Merged main branch into gh-24654

aws · Mar 29, 2023 · 04a2f65 · 04a2f65
2 parents efdcb00 + be4be99
commit 04a2f65
Show file tree

Hide file tree

Showing 699 changed files with 96,953 additions and 2,192 deletions.
diff --git a/package.json b/package.json
@@ -83,8 +83,6 @@
       "@aws-cdk/assertions-alpha/fs-extra/**",
       "@aws-cdk/assertions/fs-extra",
       "@aws-cdk/assertions/fs-extra/**",
-      "@aws-cdk/aws-iot-actions-alpha/case",
-      "@aws-cdk/aws-iot-actions-alpha/case/**",
       "@aws-cdk/aws-codebuild/yaml",
       "@aws-cdk/aws-codebuild/yaml/**",
       "@aws-cdk/aws-codepipeline-actions/case",
@@ -99,6 +97,8 @@
       "@aws-cdk/aws-eks/yaml/**",
       "@aws-cdk/aws-events-targets/aws-sdk",
       "@aws-cdk/aws-events-targets/aws-sdk/**",
+      "@aws-cdk/aws-iot-actions-alpha/case",
+      "@aws-cdk/aws-iot-actions-alpha/case/**",
       "@aws-cdk/aws-iot-actions/case",
       "@aws-cdk/aws-iot-actions/case/**",
       "@aws-cdk/aws-s3-deployment/case",
@@ -117,6 +117,10 @@
       "@aws-cdk/core/ignore/**",
       "@aws-cdk/core/minimatch",
       "@aws-cdk/core/minimatch/**",
+      "@aws-cdk/core/table",
+      "@aws-cdk/core/table/**",
+      "@aws-cdk/core/yaml",
+      "@aws-cdk/core/yaml/**",
       "@aws-cdk/cx-api/semver",
       "@aws-cdk/cx-api/semver/**",
       "@aws-cdk/pipelines/aws-sdk",

diff --git a/packages/@aws-cdk/aws-ec2/lib/instance-types.ts b/packages/@aws-cdk/aws-ec2/lib/instance-types.ts
@@ -298,6 +298,20 @@ export enum InstanceClass {
    */
   R6GD = 'r6gd',
 
+  /**
+   * Memory optimized instances, 7th generation with Graviton3 processors
+   *
+   * This instance class is currently only available in US East (Ohio), US East (N. Virginia), US West (Oregon), and Europe (Ireland).
+   */
+  MEMORY7_GRAVITON = 'memory7-graviton',
+
+  /**
+   * Memory optimized instances, 7th generation with Graviton3 processors
+   *
+   * This instance class is currently only available in US East (Ohio), US East (N. Virginia), US West (Oregon), and Europe (Ireland).
+   */
+  R7G = 'r7g',
+
   /**
    * Compute optimized instances, 3rd generation
    */
@@ -836,6 +850,20 @@ export enum InstanceClass {
    */
   M6GD = 'm6gd',
 
+  /**
+   * Standard instances, 7th generation with Graviton3 processors
+   *
+   * This instance class is currently only available in US East (Ohio), US East (N. Virginia), US West (Oregon), and Europe (Ireland).
+   */
+  STANDARD7_GRAVITON = 'standard7-graviton',
+
+  /**
+   * Standard instances, 7th generation with Graviton3 processors
+   *
+   * This instance class is currently only available in US East (Ohio), US East (N. Virginia), US West (Oregon), and Europe (Ireland).
+   */
+  M7G = 'm7g',
+
   /**
    * High memory and compute capacity instances, 1st generation
    */
@@ -1103,6 +1131,8 @@ export class InstanceType {
       [InstanceClass.R6G]: 'r6g',
       [InstanceClass.MEMORY6_GRAVITON2_NVME_DRIVE]: 'r6gd',
       [InstanceClass.R6GD]: 'r6gd',
+      [InstanceClass.MEMORY7_GRAVITON]: 'r7g',
+      [InstanceClass.R7G]: 'r7g',
       [InstanceClass.COMPUTE3]: 'c3',
       [InstanceClass.C3]: 'c3',
       [InstanceClass.COMPUTE4]: 'c4',
@@ -1201,6 +1231,8 @@ export class InstanceType {
       [InstanceClass.M6A]: 'm6a',
       [InstanceClass.STANDARD6_GRAVITON2_NVME_DRIVE]: 'm6gd',
       [InstanceClass.M6GD]: 'm6gd',
+      [InstanceClass.STANDARD7_GRAVITON]: 'm7g',
+      [InstanceClass.M7G]: 'm7g',
       [InstanceClass.HIGH_COMPUTE_MEMORY1]: 'z1d',
       [InstanceClass.Z1D]: 'z1d',
       [InstanceClass.INFERENCE1]: 'inf1',

diff --git a/packages/@aws-cdk/aws-ec2/lib/subnet.ts b/packages/@aws-cdk/aws-ec2/lib/subnet.ts
@@ -1,6 +1,6 @@
+import { Token } from '@aws-cdk/core';
 import { CidrBlock, NetworkUtils } from './network-util';
 import { ISubnet } from './vpc';
-
 /**
  * Contains logic which chooses a set of subnets from a larger list, in conjunction
  * with SubnetSelection, to determine where to place AWS resources such as VPC
@@ -144,7 +144,7 @@ class SubnetIdSubnetFilter extends SubnetFilter {
    * Executes the subnet filtering logic.
    */
   public selectSubnets(subnets: ISubnet[]): ISubnet[] {
-    return subnets.filter(subnet => this.subnetIds.includes(subnet.subnetId));
+    return subnets.filter(subnet => this.subnetIds.includes(Token.asString(subnet.subnetId)));
   }
 }
 

diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts
@@ -260,6 +260,7 @@ export class InterfaceVpcEndpointService implements IInterfaceVpcEndpointService
 export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointService {
   public static readonly SAGEMAKER_STUDIO = new InterfaceVpcEndpointAwsService('studio', 'aws.sagemaker');
   public static readonly SAGEMAKER_NOTEBOOK = new InterfaceVpcEndpointAwsService('notebook', 'aws.sagemaker');
+  public static readonly KENDRA_RANKING = new InterfaceVpcEndpointAwsService('kendra-ranking', 'aws.api');
   public static readonly ACCESS_ANALYZER = new InterfaceVpcEndpointAwsService('access-analyzer');
   public static readonly ACCOUNT_MANAGEMENT = new InterfaceVpcEndpointAwsService('account');
   public static readonly APP_MESH = new InterfaceVpcEndpointAwsService('appmesh-envoy-management');
@@ -307,6 +308,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly COMPREHEND_MEDICAL = new InterfaceVpcEndpointAwsService('comprehendmedical');
   public static readonly CONFIG = new InterfaceVpcEndpointAwsService('config');
   public static readonly CONNECT_APP_INTEGRATIONS = new InterfaceVpcEndpointAwsService('app-integrations');
+  public static readonly CONNECT_CASES = new InterfaceVpcEndpointAwsService('cases');
   public static readonly CONNECT_CONNECT_CAMPAIGNS = new InterfaceVpcEndpointAwsService('connect-campaigns');
   public static readonly CONNECT_PROFILE = new InterfaceVpcEndpointAwsService('profile');
   public static readonly CONNECT_VOICEID = new InterfaceVpcEndpointAwsService('voiceid');
@@ -325,8 +327,10 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly ECS = new InterfaceVpcEndpointAwsService('ecs');
   public static readonly ECS_AGENT = new InterfaceVpcEndpointAwsService('ecs-agent');
   public static readonly ECS_TELEMETRY = new InterfaceVpcEndpointAwsService('ecs-telemetry');
+  public static readonly EKS = new InterfaceVpcEndpointAwsService('eks');
   public static readonly ELASTIC_BEANSTALK = new InterfaceVpcEndpointAwsService('elasticbeanstalk');
   public static readonly ELASTIC_BEANSTALK_HEALTH = new InterfaceVpcEndpointAwsService('elasticbeanstalk-health');
+  public static readonly ELASTIC_DISASTER_RECOVERY = new InterfaceVpcEndpointAwsService('drs');
   public static readonly ELASTIC_FILESYSTEM = new InterfaceVpcEndpointAwsService('elasticfilesystem');
   public static readonly ELASTIC_FILESYSTEM_FIPS = new InterfaceVpcEndpointAwsService('elasticfilesystem-fips');
   public static readonly ELASTIC_INFERENCE_RUNTIME = new InterfaceVpcEndpointAwsService('elastic-inference.runtime');
@@ -354,25 +358,30 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly GLUE = new InterfaceVpcEndpointAwsService('glue');
   public static readonly GLUE_DATABREW = new InterfaceVpcEndpointAwsService('databrew');
   public static readonly GRAFANA = new InterfaceVpcEndpointAwsService('grafana');
+  public static readonly GRAFANA_WORKSPACE = new InterfaceVpcEndpointAwsService('grafana-workspace');
   public static readonly GROUNDSTATION = new InterfaceVpcEndpointAwsService('groundstation');
   public static readonly HEALTHLAKE = new InterfaceVpcEndpointAwsService('healthlake');
   public static readonly IAM_IDENTITY_CENTER = new InterfaceVpcEndpointAwsService('identitystore');
   public static readonly IAM_ROLES_ANYWHERE = new InterfaceVpcEndpointAwsService('rolesanywhere');
   public static readonly INSPECTOR = new InterfaceVpcEndpointAwsService('inspector2');
   public static readonly IOT_CORE = new InterfaceVpcEndpointAwsService('iot.data');
+  public static readonly IOT_CORE_DEVICE_ADVISOR = new InterfaceVpcEndpointAwsService('deviceadvisor.iot');
   public static readonly IOT_CORE_FOR_LORAWAN = new InterfaceVpcEndpointAwsService('iotwireless.api');
   public static readonly IOT_LORAWAN_CUPS = new InterfaceVpcEndpointAwsService('lorawan.cups');
   public static readonly IOT_LORAWAN_LNS = new InterfaceVpcEndpointAwsService('lorawan.lns');
   public static readonly IOT_GREENGRASS = new InterfaceVpcEndpointAwsService('greengrass');
+  public static readonly IOT_ROBORUNNER = new InterfaceVpcEndpointAwsService('iotroborunner');
   public static readonly IOT_SITEWISE_API = new InterfaceVpcEndpointAwsService('iotsitewise.api');
   public static readonly IOT_SITEWISE_DATA = new InterfaceVpcEndpointAwsService('iotsitewise.data');
   public static readonly IOT_TWINMAKER_API = new InterfaceVpcEndpointAwsService('iottwinmaker.api');
   public static readonly IOT_TWINMAKER_DATA = new InterfaceVpcEndpointAwsService('iottwinmaker.data');
+  public static readonly KENDRA = new InterfaceVpcEndpointAwsService('kendra');
   public static readonly KEYSPACES = new InterfaceVpcEndpointAwsService('cassandra', '', 9142);
   public static readonly KEYSPACES_FIPS = new InterfaceVpcEndpointAwsService('cassandra-fips', '', 9142);
   public static readonly KINESIS_STREAMS = new InterfaceVpcEndpointAwsService('kinesis-streams');
   public static readonly KINESIS_FIREHOSE = new InterfaceVpcEndpointAwsService('kinesis-firehose');
   public static readonly KMS = new InterfaceVpcEndpointAwsService('kms');
+  public static readonly KMS_FIPS = new InterfaceVpcEndpointAwsService('kms-fips');
   public static readonly LAKE_FORMATION = new InterfaceVpcEndpointAwsService('lakeformation');
   public static readonly CLOUDWATCH_LOGS = new InterfaceVpcEndpointAwsService('logs');
   public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring');
@@ -397,8 +406,15 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly MIGRATIONHUB_REFACTOR_SPACES = new InterfaceVpcEndpointAwsService('refactor-spaces');
   public static readonly MIGRATIONHUB_STRATEGY = new InterfaceVpcEndpointAwsService('migrationhub-strategy');
   public static readonly NIMBLE_STUDIO = new InterfaceVpcEndpointAwsService('nimble');
+  public static readonly OMICS_ANALYTICS = new InterfaceVpcEndpointAwsService('analytics-omics');
+  public static readonly OMICS_CONTROL_STORAGE = new InterfaceVpcEndpointAwsService('control-storage-omics');
+  public static readonly OMICS_STORAGE = new InterfaceVpcEndpointAwsService('storage-omics');
+  public static readonly OMICS_TAGS = new InterfaceVpcEndpointAwsService('tags-omics');
+  public static readonly OMICS_WORKFLOWS = new InterfaceVpcEndpointAwsService('workflows-omics');
   public static readonly PANORAMA = new InterfaceVpcEndpointAwsService('panorama');
   public static readonly PINPOINT = new InterfaceVpcEndpointAwsService('pinpoint-sms-voice-v2');
+  public static readonly POLLY = new InterfaceVpcEndpointAwsService('polly');
+  public static readonly PRIVATE_5G = new InterfaceVpcEndpointAwsService('private-networks');
   public static readonly PROTON = new InterfaceVpcEndpointAwsService('proton');
   public static readonly QLDB = new InterfaceVpcEndpointAwsService('qldb.session');
   public static readonly RDS = new InterfaceVpcEndpointAwsService('rds');
@@ -408,9 +424,11 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips');
   public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data');
   public static readonly S3 = new InterfaceVpcEndpointAwsService('s3');
+  public static readonly S3_MULTI_REGION_ACCESS_POINTS = new InterfaceVpcEndpointAwsService('s3-global.accesspoint', 'com.amazonaws');
   public static readonly S3_OUTPOSTS = new InterfaceVpcEndpointAwsService('s3-outposts');
   public static readonly SAGEMAKER_API = new InterfaceVpcEndpointAwsService('sagemaker.api');
   public static readonly SAGEMAKER_FEATURESTORE_RUNTIME = new InterfaceVpcEndpointAwsService('sagemaker.featurestore-runtime');
+  public static readonly SAGEMAKER_METRICS = new InterfaceVpcEndpointAwsService('sagemaker.metrics');
   public static readonly SAGEMAKER_RUNTIME = new InterfaceVpcEndpointAwsService('sagemaker.runtime');
   public static readonly SAGEMAKER_RUNTIME_FIPS = new InterfaceVpcEndpointAwsService('sagemaker.runtime-fips');
   public static readonly SECRETS_MANAGER = new InterfaceVpcEndpointAwsService('secretsmanager');

diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts
@@ -407,106 +407,176 @@ export class LogFormat {
   /**
    * The VPC Flow Logs version.
    */
-  public static readonly VERSION = new LogFormat('${version}');
+  public static readonly VERSION = LogFormat.field('version');
 
   /**
    * The AWS account ID of the owner of the source network interface for which traffic is recorded.
    */
-  public static readonly ACCOUNT_ID = new LogFormat('${account-id}');
+  public static readonly ACCOUNT_ID = LogFormat.field('account-id');
 
   /**
    * The ID of the network interface for which the traffic is recorded.
    */
-  public static readonly INTERFACE_ID = new LogFormat('${interface-id');
+  public static readonly INTERFACE_ID = LogFormat.field('interface-id');
 
   /**
    * The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface
    * for outgoing traffic on the network interface.
    */
-  public static readonly SRC_ADDR = new LogFormat('${srcaddr}');
+  public static readonly SRC_ADDR = LogFormat.field('srcaddr');
 
   /**
    * The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface
    * for incoming traffic on the network interface.
    */
-  public static readonly DST_ADDR = new LogFormat('${dstaddr}');
+  public static readonly DST_ADDR = LogFormat.field('dstaddr');
 
   /**
    * The source port of the traffic.
    */
-  public static readonly SRC_PORT = new LogFormat('${srcport}');
+  public static readonly SRC_PORT = LogFormat.field('srcport');
 
   /**
    * The destination port of the traffic.
    */
-  public static readonly DST_PORT = new LogFormat('${dstport}');
+  public static readonly DST_PORT = LogFormat.field('dstport');
 
   /**
    * The IANA protocol number of the traffic.
    */
-  public static readonly PROTOCOL = new LogFormat('${protocol}');
+  public static readonly PROTOCOL = LogFormat.field('protocol');
 
   /**
    * The number of packets transferred during the flow.
    */
-  public static readonly PACKETS = new LogFormat('${packets}');
+  public static readonly PACKETS = LogFormat.field('packets');
 
   /**
    * The number of bytes transferred during the flow.
    */
-  public static readonly BYTES = new LogFormat('${bytes}');
+  public static readonly BYTES = LogFormat.field('bytes');
+
+  /**
+   * The time, in Unix seconds, when the first packet of the flow was received within
+   * the aggregation interval.
+   *
+   * This might be up to 60 seconds after the packet was transmitted or received on
+   * the network interface.
+   */
+  public static readonly START_TIMESTAMP = LogFormat.field('start');
+
+  /**
+   * The time, in Unix seconds, when the last packet of the flow was received within
+   * the aggregation interval.
+   *
+   * This might be up to 60 seconds after the packet was transmitted or received on
+   * the network interface.
+   */
+  public static readonly END_TIMESTAMP = LogFormat.field('end');
+
+  /**
+   * The action that is associated with the traffic.
+   */
+  public static readonly ACTION = LogFormat.field('action');
+
+  /**
+   * The logging status of the flow log.
+   */
+  public static readonly LOG_STATUS = LogFormat.field('log-status');
+
+  /**
+   * The ID of the VPC that contains the network interface for which the traffic is recorded.
+   */
+  public static readonly VPC_ID = LogFormat.field('vpc-id');
+
+  /**
+   * The ID of the subnet that contains the network interface for which the traffic is recorded.
+   */
+  public static readonly SUBNET_ID = LogFormat.field('subnet-id');
+
+  /**
+   * The ID of the instance that's associated with network interface for which the traffic is
+   * recorded, if the instance is owned by you.
+   *
+   * Returns a '-' symbol for a requester-managed network interface; for example, the
+   * network interface for a NAT gateway
+   */
+  public static readonly INSTANCE_ID = LogFormat.field('instance-id');
+
+  /**
+   * The bitmask value for TCP flags.
+   *
+   * - FIN -- 1
+   * - SYN -- 2
+   * - RST -- 4
+   * - SYN-ACK -- 18
+   *
+   * If no supported flags are recorded, the TCP flag value is 0.
+   *
+   * TCP flags can be OR-ed during the aggregation interval. For short connections,
+   * the flags might be set on the same line in the flow log record, for example,
+   * 19 for SYN-ACK and FIN, and 3 for SYN and FIN.
+   */
+  public static readonly TCP_FLAGS = LogFormat.field('tcp-flags');
+
+  /**
+   * The type of traffic.
+   *
+   * The possible values are IPv4, IPv6, or EFA.
+   */
+  public static readonly TRAFFIC_TYPE = LogFormat.field('type');
 
   /**
    * The packet-level (original) source IP address of the traffic.
    */
-  public static readonly PKT_SRC_ADDR = new LogFormat('${pkt-srcaddr}');
+  public static readonly PKT_SRC_ADDR = LogFormat.field('pkt-srcaddr');
 
   /**
    * The packet-level (original) destination IP address for the traffic.
    */
-  public static readonly PKT_DST_ADDR = new LogFormat('${pkt-dstaddr}');
+  public static readonly PKT_DST_ADDR = LogFormat.field('pkt-dstaddr');
 
   /**
    * The Region that contains the network interface for which traffic is recorded.
    */
-  public static readonly REGION = new LogFormat('${region}');
+  public static readonly REGION = LogFormat.field('region');
 
   /**
    * The ID of the Availability Zone that contains the network interface for which traffic is recorded.
    */
-  public static readonly AZ_ID = new LogFormat('${az-id}');
+  public static readonly AZ_ID = LogFormat.field('az-id');
 
   /**
    * The type of sublocation that's returned in the sublocation-id field.
    */
-  public static readonly SUBLOCATION_TYPE = new LogFormat('${sublocation-type}');
+  public static readonly SUBLOCATION_TYPE = LogFormat.field('sublocation-type');
 
   /**
    * The ID of the sublocation that contains the network interface for which traffic is recorded.
    */
-  public static readonly SUBLOCATION_ID = new LogFormat('${sublocation-id}');
+  public static readonly SUBLOCATION_ID = LogFormat.field('sublocation-id');
 
   /**
    * The name of the subset of IP address ranges for the pkt-srcaddr field,
    * if the source IP address is for an AWS service.
    */
-  public static readonly PKT_SRC_AWS_SERVICE = new LogFormat('${pkt-src-aws-service}');
+  public static readonly PKT_SRC_AWS_SERVICE = LogFormat.field('pkt-src-aws-service');
 
   /**
    * The name of the subset of IP address ranges for the pkt-dstaddr field,
    * if the destination IP address is for an AWS service.
    */
-  public static readonly PKT_DST_AWS_SERVICE = new LogFormat('${pkt-dst-aws-service}');
+  public static readonly PKT_DST_AWS_SERVICE = LogFormat.field('pkt-dst-aws-service');
 
   /**
    * The direction of the flow with respect to the interface where traffic is captured.
    */
-  public static readonly FLOW_DIRECTION = new LogFormat('${flow-direction}');
+  public static readonly FLOW_DIRECTION = LogFormat.field('flow-direction');
 
   /**
    * The path that egress traffic takes to the destination.
    */
-  public static readonly TRAFFIC_PATH = new LogFormat('${traffic-path}');
+  public static readonly TRAFFIC_PATH = LogFormat.field('traffic-path');
 
   /**
    * The default format.