Update to version v1.86.0

awslabs · Feb 12, 2021 · 256f463 · 256f463
1 parent 25961ad
commit 256f463
Show file tree

Hide file tree

Showing 23 changed files with 1,570 additions and 116 deletions.
diff --git a/.viperlightignore b/.viperlightignore
@@ -11,6 +11,7 @@ source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.n
 CODE_OF_CONDUCT.md:4
 CONTRIBUTING.md:223
 source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts:118
+source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts:126
 source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json:112
 source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json:112
 source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json:193
@@ -33,11 +34,5 @@ source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.override
 source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:106
 source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts:202
 source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts:251
-
-# fake credentials strings
-source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:87
 source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:86
-
-# testcase containing configuration to assert
-source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.js:122
-source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts:126
+source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:87
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## 1.86.0 (2021-02-12)
+
+### Added
+- aws-kinesisstreams-gluejob pattern added ([#40](https://github.com/awslabs/aws-solutions-constructs/issues/40))
+
+### Changed
+- Upgraded all patterns to CDK v1.86.0
+- Create security-group-helper.ts to consolidate security group code
+
 ## 1.85.0 (2021-02-05)
 
 ### Changed
@@ -15,7 +24,7 @@ All notable changes to this project will be documented in this file. See [standa
 - Upgraded all patterns to CDK v1.84.0
 - Updated `aws-lambda-sns` and `aws-lambs-s3` to support for VPC
 - Added [Design Guidelines](./DESIGN_GUIDELINES.md)
-
+ß
 ## 1.83.0 (2021-01-21)
 
 ### Changed

diff --git a/DESIGN_GUIDELINES.md b/DESIGN_GUIDELINES.md
@@ -43,6 +43,10 @@ The Construct should be restricted to deploying infrastructure. In general this
 **Favor L2 CDK Constructs over L1**
 L1 CDK constructs are merely thin code wrappers over the raw CloudFormation definitions – they bring little if any additional value to the table. L2 CDK constructs provide additional functionality, security and interoperability. Whenever possible, Solutions Constructs interfaces should speak in terms of L2 CDK constructs. If your definition includes L1 constructs it may not be rejected, but you will be asked to explain the reasons requiring their use. 
 
+## VPCs
+
+Clients may choose to deploy their architectures for any number of reasons. VPC capability should be added to constructs when traffic within the construct can be restricted within a VPC. For instance, for the construct aws-lambda-sqs, traffic from the lambda function can be configured to use an ENI in a VPC, and an Interface Endpoint for SQS can accept those calls within that VPC - so the traffic stays within the VPC. Conversely, aws-sqs-lambda cannot be configured within a VPC because the traffic consists of Lambda polling SQS and invoking the Lambda function synchronously, none of which can be configured within a VPC (although calls between AWS resources stay on the AWS backbone and do not hit the open web).
+
 ## Naming
 
 The name of a Solutions Construct is composed by concatenating the names of the individual services or resources configured by the construct. When it is obvious what resource is being deployed by the service, use just the service name, such as SQS, SNS, DynamoDB, etc. When just the service name is ambiguous, append the specific resource type to the service name, such as SagemakerEndpoint (also do this for a different flavor of an already deployed service, such as DynamoDBStream).
@@ -289,7 +293,20 @@ Existing Inconsistencies would not be published, that’s for our internal use
 
 | Name    | Type     | Notes    |
 | --- | --- | --- |
-| elasticsearchDomain	| elasticsearch.CfnDomain	||
-| elasticsearchDomainRole	| iam.Role	||
+| elasticsearchDomain | elasticsearch.CfnDomain ||
+| elasticsearchDomainRole | iam.Role ||
+
+## VPC
+**Required Attributes on Props** 
+
+| Name    | Type     | Notes    |
+| --- | --- | --- |
+| existingVpc? | ec2.IVpc |  |
+| deployVpc? | boolean| |
+| vpcProps? | ec2.VpcProps| |
 
+**Required Construct Properties** 
 
+| Name    | Type     | Notes    |
+| --- | --- | --- |
+| vpc? | ec2.IVpc |  |
diff --git a/source/lerna.json b/source/lerna.json
@@ -6,5 +6,5 @@
     "./patterns/@aws-solutions-constructs/*"
   ],
   "rejectCycles": "true",
-  "version": "1.85.0"
+  "version": "1.86.0"
 }
diff --git a/...lutions-constructs/aws-apigateway-iot/test/__snapshots__/test.apigateway-iot.test.js.snap b/...lutions-constructs/aws-apigateway-iot/test/__snapshots__/test.apigateway-iot.test.js.snap
@@ -4091,7 +4091,7 @@ Object {
       },
       "Type": "AWS::ApiGateway::UsagePlan",
     },
-    "testapigatewayiotoverridenparamsRestApiUsagePlanUsagePlanKeyResource2127D8B5": Object {
+    "testapigatewayiotoverridenparamsRestApiUsagePlanUsagePlanKeyResourcetestapigatewayiotoverridenparamsRestApiApiKeyFB3865CEDD2048E8": Object {
       "Properties": Object {
         "KeyId": Object {
           "Ref": "testapigatewayiotoverridenparamsRestApiApiKey00A9BE26",

diff --git a/...erns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.expected.json b/...erns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.expected.json
@@ -1263,7 +1263,7 @@
         ]
       }
     },
-    "testapigatewayiotRestApiUsagePlanUsagePlanKeyResource427DC49B": {
+    "testapigatewayiotRestApiUsagePlanUsagePlanKeyResourcetestapigatewayiotoverridenparamstestapigatewayiotRestApiApiKey83FDCF0179E2376C": {
       "Type": "AWS::ApiGateway::UsagePlanKey",
       "Properties": {
         "KeyId": {

diff --git a/...s-solutions-constructs/aws-apigateway-iot/test/integ.override_auth_api_keys.expected.json b/...s-solutions-constructs/aws-apigateway-iot/test/integ.override_auth_api_keys.expected.json
@@ -1261,7 +1261,7 @@
         ]
       }
     },
-    "testapigatewayiotRestApiUsagePlanUsagePlanKeyResource427DC49B": {
+    "testapigatewayiotRestApiUsagePlanUsagePlanKeyResourcetestapigatewayiotapikeysparamstestapigatewayiotRestApiApiKeyE1A9FEAB83683CCF": {
       "Type": "AWS::ApiGateway::UsagePlanKey",
       "Properties": {
         "KeyId": {

diff --git a/...ns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunctionWithVpc.expected.json b/...ns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunctionWithVpc.expected.json
@@ -134,10 +134,10 @@
         }
       }
     },
-    "testlambdas3ReplaceDefaultSecurityGroup39AA8943": {
+    "testlambdas3ReplaceDefaultSecurityGroupsecuritygroupA1E3F673": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
-        "GroupDescription": "test-lambda-s3/test-lambda-s3/ReplaceDefaultSecurityGroup",
+        "GroupDescription": "test-lambda-s3/test-lambda-s3/ReplaceDefaultSecurityGroup-security-group",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",
@@ -228,7 +228,7 @@
           "SecurityGroupIds": [
             {
               "Fn::GetAtt": [
-                "testlambdas3ReplaceDefaultSecurityGroup39AA8943",
+                "testlambdas3ReplaceDefaultSecurityGroupsecuritygroupA1E3F673",
                 "GroupId"
               ]
             }

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/lambda-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/lambda-s3.test.ts
@@ -223,7 +223,7 @@ test("Test minimal deployment that deploys a VPC without vpcProps", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatos3stackReplaceDefaultSecurityGroup00762EE4",
+            "lambdatos3stackReplaceDefaultSecurityGroupsecuritygroupDCA33AE3",
             "GroupId",
           ],
         },
@@ -278,7 +278,7 @@ test("Test minimal deployment that deploys a VPC w/vpcProps", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatos3stackReplaceDefaultSecurityGroup00762EE4",
+            "lambdatos3stackReplaceDefaultSecurityGroupsecuritygroupDCA33AE3",
             "GroupId",
           ],
         },
@@ -332,7 +332,7 @@ test("Test minimal deployment with an existing VPC", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatos3stackReplaceDefaultSecurityGroup00762EE4",
+            "lambdatos3stackReplaceDefaultSecurityGroupsecuritygroupDCA33AE3",
             "GroupId",
           ],
         },

diff --git a/...s/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunctionWithVpc.expected.json b/...s/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunctionWithVpc.expected.json
@@ -108,10 +108,10 @@
         }
       }
     },
-    "testlambdasnsReplaceDefaultSecurityGroup1EB706DE": {
+    "testlambdasnsReplaceDefaultSecurityGroupsecuritygroup071D13CB": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
-        "GroupDescription": "test-lambda-sns/test-lambda-sns/ReplaceDefaultSecurityGroup",
+        "GroupDescription": "test-lambda-sns/test-lambda-sns/ReplaceDefaultSecurityGroup-security-group",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",
@@ -208,7 +208,7 @@
           "SecurityGroupIds": [
             {
               "Fn::GetAtt": [
-                "testlambdasnsReplaceDefaultSecurityGroup1EB706DE",
+                "testlambdasnsReplaceDefaultSecurityGroupsecuritygroup071D13CB",
                 "GroupId"
               ]
             }
@@ -642,7 +642,7 @@
         "SecurityGroupIds": [
           {
             "Fn::GetAtt": [
-              "ReplaceEndpointDefaultSecurityGroupCF0CCAF1",
+              "ReplaceEndpointDefaultSecurityGroupsecuritygroupB97DD1AF",
               "GroupId"
             ]
           }
@@ -661,10 +661,10 @@
         "VpcEndpointType": "Interface"
       }
     },
-    "ReplaceEndpointDefaultSecurityGroupCF0CCAF1": {
+    "ReplaceEndpointDefaultSecurityGroupsecuritygroupB97DD1AF": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
-        "GroupDescription": "test-lambda-sns/ReplaceEndpointDefaultSecurityGroup",
+        "GroupDescription": "test-lambda-sns/ReplaceEndpointDefaultSecurityGroup-security-group",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/lambda-sns.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/lambda-sns.test.ts
@@ -169,7 +169,7 @@ test("Test minimal deployment that deploys a VPC without vpcProps", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatosnsstackReplaceDefaultSecurityGroup719F066F",
+            "lambdatosnsstackReplaceDefaultSecurityGroupsecuritygroup64D1B1DA",
             "GroupId",
           ],
         },
@@ -224,7 +224,7 @@ test("Test minimal deployment that deploys a VPC w/vpcProps", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatosnsstackReplaceDefaultSecurityGroup719F066F",
+            "lambdatosnsstackReplaceDefaultSecurityGroupsecuritygroup64D1B1DA",
             "GroupId",
           ],
         },
@@ -278,7 +278,7 @@ test("Test minimal deployment with an existing VPC", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatosnsstackReplaceDefaultSecurityGroup719F066F",
+            "lambdatosnsstackReplaceDefaultSecurityGroupsecuritygroup64D1B1DA",
             "GroupId",
           ],
         },

diff --git a/...patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json b/...patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json
@@ -145,14 +145,12 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "testlambdasqsLambdaFunctionServiceRoleC0430CA8",
             "Arn"
           ]
         },
-        "Runtime": "nodejs10.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
@@ -161,6 +159,8 @@
             }
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs10.x",
         "TracingConfig": {
           "Mode": "Active"
         }

diff --git a/...s/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunctionWithVpc.expected.json b/...s/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunctionWithVpc.expected.json
@@ -115,10 +115,10 @@
         }
       }
     },
-    "testlambdasqsReplaceDefaultSecurityGroup53A5E043": {
+    "testlambdasqsReplaceDefaultSecurityGroupsecuritygroup2CA205C7": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
-        "GroupDescription": "test-lambda-sqs/test-lambda-sqs/ReplaceDefaultSecurityGroup",
+        "GroupDescription": "test-lambda-sqs/test-lambda-sqs/ReplaceDefaultSecurityGroup-security-group",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",
@@ -186,14 +186,12 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "testlambdasqsLambdaFunctionServiceRoleC0430CA8",
             "Arn"
           ]
         },
-        "Runtime": "nodejs10.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
@@ -202,14 +200,16 @@
             }
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs10.x",
         "TracingConfig": {
           "Mode": "Active"
         },
         "VpcConfig": {
           "SecurityGroupIds": [
             {
               "Fn::GetAtt": [
-                "testlambdasqsReplaceDefaultSecurityGroup53A5E043",
+                "testlambdasqsReplaceDefaultSecurityGroupsecuritygroup2CA205C7",
                 "GroupId"
               ]
             }
@@ -695,7 +695,7 @@
         "SecurityGroupIds": [
           {
             "Fn::GetAtt": [
-              "ReplaceEndpointDefaultSecurityGroupCF0CCAF1",
+              "ReplaceEndpointDefaultSecurityGroupsecuritygroupB97DD1AF",
               "GroupId"
             ]
           }
@@ -714,10 +714,10 @@
         "VpcEndpointType": "Interface"
       }
     },
-    "ReplaceEndpointDefaultSecurityGroupCF0CCAF1": {
+    "ReplaceEndpointDefaultSecurityGroupsecuritygroupB97DD1AF": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
-        "GroupDescription": "test-lambda-sqs/ReplaceEndpointDefaultSecurityGroup",
+        "GroupDescription": "test-lambda-sqs/ReplaceEndpointDefaultSecurityGroup-security-group",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",

diff --git a/...tterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json b/...tterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json
@@ -145,14 +145,12 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "LambdaFunctionServiceRole0C4CDE0B",
             "Arn"
           ]
         },
-        "Runtime": "nodejs10.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
@@ -161,6 +159,8 @@
             }
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs10.x",
         "TracingConfig": {
           "Mode": "Active"
         }

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/lambda-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/lambda-sqs.test.ts
@@ -169,7 +169,7 @@ test("Test minimal deployment that deploys a VPC without vpcProps", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatosqsstackReplaceDefaultSecurityGroup7FE5F431",
+            "lambdatosqsstackReplaceDefaultSecurityGroupsecuritygroupAED1D1EE",
             "GroupId",
           ],
         },
@@ -224,7 +224,7 @@ test("Test minimal deployment that deploys a VPC w/vpcProps", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatosqsstackReplaceDefaultSecurityGroup7FE5F431",
+            "lambdatosqsstackReplaceDefaultSecurityGroupsecuritygroupAED1D1EE",
             "GroupId",
           ],
         },
@@ -278,7 +278,7 @@ test("Test minimal deployment with an existing VPC", () => {
       SecurityGroupIds: [
         {
           "Fn::GetAtt": [
-            "lambdatosqsstackReplaceDefaultSecurityGroup7FE5F431",
+            "lambdatosqsstackReplaceDefaultSecurityGroupsecuritygroupAED1D1EE",
             "GroupId",
           ],
         },

diff --git a/source/patterns/@aws-solutions-constructs/core/index.ts b/source/patterns/@aws-solutions-constructs/core/index.ts
@@ -29,6 +29,7 @@ export * from './lib/mediastore-defaults';
 export * from './lib/mediastore-helper';
 export * from './lib/s3-bucket-defaults';
 export * from './lib/s3-bucket-helper';
+export * from './lib/security-group-helper';
 export * from './lib/sns-defaults';
 export * from './lib/sns-helper';
 export * from './lib/sqs-defaults';