/integ-runner": "0.0.0", "@aws-cdk/cfn2ts": "0.0.0", "@aws-cdk/pkglint": "0.0.0", + "@aws-cdk/integ-tests": "0.0.0", "@types/jest": "^27.5.2", "aws-sdk": "^2.848.0", "jest": "^27.5.1" diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json new file mode 100644 index 0000000000000..9e26dfeeb6e64 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json new file mode 100644 index 0000000000000..0967ef424bce6 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json @@ -0,0 +1 @@ +{} diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.assets.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.assets.json new file mode 100644 index 0000000000000..5d108021f0e1d --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.assets.json @@ -0,0 +1,19 @@ +{ + "version": "20.0.0", + "files": { + "941d95acb9a710e3df3e05301e7debabdecabed59c6b395b0265d4d3be632c5f": { + "source": { + "path": "aws-cdk-redshift-cluster-loggingbucket.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "941d95acb9a710e3df3e05301e7debabdecabed59c6b395b0265d4d3be632c5f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.template.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.template.json new file mode 100644 index 0000000000000..42ebb29c1bf36 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.template.json @@ -0,0 +1,589 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet1" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet1" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet1" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet1" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet2" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet2" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet2EIP3C605A87": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet2" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPublicSubnet2NATGateway9182C01D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PublicSubnet2" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PrivateSubnet1" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PrivateSubnet1" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PrivateSubnet2" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc/PrivateSubnet2" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-redshift-cluster-loggingbucket/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "S3486F821D": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterSubnetsDCFA5CB7": { + "Type": "AWS::Redshift::ClusterSubnetGroup", + "Properties": { + "Description": "Subnets for Cluster Redshift cluster", + "SubnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterSecurityGroup0921994B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Redshift security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterSecret6368BD0F": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": { + "ExcludeCharacters": "\"@/\\ '", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterSecretAttachment769E6258": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "ClusterSecret6368BD0F" + }, + "TargetId": { + "Ref": "ClusterEB0386A7" + }, + "TargetType": "AWS::Redshift::Cluster" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterEB0386A7": { + "Type": "AWS::Redshift::Cluster", + "Properties": { + "ClusterType": "multi-node", + "DBName": "default_db", + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "ClusterSecret6368BD0F" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "ClusterSecret6368BD0F" + }, + ":SecretString:password::}}" + ] + ] + }, + "NodeType": "dc2.large", + "AllowVersionUpgrade": true, + "AutomatedSnapshotRetentionPeriod": 1, + "ClusterSubnetGroupName": { + "Ref": "ClusterSubnetsDCFA5CB7" + }, + "Encrypted": true, + "LoggingProperties": { + "BucketName": { + "Ref": "S3486F821D" + }, + "S3KeyPrefix": "prefix" + }, + "NumberOfNodes": 2, + "PubliclyAccessible": false, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterSecurityGroup0921994B", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/cdk.out b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/cdk.out new file mode 100644 index 0000000000000..588d7b269d34f --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/cdk.out @@ -0,0 +1 @@ +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/integ.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/integ.json new file mode 100644 index 0000000000000..7d1b2d74e6cb6 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/integ.json @@ -0,0 +1,11 @@ +{ + "version": "20.0.0", + "testCases": { + "LoggingBucketInteg/DefaultTest": { + "stacks": [ + "redshift-loggingbucket-integ" + ], + "assertionStack": "LoggingBucketIntegDefaultTestDeployAssert2827ECC1" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json new file mode 100644 index 0000000000000..faf1f56f0899b --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json @@ -0,0 +1,205 @@ +{ + "version": "20.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "redshift-loggingbucket-integ": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "redshift-loggingbucket-integ.template.json", + "validateOnSynth": false + }, + "metadata": { + "/redshift-loggingbucket-integ/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/redshift-loggingbucket-integ/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/redshift-loggingbucket-integ/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/redshift-loggingbucket-integ/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/redshift-loggingbucket-integ/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/redshift-loggingbucket-integ/S3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3486F821D" + } + ], + "/redshift-loggingbucket-integ/Cluster/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterSubnetsDCFA5CB7" + } + ], + "/redshift-loggingbucket-integ/Cluster/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterSecurityGroup0921994B" + } + ], + "/redshift-loggingbucket-integ/Cluster/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterSecret6368BD0F" + } + ], + "/redshift-loggingbucket-integ/Cluster/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterSecretAttachment769E6258" + } + ], + "/redshift-loggingbucket-integ/Cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterEB0386A7" + } + ] + }, + "displayName": "redshift-loggingbucket-integ" + }, + "LoggingBucketIntegDefaultTestDeployAssert2827ECC1": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json", + "validateOnSynth": false + }, + "displayName": "LoggingBucketInteg/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json new file mode 100644 index 0000000000000..cb05fc21b9273 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json @@ -0,0 +1,505 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "redshift-loggingbucket-integ/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "S3486F821D": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ClusterSubnetsDCFA5CB7": { + "Type": "AWS::Redshift::ClusterSubnetGroup", + "Properties": { + "Description": "Subnets for Cluster Redshift cluster", + "SubnetIds": [ + { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ClusterSecurityGroup0921994B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Redshift security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "ClusterSecret6368BD0F": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": { + "ExcludeCharacters": "\"@/\\ '", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterSecretAttachment769E6258": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "ClusterSecret6368BD0F" + }, + "TargetId": { + "Ref": "ClusterEB0386A7" + }, + "TargetType": "AWS::Redshift::Cluster" + } + }, + "ClusterEB0386A7": { + "Type": "AWS::Redshift::Cluster", + "Properties": { + "ClusterType": "multi-node", + "DBName": "default_db", + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "ClusterSecret6368BD0F" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "ClusterSecret6368BD0F" + }, + ":SecretString:password::}}" + ] + ] + }, + "NodeType": "dc2.large", + "AllowVersionUpgrade": true, + "AutomatedSnapshotRetentionPeriod": 1, + "ClusterSubnetGroupName": { + "Ref": "ClusterSubnetsDCFA5CB7" + }, + "Encrypted": true, + "LoggingProperties": { + "BucketName": { + "Ref": "S3486F821D" + }, + "S3KeyPrefix": "prefix" + }, + "NumberOfNodes": 2, + "PubliclyAccessible": false, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterSecurityGroup0921994B", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json new file mode 100644 index 0000000000000..bc494181c5d89 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json @@ -0,0 +1,929 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.49" + } + }, + "redshift-loggingbucket-integ": { + "id": "redshift-loggingbucket-integ", + "path": "redshift-loggingbucket-integ", + "children": { + "VPC": { + "id": "VPC", + "path": "redshift-loggingbucket-integ/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "redshift-loggingbucket-integ/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "redshift-loggingbucket-integ/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "redshift-loggingbucket-integ/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "redshift-loggingbucket-integ/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "redshift-loggingbucket-integ/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.Vpc", + "version": "0.0.0" + } + }, + "S3": { + "id": "S3", + "path": "redshift-loggingbucket-integ/S3", + "children": { + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/S3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.Bucket", + "version": "0.0.0" + } + }, + "Cluster": { + "id": "Cluster", + "path": "redshift-loggingbucket-integ/Cluster", + "children": { + "Subnets": { + "id": "Subnets", + "path": "redshift-loggingbucket-integ/Cluster/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "redshift-loggingbucket-integ/Cluster/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Redshift::ClusterSubnetGroup", + "aws:cdk:cloudformation:props": { + "description": "Subnets for Cluster Redshift cluster", + "subnetIds": [ + { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-redshift.CfnClusterSubnetGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-redshift.ClusterSubnetGroup", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "redshift-loggingbucket-integ/Cluster/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/Cluster/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Redshift security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "redshift-loggingbucket-integ/Cluster/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/Cluster/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"admin\"}", + "generateStringKey": "password", + "excludeCharacters": "\"@/\\ '" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnSecret", + "version": "0.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "redshift-loggingbucket-integ/Cluster/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/Cluster/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "ClusterSecret6368BD0F" + }, + "targetId": { + "Ref": "ClusterEB0386A7" + }, + "targetType": "AWS::Redshift::Cluster" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnSecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-redshift.DatabaseSecret", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/Cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Redshift::Cluster", + "aws:cdk:cloudformation:props": { + "clusterType": "multi-node", + "dbName": "default_db", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "ClusterSecret6368BD0F" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "ClusterSecret6368BD0F" + }, + ":SecretString:password::}}" + ] + ] + }, + "nodeType": "dc2.large", + "allowVersionUpgrade": true, + "automatedSnapshotRetentionPeriod": 1, + "clusterSubnetGroupName": { + "Ref": "ClusterSubnetsDCFA5CB7" + }, + "encrypted": true, + "loggingProperties": { + "bucketName": { + "Ref": "S3486F821D" + }, + "s3KeyPrefix": "prefix" + }, + "numberOfNodes": 2, + "publiclyAccessible": false, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterSecurityGroup0921994B", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-redshift.CfnCluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-redshift.Cluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "LoggingBucketInteg": { + "id": "LoggingBucketInteg", + "path": "LoggingBucketInteg", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "LoggingBucketInteg/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "LoggingBucketInteg/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.49" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "LoggingBucketInteg/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-redshift/test/integ.cluster-loggingbucket.ts b/packages/@aws-cdk/aws-redshift/test/integ.cluster-loggingbucket.ts new file mode 100644 index 0000000000000..e32fdb6f80434 --- /dev/null +++ b/packages/@aws-cdk/aws-redshift/test/integ.cluster-loggingbucket.ts @@ -0,0 +1,39 @@ +#!/usr/bin/env node +/// !cdk-integ pragma:ignore-assets +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as s3 from '@aws-cdk/aws-s3'; +import { Stack, App, StackProps } from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import { Construct } from 'constructs'; +import * as redshift from '../lib'; + +class RedshiftEnv extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const vpc = new ec2.Vpc(this, 'VPC'); + const loggingBucket = new s3.Bucket(this, 'S3'); + + new redshift.Cluster(this, 'Cluster', { + vpc: vpc, + vpcSubnets: { + subnetType: ec2.SubnetType.PUBLIC, + }, + masterUser: { + masterUsername: 'admin', + }, + loggingProperties: { + loggingBucket: loggingBucket, + loggingKeyPrefix: 'prefix', + }, + }); + } +} + +const app = new App(); + +new integ.IntegTest(app, 'LoggingBucketInteg', { + testCases: [new RedshiftEnv(app, 'redshift-loggingbucket-integ')], +}); + +app.synth(); \ No newline at end of file From 7e8037fa3eda83c6d3db92301ba0627a42357e1a Mon Sep 17 00:00:00 2001 From: Sean Beath Date: Mon, 8 Aug 2022 05:13:32 +0000 Subject: [PATCH 5/5] added s3 permissions when using logging bucket --- packages/@aws-cdk/aws-redshift/lib/cluster.ts | 17 +++++ .../assertion-results.json | 1 - ...aultTestDeployAssert2827ECC1.template.json | 0 ...redshift-cluster-loggingbucket.assets.json | 0 ...dshift-cluster-loggingbucket.template.json | 0 .../cdk.out | 0 .../integ.json | 0 .../manifest.json | 6 ++ ...redshift-loggingbucket-integ.template.json | 45 +++++++++++++ .../tree.json | 63 +++++++++++++++++++ 10 files changed, 131 insertions(+), 1 deletion(-) delete mode 100644 packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json (100%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/aws-cdk-redshift-cluster-loggingbucket.assets.json (100%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/aws-cdk-redshift-cluster-loggingbucket.template.json (100%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/cdk.out (100%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/integ.json (100%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/manifest.json (97%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/redshift-loggingbucket-integ.template.json (93%) rename packages/@aws-cdk/aws-redshift/test/{cdk-integ.out.cluster-loggingbucket => cluster-loggingbucket.integ.snapshot}/tree.json (93%) diff --git a/packages/@aws-cdk/aws-redshift/lib/cluster.ts b/packages/@aws-cdk/aws-redshift/lib/cluster.ts index a581587a9b442..0edf8e1ff0b58 100644 --- a/packages/@aws-cdk/aws-redshift/lib/cluster.ts +++ b/packages/@aws-cdk/aws-redshift/lib/cluster.ts @@ -490,6 +490,23 @@ export class Cluster extends ClusterBase { bucketName: props.loggingProperties.loggingBucket.bucketName, s3KeyPrefix: props.loggingProperties.loggingKeyPrefix, }; + props.loggingProperties.loggingBucket.addToResourcePolicy( + new iam.PolicyStatement( + { + actions: [ + 's3:GetBucketAcl', + 's3:PutObject', + ], + resources: [ + props.loggingProperties.loggingBucket.arnForObjects('*'), + props.loggingProperties.loggingBucket.bucketArn, + ], + principals: [ + new iam.ServicePrincipal('redshift.amazonaws.com'), + ], + }, + ), + ); } const cluster = new CfnCluster(this, 'Resource', { diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json b/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json deleted file mode 100644 index 0967ef424bce6..0000000000000 --- a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/assertion-results.json +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json similarity index 100% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/LoggingBucketIntegDefaultTestDeployAssert2827ECC1.template.json diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.assets.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/aws-cdk-redshift-cluster-loggingbucket.assets.json similarity index 100% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.assets.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/aws-cdk-redshift-cluster-loggingbucket.assets.json diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.template.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/aws-cdk-redshift-cluster-loggingbucket.template.json similarity index 100% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/aws-cdk-redshift-cluster-loggingbucket.template.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/aws-cdk-redshift-cluster-loggingbucket.template.json diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/cdk.out b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/cdk.out rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/cdk.out diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/integ.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/integ.json similarity index 100% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/integ.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/integ.json diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/manifest.json similarity index 97% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/manifest.json index faf1f56f0899b..e56c6d760a6df 100644 --- a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/manifest.json +++ b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/manifest.json @@ -159,6 +159,12 @@ "data": "S3486F821D" } ], + "/redshift-loggingbucket-integ/S3/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3Policy2E4AA1D6" + } + ], "/redshift-loggingbucket-integ/Cluster/Subnets/Default": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/redshift-loggingbucket-integ.template.json similarity index 93% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/redshift-loggingbucket-integ.template.json index cb05fc21b9273..ef3f0df5f381e 100644 --- a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/redshift-loggingbucket-integ.template.json +++ b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/redshift-loggingbucket-integ.template.json @@ -388,6 +388,51 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, + "S3Policy2E4AA1D6": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "S3486F821D" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucketAcl", + "s3:PutObject" + ], + "Effect": "Allow", + "Principal": { + "Service": "redshift.amazonaws.com" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, "ClusterSubnetsDCFA5CB7": { "Type": "AWS::Redshift::ClusterSubnetGroup", "Properties": { diff --git a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/tree.json similarity index 93% rename from packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json rename to packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/tree.json index bc494181c5d89..40bc3088d8d70 100644 --- a/packages/@aws-cdk/aws-redshift/test/cdk-integ.out.cluster-loggingbucket/tree.json +++ b/packages/@aws-cdk/aws-redshift/test/cluster-loggingbucket.integ.snapshot/tree.json @@ -674,6 +674,69 @@ "fqn": "@aws-cdk/aws-s3.CfnBucket", "version": "0.0.0" } + }, + "Policy": { + "id": "Policy", + "path": "redshift-loggingbucket-integ/S3/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "redshift-loggingbucket-integ/S3/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "S3486F821D" + }, + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucketAcl", + "s3:PutObject" + ], + "Effect": "Allow", + "Principal": { + "Service": "redshift.amazonaws.com" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3486F821D", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketPolicy", + "version": "0.0.0" + } } }, "constructInfo": {