diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.assets.json index b4cf64f990680..b44292742a6f2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.assets.json @@ -1,15 +1,16 @@ { - "version": "39.0.0", + "version": "45.0.0", "files": { - "f395ca0d527831a9bb9efb9f8596f28402b0cdf892c286ff1597977eb5faf167": { + "46121cb31a9a19115e811ab60bef5894208584bebf1558b35fc7a3fbc7d259d0": { + "displayName": "aws-cdk-aws-apigatewayv2-websocket-stage Template", "source": { "path": "aws-cdk-aws-apigatewayv2-websocket-stage.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region": { + "current_account-current_region-63a0ec44": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f395ca0d527831a9bb9efb9f8596f28402b0cdf892c286ff1597977eb5faf167.json", + "objectKey": "46121cb31a9a19115e811ab60bef5894208584bebf1558b35fc7a3fbc7d259d0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.template.json index b78d128d2f6ef..bde694cd90466 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/aws-cdk-aws-apigatewayv2-websocket-stage.template.json @@ -1,5 +1,13 @@ { "Resources": { + "MyLogGroup5C0DAD85": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "WebSocketApi34BCF99B": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -11,6 +19,15 @@ "WebSocketStageC46B7E43": { "Type": "AWS::ApiGatewayV2::Stage", "Properties": { + "AccessLogSettings": { + "DestinationArn": { + "Fn::GetAtt": [ + "MyLogGroup5C0DAD85", + "Arn" + ] + }, + "Format": "{\"extendedRequestId\":\"$context.extendedRequestId\",\"requestTime\":\"$context.requestTime\"}" + }, "ApiId": { "Ref": "WebSocketApi34BCF99B" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets.json new file mode 100644 index 0000000000000..ade00603e45bf --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets.json @@ -0,0 +1,20 @@ +{ + "version": "45.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43 Template", + "source": { + "path": "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/cdk.out index 91e1a8b9901d5..3704a1b682acf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"39.0.0"} \ No newline at end of file +{"version":"45.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/integ.json index 3ef55a716e8b4..9b61a79c7cd47 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/integ.json @@ -1,14 +1,13 @@ { - "version": "39.0.0", + "version": "45.0.0", "testCases": { - "integ.stage": { + "aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest": { "stacks": [ "aws-cdk-aws-apigatewayv2-websocket-stage" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "assertionStack": "aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert", + "assertionStackName": "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43" } }, - "synthContext": {}, - "enableLookups": false + "minimumCliVersion": "2.1020.2" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/manifest.json index 2a898abd94486..b10e5b5064a3e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "39.0.0", + "version": "45.0.0", "artifacts": { "aws-cdk-aws-apigatewayv2-websocket-stage.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f395ca0d527831a9bb9efb9f8596f28402b0cdf892c286ff1597977eb5faf167.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/46121cb31a9a19115e811ab60bef5894208584bebf1558b35fc7a3fbc7d259d0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,6 +34,20 @@ "aws-cdk-aws-apigatewayv2-websocket-stage.assets" ], "metadata": { + "/aws-cdk-aws-apigatewayv2-websocket-stage/MyLogGroup": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "removalPolicy": "destroy" + } + } + ], + "/aws-cdk-aws-apigatewayv2-websocket-stage/MyLogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyLogGroup5C0DAD85" + } + ], "/aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketApi": [ { "type": "aws:cdk:analytics:construct", @@ -73,11 +87,528 @@ }, "displayName": "aws-cdk-aws-apigatewayv2-websocket-stage" }, + "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkawsapigatewayv2websocketstagetestDefaultTestDeployAssert19BC2E43.assets" + ], + "metadata": { + "/aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert" + }, "Tree": { "type": "cdk:tree", "properties": { "file": "tree.json" } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/core:enableStackNameDuplicates": { + "recommendedValue": true, + "explanation": "Allow multiple stacks with the same name" + }, + "aws-cdk:enableDiffNoFail": { + "recommendedValue": true, + "explanation": "Make `cdk diff` not fail when there are differences" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD" + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path" + }, + "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": { + "recommendedValue": true, + "explanation": "DockerImageAsset properly supports `.dockerignore` files by default" + }, + "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": { + "recommendedValue": true, + "explanation": "Fix the referencing of SecretsManager names from ARNs" + }, + "@aws-cdk/aws-kms:defaultKeyPolicies": { + "recommendedValue": true, + "explanation": "Tighten default KMS key policies" + }, + "@aws-cdk/aws-s3:grantWriteWithoutAcl": { + "recommendedValue": true, + "explanation": "Remove `PutObjectAcl` from Bucket.grantWrite" + }, + "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": { + "recommendedValue": true, + "explanation": "Do not specify a default DesiredCount for ECS services" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK" + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently" + }, + "@aws-cdk/aws-efs:defaultEncryptionAtRest": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have elastic file systems encrypted at rest by default." + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default." + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy" + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model." + }, + "@aws-cdk/core:explicitStackTags": { + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis." + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy" + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role" + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + } + } + } } - } + }, + "minimumCliVersion": "2.1020.2" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/tree.json index c4156995352eb..b3ae901b0c324 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.js.snapshot/tree.json @@ -1,112 +1 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "aws-cdk-aws-apigatewayv2-websocket-stage": { - "id": "aws-cdk-aws-apigatewayv2-websocket-stage", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage", - "children": { - "WebSocketApi": { - "id": "WebSocketApi", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketApi", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketApi/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", - "aws:cdk:cloudformation:props": { - "name": "WebSocketApi", - "protocolType": "WEBSOCKET", - "routeSelectionExpression": "$request.body.action" - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.WebSocketApi", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, - "WebSocketStage": { - "id": "WebSocketStage", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketStage", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketStage/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "WebSocketApi34BCF99B" - }, - "defaultRouteSettings": { - "throttlingBurstLimit": 1000, - "throttlingRateLimit": 1000, - "detailedMetricsEnabled": true - }, - "description": "My Stage", - "stageName": "dev" - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.WebSocketStage", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-aws-apigatewayv2-websocket-stage/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.4.2" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-aws-apigatewayv2-websocket-stage":{"id":"aws-cdk-aws-apigatewayv2-websocket-stage","path":"aws-cdk-aws-apigatewayv2-websocket-stage","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"MyLogGroup":{"id":"MyLogGroup","path":"aws-cdk-aws-apigatewayv2-websocket-stage/MyLogGroup","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogGroup","version":"0.0.0","metadata":[{"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-aws-apigatewayv2-websocket-stage/MyLogGroup/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.CfnLogGroup","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Logs::LogGroup","aws:cdk:cloudformation:props":{"retentionInDays":731}}}}},"WebSocketApi":{"id":"WebSocketApi","path":"aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketApi","constructInfo":{"fqn":"aws-cdk-lib.aws_apigatewayv2.WebSocketApi","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketApi/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_apigatewayv2.CfnApi","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ApiGatewayV2::Api","aws:cdk:cloudformation:props":{"name":"WebSocketApi","protocolType":"WEBSOCKET","routeSelectionExpression":"$request.body.action"}}}}},"WebSocketStage":{"id":"WebSocketStage","path":"aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketStage","constructInfo":{"fqn":"aws-cdk-lib.aws_apigatewayv2.WebSocketStage","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-aws-apigatewayv2-websocket-stage/WebSocketStage/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_apigatewayv2.CfnStage","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ApiGatewayV2::Stage","aws:cdk:cloudformation:props":{"accessLogSettings":{"destinationArn":{"Fn::GetAtt":["MyLogGroup5C0DAD85","Arn"]},"format":"{\"extendedRequestId\":\"$context.extendedRequestId\",\"requestTime\":\"$context.requestTime\"}"},"apiId":{"Ref":"WebSocketApi34BCF99B"},"defaultRouteSettings":{"throttlingBurstLimit":1000,"throttlingRateLimit":1000,"detailedMetricsEnabled":true},"description":"My Stage","stageName":"dev"}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-aws-apigatewayv2-websocket-stage/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-aws-apigatewayv2-websocket-stage/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"aws-cdk-aws-apigatewayv2-websocket-stage-test":{"id":"aws-cdk-aws-apigatewayv2-websocket-stage-test","path":"aws-cdk-aws-apigatewayv2-websocket-stage-test","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-aws-apigatewayv2-websocket-stage-test/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.ts index 1193a619fcd62..617709be0bd5c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.stage.ts @@ -1,12 +1,19 @@ #!/usr/bin/env node +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import * as cdk from 'aws-cdk-lib'; -import * as apigw from 'aws-cdk-lib/aws-apigatewayv2'; +import * as apigwv2 from 'aws-cdk-lib/aws-apigatewayv2'; +import * as apigw from 'aws-cdk-lib/aws-apigateway'; +import * as logs from 'aws-cdk-lib/aws-logs'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-aws-apigatewayv2-websocket-stage'); -const webSocketApi = new apigw.WebSocketApi(stack, 'WebSocketApi'); -new apigw.WebSocketStage(stack, 'WebSocketStage', { +const logGroup = new logs.LogGroup(stack, 'MyLogGroup', { + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +const webSocketApi = new apigwv2.WebSocketApi(stack, 'WebSocketApi'); +new apigwv2.WebSocketStage(stack, 'WebSocketStage', { webSocketApi, stageName: 'dev', throttle: { @@ -15,6 +22,15 @@ new apigw.WebSocketStage(stack, 'WebSocketStage', { }, detailedMetricsEnabled: true, description: 'My Stage', + accessLogSettings: { + destination: new apigwv2.LogGroupLogDestination(logGroup), + format: apigw.AccessLogFormat.custom(JSON.stringify({ + extendedRequestId: apigw.AccessLogField.contextExtendedRequestId(), + requestTime: apigw.AccessLogField.contextRequestTime(), + })), + }, }); -app.synth(); +new IntegTest(app, 'aws-cdk-aws-apigatewayv2-websocket-stage-test', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/access-log.ts b/packages/aws-cdk-lib/aws-apigateway/lib/access-log.ts index 70fd1ad609a62..e96ab6c408755 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/access-log.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/access-log.ts @@ -638,6 +638,30 @@ export class AccessLogField { public static contextWafStatus() { return '$context.waf.status'; } + + /** + * The event type: CONNECT, MESSAGE, or DISCONNECT. + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html + */ + public static contextEventType() { + return '$context.eventType'; + } + + /** + * The selected route key. + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html + */ + public static contextRouteKey() { + return '$context.routeKey'; + } + + /** + * A unique ID for the connection that can be used to make a callback to the client. + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html + */ + public static contextConnectionId() { + return '$context.connectionId'; + } } /** @@ -752,7 +776,7 @@ export class AccessLogFormat { */ private readonly format: string; - private constructor(format: string) { + constructor(format: string) { this.format = format; } diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/README.md b/packages/aws-cdk-lib/aws-apigatewayv2/README.md index dcaac9d452fbd..1a64f73d536c8 100644 --- a/packages/aws-cdk-lib/aws-apigatewayv2/README.md +++ b/packages/aws-cdk-lib/aws-apigatewayv2/README.md @@ -14,11 +14,13 @@ - [VPC Link](#vpc-link) - [Private Integration](#private-integration) - [Generating ARN for Execute API](#generating-arn-for-execute-api) - - [Access Logging](#access-logging) - [WebSocket API](#websocket-api) - [Manage Connections Permission](#manage-connections-permission) - [Managing access to WebSocket APIs](#managing-access-to-websocket-apis) - [Usage Plan and API Keys](#usage-plan-and-api-keys) +- [Common Config](#common-config) + - [Route Settings](#route-settings) + - [Access Logging](#access-logging) ## Introduction @@ -375,65 +377,6 @@ const arn = api.arnForExecuteApi('GET', '/myApiPath', 'dev'); - The 'ANY' method can be used for matching any HTTP methods not explicitly defined. - The function gracefully handles undefined parameters by using wildcards, making it flexible for various API configurations. -## Access Logging - -You can turn on logging to write logs to CloudWatch Logs. -Read more at [Configure logging for HTTP APIs in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html) - -```ts -import * as logs from 'aws-cdk-lib/aws-logs'; - -declare const api: apigwv2.HttpApi; -declare const logGroup: logs.LogGroup; - -const stage = new apigwv2.HttpStage(this, 'Stage', { - httpApi: api, - accessLogSettings: { - destination: new apigwv2.LogGroupLogDestination(logGroup), - }, -}); -``` - -The following code will generate the access log in the [CLF format](https://en.wikipedia.org/wiki/Common_Log_Format). - -```ts -import * as apigw from 'aws-cdk-lib/aws-apigateway'; -import * as logs from 'aws-cdk-lib/aws-logs'; - -declare const api: apigwv2.HttpApi; -declare const logGroup: logs.LogGroup; - -const stage = new apigwv2.HttpStage(this, 'Stage', { - httpApi: api, - accessLogSettings: { - destination: new apigwv2.LogGroupLogDestination(logGroup), - format: apigw.AccessLogFormat.clf(), - }, -}); -``` - -You can also configure your own access log format by using the `AccessLogFormat.custom()` API. -`AccessLogField` provides commonly used fields. The following code configures access log to contain. - -```ts -import * as apigw from 'aws-cdk-lib/aws-apigateway'; -import * as logs from 'aws-cdk-lib/aws-logs'; - -declare const api: apigwv2.HttpApi; -declare const logGroup: logs.LogGroup; - -const stage = new apigwv2.HttpStage(this, 'Stage', { - httpApi: api, - accessLogSettings: { - destination: new apigwv2.LogGroupLogDestination(logGroup), - format: apigw.AccessLogFormat.custom( - `${apigw.AccessLogField.contextRequestId()} ${apigw.AccessLogField.contextErrorMessage()} ${apigw.AccessLogField.contextErrorMessageString()} - ${apigw.AccessLogField.contextAuthorizerError()} ${apigw.AccessLogField.contextAuthorizerIntegrationStatus()}` - ), - }, -}); -``` - ## WebSocket API A WebSocket API in API Gateway is a collection of WebSocket routes that are integrated with backend HTTP endpoints, @@ -578,26 +521,6 @@ const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi',{ }); ``` -## Common Config - -Common config for both HTTP API and WebSocket API - -### Route Settings - -Represents a collection of route settings. - -```ts -declare const api: apigwv2.HttpApi; - -new apigwv2.HttpStage(this, 'Stage', { - httpApi: api, - throttle: { - rateLimit: 1000, - burstLimit: 1000, - }, - detailedMetricsEnabled: true, -}); -``` ## Usage Plan and API Keys A usage plan specifies who can access one or more deployed WebSocket API stages, and the rate at which they can be accessed. The plan uses API keys to @@ -740,4 +663,93 @@ const key = new apigwv2.RateLimitedApiKey(this, 'rate-limited-api-key', { burstLimit: 200 } }); -``` \ No newline at end of file +``` + +## Common Config + +Common config for both HTTP API and WebSocket API + +### Route Settings + +Represents a collection of route settings. + +```ts +declare const api: apigwv2.HttpApi; + +new apigwv2.HttpStage(this, 'Stage', { + httpApi: api, + throttle: { + rateLimit: 1000, + burstLimit: 1000, + }, + detailedMetricsEnabled: true, +}); +``` + +### Access Logging + +You can turn on logging to write logs to CloudWatch Logs. +Read more at Configure logging for [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html) or [WebSocket APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html) + +```ts +import * as logs from 'aws-cdk-lib/aws-logs'; + +declare const httpApi: apigwv2.HttpApi; +declare const webSocketApi : apigwv2.WebSocketApi; +declare const logGroup: logs.LogGroup; + +new apigwv2.HttpStage(this, 'HttpStage', { + httpApi, + accessLogSettings: { + destination: new apigwv2.LogGroupLogDestination(logGroup), + }, +}); + +new apigwv2.WebSocketStage(this, 'WebSocketStage', { + webSocketApi, + stageName: 'dev', + accessLogSettings: { + destination: new apigwv2.LogGroupLogDestination(logGroup), + }, +}); +``` + +The following code will generate the access log in the [CLF format](https://en.wikipedia.org/wiki/Common_Log_Format). + +```ts +import * as apigw from 'aws-cdk-lib/aws-apigateway'; +import * as logs from 'aws-cdk-lib/aws-logs'; + +declare const api: apigwv2.HttpApi; +declare const logGroup: logs.LogGroup; + +const stage = new apigwv2.HttpStage(this, 'Stage', { + httpApi: api, + accessLogSettings: { + destination: new apigwv2.LogGroupLogDestination(logGroup), + format: apigw.AccessLogFormat.clf(), + }, +}); +``` + +You can also configure your own access log format by using the `AccessLogFormat.custom()` API. +`AccessLogField` provides commonly used fields. The following code configures access log to contain. + +```ts +import * as apigw from 'aws-cdk-lib/aws-apigateway'; +import * as logs from 'aws-cdk-lib/aws-logs'; + +declare const api: apigwv2.HttpApi; +declare const logGroup: logs.LogGroup; + +const stage = new apigwv2.HttpStage(this, 'Stage', { + httpApi: api, + accessLogSettings: { + destination: new apigwv2.LogGroupLogDestination(logGroup), + format: apigw.AccessLogFormat.custom( + `${apigw.AccessLogField.contextRequestId()} ${apigw.AccessLogField.contextErrorMessage()} ${apigw.AccessLogField.contextErrorMessageString()} + ${apigw.AccessLogField.contextAuthorizerError()} ${apigw.AccessLogField.contextAuthorizerIntegrationStatus()}` + ), + }, +}); +``` diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/base.ts b/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/base.ts index 88d3e8bc367d2..6f7139dbed8b3 100644 --- a/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/base.ts +++ b/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/base.ts @@ -45,6 +45,11 @@ export abstract class StageBase extends Resource implements IStage { */ abstract get url(): string; + /** + * The default Access Logging format of this stage. + */ + abstract defaultAccessLogFormat(): AccessLogFormat; + /** * @internal */ @@ -79,7 +84,7 @@ export abstract class StageBase extends Resource implements IStage { return { destinationArn: props.destination.bind(this).destinationArn, - format: format ? format.toString() : AccessLogFormat.clf().toString(), + format: format ? format.toString() : this.defaultAccessLogFormat().toString(), }; } diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/lib/http/stage.ts b/packages/aws-cdk-lib/aws-apigatewayv2/lib/http/stage.ts index 2a3c8caaaeff4..74ea1d04009d8 100644 --- a/packages/aws-cdk-lib/aws-apigatewayv2/lib/http/stage.ts +++ b/packages/aws-cdk-lib/aws-apigatewayv2/lib/http/stage.ts @@ -1,6 +1,7 @@ import { Construct } from 'constructs'; import { IHttpApi } from './api'; import { CfnStage } from '.././index'; +import { AccessLogFormat } from '../../../aws-apigateway'; import { Metric, MetricOptions } from '../../../aws-cloudwatch'; import { Lazy, Stack } from '../../../core'; import { ValidationError } from '../../../core/lib/errors'; @@ -157,6 +158,15 @@ export class HttpStage extends HttpStageBase { get domainUrl(): string { throw new ValidationError('domainUrl is not available for imported stages.', scope); } + + /** + * CLF Log format for HTTP API Stage. + * + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html + */ + defaultAccessLogFormat(): AccessLogFormat { + return AccessLogFormat.clf(); + } } return new Import(scope, id); } @@ -217,4 +227,13 @@ export class HttpStage extends HttpStageBase { return `https://${this._apiMapping.domainName.name}/${this._apiMapping.mappingKey ?? ''}`; } + + /** + * CLF Log format for HTTP API Stage. + * + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html + */ + defaultAccessLogFormat(): AccessLogFormat { + return AccessLogFormat.clf(); + } } diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/lib/websocket/stage.ts b/packages/aws-cdk-lib/aws-apigatewayv2/lib/websocket/stage.ts index e5304e333480e..d4cf77f579bb9 100644 --- a/packages/aws-cdk-lib/aws-apigatewayv2/lib/websocket/stage.ts +++ b/packages/aws-cdk-lib/aws-apigatewayv2/lib/websocket/stage.ts @@ -1,6 +1,7 @@ import { Construct } from 'constructs'; import { IWebSocketApi } from './api'; import { CfnStage } from '.././index'; +import { AccessLogField, AccessLogFormat } from '../../../aws-apigateway'; import { Grant, IGrantable } from '../../../aws-iam'; import { Lazy, Stack } from '../../../core'; import { ValidationError } from '../../../core/lib/errors'; @@ -77,6 +78,20 @@ export class WebSocketStage extends StageBase implements IWebSocketStage { get callbackUrl(): string { throw new ValidationError('callback url is not available for imported stages.', scope); } + + /** + * CLF Log format for WebSocket API Stage. + * + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html + */ + defaultAccessLogFormat(): AccessLogFormat { + const requester = [AccessLogField.contextIdentitySourceIp(), AccessLogField.contextIdentityCaller(), AccessLogField.contextIdentityUser()].join(' '); + const requestTime = AccessLogField.contextRequestTime(); + const request = [AccessLogField.contextEventType(), AccessLogField.contextRouteKey(), AccessLogField.contextConnectionId()].join(' '); + const status = [AccessLogField.contextStatus(), AccessLogField.contextRequestId()].join(' '); + + return new AccessLogFormat(`${requester} [${requestTime}] "${request}" ${status}`); + } } return new Import(scope, id); } @@ -113,6 +128,7 @@ export class WebSocketStage extends StageBase implements IWebSocketStage { } : undefined, description: props.description, stageVariables: Lazy.any({ produce: () => this._stageVariables }), + accessLogSettings: this._validateAccessLogSettings(props.accessLogSettings), }); if (props.domainMapping) { @@ -157,4 +173,18 @@ export class WebSocketStage extends StageBase implements IWebSocketStage { resourceArns: [`${arn}/${this.stageName}/*/@connections/*`], }); } + + /** + * CLF Log format for WebSocket API Stage. + * + * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html + */ + defaultAccessLogFormat(): AccessLogFormat { + const requester = [AccessLogField.contextIdentitySourceIp(), AccessLogField.contextIdentityCaller(), AccessLogField.contextIdentityUser()].join(' '); + const requestTime = AccessLogField.contextRequestTime(); + const request = [AccessLogField.contextEventType(), AccessLogField.contextRouteKey(), AccessLogField.contextConnectionId()].join(' '); + const status = [AccessLogField.contextStatus(), AccessLogField.contextRequestId()].join(' '); + + return new AccessLogFormat(`${requester} [${requestTime}] "${request}" ${status}`); + } } diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/test/websocket/stage.test.ts b/packages/aws-cdk-lib/aws-apigatewayv2/test/websocket/stage.test.ts index 0c741c84e6980..516e2cc2b9eb7 100644 --- a/packages/aws-cdk-lib/aws-apigatewayv2/test/websocket/stage.test.ts +++ b/packages/aws-cdk-lib/aws-apigatewayv2/test/websocket/stage.test.ts @@ -1,14 +1,18 @@ import { Match, Template } from '../../../assertions'; +import { AccessLogField, AccessLogFormat } from '../../../aws-apigateway'; import { User } from '../../../aws-iam'; -import { Stack } from '../../../core'; -import { WebSocketApi, WebSocketStage } from '../../lib'; +import { LogGroup } from '../../../aws-logs'; +import { Lazy, Stack } from '../../../core'; +import { LogGroupLogDestination, WebSocketApi, WebSocketStage } from '../../lib'; let stack: Stack; let api: WebSocketApi; +let logGroup: LogGroup; beforeEach(() => { stack = new Stack(); api = new WebSocketApi(stack, 'Api'); + logGroup = new LogGroup(stack, 'LogGroup'); }); describe('WebSocketStage', () => { @@ -202,4 +206,160 @@ describe('WebSocketStage', () => { }, }); }); + + test('if only the custom log destination log group is set', () => { + // WHEN + new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Stage', { + AccessLogSettings: { + DestinationArn: { + 'Fn::GetAtt': [ + 'LogGroupF5B46931', + 'Arn', + ], + }, + Format: '$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] "$context.eventType $context.routeKey $context.connectionId" $context.status $context.requestId', + }, + }); + }); + + test('if the custom log destination log group and format is set', () => { + // WHEN + const testFormat = AccessLogFormat.custom(JSON.stringify({ + requestId: AccessLogField.contextRequestId(), + ip: AccessLogField.contextIdentitySourceIp(), + user: AccessLogField.contextIdentityUser(), + })); + + new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Stage', { + AccessLogSettings: { + DestinationArn: { + 'Fn::GetAtt': [ + 'LogGroupF5B46931', + 'Arn', + ], + }, + Format: '{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","user":"$context.identity.user"}', + }, + }); + }); + + describe('access log check', () => { + test('fails when access log format does not contain `contextRequestId()` or `contextExtendedRequestId()', () => { + // WHEN + const testFormat = AccessLogFormat.custom(''); + + // THEN + expect(() => new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + })).toThrow('Access log must include either `AccessLogFormat.contextRequestId()` or `AccessLogFormat.contextExtendedRequestId()`'); + }); + + test('succeeds when access log format contains `contextRequestId()`', () => { + // WHEN + const testFormat = AccessLogFormat.custom(JSON.stringify({ + requestId: AccessLogField.contextRequestId(), + })); + + // THEN + expect(() => new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + })).not.toThrow(); + }); + + test('succeeds when access log format contains `contextExtendedRequestId()`', () => { + // WHEN + const testFormat = AccessLogFormat.custom(JSON.stringify({ + extendedRequestId: AccessLogField.contextExtendedRequestId(), + })); + + // THEN + expect(() => new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + })).not.toThrow(); + }); + + test('succeeds when access log format contains both `contextRequestId()` and `contextExtendedRequestId`', () => { + // WHEN + const testFormat = AccessLogFormat.custom(JSON.stringify({ + requestId: AccessLogField.contextRequestId(), + extendedRequestId: AccessLogField.contextExtendedRequestId(), + })); + + // THEN + expect(() => new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + })).not.toThrow(); + }); + + test('fails when access log format contains `contextRequestIdXxx`', () => { + // WHEN + const testFormat = AccessLogFormat.custom(JSON.stringify({ + requestIdXxx: '$context.requestIdXxx', + })); + + // THEN + expect(() => new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + })).toThrow('Access log must include either `AccessLogFormat.contextRequestId()` or `AccessLogFormat.contextExtendedRequestId()`'); + }); + + test('does not fail when access log format is a token', () => { + // WHEN + const testFormat = AccessLogFormat.custom(Lazy.string({ produce: () => 'test' })); + + // THEN + expect(() => new WebSocketStage(stack, 'my-stage', { + webSocketApi: api, + stageName: 'dev', + accessLogSettings: { + destination: new LogGroupLogDestination(logGroup), + format: testFormat, + }, + })).not.toThrow(); + }); + }); });