diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.assets.json index f7aac2f276aab..5df64afa4c8da 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.assets.json @@ -1,13 +1,14 @@ { - "version": "30.1.0", + "version": "48.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5 Template", "source": { "path": "ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region": { + "current_account-current_region-d8d86b35": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-no-retention.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-no-retention.assets.json new file mode 100644 index 0000000000000..edb8cf0c31ba2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-no-retention.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "b9ee7b79bc7c588fc3461ca633e9fda7097526e064db32c3882cdbfdc59609ab": { + "displayName": "aws-cdk-s3-bucket-object-lock-no-retention Template", + "source": { + "path": "aws-cdk-s3-bucket-object-lock-no-retention.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-356477c4": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b9ee7b79bc7c588fc3461ca633e9fda7097526e064db32c3882cdbfdc59609ab.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-no-retention.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-no-retention.template.json new file mode 100644 index 0000000000000..474b4b0980114 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-no-retention.template.json @@ -0,0 +1,48 @@ +{ + "Resources": { + "ObjectLockWithoutRetentionBucketB2A28B6B": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ObjectLockRetentionTransitionBucketE56C0687": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-with-retention.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-with-retention.assets.json new file mode 100644 index 0000000000000..c81b3ae0ae602 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-with-retention.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "37c5d111fae098e44e45ced84987e6635b201626f84ef0fc52c48359700992c4": { + "displayName": "aws-cdk-s3-bucket-object-lock-with-retention Template", + "source": { + "path": "aws-cdk-s3-bucket-object-lock-with-retention.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-991d8072": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "37c5d111fae098e44e45ced84987e6635b201626f84ef0fc52c48359700992c4.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-with-retention.template.json similarity index 82% rename from packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-with-retention.template.json index 90ab58290c227..b0cd82602aa32 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock-with-retention.template.json @@ -1,14 +1,6 @@ { "Resources": { - "ObjectLockBucketA9F4F5AC": { - "Type": "AWS::S3::Bucket", - "Properties": { - "ObjectLockEnabled": true - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "ObjectLockWithRetentionBucket31ED9B51": { + "ObjectLockRetentionTransitionBucketE56C0687": { "Type": "AWS::S3::Bucket", "Properties": { "ObjectLockConfiguration": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock.assets.json deleted file mode 100644 index 2633542c847ef..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/aws-cdk-s3-bucket-object-lock.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "30.1.0", - "files": { - "e7897599241ca9562999cb8666f011365be1fbf7f990cfea3947f6026fd8fbb9": { - "source": { - "path": "aws-cdk-s3-bucket-object-lock.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e7897599241ca9562999cb8666f011365be1fbf7f990cfea3947f6026fd8fbb9.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/cdk.out index b72fef144f05c..523a9aac37cbf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.1.0"} \ No newline at end of file +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/integ.json index 31f4d6f15be26..baa33e0849334 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/integ.json @@ -1,12 +1,14 @@ { - "version": "30.1.0", + "version": "48.0.0", "testCases": { "ServerAccessLogsImportTest/DefaultTest": { "stacks": [ - "aws-cdk-s3-bucket-object-lock" + "aws-cdk-s3-bucket-object-lock-with-retention", + "aws-cdk-s3-bucket-object-lock-no-retention" ], "assertionStack": "ServerAccessLogsImportTest/DefaultTest/DeployAssert", "assertionStackName": "ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5" } - } + }, + "minimumCliVersion": "2.1023.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/manifest.json index cb5afd444bba9..14b39874db206 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/manifest.json @@ -1,27 +1,28 @@ { - "version": "30.1.0", + "version": "48.0.0", "artifacts": { - "aws-cdk-s3-bucket-object-lock.assets": { + "aws-cdk-s3-bucket-object-lock-with-retention.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "aws-cdk-s3-bucket-object-lock.assets.json", + "file": "aws-cdk-s3-bucket-object-lock-with-retention.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "aws-cdk-s3-bucket-object-lock": { + "aws-cdk-s3-bucket-object-lock-with-retention": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "aws-cdk-s3-bucket-object-lock.template.json", + "templateFile": "aws-cdk-s3-bucket-object-lock-with-retention.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e7897599241ca9562999cb8666f011365be1fbf7f990cfea3947f6026fd8fbb9.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/37c5d111fae098e44e45ced84987e6635b201626f84ef0fc52c48359700992c4.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "aws-cdk-s3-bucket-object-lock.assets" + "aws-cdk-s3-bucket-object-lock-with-retention.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -30,35 +31,113 @@ } }, "dependencies": [ - "aws-cdk-s3-bucket-object-lock.assets" + "aws-cdk-s3-bucket-object-lock-with-retention.assets" ], "metadata": { - "/aws-cdk-s3-bucket-object-lock/ObjectLockBucket/Resource": [ + "/aws-cdk-s3-bucket-object-lock-with-retention/ObjectLockRetentionTransitionBucket": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "objectLockDefaultRetention": "*" + } + } + ], + "/aws-cdk-s3-bucket-object-lock-with-retention/ObjectLockRetentionTransitionBucket/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ObjectLockBucketA9F4F5AC" + "data": "ObjectLockRetentionTransitionBucketE56C0687" } ], - "/aws-cdk-s3-bucket-object-lock/ObjectLockWithRetentionBucket/Resource": [ + "/aws-cdk-s3-bucket-object-lock-with-retention/BootstrapVersion": [ { "type": "aws:cdk:logicalId", - "data": "ObjectLockWithRetentionBucket31ED9B51" + "data": "BootstrapVersion" } ], - "/aws-cdk-s3-bucket-object-lock/BootstrapVersion": [ + "/aws-cdk-s3-bucket-object-lock-with-retention/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-s3-bucket-object-lock-with-retention" + }, + "aws-cdk-s3-bucket-object-lock-no-retention.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-s3-bucket-object-lock-no-retention.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-s3-bucket-object-lock-no-retention": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-s3-bucket-object-lock-no-retention.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b9ee7b79bc7c588fc3461ca633e9fda7097526e064db32c3882cdbfdc59609ab.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-s3-bucket-object-lock-no-retention.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-s3-bucket-object-lock-no-retention.assets" + ], + "metadata": { + "/aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockWithoutRetentionBucket": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "objectLockEnabled": true + } + } + ], + "/aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockWithoutRetentionBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ObjectLockWithoutRetentionBucketB2A28B6B" + } + ], + "/aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockRetentionTransitionBucket": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "objectLockEnabled": true + } + } + ], + "/aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockRetentionTransitionBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ObjectLockRetentionTransitionBucketE56C0687" + } + ], + "/aws-cdk-s3-bucket-object-lock-no-retention/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/aws-cdk-s3-bucket-object-lock/CheckBootstrapVersion": [ + "/aws-cdk-s3-bucket-object-lock-no-retention/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "aws-cdk-s3-bucket-object-lock" + "displayName": "aws-cdk-s3-bucket-object-lock-no-retention" }, "ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.assets": { "type": "cdk:asset-manifest", @@ -73,6 +152,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "ServerAccessLogsImportTestDefaultTestDeployAssert076DA7F5.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", @@ -112,6 +192,481 @@ "properties": { "file": "tree.json" } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + } + } + } } - } + }, + "minimumCliVersion": "2.1023.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/tree.json index dad95d997c9c0..27c224a887705 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.js.snapshot/tree.json @@ -1,158 +1,219 @@ { - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "aws-cdk-s3-bucket-object-lock": { - "id": "aws-cdk-s3-bucket-object-lock", - "path": "aws-cdk-s3-bucket-object-lock", + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + }, "children": { - "ObjectLockBucket": { - "id": "ObjectLockBucket", - "path": "aws-cdk-s3-bucket-object-lock/ObjectLockBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-s3-bucket-object-lock/ObjectLockBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "objectLockEnabled": true - } - }, + "aws-cdk-s3-bucket-object-lock-with-retention": { + "id": "aws-cdk-s3-bucket-object-lock-with-retention", + "path": "aws-cdk-s3-bucket-object-lock-with-retention", "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", - "version": "0.0.0" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + }, + "children": { + "ObjectLockRetentionTransitionBucket": { + "id": "ObjectLockRetentionTransitionBucket", + "path": "aws-cdk-s3-bucket-object-lock-with-retention/ObjectLockRetentionTransitionBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0", + "metadata": [ + { + "objectLockDefaultRetention": "*" + } + ] + }, + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-bucket-object-lock-with-retention/ObjectLockRetentionTransitionBucket/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + }, + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "objectLockConfiguration": { + "objectLockEnabled": "Enabled", + "rule": { + "defaultRetention": { + "days": 2, + "mode": "GOVERNANCE" + } + } + }, + "objectLockEnabled": true + } + } + } + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-s3-bucket-object-lock-with-retention/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-s3-bucket-object-lock-with-retention/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } } - } }, - "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", - "version": "0.0.0" - } - }, - "ObjectLockWithRetentionBucket": { - "id": "ObjectLockWithRetentionBucket", - "path": "aws-cdk-s3-bucket-object-lock/ObjectLockWithRetentionBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-s3-bucket-object-lock/ObjectLockWithRetentionBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "objectLockConfiguration": { - "objectLockEnabled": "Enabled", - "rule": { - "defaultRetention": { - "days": 2, - "mode": "GOVERNANCE" + "aws-cdk-s3-bucket-object-lock-no-retention": { + "id": "aws-cdk-s3-bucket-object-lock-no-retention", + "path": "aws-cdk-s3-bucket-object-lock-no-retention", + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + }, + "children": { + "ObjectLockWithoutRetentionBucket": { + "id": "ObjectLockWithoutRetentionBucket", + "path": "aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockWithoutRetentionBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0", + "metadata": [ + { + "objectLockEnabled": true + } + ] + }, + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockWithoutRetentionBucket/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + }, + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + } + } } - } }, - "objectLockEnabled": true - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", - "version": "0.0.0" + "ObjectLockRetentionTransitionBucket": { + "id": "ObjectLockRetentionTransitionBucket", + "path": "aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockRetentionTransitionBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0", + "metadata": [ + { + "objectLockEnabled": true + } + ] + }, + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-bucket-object-lock-no-retention/ObjectLockRetentionTransitionBucket/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + }, + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + } + } + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-s3-bucket-object-lock-no-retention/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-s3-bucket-object-lock-no-retention/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } } - } }, - "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-s3-bucket-object-lock/BootstrapVersion", - "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-s3-bucket-object-lock/CheckBootstrapVersion", - "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" - } - }, - "ServerAccessLogsImportTest": { - "id": "ServerAccessLogsImportTest", - "path": "ServerAccessLogsImportTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "ServerAccessLogsImportTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "ServerAccessLogsImportTest/DefaultTest/Default", + "ServerAccessLogsImportTest": { + "id": "ServerAccessLogsImportTest", + "path": "ServerAccessLogsImportTest", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.252" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "ServerAccessLogsImportTest/DefaultTest/DeployAssert", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + }, "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "ServerAccessLogsImportTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "ServerAccessLogsImportTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", - "version": "0.0.0" + "DefaultTest": { + "id": "DefaultTest", + "path": "ServerAccessLogsImportTest/DefaultTest", + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + }, + "children": { + "Default": { + "id": "Default", + "path": "ServerAccessLogsImportTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "ServerAccessLogsImportTest/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + }, + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "ServerAccessLogsImportTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "ServerAccessLogsImportTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + } + } + } } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.Stack", - "version": "0.0.0" } - } }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", - "version": "0.0.0" + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.252" } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/core.App", - "version": "0.0.0" } - } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.ts index 9a7f5780c48b4..7ff6c0e4e2ad7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-object-lock.ts @@ -4,16 +4,22 @@ import * as integ from '@aws-cdk/integ-tests-alpha'; import * as s3 from 'aws-cdk-lib/aws-s3'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-cdk-s3-bucket-object-lock'); +const stackWithRetention = new cdk.Stack(app, 'aws-cdk-s3-bucket-object-lock-with-retention'); -new s3.Bucket(stack, 'ObjectLockBucket', { +new s3.Bucket(stackWithRetention, 'ObjectLockRetentionTransitionBucket', { + objectLockDefaultRetention: s3.ObjectLockRetention.governance(cdk.Duration.days(2)), +}); + +const stackWithoutRetention = new cdk.Stack(app, 'aws-cdk-s3-bucket-object-lock-no-retention'); + +new s3.Bucket(stackWithoutRetention, 'ObjectLockWithoutRetentionBucket', { objectLockEnabled: true, }); -new s3.Bucket(stack, 'ObjectLockWithRetentionBucket', { - objectLockDefaultRetention: s3.ObjectLockRetention.governance(cdk.Duration.days(2)), +new s3.Bucket(stackWithoutRetention, 'ObjectLockRetentionTransitionBucket', { + objectLockEnabled: true, }); new integ.IntegTest(app, 'ServerAccessLogsImportTest', { - testCases: [stack], + testCases: [stackWithRetention, stackWithoutRetention], }); diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 30a2dc224a7b5..ca71c670c633b 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -2363,7 +2363,7 @@ export class Bucket extends BucketBase { ownershipControls: Lazy.any({ produce: () => this.parseOwnershipControls() }), accelerateConfiguration: props.transferAcceleration ? { accelerationStatus: 'Enabled' } : undefined, intelligentTieringConfigurations: this.parseTieringConfig(props), - objectLockEnabled: objectLockConfiguration ? true : props.objectLockEnabled, + ...(objectLockConfiguration && { objectLockEnabled: true }), objectLockConfiguration: objectLockConfiguration, replicationConfiguration, }); diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index f15beef2085e3..6bdc3416e48da 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -797,13 +797,14 @@ describe('bucket', () => { }); }); - test('bucket with object lock enabled but no retention', () => { + test('bucket with object lock enabled but no retention omits object', () => { const stack = new cdk.Stack(); new s3.Bucket(stack, 'Bucket', { + // objectLockDefaultRetention not provided: should omit ObjectLockEnabled objectLockEnabled: true, }); Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', { - ObjectLockEnabled: true, + ObjectLockEnabled: Match.absent(), ObjectLockConfiguration: Match.absent(), }); });