diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets.json new file mode 100644 index 0000000000000..103c2a9effcfd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/cdk.out new file mode 100644 index 0000000000000..560dae10d018f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"33.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/integ.json new file mode 100644 index 0000000000000..58ad39c79509f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "33.0.0", + "testCases": { + "apigateway-restapi-cloudwatch-removal-policy/DefaultTest": { + "stacks": [ + "test-apigateway-restapi-cloudwatch-removal-policy" + ], + "assertionStack": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert", + "assertionStackName": "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/manifest.json new file mode 100644 index 0000000000000..d9fb5ee106496 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/manifest.json @@ -0,0 +1,147 @@ +{ + "version": "33.0.0", + "artifacts": { + "test-apigateway-restapi-cloudwatch-removal-policy.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "test-apigateway-restapi-cloudwatch-removal-policy.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "test-apigateway-restapi-cloudwatch-removal-policy": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "test-apigateway-restapi-cloudwatch-removal-policy.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ad0976eb05657cb79673c3a947078cdcaaac49665eb861a3a4d2e6eeb5774489.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "test-apigateway-restapi-cloudwatch-removal-policy.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "test-apigateway-restapi-cloudwatch-removal-policy.assets" + ], + "metadata": { + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "myapi4C7BF186" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/CloudWatchRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "myapiCloudWatchRole095452E5" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/Account": [ + { + "type": "aws:cdk:logicalId", + "data": "myapiAccountEC421A0A" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/Deployment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "myapiDeployment92F2CB4972a890db5063ec679071ba7eefc76f2a" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/DeploymentStage.prod/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "myapiDeploymentStageprod298F01AF" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/Endpoint": [ + { + "type": "aws:cdk:logicalId", + "data": "myapiEndpoint3628AFE3" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/my-api/Default/GET/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "myapiGETF990CE3C" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/test-apigateway-restapi-cloudwatch-removal-policy/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "test-apigateway-restapi-cloudwatch-removal-policy" + }, + "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "apigatewayrestapicloudwatchremovalpolicyDefaultTestDeployAssert35AFDA9A.assets" + ], + "metadata": { + "/apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/test-apigateway-restapi-cloudwatch-removal-policy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/test-apigateway-restapi-cloudwatch-removal-policy.assets.json new file mode 100644 index 0000000000000..dcec513fea6b2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/test-apigateway-restapi-cloudwatch-removal-policy.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "ad0976eb05657cb79673c3a947078cdcaaac49665eb861a3a4d2e6eeb5774489": { + "source": { + "path": "test-apigateway-restapi-cloudwatch-removal-policy.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ad0976eb05657cb79673c3a947078cdcaaac49665eb861a3a4d2e6eeb5774489.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/test-apigateway-restapi-cloudwatch-removal-policy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/test-apigateway-restapi-cloudwatch-removal-policy.template.json new file mode 100644 index 0000000000000..0b429ec8f20b6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/test-apigateway-restapi-cloudwatch-removal-policy.template.json @@ -0,0 +1,167 @@ +{ + "Resources": { + "myapi4C7BF186": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Name": "my-api" + } + }, + "myapiCloudWatchRole095452E5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" + ] + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "myapiAccountEC421A0A": { + "Type": "AWS::ApiGateway::Account", + "Properties": { + "CloudWatchRoleArn": { + "Fn::GetAtt": [ + "myapiCloudWatchRole095452E5", + "Arn" + ] + } + }, + "DependsOn": [ + "myapi4C7BF186" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "myapiDeployment92F2CB4972a890db5063ec679071ba7eefc76f2a": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "Automatically created by the RestApi construct", + "RestApiId": { + "Ref": "myapi4C7BF186" + } + }, + "DependsOn": [ + "myapiGETF990CE3C" + ] + }, + "myapiDeploymentStageprod298F01AF": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "myapiDeployment92F2CB4972a890db5063ec679071ba7eefc76f2a" + }, + "RestApiId": { + "Ref": "myapi4C7BF186" + }, + "StageName": "prod" + }, + "DependsOn": [ + "myapiAccountEC421A0A" + ] + }, + "myapiGETF990CE3C": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "GET", + "Integration": { + "Type": "MOCK" + }, + "ResourceId": { + "Fn::GetAtt": [ + "myapi4C7BF186", + "RootResourceId" + ] + }, + "RestApiId": { + "Ref": "myapi4C7BF186" + } + } + } + }, + "Outputs": { + "myapiEndpoint3628AFE3": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "myapi4C7BF186" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "myapiDeploymentStageprod298F01AF" + }, + "/" + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/tree.json new file mode 100644 index 0000000000000..172aec1a840b1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.js.snapshot/tree.json @@ -0,0 +1,313 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "test-apigateway-restapi-cloudwatch-removal-policy": { + "id": "test-apigateway-restapi-cloudwatch-removal-policy", + "path": "test-apigateway-restapi-cloudwatch-removal-policy", + "children": { + "my-api": { + "id": "my-api", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api", + "children": { + "Resource": { + "id": "Resource", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::RestApi", + "aws:cdk:cloudformation:props": { + "name": "my-api" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnRestApi", + "version": "0.0.0" + } + }, + "CloudWatchRole": { + "id": "CloudWatchRole", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/CloudWatchRole", + "children": { + "ImportCloudWatchRole": { + "id": "ImportCloudWatchRole", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/CloudWatchRole/ImportCloudWatchRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/CloudWatchRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Account": { + "id": "Account", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Account", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Account", + "aws:cdk:cloudformation:props": { + "cloudWatchRoleArn": { + "Fn::GetAtt": [ + "myapiCloudWatchRole095452E5", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnAccount", + "version": "0.0.0" + } + }, + "Deployment": { + "id": "Deployment", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Deployment", + "children": { + "Resource": { + "id": "Resource", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Deployment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Deployment", + "aws:cdk:cloudformation:props": { + "description": "Automatically created by the RestApi construct", + "restApiId": { + "Ref": "myapi4C7BF186" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnDeployment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Deployment", + "version": "0.0.0" + } + }, + "DeploymentStage.prod": { + "id": "DeploymentStage.prod", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/DeploymentStage.prod", + "children": { + "Resource": { + "id": "Resource", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/DeploymentStage.prod/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Stage", + "aws:cdk:cloudformation:props": { + "deploymentId": { + "Ref": "myapiDeployment92F2CB4972a890db5063ec679071ba7eefc76f2a" + }, + "restApiId": { + "Ref": "myapi4C7BF186" + }, + "stageName": "prod" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnStage", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Stage", + "version": "0.0.0" + } + }, + "Endpoint": { + "id": "Endpoint", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "Default": { + "id": "Default", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Default", + "children": { + "GET": { + "id": "GET", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Default/GET", + "children": { + "Resource": { + "id": "Resource", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/my-api/Default/GET/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "authorizationType": "NONE", + "httpMethod": "GET", + "integration": { + "type": "MOCK" + }, + "resourceId": { + "Fn::GetAtt": [ + "myapi4C7BF186", + "RootResourceId" + ] + }, + "restApiId": { + "Ref": "myapi4C7BF186" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.ResourceBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.RestApi", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "test-apigateway-restapi-cloudwatch-removal-policy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "apigateway-restapi-cloudwatch-removal-policy": { + "id": "apigateway-restapi-cloudwatch-removal-policy", + "path": "apigateway-restapi-cloudwatch-removal-policy", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "apigateway-restapi-cloudwatch-removal-policy/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.ts new file mode 100644 index 0000000000000..b734c5f7dee25 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi-cloudwatch-removal-policy.ts @@ -0,0 +1,20 @@ +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as apigateway from 'aws-cdk-lib/aws-apigateway'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'test-apigateway-restapi-cloudwatch-removal-policy'); + +const api = new apigateway.RestApi(stack, 'my-api', { + cloudWatchRole: true, + cloudWatchRoleRemovalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +api.root.addMethod('GET'); + +new IntegTest(app, 'apigateway-restapi-cloudwatch-removal-policy', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-apigateway/README.md b/packages/aws-cdk-lib/aws-apigateway/README.md index 68634e9f3528a..70735b57ab344 100644 --- a/packages/aws-cdk-lib/aws-apigateway/README.md +++ b/packages/aws-cdk-lib/aws-apigateway/README.md @@ -965,6 +965,19 @@ will overwrite the `CfnAccount`. It is recommended to set `cloudWatchRole=false` (the default behavior if `@aws-cdk/aws-apigateway:disableCloudWatchRole` is enabled) and only create a single CloudWatch role and account per environment. +You can specify the CloudWatch Role and Account sub-resources removal policy with the +`cloudWatchRoleRemovalPolicy` property, which defaults to `RemovalPolicy.RETAIN`. +This option requires `cloudWatchRole` to be enabled. + +```ts +import * as cdk from 'aws-cdk-lib/core'; + +const api = new apigateway.RestApi(this, 'books', { + cloudWatchRole: true, + cloudWatchRoleRemovalPolicy: cdk.RemovalPolicy.DESTROY, +}); +``` + ### Deep dive: Invalidation of deployments API Gateway deployments are an immutable snapshot of the API. This means that we diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/restapi.ts b/packages/aws-cdk-lib/aws-apigateway/lib/restapi.ts index 34100e0c6154e..015ac2d500beb 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/restapi.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/restapi.ts @@ -163,6 +163,15 @@ export interface RestApiBaseProps { */ readonly cloudWatchRole?: boolean; + /** + * The removal policy applied to the AWS CloudWatch role when this resource + * is removed from the application. + * Requires `cloudWatchRole` to be enabled. + * + * @default - RemovalPolicy.RETAIN + */ + readonly cloudWatchRoleRemovalPolicy?: RemovalPolicy; + /** * Export name for the CfnOutput containing the API endpoint * @@ -552,17 +561,32 @@ export abstract class RestApiBase extends Resource implements IRestApi { /** * @internal */ - protected _configureCloudWatchRole(apiResource: CfnRestApi) { + protected _configureCloudWatchRole( + apiResource: CfnRestApi, + cloudWatchRole?: boolean, + cloudWatchRoleRemovalPolicy?: RemovalPolicy, + ) { + const cloudWatchRoleDefault = FeatureFlags.of(this).isEnabled(APIGATEWAY_DISABLE_CLOUDWATCH_ROLE) ? false : true; + cloudWatchRole = cloudWatchRole ?? cloudWatchRoleDefault; + if (!cloudWatchRole) { + if (cloudWatchRoleRemovalPolicy) { + throw new Error('\'cloudWatchRole\' must be enabled for \'cloudWatchRoleRemovalPolicy\' to be applied.'); + } + return; + } + + cloudWatchRoleRemovalPolicy = cloudWatchRoleRemovalPolicy ?? RemovalPolicy.RETAIN; + const role = new iam.Role(this, 'CloudWatchRole', { assumedBy: new iam.ServicePrincipal('apigateway.amazonaws.com'), managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonAPIGatewayPushToCloudWatchLogs')], }); - role.applyRemovalPolicy(RemovalPolicy.RETAIN); + role.applyRemovalPolicy(cloudWatchRoleRemovalPolicy); this.cloudWatchAccount = new CfnAccount(this, 'Account', { cloudWatchRoleArn: role.roleArn, }); - this.cloudWatchAccount.applyRemovalPolicy(RemovalPolicy.RETAIN); + this.cloudWatchAccount.applyRemovalPolicy(cloudWatchRoleRemovalPolicy); this.cloudWatchAccount.node.addDependency(apiResource); } @@ -688,11 +712,7 @@ export class SpecRestApi extends RestApiBase { this.restApiRootResourceId = resource.attrRootResourceId; this.root = new RootResource(this, {}, this.restApiRootResourceId); - const cloudWatchRoleDefault = FeatureFlags.of(this).isEnabled(APIGATEWAY_DISABLE_CLOUDWATCH_ROLE) ? false : true; - const cloudWatchRole = props.cloudWatchRole ?? cloudWatchRoleDefault; - if (cloudWatchRole) { - this._configureCloudWatchRole(resource); - } + this._configureCloudWatchRole(resource, props.cloudWatchRole, props.cloudWatchRoleRemovalPolicy); this._configureDeployment(props); if (props.domainName) { @@ -804,11 +824,7 @@ export class RestApi extends RestApiBase { this.node.defaultChild = resource; this.restApiId = resource.ref; - const cloudWatchRoleDefault = FeatureFlags.of(this).isEnabled(APIGATEWAY_DISABLE_CLOUDWATCH_ROLE) ? false : true; - const cloudWatchRole = props.cloudWatchRole ?? cloudWatchRoleDefault; - if (cloudWatchRole) { - this._configureCloudWatchRole(resource); - } + this._configureCloudWatchRole(resource, props.cloudWatchRole, props.cloudWatchRoleRemovalPolicy); this._configureDeployment(props); if (props.domainName) { diff --git a/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts index 3172fabb442e0..24ca1f48e56d2 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts @@ -1,7 +1,7 @@ import { testDeprecated } from '@aws-cdk/cdk-build-tools'; import { Template } from '../../assertions'; import { GatewayVpcEndpoint } from '../../aws-ec2'; -import { App, CfnElement, CfnResource, Lazy, Size, Stack } from '../../core'; +import { App, CfnElement, CfnResource, Lazy, RemovalPolicy, Size, Stack } from '../../core'; import * as apigw from '../lib'; describe('restapi', () => { @@ -950,6 +950,42 @@ describe('restapi', () => { minimumCompressionSize: 1024, })).toThrow(/both properties minCompressionSize and minimumCompressionSize cannot be set at once./); }); + + test('can specify CloudWatch Role and Account removal policy', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const api = new apigw.RestApi(stack, 'myapi', { + cloudWatchRole: true, + cloudWatchRoleRemovalPolicy: RemovalPolicy.DESTROY, + }); + + api.root.addMethod('GET'); + + // THEN + Template.fromStack(stack).templateMatches({ + Resources: { + myapiCloudWatchRoleEB425128: { + Type: 'AWS::IAM::Role', + DeletionPolicy: 'Delete', + }, + myapiAccountC3A4750C: { + Type: 'AWS::ApiGateway::Account', + DeletionPolicy: 'Delete', + }, + }, + }); + }); + + test('cloudWatchRole must be enabled for specifying specify CloudWatch Role and Account removal policy', () => { + expect(() => { + new apigw.RestApi(new Stack(), 'myapi', { + cloudWatchRole: false, + cloudWatchRoleRemovalPolicy: RemovalPolicy.DESTROY, + }); + }).toThrow(/'cloudWatchRole' must be enabled for 'cloudWatchRoleRemovalPolicy' to be applied./); + }); }); describe('Import', () => {