chore: upgrade cdk to 2.148.0

CHANGELOG.md

@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - chore: add commitlint
+- chore: upgrade cdk to 2.148.0
 
 
 ## [1.8.1] - 07-03-2024

source/package.json

@@ -70,15 +70,16 @@
     "minimatch": "9.0.0"
   },
   "devDependencies": {
-    "@aws-cdk/integ-runner": "2.93.0-alpha.0",
-    "@aws-cdk/integ-tests-alpha": "2.93.0-alpha.0",
+    "@aws-cdk/integ-runner": "2.148.0-alpha.0",
+    "@aws-cdk/integ-tests-alpha": "2.148.0-alpha.0",
     "@commitlint/cli": "19.3.0",
     "@commitlint/config-conventional": "19.2.2",
     "@types/jest": "29.4.0",
     "@types/node": "18.14.0",
     "@typescript-eslint/eslint-plugin": "5.53.0",
     "@typescript-eslint/parser": "5.53.0",
-    "aws-cdk-lib": "2.93.0",
+    "aws-cdk-lib": "2.148.0",
+    "cdk-from-cfn": "0.162.0",
     "constructs": "10.0.12",
     "esbuild": "0.17.10",
     "eslint": "8.34.0",

source/packages/@aws-accelerator/accelerator/lib/lambdas/attach-quarantine-scp/package.json

@@ -21,7 +21,7 @@
   },
   "dependencies": {
     "@aws-accelerator/utils": "^0.0.0",
-    "aws-sdk": "2.1379.0"
+    "aws-sdk": "2.1639.0"
   },
   "devDependencies": {
     "@types/jest": "29.4.0",

source/packages/@aws-accelerator/accelerator/lib/lambdas/detach-quarantine-scp/package.json

@@ -21,7 +21,7 @@
   },
   "dependencies": {
     "@aws-accelerator/utils": "^0.0.0",
-    "aws-sdk": "2.1379.0"
+    "aws-sdk": "2.1639.0"
   },
   "devDependencies": {
     "@types/jest": "29.4.0",

source/packages/@aws-accelerator/accelerator/lib/lambdas/validate-environment/package.json

@@ -26,7 +26,7 @@
     "@aws-sdk/client-ssm": "3.410.0",
     "@aws-sdk/lib-dynamodb": "3.410.0",
     "@aws-sdk/smithy-client": "3.374.0",
-    "aws-sdk": "2.1379.0"
+    "aws-sdk": "2.1639.0"
   },
   "devDependencies": {
     "@aws-sdk/types": "3.410.0",

source/packages/@aws-accelerator/accelerator/lib/stacks/accelerator-stack.ts

@@ -131,6 +131,8 @@ export enum NagSuppressionRuleIds {
   S1 = 'S1',
   KDS3 = 'KDS3',
   AS3 = 'AS3',
+  SF1 = 'SF1',
+  SF2 = 'SF2',
 }
 
 /**

source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts

@@ -467,13 +467,21 @@ export class PrepareStack extends AcceleratorStack {
         'CreateOrganizationAccounts/CreateOrganizationAccountStatus/ServiceRole/DefaultPolicy/Resource',
         'CreateOrganizationAccounts/CreateOrganizationAccountsProvider/waiter-state-machine/Role/DefaultPolicy/Resource',
       ];
-
+      const orgAccountsSfSuppressionPaths = [
+        'CreateOrganizationAccounts/CreateOrganizationAccountsProvider/waiter-state-machine/Resource',
+      ];
       // AwsSolutions-IAM4: The IAM user, role, or group uses AWS managed policies
       this.createNagSuppressionsInputs(NagSuppressionRuleIds.IAM4, orgAccountsIam4SuppressionPaths);
 
       // AwsSolutions-IAM5: The IAM entity contains wildcard permissions and does not have a cdk_nag rule suppression with evidence for those permission
       this.createNagSuppressionsInputs(NagSuppressionRuleIds.IAM5, orgAccountsIam5SuppressionPaths);
 
+      // AwsSolutions-SF1: The Step Function does not log "ALL" events to CloudWatch Logs.
+      this.createNagSuppressionsInputs(NagSuppressionRuleIds.SF1, orgAccountsSfSuppressionPaths);
+
+      // AwsSolutions-SF2: The Step Function does not have X-Ray tracing enabled.
+      this.createNagSuppressionsInputs(NagSuppressionRuleIds.SF2, orgAccountsSfSuppressionPaths);
+
       if (options.props.globalConfig.controlTower.enable) {
         // Allow security/audit account access
         options.managementAccountKey.addToResourcePolicy(
@@ -518,13 +526,22 @@ export class PrepareStack extends AcceleratorStack {
           'CreateCTAccounts/CreateControlTowerAcccountsProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource',
           'CreateCTAccounts/CreateControlTowerAcccountsProvider/waiter-state-machine/Role/DefaultPolicy/Resource',
         ];
+        const ctAccountsSfSuppressionPaths = [
+          'CreateCTAccounts/CreateControlTowerAcccountsProvider/waiter-state-machine/Resource',
+        ];
 
         // AwsSolutions-IAM4: The IAM user, role, or group uses AWS managed policies
         this.createNagSuppressionsInputs(NagSuppressionRuleIds.IAM4, ctAccountsIam4SuppressionPaths);
 
         // AwsSolutions-IAM5: The IAM entity contains wildcard permissions and does not have a cdk_nag rule suppression with evidence for those permission
         this.createNagSuppressionsInputs(NagSuppressionRuleIds.IAM5, ctAccountsIam5SuppressionPaths);
 
+        // AwsSolutions-SF1: The Step Function does not log "ALL" events to CloudWatch Logs.
+        this.createNagSuppressionsInputs(NagSuppressionRuleIds.SF1, ctAccountsSfSuppressionPaths);
+
+        // AwsSolutions-SF2: The Step Function does not have X-Ray tracing enabled.
+        this.createNagSuppressionsInputs(NagSuppressionRuleIds.SF2, ctAccountsSfSuppressionPaths);
+
         // resources for control tower lifecycle events
         const controlTowerOuEventsFunction = new cdk.aws_lambda.Function(this, 'ControlTowerOuEventsFunction', {
           code: cdk.aws_lambda.Code.fromAsset(path.join(__dirname, '../lambdas/control-tower-ou-events/dist')),

source/packages/@aws-accelerator/accelerator/lib/toolkit.ts

@@ -797,6 +797,7 @@ export class AcceleratorToolkit {
         false,
         3,
         false,
+        undefined,
         stream,
       );
       await stream.close();

source/packages/@aws-accelerator/accelerator/package.json

@@ -24,7 +24,7 @@
     "@aws-accelerator/constructs": "^0.0.0",
     "@aws-accelerator/utils": "^0.0.0",
     "@aws-cdk-extensions/cdk-plugin-assume-role": "^0.0.0",
-    "@aws-cdk/cloud-assembly-schema": "2.93.0",
+    "@aws-cdk/cloud-assembly-schema": "2.148.0",
     "@aws-sdk/client-config-service": "3.410.0",
     "@aws-sdk/client-service-quotas": "3.410.0",
     "@aws-sdk/client-ssm": "3.410.0",
@@ -45,16 +45,16 @@
     "winston": "3.8.2"
   },
   "devDependencies": {
-    "@aws-cdk/cx-api": "2.93.0",
-    "@aws-cdk/region-info": "2.93.0",
+    "@aws-cdk/cx-api": "2.148.0",
+    "@aws-cdk/region-info": "2.148.0",
     "@types/fs-extra": "11.0.1",
     "@types/jest": "^29.4.0",
     "@types/mri": "1.1.1",
     "@types/node": "18.14.0",
     "@types/promptly": "3.0.2",
-    "aws-cdk": "2.93.0",
-    "aws-cdk-lib": "2.93.0",
-    "cdk-assets": "2.93.0",
+    "aws-cdk": "2.148.0",
+    "aws-cdk-lib": "2.148.0",
+    "cdk-assets": "2.148.0",
     "chokidar": "3.5.3",
     "constructs": "10.0.12",
     "eslint": "8.34.0",

source/packages/@aws-accelerator/accelerator/test/__snapshots__/accounts-stack.test.ts.snap

@@ -217,7 +217,7 @@ exports[`AccountsStack us-east-1 Construct(AccountsStack):  Snapshot Test 1`] =
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -1240,7 +1240,7 @@ exports[`AccountsStack us-east-1 Construct(AccountsStack):  Snapshot Test 1`] =
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -1510,7 +1510,7 @@ exports[`AccountsStack us-east-1 Construct(AccountsStack):  Snapshot Test 1`] =
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -1805,7 +1805,7 @@ exports[`AccountsStack us-east-1 Construct(AccountsStack):  Snapshot Test 1`] =
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",

source/packages/@aws-accelerator/accelerator/test/__snapshots__/applications-stack.test.ts.snap

@@ -125,7 +125,7 @@ exports[`ApplicationsStack Construct(ApplicationsStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",

source/packages/@aws-accelerator/accelerator/test/__snapshots__/customizations-stack.test.ts.snap

@@ -166,7 +166,7 @@ exports[`CustomizationsStack Construct(CustomizationsStack):  Snapshot Test 1`]
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -799,7 +799,7 @@ exports[`CustomizationsStack Construct(CustomizationsStack):  Snapshot Test 2`]
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",

source/packages/@aws-accelerator/accelerator/test/__snapshots__/identity-center-stack.test.ts.snap

@@ -442,7 +442,7 @@ exports[`IdentityCenterStack Construct(IdentityCenterStack):  Snapshot Test 1`]
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",

source/packages/@aws-accelerator/accelerator/test/__snapshots__/logging-stack.test.ts.snap

@@ -161,7 +161,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -588,7 +588,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -1762,7 +1762,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -3067,7 +3067,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -3372,7 +3372,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -4286,7 +4286,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -4572,7 +4572,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -4823,7 +4823,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -5383,7 +5383,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -6414,7 +6414,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -6702,7 +6702,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -6977,7 +6977,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -7487,7 +7487,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -7780,7 +7780,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -8677,7 +8677,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -8951,7 +8951,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -9225,7 +9225,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -9488,7 +9488,7 @@ exports[`LoggingStackOuTargets Construct(LoggingStackOuTargets):  Snapshot Test
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",
@@ -10813,7 +10813,7 @@ exports[`LoggingStackOuTargets Construct(LoggingStackOuTargets):  Snapshot Test
             "Arn",
           ],
         },
-        "Runtime": "nodejs18.x",
+        "Runtime": "nodejs20.x",
         "Timeout": 900,
       },
       "Type": "AWS::Lambda::Function",