Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assets: upload to and grant permissions on prefix #510

Merged
merged 8 commits into from
Aug 20, 2018

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Aug 6, 2018

We need to give asset consumers permissions on all versions of
an asset, not just the latest version. Otherwise, we will never
be able to do rolling updates.

Also add caching on AWS client instances, so with multiple
asset uploads we don't have to construct a new S3 client for
every asset (incurring credential lookups for each one).

This fixes #484.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

We need to give asset consumers permissions on all versions of
an asset, not just the latest version. Otherwise, we will never
be able to do rolling updates.

Also add caching on AWS client instances, so with multiple
asset uploads we don't have to construct a new S3 client for
every asset (incurring credential lookups for each one).

This fixes #484.
@rix0rrr rix0rrr requested review from eladb and RomainMuller August 6, 2018 11:15
@rix0rrr
Copy link
Contributor Author

rix0rrr commented Aug 6, 2018

Practical changes:

The assets are now uploaded to something like:

s3://cdktoolkit-stagingbucket-i0tp1gw9qhfn/assets/cdk-dev-huijbersWindowsInstallationTestDirectory46EF3817/978e060951d0c6ad5319aee80a274a0a214db401526914729cbf8b604a105fbb.zip

And we give permissions on the prefix assets/cdk-dev-huijbersWindowsInstallationTestDirectory46EF3817/*

I'm not entirely sure I like the additional input Parameter to the template to specify the prefix. We might run out of Parameters quickly this way. A number of ideas to solve this:

  • Require all assets to use the same bucket
  • Encode multiple parameters into a single parameter string, split on a magic character like | or something.
  • Mandate that the asset URL structure is ALWAYS the same, (has the same number of components), so we can split on / and append the *. Because CFN doesn't have a concept of slices, we must know exactly how many path components there will be in that case, though (we'll have to do join('/', [select(1, split('/', p)), select(2, split('/', p)), ..., '*']))

The last one seems very brittle, the first one lacks flexibility and helps only by 33%. So I'm leaning towards combining multiple parameter values into one formal CloudFormation Parameter, but I'm not sure how well that will play with CodePipelines, for example.

Copy link
Contributor

@eladb eladb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rix0rrr I agree that the additional parameter is a going to be a problem very quickly. And I am concerned how this is going to work with CodePipelines. Will we use the pipeline bucket as the prefix?

I wonder if instead of using only a path separator, we could delimit using a sequence (i.e. @/@), so the S3 key will always look something like bla/bla/bla/prefix@/@suffix and then we can just Fn::Split with "@/@" as the delimiter to separate the prefix and the concrete object key. Still not sure how this will work with CP.

// Even though this code looks horrible, this is actually not a terrible thing
// to do. The generated ID will contain the *stack name* as well, which is a
// perfectly nice thing to do to disambiguate similarly named assets in different stacks.
const uniqueId = new cdk.HashedAddressingScheme().allocateAddress(this.path.split('/'));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I keep wondering if we should just expose a uniqueId in the Construct level (and use for resource.logicalId). This keeps coming back and I think might be useful generally, and not only for CloudFormation resource identifiers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, but their scopes are different, which complicates it a bit.

In a tree like this:

root
└── Stack
      └── Construct
             └── Construct

    ├─────── path ───────┤

         ├─ logical id ──┤

The .path is from the root to the construct, but the logical ID is only calculated off the nearest enclosing stack to the construct. If we didn't do that, all enclosing logical IDs would being with the stack name, which is not terrible for the IDs that they are, but they're also used to generate human-readable names, where that would be quite ugly (and in fact CFN sometimes--but not always!--prepends the stack name itself as well).

So we should probably still keep them separated, or have something like uniqueIdRelativeTo(ancestor)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could allow constructs to opt-out of the human portion of name generation, so they will be "skipped" when producing the human portion (something like hideName = true).

// different versions of the same file will have the same prefix
// and we don't want to accidentally revoke permission on old versions
// when deploying a new version.
this.bucket.grantRead(principal, new cdk.FnConcat(this.s3PrefixParam.value, "*"));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should implement #24

@rix0rrr
Copy link
Contributor Author

rix0rrr commented Aug 9, 2018

This change is pending #518


// grant the lambda's role read permissions on the code s3 object
this.s3Prefix = new cdk.FnSelect(0, new cdk.FnSplit(cxapi.ASSET_PREFIX_SEPARATOR, keyParam.value));
const s3Filename = new cdk.FnSelect(1, new cdk.FnSplit(cxapi.ASSET_PREFIX_SEPARATOR, keyParam.value));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You realize (however unlikely that is), that || might actually be part of the object key?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is going to be true for any separator we pick. So yeah, I'm balancing aesthetics vs likelihood

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You do realize that git commit hashes may clash? :p

@rix0rrr rix0rrr merged commit 2a5240c into master Aug 20, 2018
@rix0rrr rix0rrr deleted the huijbers/asset-prefix branch August 20, 2018 07:51
rix0rrr pushed a commit that referenced this pull request Sep 11, 2018
The headliners of this release are __.NET support__, and a wealth of commits by external contributors who are stepping
up to fix the CDK for their use cases! Thanks all for the effort put into this release!

* Add strongly-named .NET targets, and a `cdk init` template for C# projects ([@mpiroc] in [#617](#617), [#643](#643)).
* __@aws-cdk/aws-autoscaling__: Allow attaching additional security groups to Launch Configuration ([@moofish32] in [#636](#636)).
* __@aws-cdk/aws-autoscaling__: Support update and creation policies on AutoScalingGroups ([@rix0rrr] in [#595](#595)).
* __@aws-cdk/aws-codebuild__: Add support for running script from an asset ([@rix0rrr] in [#677](#677)).
* __@aws-cdk/aws-codebuild__: New method `addBuildToPipeline` on Project ([@skinny85] in [783dcb3](783dcb3)).
* __@aws-cdk/aws-codecommit__: New method `addToPipeline` on Repository ([@skinny85] in [#616](#616)).
* __@aws-cdk/aws-codedeploy__: Add initial support for CodeDeploy ([@skinny85] in [#593](#593), [#641](#641)).
* __@aws-cdk/aws-dynamodb__: Add support for DynamoDB autoscaling ([@SeekerWing] in [#637](#637)).
* __@aws-cdk/aws-dynamodb__: Add support for DynamoDB streams ([@rhboyd] in [#633](#633)).
* __@aws-cdk/aws-dynamodb__: Add support for server-side encryption ([@jungseoklee] in [#684](#864)).
* __@aws-cdk/aws-ec2__ (_**BREAKING**_): SecurityGroup can now be used as a Connectable [#582](#582)).
* __@aws-cdk/aws-ec2__: Add VPC tagging ([@moofish] in [#538](#538)).
* __@aws-cdk/aws-ec2__: Add support for `InstanceSize.Nano` ([@rix0rrr] in [#581](#581))
* __@aws-cdk/aws-lambda__: Add support for dead letter queues ([@SeekerWing] in [#663](#663)).
* __@aws-cdk/aws-lambda__: Add support for placing a Lambda in a VPC ([@rix0rrr] in [#598](#598)).
* __@aws-cdk/aws-logs__: Add `extractMetric()` helper function ([@rix0rrr] in [#676](#676)).
* __@aws-cdk/aws-rds__: Add support for Aurora PostreSQL/MySQL engines ([@cookejames] in [#586](#586))
* __@aws-cdk/aws-s3__: Additional grant methods for Buckets ([@eladb] in [#591](#591))
* __@aws-cdk/aws-s3__: New method `addToPipeline` on Bucket ([@skinny85] in [c8b7a49](c8b7a49)).
* __aws-cdk__: Add support for HTTP proxies ([@rix0rrr] in [#666](#666)).
* __aws-cdk__: Toolkit now shows failure reason if stack update fails ([@rix0rrr] in [#609](#609)).
* __cdk-build-tools__: Add support for running experiment JSII versions ([@RomainMuller] in [#649](#649)).

* _**BREAKING**_: Generate classes and types for the CloudFormation resource `.ref` attributes ([@rix0rrr] in [#627](#627)).
* _**BREAKING**_: Make types accepted in Policy-related classes narrower (from `any` to `Arn`, for example) to reduce typing mistakes ([@rix0rrr] in [#629](#629)).
* __@aws-cdk/aws-codepipeline__ (_**BREAKING**_): Align the CodePipeline APIs ([@skinny85] in [#492](#492), [#568](#568))
* __@aws-cdk/aws-ec2__ (_**BREAKING**_): Move Fleet/AutoScalingGroup to its own package ([@rix0rrr] in [#608](#608)).
* __aws-cdk__: Simplify plugin protocol ([@RomainMuller] in [#646](#646)).

* __@aws-cdk/aws-cloudfront__: Fix CloudFront behavior for ViewerProtocolPolicy ([@mindstorms6] in [#615](#615)).
* __@aws-cdk/aws-ec2__: VPC Placement now supports picking Isolated subnets ([@rix0rrr] in [#610](#610)).
* __@aws-cdk/aws-logs__: Add `export()/import()` capabilities ([@rix0rrr] in [#630](#630)).
* __@aws-cdk/aws-rds__: Fix a bug where a cluster with 1 instance could not be created ([@cookejames] in [#578](#578))
* __@aws-cdk/aws-s3__: Bucket notifications can now add dependencies, fixing creation order ([@eladb] in [#584](#584)).
* __@aws-cdk/aws-s3__: Remove useless bucket name validation ([@rix0rrr] in [#628](#628)).
* __@aws-cdk/aws-sqs__: Make `QueueRef.encryptionMasterKey` readonly ([@RomainMuller] in [#650](#650)).
* __assets__: S3 read permissions are granted on a prefix to fix lost permissions during asset update ([@rix0rrr] in [#510](#510)).
* __aws-cdk__: Remove bootstrapping error if multiple stacks are in the same environment ([@RomainMuller] in [#625](#625)).
* __aws-cdk__: Report and continue if git throws errors during `cdk init` ([@rix0rrr] in [#587](#587)).

* __@aws-cdk/cfnspec__: Updated [CloudFormation resource specification] to `v2.6.0` ([@RomainMuller] in [#594](#594))
  + **New AWS Construct Library**
    - `@aws-cdk/aws-sagemaker` supports AWS::SageMaker resources
  + **New Resource Types**
    - AWS::AmazonMQ::Broker
    - AWS::AmazonMQ::Configuration
    - AWS::CodePipeline::Webhook
    - AWS::Config::AggregationAuthorization
    - AWS::Config::ConfigurationAggregator
    - AWS::EC2::VPCEndpointConnectionNotification
    - AWS::EC2::VPCEndpointServicePermissions
    - AWS::IAM::ServiceLinkedRole
    - AWS::SSM::ResourceDataSync
    - AWS::SageMaker::Endpoint
    - AWS::SageMaker::EndpointConfig
    - AWS::SageMaker::Model
    - AWS::SageMaker::NotebookInstance
    - AWS::SageMaker::NotebookInstanceLifecycleConfig
  + **Attribute Changes**
    - AWS::CodePipeline::Pipeline Version (__added__)
  + **Property Changes**
    - AWS::AppSync::DataSource HttpConfig (__added__)
    - AWS::DAX::Cluster SSESpecification (__added__)
    - AWS::DynamoDB::Table Stream (__added__)
    - AWS::DynamoDB::Table AutoScalingSupport (__added__)
    - AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (__added__)
    - AWS::EC2::VPCEndpoint SecurityGroupIds (__added__)
    - AWS::EC2::VPCEndpoint SubnetIds (__added__)
    - AWS::EC2::VPCEndpoint VPCEndpointType (__added__)
    - AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (__deleted__)
    - AWS::EC2::VPCPeeringConnection PeerRegion (__added__)
    - AWS::EFS::FileSystem ProvisionedThroughputInMibps (__added__)
    - AWS::EFS::FileSystem ThroughputMode (__added__)
    - AWS::EMR::Cluster KerberosAttributes (__added__)
    - AWS::Glue::Classifier JsonClassifier (__added__)
    - AWS::Glue::Classifier XMLClassifier (__added__)
    - AWS::Glue::Crawler Configuration (__added__)
    - AWS::Lambda::Lambda DLQConfigurationSupport (__added__)
    - AWS::Neptune::DBInstance DBSubnetGroupName.UpdateType (__changed__)
      - Old: Mutable
      - New: Immutable
    - AWS::SNS::Subscription DeliveryPolicy (__added__)
    - AWS::SNS::Subscription FilterPolicy (__added__)
    - AWS::SNS::Subscription RawMessageDelivery (__added__)
    - AWS::SNS::Subscription Region (__added__)
    - AWS::SQS::Queue Tags (__added__)
    - AWS::ServiceDiscovery::Service HealthCheckCustomConfig (__added__)
  + **Property Type Changes**
    - AWS::AppSync::DataSource.HttpConfig (__added__)
    - AWS::DAX::Cluster.SSESpecification (__added__)
    - AWS::EMR::Cluster.KerberosAttributes (__added__)
    - AWS::Glue::Classifier.JsonClassifier (__added__)
    - AWS::Glue::Classifier.XMLClassifier (__added__)
    - AWS::ServiceDiscovery::Service.HealthCheckCustomConfig (__added__)
    - AWS::CloudFront::Distribution.CacheBehavior FieldLevelEncryptionId (__added__)
    - AWS::CloudFront::Distribution.DefaultCacheBehavior FieldLevelEncryptionId (__added__)
    - AWS::CodeBuild::Project.Artifacts EncryptionDisabled (__added__)
    - AWS::CodeBuild::Project.Artifacts OverrideArtifactName (__added__)
    - AWS::CodeBuild::Project.Environment Certificate (__added__)
    - AWS::CodeBuild::Project.Source ReportBuildStatus (__added__)
    - AWS::ServiceDiscovery::Service.DnsConfig RoutingPolicy (__added__)
    - AWS::WAF::WebACL.ActivatedRule Action.Required (__changed__)
      - Old: true
      - New: false

* __@aws-cdk/cfnspec__: Updated Serverless Application Model (SAM) Resource Specification ([@RomainMuller] in [#594](#594))
  + **Property Changes**
    - AWS::Serverless::Api MethodSettings (__added__)
  + **Property Type Changes**
    - AWS::Serverless::Function.SQSEvent (__added__)
    - AWS::Serverless::Function.EventSource Properties.Types (__changed__)
      - Added SQSEvent
@rix0rrr rix0rrr mentioned this pull request Sep 11, 2018
rix0rrr added a commit that referenced this pull request Sep 11, 2018
The headliners of this release are __.NET support__, and a wealth of commits by external contributors who are stepping
up to fix the CDK for their use cases! Thanks all for the effort put into this release!

* Add strongly-named .NET targets, and a `cdk init` template for C# projects ([@mpiroc] in [#617](#617), [#643](#643)).
* __@aws-cdk/aws-autoscaling__: Allow attaching additional security groups to Launch Configuration ([@moofish32] in [#636](#636)).
* __@aws-cdk/aws-autoscaling__: Support update and creation policies on AutoScalingGroups ([@rix0rrr] in [#595](#595)).
* __@aws-cdk/aws-codebuild__: Add support for running script from an asset ([@rix0rrr] in [#677](#677)).
* __@aws-cdk/aws-codebuild__: New method `addBuildToPipeline` on Project ([@skinny85] in [783dcb3](783dcb3)).
* __@aws-cdk/aws-codecommit__: New method `addToPipeline` on Repository ([@skinny85] in [#616](#616)).
* __@aws-cdk/aws-codedeploy__: Add initial support for CodeDeploy ([@skinny85] in [#593](#593), [#641](#641)).
* __@aws-cdk/aws-dynamodb__: Add support for DynamoDB autoscaling ([@SeekerWing] in [#637](#637)).
* __@aws-cdk/aws-dynamodb__: Add support for DynamoDB streams ([@rhboyd] in [#633](#633)).
* __@aws-cdk/aws-dynamodb__: Add support for server-side encryption ([@jungseoklee] in [#684](#864)).
* __@aws-cdk/aws-ec2__ (_**BREAKING**_): SecurityGroup can now be used as a Connectable [#582](#582)).
* __@aws-cdk/aws-ec2__: Add VPC tagging ([@moofish] in [#538](#538)).
* __@aws-cdk/aws-ec2__: Add support for `InstanceSize.Nano` ([@rix0rrr] in [#581](#581))
* __@aws-cdk/aws-lambda__: Add support for dead letter queues ([@SeekerWing] in [#663](#663)).
* __@aws-cdk/aws-lambda__: Add support for placing a Lambda in a VPC ([@rix0rrr] in [#598](#598)).
* __@aws-cdk/aws-logs__: Add `extractMetric()` helper function ([@rix0rrr] in [#676](#676)).
* __@aws-cdk/aws-rds__: Add support for Aurora PostreSQL/MySQL engines ([@cookejames] in [#586](#586))
* __@aws-cdk/aws-s3__: Additional grant methods for Buckets ([@eladb] in [#591](#591))
* __@aws-cdk/aws-s3__: New method `addToPipeline` on Bucket ([@skinny85] in [c8b7a49](c8b7a49)).
* __aws-cdk__: Add support for HTTP proxies ([@rix0rrr] in [#666](#666)).
* __aws-cdk__: Toolkit now shows failure reason if stack update fails ([@rix0rrr] in [#609](#609)).
* __cdk-build-tools__: Add support for running experiment JSII versions ([@RomainMuller] in [#649](#649)).

* _**BREAKING**_: Generate classes and types for the CloudFormation resource `.ref` attributes ([@rix0rrr] in [#627](#627)).
* _**BREAKING**_: Make types accepted in Policy-related classes narrower (from `any` to `Arn`, for example) to reduce typing mistakes ([@rix0rrr] in [#629](#629)).
* __@aws-cdk/aws-codepipeline__ (_**BREAKING**_): Align the CodePipeline APIs ([@skinny85] in [#492](#492), [#568](#568))
* __@aws-cdk/aws-ec2__ (_**BREAKING**_): Move Fleet/AutoScalingGroup to its own package ([@rix0rrr] in [#608](#608)).
* __aws-cdk__: Simplify plugin protocol ([@RomainMuller] in [#646](#646)).

* __@aws-cdk/aws-cloudfront__: Fix CloudFront behavior for ViewerProtocolPolicy ([@mindstorms6] in [#615](#615)).
* __@aws-cdk/aws-ec2__: VPC Placement now supports picking Isolated subnets ([@rix0rrr] in [#610](#610)).
* __@aws-cdk/aws-logs__: Add `export()/import()` capabilities ([@rix0rrr] in [#630](#630)).
* __@aws-cdk/aws-rds__: Fix a bug where a cluster with 1 instance could not be created ([@cookejames] in [#578](#578))
* __@aws-cdk/aws-s3__: Bucket notifications can now add dependencies, fixing creation order ([@eladb] in [#584](#584)).
* __@aws-cdk/aws-s3__: Remove useless bucket name validation ([@rix0rrr] in [#628](#628)).
* __@aws-cdk/aws-sqs__: Make `QueueRef.encryptionMasterKey` readonly ([@RomainMuller] in [#650](#650)).
* __assets__: S3 read permissions are granted on a prefix to fix lost permissions during asset update ([@rix0rrr] in [#510](#510)).
* __aws-cdk__: Remove bootstrapping error if multiple stacks are in the same environment ([@RomainMuller] in [#625](#625)).
* __aws-cdk__: Report and continue if git throws errors during `cdk init` ([@rix0rrr] in [#587](#587)).

* __@aws-cdk/cfnspec__: Updated [CloudFormation resource specification] to `v2.6.0` ([@RomainMuller] in [#594](#594))
  + **New AWS Construct Library**
    - `@aws-cdk/aws-sagemaker` supports AWS::SageMaker resources
  + **New Resource Types**
    - AWS::AmazonMQ::Broker
    - AWS::AmazonMQ::Configuration
    - AWS::CodePipeline::Webhook
    - AWS::Config::AggregationAuthorization
    - AWS::Config::ConfigurationAggregator
    - AWS::EC2::VPCEndpointConnectionNotification
    - AWS::EC2::VPCEndpointServicePermissions
    - AWS::IAM::ServiceLinkedRole
    - AWS::SSM::ResourceDataSync
    - AWS::SageMaker::Endpoint
    - AWS::SageMaker::EndpointConfig
    - AWS::SageMaker::Model
    - AWS::SageMaker::NotebookInstance
    - AWS::SageMaker::NotebookInstanceLifecycleConfig
  + **Attribute Changes**
    - AWS::CodePipeline::Pipeline Version (__added__)
  + **Property Changes**
    - AWS::AppSync::DataSource HttpConfig (__added__)
    - AWS::DAX::Cluster SSESpecification (__added__)
    - AWS::DynamoDB::Table Stream (__added__)
    - AWS::DynamoDB::Table AutoScalingSupport (__added__)
    - AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (__added__)
    - AWS::EC2::VPCEndpoint SecurityGroupIds (__added__)
    - AWS::EC2::VPCEndpoint SubnetIds (__added__)
    - AWS::EC2::VPCEndpoint VPCEndpointType (__added__)
    - AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (__deleted__)
    - AWS::EC2::VPCPeeringConnection PeerRegion (__added__)
    - AWS::EFS::FileSystem ProvisionedThroughputInMibps (__added__)
    - AWS::EFS::FileSystem ThroughputMode (__added__)
    - AWS::EMR::Cluster KerberosAttributes (__added__)
    - AWS::Glue::Classifier JsonClassifier (__added__)
    - AWS::Glue::Classifier XMLClassifier (__added__)
    - AWS::Glue::Crawler Configuration (__added__)
    - AWS::Lambda::Lambda DLQConfigurationSupport (__added__)
    - AWS::Neptune::DBInstance DBSubnetGroupName.UpdateType (__changed__)
      - Old: Mutable
      - New: Immutable
    - AWS::SNS::Subscription DeliveryPolicy (__added__)
    - AWS::SNS::Subscription FilterPolicy (__added__)
    - AWS::SNS::Subscription RawMessageDelivery (__added__)
    - AWS::SNS::Subscription Region (__added__)
    - AWS::SQS::Queue Tags (__added__)
    - AWS::ServiceDiscovery::Service HealthCheckCustomConfig (__added__)
  + **Property Type Changes**
    - AWS::AppSync::DataSource.HttpConfig (__added__)
    - AWS::DAX::Cluster.SSESpecification (__added__)
    - AWS::EMR::Cluster.KerberosAttributes (__added__)
    - AWS::Glue::Classifier.JsonClassifier (__added__)
    - AWS::Glue::Classifier.XMLClassifier (__added__)
    - AWS::ServiceDiscovery::Service.HealthCheckCustomConfig (__added__)
    - AWS::CloudFront::Distribution.CacheBehavior FieldLevelEncryptionId (__added__)
    - AWS::CloudFront::Distribution.DefaultCacheBehavior FieldLevelEncryptionId (__added__)
    - AWS::CodeBuild::Project.Artifacts EncryptionDisabled (__added__)
    - AWS::CodeBuild::Project.Artifacts OverrideArtifactName (__added__)
    - AWS::CodeBuild::Project.Environment Certificate (__added__)
    - AWS::CodeBuild::Project.Source ReportBuildStatus (__added__)
    - AWS::ServiceDiscovery::Service.DnsConfig RoutingPolicy (__added__)
    - AWS::WAF::WebACL.ActivatedRule Action.Required (__changed__)
      - Old: true
      - New: false

* __@aws-cdk/cfnspec__: Updated Serverless Application Model (SAM) Resource Specification ([@RomainMuller] in [#594](#594))
  + **Property Changes**
    - AWS::Serverless::Api MethodSettings (__added__)
  + **Property Type Changes**
    - AWS::Serverless::Function.SQSEvent (__added__)
    - AWS::Serverless::Function.EventSource Properties.Types (__changed__)
      - Added SQSEvent
@NGL321 NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Assets: grant permissions on a wildcard
4 participants