From d93e091a39ed24109c7b4b340b2c71cc9a8f942e Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Thu, 27 Jan 2022 01:50:33 -0800 Subject: [PATCH 01/26] docs(cfnspec): update CloudFormation documentation (#18678) Co-authored-by: AWS CDK Team --- .../spec-source/cfn-docs/cfn-docs.json | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 4add6a673f797..49265fa72117a 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -8739,7 +8739,7 @@ }, "AWS::Config::AggregationAuthorization": { "attributes": { - "AggregationAuthorizationArn": "", + "AggregationAuthorizationArn": "The Amazon Resource Name (ARN) of the aggregation object.", "Ref": "`Ref` returns the ARN of the AggregationAuthorization, such as `arn:aws:config:us-east-1:123456789012:aggregation-authorization/987654321012/us-west-2` ." }, "description": "An object that represents the authorizations granted to aggregator accounts and regions.", @@ -8892,7 +8892,7 @@ "attributes": { "Ref": "`Ref` returns the OrganizationConfigRuleName." }, - "description": "An organization config rule that has information about config rules that AWS Config creates in member accounts. Only a master account can create or update an organization config rule.\n\n`OrganizationConfigRule` resource enables organization service access through `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account. AWS Config verifies the existence of role with `GetRole` action.\n\nWhen creating custom organization config rules using a centralized Lambda function, you will need to allow Lambda permissions to sub-accounts and you will need to create an IAM role will to pass to the Lambda function. For more information, see [How to Centrally Manage AWS Config Rules across Multiple AWS Accounts](https://docs.aws.amazon.com/devops/how-to-centrally-manage-aws-config-rules-across-multiple-aws-accounts/) .", + "description": "An organization config rule that has information about config rules that AWS Config creates in member accounts.Only a master account and a delegated administrator can create or update an organization config rule.\n\n`OrganizationConfigRule` resource enables organization service access through `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account. AWS Config verifies the existence of role with `GetRole` action.\n\nWhen creating custom organization config rules using a centralized Lambda function, you will need to allow Lambda permissions to sub-accounts and you will need to create an IAM role will to pass to the Lambda function. For more information, see [How to Centrally Manage AWS Config Rules across Multiple AWS Accounts](https://docs.aws.amazon.com/devops/how-to-centrally-manage-aws-config-rules-across-multiple-aws-accounts/) .", "properties": { "ExcludedAccounts": "A comma-separated list of accounts excluded from organization config rule.", "OrganizationConfigRuleName": "The name that you assign to organization config rule.", @@ -14365,9 +14365,9 @@ "attributes": {}, "description": "The Kubernetes network configuration for the cluster.", "properties": { - "IpFamily": "Specify which IP family is used to assign Kubernetes Pod and Service IP addresses. If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them.\n\nYou can only specify `ipv6` for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to Pods and Services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the Amazon EKS User Guide. Kubernetes assigns Services IPv6 addresses from the unique local address range (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR.", + "IpFamily": "Specify which IP family is used to assign Kubernetes pod and service IP addresses. If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them.\n\nYou can only specify `ipv6` for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to pods and services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the Amazon EKS User Guide. Kubernetes assigns services IPv6 addresses from the unique local address range (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR.", "ServiceIpv4Cidr": "Don't specify a value if you select `ipv6` for *ipFamily* . The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements:\n\n- Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.\n- Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.\n- Between /24 and /12.\n\n> You can only specify a custom CIDR block when you create a cluster and can't change this value once the cluster is created.", - "ServiceIpv6Cidr": "The CIDR block that Kubernetes Pod and Service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns Service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster." + "ServiceIpv6Cidr": "The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster." } }, "AWS::EKS::Cluster.Logging": { @@ -14808,9 +14808,9 @@ "attributes": {}, "description": "`VolumeSpecification` is a subproperty of the `EbsBlockDeviceConfig` property type. `VolumeSecification` determines the volume type, IOPS, and size (GiB) for EBS volumes attached to EC2 instances.", "properties": { - "Iops": "The number of I/O operations per second (IOPS) that the volume supports. IOPS parameters are supported for volumes: io1 and gp3. Among them, IOPS parameters are required for volumes io1 but optional for volumes gp3 which default to 3000 IOPS. IOPS parameters are not supported for volumes: gp2, standard, st1 and sc1.", + "Iops": "The number of I/O operations per second (IOPS) that the volume supports.", "SizeInGB": "The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10.", - "VolumeType": "The volume type. Volume types supported are gp2, io1, standard sc1, st1 and gp3. For gp3, customer will be able to configure IOPs but not throughput. Throughput will default to 125 MiB/s." + "VolumeType": "The volume type. Volume types supported are gp2, io1, and standard." } }, "AWS::EMR::InstanceFleetConfig": { @@ -14895,9 +14895,9 @@ "attributes": {}, "description": "`VolumeSpecification` is a subproperty of the `EbsBlockDeviceConfig` property type. `VolumeSecification` determines the volume type, IOPS, and size (GiB) for EBS volumes attached to EC2 instances.", "properties": { - "Iops": "The number of I/O operations per second (IOPS) that the volume supports. IOPS parameters are supported for volumes: io1 and gp3. Among them, IOPS parameters are required for volumes io1 but optional for volumes gp3 which default to 3000 IOPS. IOPS parameters are not supported for volumes: gp2, standard, st1 and sc1.", + "Iops": "The number of I/O operations per second (IOPS) that the volume supports.", "SizeInGB": "The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10.", - "VolumeType": "The volume type. Volume types supported are gp2, io1, standard sc1, st1 and gp3. For gp3, customer will be able to configure IOPs but not throughput. Throughput will default to 125 MiB/s." + "VolumeType": "The volume type. Volume types supported are gp2, io1, and standard." } }, "AWS::EMR::InstanceGroupConfig": { @@ -15021,9 +15021,9 @@ "attributes": {}, "description": "`VolumeSpecification` is a subproperty of the `EbsBlockDeviceConfig` property type. `VolumeSecification` determines the volume type, IOPS, and size (GiB) for EBS volumes attached to EC2 instances.", "properties": { - "Iops": "The number of I/O operations per second (IOPS) that the volume supports. IOPS parameters are supported for volumes: io1 and gp3. Among them, IOPS parameters are required for volumes io1 but optional for volumes gp3 which default to 3000 IOPS. IOPS parameters are not supported for volumes: gp2, standard, st1 and sc1.", + "Iops": "The number of I/O operations per second (IOPS) that the volume supports.", "SizeInGB": "The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10.", - "VolumeType": "The volume type. Volume types supported are gp2, io1, standard sc1, st1 and gp3. For gp3, customer will be able to configure IOPs but not throughput. Throughput will default to 125 MiB/s." + "VolumeType": "The volume type. Volume types supported are gp2, io1, and standard." } }, "AWS::EMR::SecurityConfiguration": { @@ -22685,7 +22685,7 @@ "attributes": { "Ref": "`Ref` returns the alias name, such as `alias/exampleAlias` ." }, - "description": "The `AWS::KMS::Alias` resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) . You can use an alias to identify a KMS key in the AWS KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) , such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html) .\n\n> Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [Using ABAC in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* . \n\nUsing an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS Regions . For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *AWS Key Management Service Developer Guide* .\n\nWhen specifying an alias, observe the following rules.\n\n- Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key.\n- The alias and its associated KMS key must be in the same AWS account and Region.\n- The alias name must be unique in the AWS account and Region. However, you can create aliases with the same name in different AWS Regions . For example, you can have an `alias/projectKey` in multiple Regions, each of which is associated with a KMS key in its Region.\n- Each alias name must begin with `alias/` followed by a name, such as `alias/exampleKey` . The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with `alias/aws/` . That alias name prefix is reserved for [AWS managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) .", + "description": "The `AWS::KMS::Alias` resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) . You can use an alias to identify a KMS key in the AWS KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) , such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html) .\n\n> Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* . \n\nUsing an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS Regions . For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *AWS Key Management Service Developer Guide* .\n\nWhen specifying an alias, observe the following rules.\n\n- Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key.\n- The alias and its associated KMS key must be in the same AWS account and Region.\n- The alias name must be unique in the AWS account and Region. However, you can create aliases with the same name in different AWS Regions . For example, you can have an `alias/projectKey` in multiple Regions, each of which is associated with a KMS key in its Region.\n- Each alias name must begin with `alias/` followed by a name, such as `alias/exampleKey` . The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with `alias/aws/` . That alias name prefix is reserved for [AWS managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) .", "properties": { "AliasName": "Specifies the alias name. This value must begin with `alias/` followed by a name, such as `alias/ExampleAlias` .\n\n> If you change the value of a `Replacement` property, such as `AliasName` , the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC). \n\nThe alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with `alias/aws/` . The `alias/aws/` prefix is reserved for [AWS managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) .\n\n*Pattern* : `alias/^[a-zA-Z0-9/_-]+$`\n\n*Minimum* : `1`\n\n*Maximum* : `256`", "TargetKeyId": "Associates the alias with the specified [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) . The KMS key must be in the same AWS account and Region.\n\nA valid key ID is required. If you supply a null or empty string value, this operation returns an error.\n\nFor help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *AWS Key Management Service Developer Guide* .\n\nSpecify the key ID or the key ARN of the KMS key.\n\nFor example:\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n\nTo get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) ." @@ -22697,7 +22697,7 @@ "KeyId": "The key ID of the KMS key, such as `1234abcd-12ab-34cd-56ef-1234567890ab` .\n\nFor information about the key ID of a KMS key, see [Key ID](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id) in the *AWS Key Management Service Developer Guide* .", "Ref": "`Ref` returns the key ID, such as `1234abcd-12ab-34cd-56ef-1234567890ab` ." }, - "description": "The `AWS::KMS::Key` resource specifies a [symmetric or asymmetric](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service ( AWS KMS ).\n\n> AWS KMS is replacing the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. \n\nYou can use symmetric KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use symmetric KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [What is AWS Key Management Service ?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value.\n\n> If you change the value of a `Replacement` property, such as `KeyUsage` or `KeySpec` , on an existing KMS key, the existing KMS key is [scheduled for deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) and a new KMS key is created with the specified value.\n> \n> While scheduled for deletion, the existing KMS key becomes unusable. If you don't [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the existing KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted.", + "description": "The `AWS::KMS::Key` resource specifies a [symmetric or asymmetric](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service ( AWS KMS ).\n\nYou can use the `AWS::KMS::Key` resource to specify a multi-Region primary key (symmetric or asymmetric). To specify a replica key, use the [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource. For information about multi-Region keys, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\n> AWS KMS is replacing the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. \n\nYou can use symmetric KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use symmetric KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [What is AWS Key Management Service ?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value.\n\n> If you change the value of a `Replacement` property, such as `KeyUsage` or `KeySpec` , on an existing KMS key, the existing KMS key is [scheduled for deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) and a new KMS key is created with the specified value.\n> \n> While scheduled for deletion, the existing KMS key becomes unusable. If you don't [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the existing KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted.", "properties": { "Description": "A description of the KMS key. Use a description that helps you to distinguish this KMS key from others in the account, such as its intended use.", "EnableKeyRotation": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n\nAWS KMS does not support automatic key rotation on asymmetric KMS keys. For asymmetric KMS keys, omit the `EnableKeyRotation` property or set it to `false` .\n\nWhen you enable automatic rotation, AWS KMS automatically creates new key material for the KMS key 365 days after the enable (or reenable) date and every 365 days thereafter. AWS KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *AWS Key Management Service Developer Guide* .", @@ -22705,9 +22705,9 @@ "KeyPolicy": "The key policy that authorizes use of the KMS key. The key policy must conform to the following rules.\n\n- The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section of the **AWS Key Management Service Developer Guide** .\n- Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS . When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS . For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *AWS Identity and Access Management User Guide* .\n- The key policy size limit is 32 kilobytes (32768 bytes).\n\nIf you are unsure of which policy to use, consider the *default key policy* . This is the key policy that AWS KMS applies to KMS keys that are created by using the CreateKey API with no specified key policy. It gives the AWS account that owns the key permission to perform all operations on the key. It also allows you write IAM policies to authorize access to the key. For details, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *AWS Key Management Service Developer Guide* .\n\n*Minimum* : `1`\n\n*Maximum* : `32768`", "KeySpec": "Specifies the type of KMS key to create. The default value, `SYMMETRIC_DEFAULT` , creates a KMS key with a 256-bit symmetric key for encryption and decryption. For help choosing a key spec for your KMS key, see [How to choose Your KMS key configuration](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *AWS Key Management Service Developer Guide* .\n\nThe `KeySpec` property determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that the KMS key supports. You can't change the `KeySpec` after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [kms:EncryptionAlgorithm](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) or [kms:Signing Algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) in the *AWS Key Management Service Developer Guide* .\n\n> If you change the `KeySpec` of an existing KMS key, the existing KMS key is scheduled for deletion and a new KMS key is created with the specified `KeySpec` value. While the scheduled deletion is pending, you can't use the existing KMS key. Unless you [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. > [AWS services that are integrated with AWS KMS](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric KMS keys to protect your data. These services do not support asymmetric KMS keys. For help determining whether a KMS key is symmetric or asymmetric, see [Identifying Symmetric and Asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *AWS Key Management Service Developer Guide* . \n\nAWS KMS supports the following key specs for KMS keys:\n\n- Symmetric key (default)\n\n- `SYMMETRIC_DEFAULT` (AES-256-GCM)\n- Asymmetric RSA key pairs\n\n- `RSA_2048`\n- `RSA_3072`\n- `RSA_4096`\n- Asymmetric NIST-recommended elliptic curve key pairs\n\n- `ECC_NIST_P256` (secp256r1)\n- `ECC_NIST_P384` (secp384r1)\n- `ECC_NIST_P521` (secp521r1)\n- Other asymmetric elliptic curve key pairs\n\n- `ECC_SECG_P256K1` (secp256k1), commonly used for cryptocurrencies.", "KeyUsage": "Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is `ENCRYPT_DECRYPT` . This property is required only for asymmetric KMS keys. You can't change the `KeyUsage` value after the KMS key is created.\n\n> If you change the `KeyUsage` of an existing KMS key, the existing KMS key is scheduled for deletion and a new KMS key is created with the specified `KeyUsage` value. While the scheduled deletion is pending, you can't use the existing KMS key. Unless you [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. \n\nSelect only one valid value.\n\n- For symmetric KMS keys, omit the property or specify `ENCRYPT_DECRYPT` .\n- For asymmetric KMS keys with RSA key material, specify `ENCRYPT_DECRYPT` or `SIGN_VERIFY` .\n- For asymmetric KMS keys with ECC key material, specify `SIGN_VERIFY` .", - "MultiRegion": "Creates a multi-Region primary key that you can replicate in other AWS Regions .\n\n> If you change the `MultiRegion` property of an existing KMS key, the existing KMS key is scheduled for deletion and a new KMS key is created with the specified `Multi-Region` value. While the scheduled deletion is pending, you can't use the existing KMS key. Unless you [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. \n\nFor a multi-Region key, set to this property to `true` . For a single-Region key, omit this property or set it to `false` . The default value is `false` .\n\n*Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Using multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can create a symmetric or asymmetric multi-Region key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store.\n\nTo create a replica of this primary key in a different AWS Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.", + "MultiRegion": "Creates a multi-Region primary key that you can replicate in other AWS Regions .\n\n> If you change the `MultiRegion` property of an existing KMS key, the existing KMS key is scheduled for deletion and a new KMS key is created with the specified `Multi-Region` value. While the scheduled deletion is pending, you can't use the existing KMS key. Unless you [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. \n\nFor a multi-Region key, set to this property to `true` . For a single-Region key, omit this property or set it to `false` . The default value is `false` .\n\n*Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can create a symmetric or asymmetric multi-Region key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store.\n\nTo create a replica of this primary key in a different AWS Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.", "PendingWindowInDays": "Specifies the number of days in the waiting period before AWS KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.\n\nWhen you remove a KMS key from a CloudFormation stack, AWS KMS schedules the KMS key for deletion and starts the mandatory waiting period. The `PendingWindowInDays` property determines the length of waiting period. During the waiting period, the key state of KMS key is `Pending Deletion` or `Pending Replica Deletion` , which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the KMS key.\n\nAWS KMS will not delete a [multi-Region primary key](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to `PendingReplicaDeletion` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to `PendingDeletion` and the waiting period specified by `PendingWindowInDays` begins. When this waiting period expires, AWS KMS deletes the primary key. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *AWS Key Management Service Developer Guide* .\n\nYou cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the AWS KMS console or the [CancelKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) operation.\n\nFor information about the `Pending Deletion` and `Pending Replica Deletion` key states, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *AWS Key Management Service Developer Guide* . For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *AWS Key Management Service API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *AWS Key Management Service Developer Guide* .\n\n*Minimum* : 7\n\n*Maximum* : 30", - "Tags": "Assigns one or more tags to the replica key.\n\n> Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [Using ABAC in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* . \n\nFor information about tags in AWS KMS , see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) in the *AWS Key Management Service Developer Guide* . For information about tags in CloudFormation, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." + "Tags": "Assigns one or more tags to the replica key.\n\n> Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [ABAC for AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* . \n\nFor information about tags in AWS KMS , see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) in the *AWS Key Management Service Developer Guide* . For information about tags in CloudFormation, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." } }, "AWS::KMS::ReplicaKey": { @@ -22716,14 +22716,14 @@ "KeyId": "The key ID of the replica key, such as `mrk-1234abcd12ab34cd56ef1234567890ab` .\n\nRelated multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see [How multi-Region keys work](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-how-it-works) in the *AWS Key Management Service Developer Guide* .", "Ref": "`Ref` returns the key ID, such as `mrk-1234abcd12ab34cd56ef1234567890ab` ." }, - "description": "The `AWS::KMS::ReplicaKey` resource specifies a multi-Region replica key that is based on a multi-Region primary key.\n\n*Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Using multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nA multi-Region *primary key* is a fully functional symmetric or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an [AWS::KMS::Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html) resource to your CloudFormation stack. Set its `MultiRegion` property to true.\n\nA multi-Region *replica key* is a fully functional symmetric or asymmetric KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .\n\nA primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as *shared properties* . If they change, AWS KMS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS KMS does not synchronize these properties.", + "description": "The `AWS::KMS::ReplicaKey` resource specifies a multi-Region replica key that is based on a multi-Region primary key.\n\n*Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nA multi-Region *primary key* is a fully functional symmetric or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an [AWS::KMS::Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html) resource to your CloudFormation stack. Set its `MultiRegion` property to true.\n\nA multi-Region *replica key* is a fully functional symmetric or asymmetric KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .\n\nA primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as *shared properties* . If they change, AWS KMS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS KMS does not synchronize these properties.", "properties": { "Description": "A description of the KMS key.\n\nThe default value is an empty string (no description).\n\nThe description is not a shared property of multi-Region keys. You can specify the same description or a different description for each key in a set of related multi-Region keys. AWS Key Management Service does not synchronize this property.", "Enabled": "Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations.\n\nWhen `Enabled` is `true` , the *key state* of the KMS key is `Enabled` . When `Enabled` is `false` , the key state of the KMS key is `Disabled` . The default value is `true` .\n\nThe actual key state of the replica might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html) , [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html) , or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations. Also, while the replica key is being created, its key state is `Creating` . When the process is complete, the key state of the replica key changes to `Enabled` .\n\nFor information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *AWS Key Management Service Developer Guide* .", "KeyPolicy": "The key policy that authorizes use of the replica key.\n\nThe key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different key policy for each key in a set of related multi-Region keys. AWS KMS does not synchronize this property.\n\nThe key policy must conform to the following rules.\n\n- The key policy must give the caller [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) permission on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section of the **AWS Key Management Service Developer Guide** .\n- Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS . When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS . For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *AWS Identity and Access Management User Guide* .\n- The key policy size limit is 32 kilobytes (32768 bytes).\n\n*Minimum* : `1`\n\n*Maximum* : `32768`", "PendingWindowInDays": "Specifies the number of days in the waiting period before AWS KMS deletes a replica key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.\n\nWhen you remove a replica key from a CloudFormation stack, AWS KMS schedules the replica key for deletion and starts the mandatory waiting period. The `PendingWindowInDays` property determines the length of waiting period. During the waiting period, the key state of replica key is `Pending Deletion` , which prevents it from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the replica key.\n\nYou cannot use a CloudFormation template to cancel deletion of the replica after you remove it from the stack, regardless of the waiting period. However, if you specify a replica key in your template that is based on the same primary key as the original replica key, CloudFormation creates a new replica key with the same key ID, key material, and other shared properties of the original replica key. This new replica key can decrypt ciphertext that was encrypted under the original replica key, or any related multi-Region key.\n\nFor detailed information about deleting multi-Region keys, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *AWS Key Management Service Developer Guide* .\n\nFor information about the `PendingDeletion` key state, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *AWS Key Management Service Developer Guide* . For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *AWS Key Management Service API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *AWS Key Management Service Developer Guide* .\n\n*Minimum* : 7\n\n*Maximum* : 30", "PrimaryKeyArn": "Specifies the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS partition. You can create only one replica of a given primary key in each AWS Region .\n\n> If you change the `PrimaryKeyArn` value of a replica key, the existing replica key is scheduled for deletion and a new replica key is created based on the specified primary key. While it is scheduled for deletion, the existing replica key becomes unusable. You can cancel the scheduled deletion of the key outside of CloudFormation.\n> \n> However, if you inadvertently delete a replica key, you can decrypt ciphertext encrypted by that replica key by using any related multi-Region key. If necessary, you can recreate the replica in the same Region after the previous one is completely deleted. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *AWS Key Management Service Developer Guide* \n\nSpecify the key ARN of an existing multi-Region primary key. For example, `arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab` .", - "Tags": "Assigns one or more tags to the replica key.\n\n> Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [Using ABAC in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* . \n\nTags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. AWS KMS does not synchronize this property.\n\nEach tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, AWS KMS replaces the current tag value with the specified one.\n\nWhen you assign tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) ." + "Tags": "Assigns one or more tags to the replica key.\n\n> Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [ABAC for AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* . \n\nTags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. AWS KMS does not synchronize this property.\n\nEach tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, AWS KMS replaces the current tag value with the specified one.\n\nWhen you assign tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) ." } }, "AWS::Kendra::DataSource": { @@ -31628,7 +31628,7 @@ "LastUpdatedTime": "The time this dataset version was last updated.", "OutputColumns": "" }, - "description": "Creates a dataset.", + "description": "Creates a dataset. This operation doesn't support datasets that include uploaded files as a source.", "properties": { "AwsAccountId": "The AWS account ID.", "ColumnGroups": "Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.", From ef3538dc79e2dc480947bc71cc81bb011cc94e54 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Thu, 27 Jan 2022 09:56:26 +0000 Subject: [PATCH 02/26] chore(release): 1.141.0 --- CHANGELOG.md | 40 ++++++++++++++++++++++++++++++++++++++++ version.v1.json | 2 +- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dc314e3354418..6b6096290abec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,46 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.141.0](https://github.com/aws/aws-cdk/compare/v1.140.0...v1.141.0) (2022-01-27) + + +### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES + +* **servicecatalog:** `TagOptions` now have `scope` and `props` argument in constructor, and data is now passed via a `allowedValueForTags` field in props + +### Features + +* **assertions:** support assertions on stack messages ([#18521](https://github.com/aws/aws-cdk/issues/18521)) ([cb86e30](https://github.com/aws/aws-cdk/commit/cb86e30391aefdda13e6b0d4b3be2fedf76477c8)), closes [#18347](https://github.com/aws/aws-cdk/issues/18347) +* **assertions:** support for conditions ([#18577](https://github.com/aws/aws-cdk/issues/18577)) ([55ff1b2](https://github.com/aws/aws-cdk/commit/55ff1b2e69f1b42bbbecd9dc95e17f2ffc35f94e)), closes [#18560](https://github.com/aws/aws-cdk/issues/18560) +* **aws-ecs-patterns:** adding support for custom HealthCheck while creating QueueProcessingFargateService ([#18219](https://github.com/aws/aws-cdk/issues/18219)) ([0ca81a1](https://github.com/aws/aws-cdk/commit/0ca81a118d3d54b87d2d05a53fb72e4efe03b591)), closes [#15636](https://github.com/aws/aws-cdk/issues/15636) +* **certificatemanager:** DnsValidatedCertificate DNS record cleanup ([#18311](https://github.com/aws/aws-cdk/issues/18311)) ([36d356d](https://github.com/aws/aws-cdk/commit/36d356d0b3e422f7451f4b0dd2f971aa0378210e)), closes [#3333](https://github.com/aws/aws-cdk/issues/3333) [#7063](https://github.com/aws/aws-cdk/issues/7063) +* **cfnspec:** cloudformation spec v53.1.0 ([#18588](https://github.com/aws/aws-cdk/issues/18588)) ([a283a48](https://github.com/aws/aws-cdk/commit/a283a482dead64e94383ba21cc7908f10c4459a2)) +* **cfnspec:** cloudformation spec v53.1.0 ([#18658](https://github.com/aws/aws-cdk/issues/18658)) ([2eda19e](https://github.com/aws/aws-cdk/commit/2eda19e510374426190531810cff518d582644ad)) +* **ec2:** session timeout and login banner for client vpn endpoint ([#18590](https://github.com/aws/aws-cdk/issues/18590)) ([7294118](https://github.com/aws/aws-cdk/commit/72941180a7188e5560a58f1509554ef038544ec4)) +* **ecs:** add `BaseService.fromServiceArnWithCluster()` for use in CodePipeline ([#18530](https://github.com/aws/aws-cdk/issues/18530)) ([3d192a9](https://github.com/aws/aws-cdk/commit/3d192a9a832857cb246d719a68b4b8f40d807fed)) +* **iotevents:** add DetectorModel L2 Construct ([#18049](https://github.com/aws/aws-cdk/issues/18049)) ([d0960f1](https://github.com/aws/aws-cdk/commit/d0960f181e5f66daa1eb53be2190b7e62bd66030)), closes [#17711](https://github.com/aws/aws-cdk/issues/17711) [#17711](https://github.com/aws/aws-cdk/issues/17711) +* **lambda-nodejs:** Allow setting mainFields for esbuild ([#18569](https://github.com/aws/aws-cdk/issues/18569)) ([0e78aeb](https://github.com/aws/aws-cdk/commit/0e78aeb9ad62226e67f72f23c0008ba749b3a73b)) +* **s3:** custom role for the bucket notifications handler ([#17794](https://github.com/aws/aws-cdk/issues/17794)) ([43f232d](https://github.com/aws/aws-cdk/commit/43f232ddc0a18e9a2fada2fbead758ab3538adc2)), closes [#9918](https://github.com/aws/aws-cdk/issues/9918) [#13241](https://github.com/aws/aws-cdk/issues/13241) +* **servicecatalog:** Create TagOptions Construct ([#18314](https://github.com/aws/aws-cdk/issues/18314)) ([903c4b6](https://github.com/aws/aws-cdk/commit/903c4b6e4adf676fae42265a048dddd0e1386542)), closes [#17753](https://github.com/aws/aws-cdk/issues/17753) + + +### Bug Fixes + +* **apigatewayv2:** websocket api: allow all methods in grant manage connections ([#18544](https://github.com/aws/aws-cdk/issues/18544)) ([41c8a3f](https://github.com/aws/aws-cdk/commit/41c8a3fa6b50a94affb65286d862056050d02e84)), closes [#18410](https://github.com/aws/aws-cdk/issues/18410) +* **aws-apigateway:** cross region authorizer ref ([#18444](https://github.com/aws/aws-cdk/issues/18444)) ([0e0a092](https://github.com/aws/aws-cdk/commit/0e0a0922ba1d538abdfeb61a260c262109115038)) +* **cli:** hotswap should wait for lambda's `updateFunctionCode` to complete ([#18536](https://github.com/aws/aws-cdk/issues/18536)) ([0e08eeb](https://github.com/aws/aws-cdk/commit/0e08eebd2f13ab0da6cac7b91288845cad530192)), closes [#18386](https://github.com/aws/aws-cdk/issues/18386) [#18386](https://github.com/aws/aws-cdk/issues/18386) +* **ecs:** only works in 'aws' partition ([#18496](https://github.com/aws/aws-cdk/issues/18496)) ([525ac07](https://github.com/aws/aws-cdk/commit/525ac07369e33e2f36b7a0eea7913e43649484db)), closes [#18429](https://github.com/aws/aws-cdk/issues/18429) +* **ecs-patterns:** Fix Network Load Balancer Port assignments in ECS Patterns ([#18157](https://github.com/aws/aws-cdk/issues/18157)) ([1393729](https://github.com/aws/aws-cdk/commit/13937299596d0b858d56e9116bf7a7dbe039d4b4)), closes [#18073](https://github.com/aws/aws-cdk/issues/18073) +* **elasticloadbalancingv2:** ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions ([#18558](https://github.com/aws/aws-cdk/issues/18558)) ([bde1795](https://github.com/aws/aws-cdk/commit/bde17950293309b7449fc412301634770b47111f)), closes [#18367](https://github.com/aws/aws-cdk/issues/18367) +* **pipelines:** CodeBuild projects are hard to tell apart ([#18492](https://github.com/aws/aws-cdk/issues/18492)) ([f6dab8d](https://github.com/aws/aws-cdk/commit/f6dab8d8c5aa4cf56d6846e2d13c1d5641136f72)) +* **region-info:** incorrect codedeploy service principals ([#18505](https://github.com/aws/aws-cdk/issues/18505)) ([16db963](https://github.com/aws/aws-cdk/commit/16db9639e86f1fd6f26a1054f4d6df24801d0f05)) +* **route53:** add RoutingControlArn to HealthCheck patch ([#18645](https://github.com/aws/aws-cdk/issues/18645)) ([c58e8bb](https://github.com/aws/aws-cdk/commit/c58e8bbbcb0a66c37b65cddc1da8d19dfbf26b4f)), closes [#18570](https://github.com/aws/aws-cdk/issues/18570) +* **s3:** add missing safe actions to `grantWrite`, `grantReadWrite` and `grantPut` methods ([#18494](https://github.com/aws/aws-cdk/issues/18494)) ([940d043](https://github.com/aws/aws-cdk/commit/940d0439cd347f06d755f3e3dd0582470749f710)), closes [#13616](https://github.com/aws/aws-cdk/issues/13616) +* **secretsmanager:** SecretRotation for secret imported by name has incorrect permissions ([#18567](https://github.com/aws/aws-cdk/issues/18567)) ([9ed263c](https://github.com/aws/aws-cdk/commit/9ed263cde0b41959ff267720c0978bfe7449337a)), closes [#18424](https://github.com/aws/aws-cdk/issues/18424) +* **stepfunctions:** task token integration cannot be used with API Gateway ([#18595](https://github.com/aws/aws-cdk/issues/18595)) ([678eede](https://github.com/aws/aws-cdk/commit/678eeded5d5631dbacff43ead697ecbd3bd4b27d)), closes [#14184](https://github.com/aws/aws-cdk/issues/14184) [#14181](https://github.com/aws/aws-cdk/issues/14181) +* **stepfunctions-tasks:** cluster creation fails with unresolved release labels ([#18288](https://github.com/aws/aws-cdk/issues/18288)) ([9940952](https://github.com/aws/aws-cdk/commit/9940952d67bdf07f3d737dc88676dc7f7c435a12)) +* **synthetics:** correct getbucketlocation policy ([#13573](https://github.com/aws/aws-cdk/issues/13573)) ([e743525](https://github.com/aws/aws-cdk/commit/e743525b6379371110d737bb360f637c41d30ca1)), closes [#13572](https://github.com/aws/aws-cdk/issues/13572) + ## [1.140.0](https://github.com/aws/aws-cdk/compare/v1.139.0...v1.140.0) (2022-01-20) diff --git a/version.v1.json b/version.v1.json index b2dc0b4c0995b..98a18d4b799df 100644 --- a/version.v1.json +++ b/version.v1.json @@ -1,3 +1,3 @@ { - "version": "1.140.0" + "version": "1.141.0" } \ No newline at end of file From f38505911a3e140a9cb6b269bdf22abe9803c515 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Thu, 27 Jan 2022 02:42:22 -0800 Subject: [PATCH 03/26] feat(cfnspec): cloudformation spec v53.1.0 (#18680) Co-authored-by: AWS CDK Team Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- packages/@aws-cdk/cfnspec/CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/@aws-cdk/cfnspec/CHANGELOG.md b/packages/@aws-cdk/cfnspec/CHANGELOG.md index 714b8cbd42283..00e937a053bd3 100644 --- a/packages/@aws-cdk/cfnspec/CHANGELOG.md +++ b/packages/@aws-cdk/cfnspec/CHANGELOG.md @@ -1,4 +1,9 @@ +## Unapplied changes + +* AWS::ECS is at 51.0.0 + + ## Unapplied changes * AWS::ECS is at 51.0.0 From 9b815d467007006100677adf769a885f370c887f Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 27 Jan 2022 16:49:44 +0100 Subject: [PATCH 04/26] chore(cfnspec): outdated spec complaints on every run (#18689) We recently changed the cfnspec bump to always succeed, and simply record which specs have been held back because they contain errors. Except we didn't do it completely right, and now it complains on every single run about specs that are outdated, instead of only when the spec actually gets bumped. Fix that. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/cfnspec/CHANGELOG.md | 10 ---------- packages/@aws-cdk/cfnspec/build-tools/update.sh | 12 ++++++++---- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/CHANGELOG.md b/packages/@aws-cdk/cfnspec/CHANGELOG.md index 00e937a053bd3..ae7be92395bca 100644 --- a/packages/@aws-cdk/cfnspec/CHANGELOG.md +++ b/packages/@aws-cdk/cfnspec/CHANGELOG.md @@ -1,13 +1,3 @@ - -## Unapplied changes - -* AWS::ECS is at 51.0.0 - - -## Unapplied changes - -* AWS::ECS is at 51.0.0 - # CloudFormation Resource Specification v53.1.0 ## New Resource Types diff --git a/packages/@aws-cdk/cfnspec/build-tools/update.sh b/packages/@aws-cdk/cfnspec/build-tools/update.sh index 470b4d4de4d6a..9cb2376f1104e 100755 --- a/packages/@aws-cdk/cfnspec/build-tools/update.sh +++ b/packages/@aws-cdk/cfnspec/build-tools/update.sh @@ -61,13 +61,17 @@ update-spec \ spec-source/specification/000_cfn/000_official \ true true +old_version=$(cat cfn.version) +new_version=$(node -p "require('${scriptdir}/../spec-source/specification/000_cfn/000_official/001_Version.json').ResourceSpecificationVersion") echo >&2 "Recording new version..." rm -f cfn.version -node -p "require('${scriptdir}/../spec-source/specification/000_cfn/000_official/001_Version.json').ResourceSpecificationVersion" > cfn.version +echo "$new_version" > cfn.version - -echo >&2 "Reporting outdated specs..." -node build-tools/report-issues spec-source/specification/000_cfn/000_official/ outdated >> CHANGELOG.md.new +# Only report outdated specs if we made changes, otherwise we're stuck reporting changes every time. +if [[ "$new_version" != "$old_version" ]]; then + echo >&2 "Reporting outdated specs..." + node build-tools/report-issues spec-source/specification/000_cfn/000_official/ outdated >> CHANGELOG.md.new +fi update-spec \ "Serverless Application Model (SAM) Resource Specification" \ From 6f27bd5d16926371b3bdc12486450a171137499a Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Thu, 27 Jan 2022 12:10:47 -0500 Subject: [PATCH 05/26] chore: make all examples compile (#18651) Fixes erroneous examples in these modules and turn on strict mode for each. - cloudformation - region-info - elasticloadbalancing - apigatewayv2 - codestarnotifications - codestar - chatbot - panorama - rekognition - efs - lambda-layer-node-proxy-agent - dynamodb-global - amplify - cloudwatch-actions - app-delivery ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/app-delivery/README.md | 17 ++-- packages/@aws-cdk/app-delivery/package.json | 9 +- packages/@aws-cdk/aws-amplify/README.md | 90 ++++++++++++------- packages/@aws-cdk/aws-amplify/lib/app.ts | 2 +- packages/@aws-cdk/aws-amplify/package.json | 9 +- .../aws-amplify/rosetta/default.ts-fixture | 11 +++ packages/@aws-cdk/aws-apigatewayv2/README.md | 29 +++--- .../@aws-cdk/aws-apigatewayv2/package.json | 9 +- packages/@aws-cdk/aws-chatbot/README.md | 3 +- packages/@aws-cdk/aws-chatbot/package.json | 9 +- .../aws-chatbot/rosetta/default.ts-fixture | 10 +++ .../aws-cloudformation/lib/custom-resource.ts | 22 ++++- .../@aws-cdk/aws-cloudformation/package.json | 9 +- .../@aws-cdk/aws-cloudwatch-actions/README.md | 5 +- .../aws-cloudwatch-actions/package.json | 9 +- .../rosetta/default.ts-fixture | 12 +++ packages/@aws-cdk/aws-codestar/README.md | 6 +- packages/@aws-cdk/aws-codestar/package.json | 9 +- .../aws-codestar/rosetta/default.ts-fixture | 10 +++ .../aws-codestarnotifications/README.md | 8 +- .../aws-codestarnotifications/package.json | 9 +- .../rosetta/default.ts-fixture | 10 +++ .../@aws-cdk/aws-dynamodb-global/README.md | 4 +- .../@aws-cdk/aws-dynamodb-global/package.json | 9 +- packages/@aws-cdk/aws-efs/README.md | 4 +- packages/@aws-cdk/aws-efs/package.json | 9 +- .../with-filesystem-instance.ts-fixture | 1 + .../aws-elasticloadbalancing/README.md | 20 +++-- .../aws-elasticloadbalancing/package.json | 9 +- .../rosetta/default.ts-fixture | 13 +++ packages/@aws-cdk/aws-panorama/package.json | 7 ++ .../@aws-cdk/aws-rekognition/package.json | 7 ++ .../lambda-layer-node-proxy-agent/README.md | 7 +- .../package.json | 9 +- .../rosetta/default.ts-fixture | 10 +++ packages/@aws-cdk/region-info/README.md | 30 +++---- packages/@aws-cdk/region-info/package.json | 9 +- .../region-info/rosetta/default.ts-fixture | 11 +++ 38 files changed, 355 insertions(+), 111 deletions(-) create mode 100644 packages/@aws-cdk/aws-amplify/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-chatbot/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-cloudwatch-actions/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-codestar/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-codestarnotifications/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-elasticloadbalancing/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/lambda-layer-node-proxy-agent/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/region-info/rosetta/default.ts-fixture diff --git a/packages/@aws-cdk/app-delivery/README.md b/packages/@aws-cdk/app-delivery/README.md index a60f4590dc39f..cd8e80e218bba 100644 --- a/packages/@aws-cdk/app-delivery/README.md +++ b/packages/@aws-cdk/app-delivery/README.md @@ -59,6 +59,10 @@ import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; import * as cdk from '@aws-cdk/core'; import * as cicd from '@aws-cdk/app-delivery'; +import * as iam from '@aws-cdk/aws-iam'; + +class MyServiceStackA extends cdk.Stack {} +class MyServiceStackB extends cdk.Stack {} const app = new cdk.App(); @@ -77,7 +81,9 @@ const sourceOutput = new codepipeline.Artifact(); const source = new codepipeline_actions.GitHubSourceAction({ actionName: 'GitHub', output: sourceOutput, - /* ... */ + owner: 'myName', + repo: 'myRepo', + oauthToken: cdk.SecretValue.plainText('secret'), }); pipeline.addStage({ stageName: 'source', @@ -129,10 +135,11 @@ deployStage.addAction(deployServiceAAction); // is passed to CloudFormation and needs the permissions necessary to deploy // stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above, // users should understand the privileged nature of this role. -deployServiceAAction.addToRolePolicy(new iam.PolicyStatement({ - actions: ['service:SomeAction'], - resources: [myResource.myResourceArn], - // add more Action(s) and/or Resource(s) here, as needed +const myResourceArn = 'arn:partition:service:region:account-id:resource-id'; +deployServiceAAction.addToDeploymentRolePolicy(new iam.PolicyStatement({ + actions: ['service:SomeAction'], + resources: [myResourceArn], + // add more Action(s) and/or Resource(s) here, as needed })); const serviceStackB = new MyServiceStackB(app, 'ServiceStackB', { /* ... */ }); diff --git a/packages/@aws-cdk/app-delivery/package.json b/packages/@aws-cdk/app-delivery/package.json index 7f57bf73f19d3..8d3da28ad60ba 100644 --- a/packages/@aws-cdk/app-delivery/package.json +++ b/packages/@aws-cdk/app-delivery/package.json @@ -29,7 +29,14 @@ } }, "outdir": "dist", - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "scripts": { "build": "cdk-build", diff --git a/packages/@aws-cdk/aws-amplify/README.md b/packages/@aws-cdk/aws-amplify/README.md index c015bd38494e8..04d9f0d95bf08 100644 --- a/packages/@aws-cdk/aws-amplify/README.md +++ b/packages/@aws-cdk/aws-amplify/README.md @@ -29,37 +29,36 @@ To set up an Amplify Console app, define an `App`: ```ts import * as codebuild from '@aws-cdk/aws-codebuild'; -import * as amplify from '@aws-cdk/aws-amplify'; -import * as cdk from '@aws-cdk/core'; const amplifyApp = new amplify.App(this, 'MyApp', { sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ owner: '', repository: '', - oauthToken: cdk.SecretValue.secretsManager('my-github-token') + oauthToken: SecretValue.secretsManager('my-github-token'), }), - buildSpec: codebuild.BuildSpec.fromObjectToYaml({ // Alternatively add a `amplify.yml` to the repo + buildSpec: codebuild.BuildSpec.fromObjectToYaml({ + // Alternatively add a `amplify.yml` to the repo version: '1.0', frontend: { phases: { preBuild: { commands: [ - 'yarn' - ] + 'yarn', + ], }, build: { commands: [ - 'yarn build' - ] - } + 'yarn build', + ], + }, }, artifacts: { baseDirectory: 'public', files: - - '**/*' - } - } - }) + - '**/*', + }, + }, + }), }); ``` @@ -70,20 +69,22 @@ const amplifyApp = new amplify.App(this, 'MyApp', { sourceCodeProvider: new amplify.GitLabSourceCodeProvider({ owner: '', repository: '', - oauthToken: cdk.SecretValue.secretsManager('my-gitlab-token') - }) + oauthToken: SecretValue.secretsManager('my-gitlab-token'), + }), }); ``` To connect your `App` to CodeCommit, use the `CodeCommitSourceCodeProvider`: ```ts +import * as codecommit from '@aws-cdk/aws-codecommit'; + const repository = new codecommit.Repository(this, 'Repo', { - repositoryName: 'my-repo' + repositoryName: 'my-repo', }); const amplifyApp = new amplify.App(this, 'App', { - sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository }) + sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository }), }); ``` @@ -93,6 +94,8 @@ to pull the CodeCommit repository. Add branches: ```ts +declare const amplifyApp: amplify.App; + const master = amplifyApp.addBranch('master'); // `id` will be used as repo branch name const dev = amplifyApp.addBranch('dev'); dev.addEnvironment('STAGE', 'dev'); @@ -103,10 +106,11 @@ Auto build and pull request preview are enabled by default. Add custom rules for redirection: ```ts +declare const amplifyApp: amplify.App; amplifyApp.addCustomRule({ source: '/docs/specific-filename.html', target: '/documents/different-filename.html', - status: amplify.RedirectStatus.TEMPORARY_REDIRECT + status: amplify.RedirectStatus.TEMPORARY_REDIRECT, }); ``` @@ -117,12 +121,18 @@ file extensions: css, gif, ico, jpg, js, png, txt, svg, woff, ttf, map, json, webmanifest. ```ts +declare const mySinglePageApp: amplify.App; + mySinglePageApp.addCustomRule(amplify.CustomRule.SINGLE_PAGE_APPLICATION_REDIRECT); ``` Add a domain and map sub domains to branches: ```ts +declare const amplifyApp: amplify.App; +declare const master: amplify.Branch; +declare const dev: amplify.Branch; + const domain = amplifyApp.addDomain('example.com', { enableAutoSubdomain: true, // in case subdomains should be auto registered for branches autoSubdomainCreationPatterns: ['*', 'pr*'], // regex for branches that should auto register subdomains @@ -140,9 +150,12 @@ Use `BasicAuth.fromCredentials` when referencing an existing secret: ```ts const amplifyApp = new amplify.App(this, 'MyApp', { - repository: 'https://github.com//', - oauthToken: cdk.SecretValue.secretsManager('my-github-token'), - basicAuth: amplify.BasicAuth.fromCredentials('username', cdk.SecretValue.secretsManager('my-github-token')) + sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ + owner: '', + repository: '', + oauthToken: SecretValue.secretsManager('my-github-token'), + }), + basicAuth: amplify.BasicAuth.fromCredentials('username', SecretValue.secretsManager('my-github-token')), }); ``` @@ -150,17 +163,21 @@ Use `BasicAuth.fromGeneratedPassword` to generate a password in Secrets Manager: ```ts const amplifyApp = new amplify.App(this, 'MyApp', { - repository: 'https://github.com//', - oauthToken: cdk.SecretValue.secretsManager('my-github-token'), - basicAuth: amplify.BasicAuth.fromGeneratedPassword('username') + sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ + owner: '', + repository: '', + oauthToken: SecretValue.secretsManager('my-github-token'), + }), + basicAuth: amplify.BasicAuth.fromGeneratedPassword('username'), }); ``` Basic auth can be added to specific branches: ```ts -app.addBranch('feature/next', { - basicAuth: amplify.BasicAuth.fromGeneratedPassword('username') +declare const amplifyApp: amplify.App; +amplifyApp.addBranch('feature/next', { + basicAuth: amplify.BasicAuth.fromGeneratedPassword('username'), }); ``` @@ -171,11 +188,14 @@ of branches: ```ts const amplifyApp = new amplify.App(this, 'MyApp', { - repository: 'https://github.com//', - oauthToken: cdk.SecretValue.secretsManager('my-github-token'), + sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ + owner: '', + repository: '', + oauthToken: SecretValue.secretsManager('my-github-token'), + }), autoBranchCreation: { // Automatically connect branches that match a pattern set - patterns: ['feature/*', 'test/*'] - } + patterns: ['feature/*', 'test/*'], + }, autoBranchDeletion: true, // Automatically disconnect a branch when you delete a branch from your repository }); ``` @@ -185,11 +205,11 @@ const amplifyApp = new amplify.App(this, 'MyApp', { Use the `customResponseHeaders` prop to configure custom response headers for an Amplify app: ```ts -const amplifyApp = new amplify.App(stack, 'App', { +const amplifyApp = new amplify.App(this, 'App', { sourceCodeProvider: new amplify.GitHubSourceCodeProvider({ owner: '', repository: '', - oauthToken: cdk.SecretValue.secretsManager('my-github-token') + oauthToken: SecretValue.secretsManager('my-github-token'), }), customResponseHeaders: [ { @@ -214,7 +234,9 @@ const amplifyApp = new amplify.App(stack, 'App', { `sourceCodeProvider` is optional; when this is not specified the Amplify app can be deployed to using `.zip` packages. The `asset` property can be used to deploy S3 assets to Amplify as part of the CDK: ```ts -const asset = new assets.Asset(this, "SampleAsset", {}); -const amplifyApp = new amplify.App(this, 'MyApp', {}); +import * as assets from '@aws-cdk/aws-s3-assets'; + +declare const asset: assets.Asset; +declare const amplifyApp: amplify.App; const branch = amplifyApp.addBranch("dev", { asset: asset }); ``` diff --git a/packages/@aws-cdk/aws-amplify/lib/app.ts b/packages/@aws-cdk/aws-amplify/lib/app.ts index 030dc58059a6e..bedec6e9e58ac 100644 --- a/packages/@aws-cdk/aws-amplify/lib/app.ts +++ b/packages/@aws-cdk/aws-amplify/lib/app.ts @@ -28,7 +28,7 @@ export interface SourceCodeProviderConfig { /** * The repository for the application. Must use the `HTTPS` protocol. * - * @example https://github.com/aws/aws-cdk + * For example, `https://github.com/aws/aws-cdk`. */ readonly repository: string; diff --git a/packages/@aws-cdk/aws-amplify/package.json b/packages/@aws-cdk/aws-amplify/package.json index 7360eadcffaf4..e546c68ed28c4 100644 --- a/packages/@aws-cdk/aws-amplify/package.json +++ b/packages/@aws-cdk/aws-amplify/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-amplify/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-amplify/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..922b7902f805d --- /dev/null +++ b/packages/@aws-cdk/aws-amplify/rosetta/default.ts-fixture @@ -0,0 +1,11 @@ +// Fixture with packages imported, but nothing else +import { SecretValue, Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; +import * as amplify from '@aws-cdk/aws-amplify'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} diff --git a/packages/@aws-cdk/aws-apigatewayv2/README.md b/packages/@aws-cdk/aws-apigatewayv2/README.md index ccecf1546466f..5e0a110082ab9 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/README.md +++ b/packages/@aws-cdk/aws-apigatewayv2/README.md @@ -79,7 +79,7 @@ configures all other HTTP method calls to `/books` to a lambda proxy. ```ts import { HttpUrlIntegration, HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations'; -const getBooksIntegration = new HttpUrlIntegration('GetBooksIntegration' 'https://get-books-proxy.myproxy.internal'); +const getBooksIntegration = new HttpUrlIntegration('GetBooksIntegration', 'https://get-books-proxy.myproxy.internal'); declare const booksDefaultFn: lambda.Function; const booksDefaultIntegration = new HttpLambdaIntegration('BooksIntegration', booksDefaultFn); @@ -261,19 +261,21 @@ Mutual TLS can be configured to limit access to your API based by using client c ```ts import * as s3 from '@aws-cdk/aws-s3'; +import * as acm from '@aws-cdk/aws-certificatemanager'; + const certArn = 'arn:aws:acm:us-east-1:111111111111:certificate'; const domainName = 'example.com'; -const bucket = new s3.Bucket.fromBucketName(stack, 'TrustStoreBucket', ...); +declare const bucket: s3.Bucket; -new DomainName(stack, 'DomainName', { +new apigwv2.DomainName(this, 'DomainName', { domainName, - certificate: Certificate.fromCertificateArn(stack, 'cert', certArn), + certificate: acm.Certificate.fromCertificateArn(this, 'cert', certArn), mtls: { bucket, key: 'someca.pem', version: 'version', }, -}) +}); ``` Instructions for configuring your trust store can be found [here](https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/) @@ -408,17 +410,17 @@ Grant permission to use API Gateway Management API of a WebSocket API by calling You can use Management API to send a callback message to a connected client, get connection information, or disconnect the client. Learn more at [Use @connections commands in your backend service](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html). ```ts -const lambda = new lambda.Function(this, 'lambda', { /* ... */ }); +declare const fn: lambda.Function; -const webSocketApi = new WebSocketApi(stack, 'mywsapi'); -const stage = new WebSocketStage(stack, 'mystage', { +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi'); +const stage = new apigwv2.WebSocketStage(this, 'mystage', { webSocketApi, stageName: 'dev', }); // per stage permission -stage.grantManageConnections(lambda); +stage.grantManagementApiAccess(fn); // for all the stages permission -webSocketApi.grantManageConnections(lambda); +webSocketApi.grantManageConnections(fn); ``` ### Managing access to WebSocket APIs @@ -434,9 +436,8 @@ Websocket APIs also support usage of API Keys. An API Key is a key that is used To require an API Key when accessing the Websocket API: ```ts -const webSocketApi = new WebSocketApi(stack, 'mywsapi',{ - apiKeySelectionExpression: WebSocketApiKeySelectionExpression.HEADER_X_API_KEY, - }); -... +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi',{ + apiKeySelectionExpression: apigwv2.WebSocketApiKeySelectionExpression.HEADER_X_API_KEY, +}); ``` diff --git a/packages/@aws-cdk/aws-apigatewayv2/package.json b/packages/@aws-cdk/aws-apigatewayv2/package.json index c35e477c574e4..31ec578d85b51 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2/package.json @@ -32,7 +32,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-chatbot/README.md b/packages/@aws-cdk/aws-chatbot/README.md index 5e871bb81db48..6f868ff02e17d 100644 --- a/packages/@aws-cdk/aws-chatbot/README.md +++ b/packages/@aws-cdk/aws-chatbot/README.md @@ -18,6 +18,7 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aw ```ts import * as chatbot from '@aws-cdk/aws-chatbot'; import * as sns from '@aws-cdk/aws-sns'; +import * as iam from '@aws-cdk/aws-iam'; const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', { slackChannelConfigurationName: 'YOUR_CHANNEL_NAME', @@ -33,7 +34,7 @@ slackChannel.addToRolePolicy(new iam.PolicyStatement({ resources: ['arn:aws:s3:::abc/xyz/123.txt'], })); -slackChannel.addNotificationTopic(new sns.Topic(this, 'MyTopic')) +slackChannel.addNotificationTopic(new sns.Topic(this, 'MyTopic')); ``` ## Log Group diff --git a/packages/@aws-cdk/aws-chatbot/package.json b/packages/@aws-cdk/aws-chatbot/package.json index 2abb1900c7cfd..35a6887f3b5cb 100644 --- a/packages/@aws-cdk/aws-chatbot/package.json +++ b/packages/@aws-cdk/aws-chatbot/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-chatbot/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-chatbot/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..50d86e8a055ce --- /dev/null +++ b/packages/@aws-cdk/aws-chatbot/rosetta/default.ts-fixture @@ -0,0 +1,10 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudformation/lib/custom-resource.ts b/packages/@aws-cdk/aws-cloudformation/lib/custom-resource.ts index 9c30e6c08540c..b71a9f56aea61 100644 --- a/packages/@aws-cdk/aws-cloudformation/lib/custom-resource.ts +++ b/packages/@aws-cdk/aws-cloudformation/lib/custom-resource.ts @@ -99,21 +99,35 @@ export interface CustomResourceProps { * [resource provider framework]: https://docs.aws.amazon.com/cdk/api/latest/docs/custom-resources-readme.html * * ```ts - * // use the provider framework from aws-cdk/custom-resources: - * provider: new custom_resources.Provider({ + * import * as custom_resources from '@aws-cdk/custom-resources'; + * import * as lambda from '@aws-cdk/aws-lambda'; + * import { Stack } from '@aws-cdk/core'; + * declare const myOnEventLambda: lambda.Function; + * declare const myIsCompleteLambda: lambda.Function; + * const stack = new Stack(); + * + * const provider = new custom_resources.Provider(stack, 'myProvider', { * onEventHandler: myOnEventLambda, * isCompleteHandler: myIsCompleteLambda, // optional * }); * ``` * * ```ts + * import * as cloudformation from '@aws-cdk/aws-cloudformation'; + * import * as lambda from '@aws-cdk/aws-lambda'; + * declare const myFunction: lambda.Function; + * * // invoke an AWS Lambda function when a lifecycle event occurs: - * provider: CustomResourceProvider.fromLambda(myFunction) + * const provider = cloudformation.CustomResourceProvider.fromLambda(myFunction); * ``` * * ```ts + * import * as cloudformation from '@aws-cdk/aws-cloudformation'; + * import * as sns from '@aws-cdk/aws-sns'; + * declare const myTopic: sns.Topic; + * * // publish lifecycle events to an SNS topic: - * provider: CustomResourceProvider.fromTopic(myTopic) + * const provider = cloudformation.CustomResourceProvider.fromTopic(myTopic); * ``` */ readonly provider: ICustomResourceProvider; diff --git a/packages/@aws-cdk/aws-cloudformation/package.json b/packages/@aws-cdk/aws-cloudformation/package.json index 3671367db5817..0b15fd01bfe35 100644 --- a/packages/@aws-cdk/aws-cloudformation/package.json +++ b/packages/@aws-cdk/aws-cloudformation/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-cloudwatch-actions/README.md b/packages/@aws-cdk/aws-cloudwatch-actions/README.md index f13861a8c1555..99eb74e06eb54 100644 --- a/packages/@aws-cdk/aws-cloudwatch-actions/README.md +++ b/packages/@aws-cdk/aws-cloudwatch-actions/README.md @@ -17,12 +17,11 @@ The currently implemented actions are: EC2 Actions, SNS Actions, Autoscaling Act ## EC2 Action Example ```ts -import * as cw from "@aws-cdk/aws-cloudwatch"; // Alarm must be configured with an EC2 per-instance metric -let alarm: cw.Alarm; +declare const alarm: cloudwatch.Alarm; // Attach a reboot when alarm triggers alarm.addAlarmAction( - new Ec2Action(Ec2InstanceActions.REBOOT) + new actions.Ec2Action(actions.Ec2InstanceAction.REBOOT), ); ``` diff --git a/packages/@aws-cdk/aws-cloudwatch-actions/package.json b/packages/@aws-cdk/aws-cloudwatch-actions/package.json index 08a59bffab0d5..2a37790862f9b 100644 --- a/packages/@aws-cdk/aws-cloudwatch-actions/package.json +++ b/packages/@aws-cdk/aws-cloudwatch-actions/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-cloudwatch-actions/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-cloudwatch-actions/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..c473f965be130 --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch-actions/rosetta/default.ts-fixture @@ -0,0 +1,12 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; +import * as actions from '@aws-cdk/aws-cloudwatch-actions'; +import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codestar/README.md b/packages/@aws-cdk/aws-codestar/README.md index e9c6ec2e4bf75..6bdf425aab1d1 100644 --- a/packages/@aws-cdk/aws-codestar/README.md +++ b/packages/@aws-cdk/aws-codestar/README.md @@ -29,13 +29,13 @@ To create a new GitHub Repository and commit the assets from S3 bucket into the import * as codestar from '@aws-cdk/aws-codestar'; import * as s3 from '@aws-cdk/aws-s3' -new codestar.GitHubRepository(stack, 'GitHubRepo', { +new codestar.GitHubRepository(this, 'GitHubRepo', { owner: 'aws', repositoryName: 'aws-cdk', - accessToken: cdk.SecretValue.secretsManager('my-github-token', { + accessToken: SecretValue.secretsManager('my-github-token', { jsonField: 'token', }), - contentsBucket: s3.Bucket.fromBucketName(stack, 'Bucket', 'bucket-name'), + contentsBucket: s3.Bucket.fromBucketName(this, 'Bucket', 'bucket-name'), contentsKey: 'import.zip', }); ``` diff --git a/packages/@aws-cdk/aws-codestar/package.json b/packages/@aws-cdk/aws-codestar/package.json index e179f607ecbfc..a2ae9b1cbd339 100644 --- a/packages/@aws-cdk/aws-codestar/package.json +++ b/packages/@aws-cdk/aws-codestar/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-codestar/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-codestar/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..439308f8c0176 --- /dev/null +++ b/packages/@aws-cdk/aws-codestar/rosetta/default.ts-fixture @@ -0,0 +1,10 @@ +// Fixture with packages imported, but nothing else +import { SecretValue, Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codestarnotifications/README.md b/packages/@aws-cdk/aws-codestarnotifications/README.md index b13a33089b01a..ba1da9ced0026 100644 --- a/packages/@aws-cdk/aws-codestarnotifications/README.md +++ b/packages/@aws-cdk/aws-codestarnotifications/README.md @@ -39,17 +39,17 @@ import * as codebuild from '@aws-cdk/aws-codebuild'; import * as sns from '@aws-cdk/aws-sns'; import * as chatbot from '@aws-cdk/aws-chatbot'; -const project = new codebuild.PipelineProject(stack, 'MyProject'); +const project = new codebuild.PipelineProject(this, 'MyProject'); -const topic = new sns.Topic(stack, 'MyTopic1'); +const topic = new sns.Topic(this, 'MyTopic1'); -const slack = new chatbot.SlackChannelConfiguration(stack, 'MySlackChannel', { +const slack = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', { slackChannelConfigurationName: 'YOUR_CHANNEL_NAME', slackWorkspaceId: 'YOUR_SLACK_WORKSPACE_ID', slackChannelId: 'YOUR_SLACK_CHANNEL_ID', }); -const rule = new notifications.NotificationRule(stack, 'NotificationRule', { +const rule = new notifications.NotificationRule(this, 'NotificationRule', { source: project, events: [ 'codebuild-project-build-state-succeeded', diff --git a/packages/@aws-cdk/aws-codestarnotifications/package.json b/packages/@aws-cdk/aws-codestarnotifications/package.json index 251b0b0fa69f7..e6d2bf301f3b4 100644 --- a/packages/@aws-cdk/aws-codestarnotifications/package.json +++ b/packages/@aws-cdk/aws-codestarnotifications/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-codestarnotifications/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-codestarnotifications/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..50d86e8a055ce --- /dev/null +++ b/packages/@aws-cdk/aws-codestarnotifications/rosetta/default.ts-fixture @@ -0,0 +1,10 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-dynamodb-global/README.md b/packages/@aws-cdk/aws-dynamodb-global/README.md index a31c37eb3e114..77f2725e76797 100644 --- a/packages/@aws-cdk/aws-dynamodb-global/README.md +++ b/packages/@aws-cdk/aws-dynamodb-global/README.md @@ -26,9 +26,9 @@ import { App } from '@aws-cdk/core'; const app = new App(); new GlobalTable(app, 'globdynamodb', { - partitionKey: { name: 'hashKey', type: AttributeType.String }, + partitionKey: { name: 'hashKey', type: AttributeType.STRING }, tableName: 'GlobalTable', - regions: [ "us-east-1", "us-east-2", "us-west-2" ] + regions: [ "us-east-1", "us-east-2", "us-west-2" ], }); app.synth(); ``` diff --git a/packages/@aws-cdk/aws-dynamodb-global/package.json b/packages/@aws-cdk/aws-dynamodb-global/package.json index 61e2d44daab47..882e1b789e912 100644 --- a/packages/@aws-cdk/aws-dynamodb-global/package.json +++ b/packages/@aws-cdk/aws-dynamodb-global/package.json @@ -39,7 +39,14 @@ "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png" } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "keywords": [ "aws", diff --git a/packages/@aws-cdk/aws-efs/README.md b/packages/@aws-cdk/aws-efs/README.md index 1a26f9e0e9c5a..058198d0c897e 100644 --- a/packages/@aws-cdk/aws-efs/README.md +++ b/packages/@aws-cdk/aws-efs/README.md @@ -36,7 +36,7 @@ const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', { vpc: new ec2.Vpc(this, 'VPC'), lifecyclePolicy: efs.LifecyclePolicy.AFTER_14_DAYS, // files are not transitioned to infrequent access (IA) storage by default performanceMode: efs.PerformanceMode.GENERAL_PURPOSE, // default - outInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy.AFTER_1_ACCESS, // files are not transitioned back from (infrequent access) IA to primary storage by default + outOfInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy.AFTER_1_ACCESS, // files are not transitioned back from (infrequent access) IA to primary storage by default }); ``` @@ -159,6 +159,6 @@ You can configure the file system to be destroyed on stack deletion by setting a ```ts const fileSystem = new efs.FileSystem(this, 'EfsFileSystem', { vpc: new ec2.Vpc(this, 'VPC'), - removalPolicy: RemovalPolicy.DESTROY + removalPolicy: RemovalPolicy.DESTROY, }); ``` diff --git a/packages/@aws-cdk/aws-efs/package.json b/packages/@aws-cdk/aws-efs/package.json index 4ce72aacb86e5..09d1c1f6f2ca6 100644 --- a/packages/@aws-cdk/aws-efs/package.json +++ b/packages/@aws-cdk/aws-efs/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-efs/rosetta/with-filesystem-instance.ts-fixture b/packages/@aws-cdk/aws-efs/rosetta/with-filesystem-instance.ts-fixture index 092b572afa726..427e2ed030b4b 100644 --- a/packages/@aws-cdk/aws-efs/rosetta/with-filesystem-instance.ts-fixture +++ b/packages/@aws-cdk/aws-efs/rosetta/with-filesystem-instance.ts-fixture @@ -3,6 +3,7 @@ import { Stack } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as efs from '@aws-cdk/aws-efs'; import * as ec2 from '@aws-cdk/aws-ec2'; +import * as iam from '@aws-cdk/aws-iam'; class Fixture extends Stack { constructor(scope: Construct, id: string) { diff --git a/packages/@aws-cdk/aws-elasticloadbalancing/README.md b/packages/@aws-cdk/aws-elasticloadbalancing/README.md index 6d66ca5965c69..45ec1828bb466 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancing/README.md +++ b/packages/@aws-cdk/aws-elasticloadbalancing/README.md @@ -21,17 +21,19 @@ balancer, set up listeners and a health check, and supply the fleet(s) you want to load balance to in the `targets` property. ```ts +declare const vpc: ec2.IVpc; const lb = new elb.LoadBalancer(this, 'LB', { - vpc, - internetFacing: true, - healthCheck: { - port: 80 - }, + vpc, + internetFacing: true, + healthCheck: { + port: 80, + }, }); +declare const myAutoScalingGroup: autoscaling.AutoScalingGroup; lb.addTarget(myAutoScalingGroup); lb.addListener({ - externalPort: 80, + externalPort: 80, }); ``` @@ -39,8 +41,10 @@ The load balancer allows all connections by default. If you want to change that, pass the `allowConnectionsFrom` property while setting up the listener: ```ts +declare const mySecurityGroup: ec2.SecurityGroup; +declare const lb: elb.LoadBalancer; lb.addListener({ - externalPort: 80, - allowConnectionsFrom: [mySecurityGroup] + externalPort: 80, + allowConnectionsFrom: [mySecurityGroup], }); ``` diff --git a/packages/@aws-cdk/aws-elasticloadbalancing/package.json b/packages/@aws-cdk/aws-elasticloadbalancing/package.json index 190f42846901b..c43acdd739437 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancing/package.json +++ b/packages/@aws-cdk/aws-elasticloadbalancing/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-elasticloadbalancing/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-elasticloadbalancing/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..036e5ddf38c1b --- /dev/null +++ b/packages/@aws-cdk/aws-elasticloadbalancing/rosetta/default.ts-fixture @@ -0,0 +1,13 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; +import * as elb from '@aws-cdk/aws-elasticloadbalancing'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import * as autoscaling from '@aws-cdk/aws-autoscaling'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} diff --git a/packages/@aws-cdk/aws-panorama/package.json b/packages/@aws-cdk/aws-panorama/package.json index b49f7b48cfb52..5149569f8ff38 100644 --- a/packages/@aws-cdk/aws-panorama/package.json +++ b/packages/@aws-cdk/aws-panorama/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.Panorama", diff --git a/packages/@aws-cdk/aws-rekognition/package.json b/packages/@aws-cdk/aws-rekognition/package.json index b7371d019400b..9787e9a8715b7 100644 --- a/packages/@aws-cdk/aws-rekognition/package.json +++ b/packages/@aws-cdk/aws-rekognition/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.Rekognition", diff --git a/packages/@aws-cdk/lambda-layer-node-proxy-agent/README.md b/packages/@aws-cdk/lambda-layer-node-proxy-agent/README.md index 45187394cb8b2..f27c51013b3fc 100644 --- a/packages/@aws-cdk/lambda-layer-node-proxy-agent/README.md +++ b/packages/@aws-cdk/lambda-layer-node-proxy-agent/README.md @@ -16,8 +16,11 @@ This module exports a single class called `NodeProxyAgentLayer` which is a `lamb Usage: ```ts -const fn = new lambda.Function(...); -fn.addLayers(new NodeProxyAgentLayer(stack, 'NodeProxyAgentLayer')); +import { NodeProxyAgentLayer } from '@aws-cdk/lambda-layer-node-proxy-agent'; +import * as lambda from '@aws-cdk/aws-lambda'; + +declare const fn: lambda.Function; +fn.addLayers(new NodeProxyAgentLayer(this, 'NodeProxyAgentLayer')); ``` [`proxy-agent`](https://www.npmjs.com/package/proxy-agent) will be installed under `/opt/nodejs/node_modules`. diff --git a/packages/@aws-cdk/lambda-layer-node-proxy-agent/package.json b/packages/@aws-cdk/lambda-layer-node-proxy-agent/package.json index b4e0211270c66..1753c1057db84 100644 --- a/packages/@aws-cdk/lambda-layer-node-proxy-agent/package.json +++ b/packages/@aws-cdk/lambda-layer-node-proxy-agent/package.json @@ -29,7 +29,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/lambda-layer-node-proxy-agent/rosetta/default.ts-fixture b/packages/@aws-cdk/lambda-layer-node-proxy-agent/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..50d86e8a055ce --- /dev/null +++ b/packages/@aws-cdk/lambda-layer-node-proxy-agent/rosetta/default.ts-fixture @@ -0,0 +1,10 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/region-info/README.md b/packages/@aws-cdk/region-info/README.md index 0f1186318ee49..b8d75339c3320 100644 --- a/packages/@aws-cdk/region-info/README.md +++ b/packages/@aws-cdk/region-info/README.md @@ -22,10 +22,8 @@ the form of the `RegionInfo` class. This is the preferred way to interact with the regional information database: ```ts -import { RegionInfo } from '@aws-cdk/region-info'; - // Get the information for "eu-west-1": -const region = RegionInfo.get('eu-west-1'); +const region = regionInfo.RegionInfo.get('eu-west-1'); // Access attributes: region.s3StaticWebsiteEndpoint; // s3-website-eu-west-1.amazonaws.com @@ -44,8 +42,6 @@ a list of known fact names, which can then be used with the `RegionInfo` to retrieve a particular value: ```ts -import * as regionInfo from '@aws-cdk/region-info'; - const codeDeployPrincipal = regionInfo.Fact.find('us-east-1', regionInfo.FactName.servicePrincipal('codedeploy.amazonaws.com')); // => codedeploy.us-east-1.amazonaws.com @@ -60,11 +56,13 @@ missing from the library. In such cases, the `Fact.register` method can be used to inject FactName into the database: ```ts -regionInfo.Fact.register({ - region: 'bermuda-triangle-1', - name: regionInfo.FactName.servicePrincipal('s3.amazonaws.com'), - value: 's3-website.bermuda-triangle-1.nowhere.com', -}); +class MyFact implements regionInfo.IFact { + public readonly region = 'bermuda-triangle-1'; + public readonly name = regionInfo.FactName.servicePrincipal('s3.amazonaws.com'); + public readonly value = 's3-website.bermuda-triangle-1.nowhere.com'; +} + +regionInfo.Fact.register(new MyFact()); ``` ## Overriding incorrect information @@ -74,11 +72,13 @@ overridden using the same `Fact.register` method demonstrated above, simply adding an extra boolean argument: ```ts -regionInfo.Fact.register({ - region: 'us-east-1', - name: regionInfo.FactName.servicePrincipal('service.amazonaws.com'), - value: 'the-correct-principal.amazonaws.com', -}, true /* Allow overriding information */); +class MyFact implements regionInfo.IFact { + public readonly region = 'us-east-1'; + public readonly name = regionInfo.FactName.servicePrincipal('service.amazonaws.com'); + public readonly value = 'the-correct-principal.amazonaws.com'; +} + +regionInfo.Fact.register(new MyFact(), true /* Allow overriding information */); ``` If you happen to have stumbled upon incorrect data built into this library, it diff --git a/packages/@aws-cdk/region-info/package.json b/packages/@aws-cdk/region-info/package.json index dba2268c2fa22..f3400ed30b3e4 100644 --- a/packages/@aws-cdk/region-info/package.json +++ b/packages/@aws-cdk/region-info/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "scripts": { "gen": "bash build-tools/generate.sh", diff --git a/packages/@aws-cdk/region-info/rosetta/default.ts-fixture b/packages/@aws-cdk/region-info/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..3a11f7f47a475 --- /dev/null +++ b/packages/@aws-cdk/region-info/rosetta/default.ts-fixture @@ -0,0 +1,11 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; +import * as regionInfo from '@aws-cdk/region-info'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file From 162909f4153d1c852a052d071633af8d5ae8c4a9 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Thu, 27 Jan 2022 15:51:18 -0500 Subject: [PATCH 06/26] chore: turn on strict mode everywhere (#18652) I wrote a script that turns on strict mode everywhere (didn't do this by hand :) ). Hopefully this is the direction that we want to go down. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/alexa-ask/package.json | 9 +- packages/@aws-cdk/assets/package.json | 9 +- .../@aws-cdk/aws-accessanalyzer/package.json | 9 +- packages/@aws-cdk/aws-amazonmq/package.json | 9 +- packages/@aws-cdk/aws-appconfig/package.json | 9 +- packages/@aws-cdk/aws-appflow/package.json | 7 ++ .../@aws-cdk/aws-appintegrations/package.json | 7 ++ .../aws-applicationinsights/package.json | 7 ++ packages/@aws-cdk/aws-appstream/package.json | 9 +- packages/@aws-cdk/aws-aps/package.json | 7 ++ packages/@aws-cdk/aws-athena/package.json | 9 +- .../@aws-cdk/aws-auditmanager/package.json | 7 ++ .../aws-autoscaling-common/package.json | 9 +- .../aws-autoscaling-hooktargets/package.json | 9 +- .../aws-autoscalingplans/package.json | 9 +- packages/@aws-cdk/aws-budgets/package.json | 9 +- packages/@aws-cdk/aws-cassandra/package.json | 9 +- packages/@aws-cdk/aws-ce/package.json | 9 +- .../@aws-cdk/aws-codeartifact/package.json | 7 ++ .../aws-codegurureviewer/package.json | 7 ++ .../aws-codestarconnections/package.json | 9 +- .../aws-cognito-identitypool/README.md | 107 +++++++++++------- .../aws-cognito-identitypool/package.json | 9 +- .../rosetta/default.ts-fixture | 13 +++ packages/@aws-cdk/aws-connect/package.json | 7 ++ packages/@aws-cdk/aws-cur/package.json | 7 ++ .../aws-customerprofiles/package.json | 7 ++ packages/@aws-cdk/aws-databrew/package.json | 7 ++ .../@aws-cdk/aws-datapipeline/package.json | 9 +- packages/@aws-cdk/aws-datasync/package.json | 7 ++ packages/@aws-cdk/aws-dax/package.json | 9 +- packages/@aws-cdk/aws-detective/package.json | 9 +- packages/@aws-cdk/aws-devopsguru/package.json | 7 ++ .../aws-directoryservice/package.json | 9 +- packages/@aws-cdk/aws-dlm/package.json | 9 +- packages/@aws-cdk/aws-dms/package.json | 9 +- .../@aws-cdk/aws-elasticache/package.json | 9 +- .../aws-elasticbeanstalk/package.json | 9 +- .../package.json | 9 +- .../package.json | 9 +- packages/@aws-cdk/aws-emr/package.json | 9 +- .../@aws-cdk/aws-emrcontainers/package.json | 7 ++ .../@aws-cdk/aws-eventschemas/package.json | 9 +- packages/@aws-cdk/aws-finspace/package.json | 7 ++ packages/@aws-cdk/aws-fis/package.json | 7 ++ packages/@aws-cdk/aws-fms/package.json | 9 +- .../@aws-cdk/aws-frauddetector/package.json | 7 ++ packages/@aws-cdk/aws-gamelift/package.json | 9 +- .../package.json | 9 +- packages/@aws-cdk/aws-greengrass/package.json | 9 +- .../@aws-cdk/aws-greengrassv2/package.json | 9 +- .../@aws-cdk/aws-groundstation/package.json | 7 ++ packages/@aws-cdk/aws-guardduty/package.json | 9 +- packages/@aws-cdk/aws-healthlake/package.json | 7 ++ .../@aws-cdk/aws-imagebuilder/package.json | 9 +- packages/@aws-cdk/aws-inspector/package.json | 9 +- packages/@aws-cdk/aws-iot1click/package.json | 9 +- .../@aws-cdk/aws-iotanalytics/package.json | 9 +- .../aws-iotcoredeviceadvisor/package.json | 7 ++ packages/@aws-cdk/aws-iotevents/package.json | 9 +- .../aws-iotevents/rosetta/default.ts-fixture | 10 ++ .../@aws-cdk/aws-iotfleethub/package.json | 7 ++ .../@aws-cdk/aws-iotsitewise/package.json | 7 ++ .../@aws-cdk/aws-iotthingsgraph/package.json | 9 +- .../@aws-cdk/aws-iotwireless/package.json | 7 ++ packages/@aws-cdk/aws-ivs/package.json | 7 ++ packages/@aws-cdk/aws-kendra/package.json | 7 ++ .../@aws-cdk/aws-lakeformation/package.json | 9 +- .../@aws-cdk/aws-licensemanager/package.json | 7 ++ packages/@aws-cdk/aws-lightsail/package.json | 7 ++ packages/@aws-cdk/aws-location/package.json | 7 ++ .../aws-logs-destinations/package.json | 9 +- .../aws-lookoutequipment/package.json | 7 ++ .../@aws-cdk/aws-lookoutmetrics/package.json | 7 ++ .../@aws-cdk/aws-lookoutvision/package.json | 7 ++ packages/@aws-cdk/aws-macie/package.json | 9 +- .../aws-managedblockchain/package.json | 9 +- .../@aws-cdk/aws-mediaconnect/package.json | 7 ++ .../@aws-cdk/aws-mediaconvert/package.json | 9 +- packages/@aws-cdk/aws-medialive/package.json | 9 +- .../@aws-cdk/aws-mediapackage/package.json | 7 ++ packages/@aws-cdk/aws-mediastore/package.json | 9 +- packages/@aws-cdk/aws-memorydb/package.json | 7 ++ packages/@aws-cdk/aws-mwaa/package.json | 7 ++ packages/@aws-cdk/aws-neptune/README.md | 18 +-- packages/@aws-cdk/aws-neptune/package.json | 9 +- .../@aws-cdk/aws-networkfirewall/package.json | 7 ++ .../@aws-cdk/aws-networkmanager/package.json | 9 +- .../@aws-cdk/aws-nimblestudio/package.json | 7 ++ packages/@aws-cdk/aws-opsworks/package.json | 9 +- packages/@aws-cdk/aws-opsworkscm/package.json | 9 +- packages/@aws-cdk/aws-panorama/package.json | 7 ++ packages/@aws-cdk/aws-pinpoint/package.json | 9 +- .../@aws-cdk/aws-pinpointemail/package.json | 9 +- packages/@aws-cdk/aws-qldb/package.json | 9 +- packages/@aws-cdk/aws-quicksight/package.json | 7 ++ packages/@aws-cdk/aws-ram/package.json | 9 +- .../@aws-cdk/aws-rekognition/package.json | 7 ++ .../@aws-cdk/aws-resourcegroups/package.json | 9 +- packages/@aws-cdk/aws-robomaker/package.json | 9 +- .../aws-route53recoverycontrol/package.json | 7 ++ .../aws-route53recoveryreadiness/package.json | 7 ++ .../@aws-cdk/aws-s3objectlambda/package.json | 7 ++ packages/@aws-cdk/aws-s3outposts/package.json | 7 ++ packages/@aws-cdk/aws-sagemaker/package.json | 9 +- packages/@aws-cdk/aws-sam/package.json | 9 +- packages/@aws-cdk/aws-sdb/package.json | 9 +- .../@aws-cdk/aws-servicecatalog/package.json | 9 +- .../aws-servicediscovery/package.json | 9 +- .../@aws-cdk/aws-ses-actions/package.json | 9 +- packages/@aws-cdk/aws-waf/package.json | 9 +- .../@aws-cdk/aws-wafregional/package.json | 9 +- packages/@aws-cdk/aws-workspaces/package.json | 9 +- .../@aws-cdk/cdk-assets-schema/package.json | 9 +- .../example-construct-library/package.json | 9 +- packages/@aws-cdk/yaml-cfn/package.json | 9 +- 116 files changed, 951 insertions(+), 117 deletions(-) create mode 100644 packages/@aws-cdk/aws-cognito-identitypool/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-iotevents/rosetta/default.ts-fixture diff --git a/packages/@aws-cdk/alexa-ask/package.json b/packages/@aws-cdk/alexa-ask/package.json index 60a4890e26428..ece5934f1136a 100644 --- a/packages/@aws-cdk/alexa-ask/package.json +++ b/packages/@aws-cdk/alexa-ask/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/assets/package.json b/packages/@aws-cdk/assets/package.json index 7bac0d2b66d81..13efc124c74d0 100644 --- a/packages/@aws-cdk/assets/package.json +++ b/packages/@aws-cdk/assets/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-accessanalyzer/package.json b/packages/@aws-cdk/aws-accessanalyzer/package.json index ae74b6abb8130..faf809becc93b 100644 --- a/packages/@aws-cdk/aws-accessanalyzer/package.json +++ b/packages/@aws-cdk/aws-accessanalyzer/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-amazonmq/package.json b/packages/@aws-cdk/aws-amazonmq/package.json index 4d98d24d7ee73..c7050a78a44e4 100644 --- a/packages/@aws-cdk/aws-amazonmq/package.json +++ b/packages/@aws-cdk/aws-amazonmq/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-appconfig/package.json b/packages/@aws-cdk/aws-appconfig/package.json index e0a11eb7a7cce..4f4abaaf6dc40 100644 --- a/packages/@aws-cdk/aws-appconfig/package.json +++ b/packages/@aws-cdk/aws-appconfig/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-appflow/package.json b/packages/@aws-cdk/aws-appflow/package.json index 093c09ccbc347..fd0648da5f582 100644 --- a/packages/@aws-cdk/aws-appflow/package.json +++ b/packages/@aws-cdk/aws-appflow/package.json @@ -28,6 +28,13 @@ "Framework :: AWS CDK :: 1" ] } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-appintegrations/package.json b/packages/@aws-cdk/aws-appintegrations/package.json index 6bafcc70147e5..cd4ecf81dd7c5 100644 --- a/packages/@aws-cdk/aws-appintegrations/package.json +++ b/packages/@aws-cdk/aws-appintegrations/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-appintegrations", "module": "aws_cdk.aws_appintegrations" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-applicationinsights/package.json b/packages/@aws-cdk/aws-applicationinsights/package.json index 84d95622107e3..38d8d1d6311c1 100644 --- a/packages/@aws-cdk/aws-applicationinsights/package.json +++ b/packages/@aws-cdk/aws-applicationinsights/package.json @@ -28,6 +28,13 @@ "Framework :: AWS CDK :: 1" ] } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-appstream/package.json b/packages/@aws-cdk/aws-appstream/package.json index 774a9b54ca4c0..059821e8a6b4b 100644 --- a/packages/@aws-cdk/aws-appstream/package.json +++ b/packages/@aws-cdk/aws-appstream/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-aps/package.json b/packages/@aws-cdk/aws-aps/package.json index aa6d725f1025d..a63226c0a8148 100644 --- a/packages/@aws-cdk/aws-aps/package.json +++ b/packages/@aws-cdk/aws-aps/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-aps", "module": "aws_cdk.aws_aps" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-athena/package.json b/packages/@aws-cdk/aws-athena/package.json index b96b7559fc447..343d9eb7f34eb 100644 --- a/packages/@aws-cdk/aws-athena/package.json +++ b/packages/@aws-cdk/aws-athena/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "cdk-build": { "cloudformation": "AWS::Athena", diff --git a/packages/@aws-cdk/aws-auditmanager/package.json b/packages/@aws-cdk/aws-auditmanager/package.json index 9b9347689509b..a9a3738209a4d 100644 --- a/packages/@aws-cdk/aws-auditmanager/package.json +++ b/packages/@aws-cdk/aws-auditmanager/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-auditmanager", "module": "aws_cdk.aws_auditmanager" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-autoscaling-common/package.json b/packages/@aws-cdk/aws-autoscaling-common/package.json index 6a0a7fa6efafd..64b399fd336ba 100644 --- a/packages/@aws-cdk/aws-autoscaling-common/package.json +++ b/packages/@aws-cdk/aws-autoscaling-common/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-autoscaling-hooktargets/package.json b/packages/@aws-cdk/aws-autoscaling-hooktargets/package.json index d0e520c926fe7..eb1dab85bfe70 100644 --- a/packages/@aws-cdk/aws-autoscaling-hooktargets/package.json +++ b/packages/@aws-cdk/aws-autoscaling-hooktargets/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-autoscalingplans/package.json b/packages/@aws-cdk/aws-autoscalingplans/package.json index fac3bc7d1fd91..6de1130ba56bb 100644 --- a/packages/@aws-cdk/aws-autoscalingplans/package.json +++ b/packages/@aws-cdk/aws-autoscalingplans/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-budgets/package.json b/packages/@aws-cdk/aws-budgets/package.json index bdb97890149aa..7b0506935bdb3 100644 --- a/packages/@aws-cdk/aws-budgets/package.json +++ b/packages/@aws-cdk/aws-budgets/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-cassandra/package.json b/packages/@aws-cdk/aws-cassandra/package.json index a9d233869e092..70e21b61df3e3 100644 --- a/packages/@aws-cdk/aws-cassandra/package.json +++ b/packages/@aws-cdk/aws-cassandra/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-ce/package.json b/packages/@aws-cdk/aws-ce/package.json index b0786e2c47636..6332fc8cffd14 100644 --- a/packages/@aws-cdk/aws-ce/package.json +++ b/packages/@aws-cdk/aws-ce/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-codeartifact/package.json b/packages/@aws-cdk/aws-codeartifact/package.json index dfde889c0446f..943a1e3a421a7 100644 --- a/packages/@aws-cdk/aws-codeartifact/package.json +++ b/packages/@aws-cdk/aws-codeartifact/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-codeartifact", "module": "aws_cdk.aws_codeartifact" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-codegurureviewer/package.json b/packages/@aws-cdk/aws-codegurureviewer/package.json index d96fac0ca1c2a..6c72bd475e6ed 100644 --- a/packages/@aws-cdk/aws-codegurureviewer/package.json +++ b/packages/@aws-cdk/aws-codegurureviewer/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.CodeGuruReviewer", diff --git a/packages/@aws-cdk/aws-codestarconnections/package.json b/packages/@aws-cdk/aws-codestarconnections/package.json index 769985db53fbc..9d06e3ea4db51 100644 --- a/packages/@aws-cdk/aws-codestarconnections/package.json +++ b/packages/@aws-cdk/aws-codestarconnections/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-cognito-identitypool/README.md b/packages/@aws-cdk/aws-cognito-identitypool/README.md index fb1fc6ef0c0df..e1be0d70ec29c 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool/README.md +++ b/packages/@aws-cdk/aws-cognito-identitypool/README.md @@ -31,6 +31,10 @@ sign-in options for your app users. This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. +```ts nofixture +import { IdentityPool, UserPoolAuthenticationProvider } from '@aws-cdk/aws-cognito-identitypool'; +``` + ## Table of Contents - [Identity Pools](#identity-pools) @@ -66,26 +70,28 @@ A basic Identity Pool with minimal configuration has no required props, with def unauthenticated (guest) roles applied to the identity pool: ```ts -new cognito.IdentityPool(this, 'myIdentityPool'); +new IdentityPool(this, 'myIdentityPool'); ``` By default, both the authenticated and unauthenticated roles will have no permissions attached. Grant permissions to roles using the public `authenticatedRole` and `unauthenticatedRole` properties: ```ts -const identityPool = new cognito.IdentityPool(this, 'myIdentityPool'); -const table = new dynamodb.Table(this, 'MyTable'); +import * as dynamodb from '@aws-cdk/aws-dynamodb'; + +const identityPool = new IdentityPool(this, 'myIdentityPool'); +declare const table: dynamodb.Table; // Grant permissions to authenticated users table.grantReadWriteData(identityPool.authenticatedRole); // Grant permissions to unauthenticated guest users -table.grantRead(identityPool.unauthenticatedRole); +table.grantReadData(identityPool.unauthenticatedRole); //Or add policy statements straight to the role -identityPool.authenticatedRole.addToPrincipalPolicy(new PolicyStatement({ - effect: Effect.ALLOW, +identityPool.authenticatedRole.addToPrincipalPolicy(new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, actions: ['dynamodb:*'], - resources: ['*'] + resources: ['*'], })); ``` @@ -93,14 +99,15 @@ The default roles can also be supplied in `IdentityPoolProps`: ```ts const stack = new Stack(); -const authenticatedRole = new Role(stack, 'authRole', { - assumedBy: new ServicePrincipal('service.amazonaws.com'), +const authenticatedRole = new iam.Role(this, 'authRole', { + assumedBy: new iam.ServicePrincipal('service.amazonaws.com'), }); -const unauthenticatedRole = new Role(stack, 'unauthRole', { - assumedBy: new ServicePrincipal('service.amazonaws.com'), +const unauthenticatedRole = new iam.Role(this, 'unauthRole', { + assumedBy: new iam.ServicePrincipal('service.amazonaws.com'), }); -const identityPool = new IdentityPool(stack, 'TestIdentityPoolActions', { - authenticatedRole, unauthenticatedRole +const identityPool = new IdentityPool(this, 'TestIdentityPoolActions', { + authenticatedRole, + unauthenticatedRole, }); ``` @@ -122,7 +129,7 @@ to gather the necessary properties from the user pool constructs. ```ts const userPool = new cognito.UserPool(this, 'Pool'); -new cognito.IdentityPool(this, 'myidentitypool', { +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', authenticationProviders: { userPools: [new UserPoolAuthenticationProvider({ userPool })], @@ -134,10 +141,11 @@ User pools can also be associated with an identity pool after instantiation. The returns the User Pool Client that has been created: ```ts +declare const identityPool: IdentityPool; const userPool = new cognito.UserPool(this, 'Pool'); -const userPoolClient = identityPool.addUserPoolAuthentication({ - userPools: [new UserPoolAuthenticationProvider({ userPool })]; -}); +const userPoolClient = identityPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ + userPool, +})); ``` #### Server Side Token Check @@ -153,13 +161,12 @@ Setting `disableServerSideTokenCheck` to true will change the default behavior t more [here](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CognitoIdentityProvider.html#CognitoIdentity-Type-CognitoIdentityProvider-ServerSideTokenCheck): ```ts +declare const identityPool: IdentityPool; const userPool = new cognito.UserPool(this, 'Pool'); -identityPool.addUserPoolAuthentication({ - userPool: new UserPoolAuthenticationProvider({ - userPool, - disableServerSideTokenCheck: true, - }), -}); +identityPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ + userPool, + disableServerSideTokenCheck: true, +})); ``` #### Associating an External Provider Directly @@ -168,7 +175,7 @@ One or more [external identity providers](https://docs.aws.amazon.com/cognito/la `authenticationProviders`: ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', authenticationProviders: { amazon: { @@ -179,7 +186,7 @@ new cognito.IdentityPool(this, 'myidentitypool', { }, google: { clientId: '12345678012.apps.googleusercontent.com', - } + }, apple: { servicesId: 'com.myappleapp.auth', }, @@ -206,15 +213,15 @@ so that different users can be granted different sets of permissions. Associatin with an identity pool: ```ts -const openIdConnectProvider = new iam.OpenIdConnectProvider(this, 'my-openid-connect-provider', ...); -const samlProvider = new iam.SamlProvider(this, 'my-saml-provider', ...); +declare const openIdConnectProvider: iam.OpenIdConnectProvider; +declare const samlProvider: iam.SamlProvider; -new cognito.IdentityPool(this, 'myidentitypool', { +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', authenticationProviders: { - openIdConnectProvider: openIdConnectProvider, - samlProvider: samlProvider, - } + openIdConnectProviders: [openIdConnectProvider], + samlProviders: [samlProvider], + }, }); ``` @@ -228,13 +235,16 @@ Like the supported external providers, though, only one custom provider can be d pool. ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +declare const openIdConnectProvider: iam.OpenIdConnectProvider; +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', authenticationProviders: { - google: '12345678012.apps.googleusercontent.com', - openIdConnectProvider: openIdConnectProvider, + google: { + clientId: '12345678012.apps.googleusercontent.com', + }, + openIdConnectProviders: [openIdConnectProvider], customProvider: 'my-custom-provider.example.com', - } + }, }); ``` @@ -249,7 +259,9 @@ Using a [token-based approach](https://docs.aws.amazon.com/cognito/latest/develo `cognito:preferred_role` claims from the identity provider: ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool'; + +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', roleMappings: [{ providerUrl: IdentityPoolProviderUrl.AMAZON, @@ -261,7 +273,11 @@ new cognito.IdentityPool(this, 'myidentitypool', { Using a rule-based approach to role mapping allows roles to be assigned based on custom claims passed from the identity provider: ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +import { IdentityPoolProviderUrl, RoleMappingMatchType } from '@aws-cdk/aws-cognito-identitypool'; + +declare const adminRole: iam.Role; +declare const nonAdminRole: iam.Role; +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', // Assign specific roles to users based on whether or not the custom admin claim is passed from the identity provider roleMappings: [{ @@ -286,6 +302,13 @@ new cognito.IdentityPool(this, 'myidentitypool', { Role mappings can also be added after instantiation with the Identity Pool's `addRoleMappings` method: ```ts +import { IdentityPoolRoleMapping } from '@aws-cdk/aws-cognito-identitypool'; + +declare const identityPool: IdentityPool; +declare const myAddedRoleMapping1: IdentityPoolRoleMapping; +declare const myAddedRoleMapping2: IdentityPoolRoleMapping; +declare const myAddedRoleMapping3: IdentityPoolRoleMapping; + identityPool.addRoleMappings(myAddedRoleMapping1, myAddedRoleMapping2, myAddedRoleMapping3); ``` @@ -295,7 +318,9 @@ Role mappings must be associated with the url of an Identity Provider which can `IdentityPoolProviderUrl`. Supported Providers have static Urls that can be used: ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool'; + +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', roleMappings: [{ providerUrl: IdentityPoolProviderUrl.FACEBOOK, @@ -307,7 +332,9 @@ new cognito.IdentityPool(this, 'myidentitypool', { For identity providers that don't have static Urls, a custom Url or User Pool Client Url can be supplied: ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool'; + +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', roleMappings: [ { @@ -330,7 +357,7 @@ Identity Pool [Authentication Flow](https://docs.aws.amazon.com/cognito/latest/d can also be implemented using `allowClassicFlow`: ```ts -new cognito.IdentityPool(this, 'myidentitypool', { +new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', allowClassicFlow: true, }); diff --git a/packages/@aws-cdk/aws-cognito-identitypool/package.json b/packages/@aws-cdk/aws-cognito-identitypool/package.json index db55fece60596..c4e0c079d7daa 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool/package.json +++ b/packages/@aws-cdk/aws-cognito-identitypool/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-cognito-identitypool/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-cognito-identitypool/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..a362c0eca88f3 --- /dev/null +++ b/packages/@aws-cdk/aws-cognito-identitypool/rosetta/default.ts-fixture @@ -0,0 +1,13 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; +import * as cognito from '@aws-cdk/aws-cognito'; +import * as iam from '@aws-cdk/aws-iam'; +import { IdentityPool, UserPoolAuthenticationProvider } from '@aws-cdk/aws-cognito-identitypool'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-connect/package.json b/packages/@aws-cdk/aws-connect/package.json index 6bd8d4ba57d84..0d413aaf0db47 100644 --- a/packages/@aws-cdk/aws-connect/package.json +++ b/packages/@aws-cdk/aws-connect/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-connect", "module": "aws_cdk.aws_connect" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-cur/package.json b/packages/@aws-cdk/aws-cur/package.json index ea61b4d3f963c..c871e8b723bc9 100644 --- a/packages/@aws-cdk/aws-cur/package.json +++ b/packages/@aws-cdk/aws-cur/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-cur", "module": "aws_cdk.aws_cur" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-customerprofiles/package.json b/packages/@aws-cdk/aws-customerprofiles/package.json index 281b809346819..e73bd86cba198 100644 --- a/packages/@aws-cdk/aws-customerprofiles/package.json +++ b/packages/@aws-cdk/aws-customerprofiles/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.CustomerProfiles", diff --git a/packages/@aws-cdk/aws-databrew/package.json b/packages/@aws-cdk/aws-databrew/package.json index 4ab4173606602..66e42d3cd4e94 100644 --- a/packages/@aws-cdk/aws-databrew/package.json +++ b/packages/@aws-cdk/aws-databrew/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-databrew", "module": "aws_cdk.aws_databrew" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-datapipeline/package.json b/packages/@aws-cdk/aws-datapipeline/package.json index d3d4c24c94d09..0aff6f0f1389c 100644 --- a/packages/@aws-cdk/aws-datapipeline/package.json +++ b/packages/@aws-cdk/aws-datapipeline/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-datasync/package.json b/packages/@aws-cdk/aws-datasync/package.json index 2e9a5d220c1ad..1dc0061ea02ec 100644 --- a/packages/@aws-cdk/aws-datasync/package.json +++ b/packages/@aws-cdk/aws-datasync/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-datasync", "module": "aws_cdk.aws_datasync" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-dax/package.json b/packages/@aws-cdk/aws-dax/package.json index 4d9b73a99022e..c00396c2220ae 100644 --- a/packages/@aws-cdk/aws-dax/package.json +++ b/packages/@aws-cdk/aws-dax/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-detective/package.json b/packages/@aws-cdk/aws-detective/package.json index 8e10f2018e368..2522e915d02b3 100644 --- a/packages/@aws-cdk/aws-detective/package.json +++ b/packages/@aws-cdk/aws-detective/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-devopsguru/package.json b/packages/@aws-cdk/aws-devopsguru/package.json index 2b3b4e4077e2a..2082aba14cbd3 100644 --- a/packages/@aws-cdk/aws-devopsguru/package.json +++ b/packages/@aws-cdk/aws-devopsguru/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-devopsguru", "module": "aws_cdk.aws_devopsguru" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-directoryservice/package.json b/packages/@aws-cdk/aws-directoryservice/package.json index d68d97956dd36..7e32fa22bdfc5 100644 --- a/packages/@aws-cdk/aws-directoryservice/package.json +++ b/packages/@aws-cdk/aws-directoryservice/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-dlm/package.json b/packages/@aws-cdk/aws-dlm/package.json index a4dac9e9c23c0..d59d69ba32dc5 100644 --- a/packages/@aws-cdk/aws-dlm/package.json +++ b/packages/@aws-cdk/aws-dlm/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-dms/package.json b/packages/@aws-cdk/aws-dms/package.json index a6168fcf47cac..2c7da4b13bac7 100644 --- a/packages/@aws-cdk/aws-dms/package.json +++ b/packages/@aws-cdk/aws-dms/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-elasticache/package.json b/packages/@aws-cdk/aws-elasticache/package.json index 5af18606b0558..61fe8976e0ced 100644 --- a/packages/@aws-cdk/aws-elasticache/package.json +++ b/packages/@aws-cdk/aws-elasticache/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-elasticbeanstalk/package.json b/packages/@aws-cdk/aws-elasticbeanstalk/package.json index 3607699ce8b8b..46506c219aedb 100644 --- a/packages/@aws-cdk/aws-elasticbeanstalk/package.json +++ b/packages/@aws-cdk/aws-elasticbeanstalk/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/package.json b/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/package.json index 90449a5d94204..deaf25cd5eda8 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/package.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/package.json b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/package.json index 9990e7ea75a73..76d0b7ba72ee8 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/package.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-targets/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-emr/package.json b/packages/@aws-cdk/aws-emr/package.json index 60da5b871705d..ae9f2a89744ea 100644 --- a/packages/@aws-cdk/aws-emr/package.json +++ b/packages/@aws-cdk/aws-emr/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-emrcontainers/package.json b/packages/@aws-cdk/aws-emrcontainers/package.json index 9098ed9069a61..5762e656d6761 100644 --- a/packages/@aws-cdk/aws-emrcontainers/package.json +++ b/packages/@aws-cdk/aws-emrcontainers/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-emrcontainers", "module": "aws_cdk.aws_emrcontainers" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-eventschemas/package.json b/packages/@aws-cdk/aws-eventschemas/package.json index d1597e155ee9d..d8d89608e6e95 100644 --- a/packages/@aws-cdk/aws-eventschemas/package.json +++ b/packages/@aws-cdk/aws-eventschemas/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-finspace/package.json b/packages/@aws-cdk/aws-finspace/package.json index 3d0e223d1d146..7c3ae60c58506 100644 --- a/packages/@aws-cdk/aws-finspace/package.json +++ b/packages/@aws-cdk/aws-finspace/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-finspace", "module": "aws_cdk.aws_finspace" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-fis/package.json b/packages/@aws-cdk/aws-fis/package.json index a2e1bbe7845ec..614d64919c252 100644 --- a/packages/@aws-cdk/aws-fis/package.json +++ b/packages/@aws-cdk/aws-fis/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-fis", "module": "aws_cdk.aws_fis" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-fms/package.json b/packages/@aws-cdk/aws-fms/package.json index 6a018450a9b2f..1366f66c49454 100644 --- a/packages/@aws-cdk/aws-fms/package.json +++ b/packages/@aws-cdk/aws-fms/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-frauddetector/package.json b/packages/@aws-cdk/aws-frauddetector/package.json index 220eed4178f21..b30bf59153cd7 100644 --- a/packages/@aws-cdk/aws-frauddetector/package.json +++ b/packages/@aws-cdk/aws-frauddetector/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-frauddetector", "module": "aws_cdk.aws_frauddetector" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-gamelift/package.json b/packages/@aws-cdk/aws-gamelift/package.json index e1a7578e757d1..8e0aa9635f092 100644 --- a/packages/@aws-cdk/aws-gamelift/package.json +++ b/packages/@aws-cdk/aws-gamelift/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-globalaccelerator-endpoints/package.json b/packages/@aws-cdk/aws-globalaccelerator-endpoints/package.json index 11d94970c0248..aef8ed88576af 100644 --- a/packages/@aws-cdk/aws-globalaccelerator-endpoints/package.json +++ b/packages/@aws-cdk/aws-globalaccelerator-endpoints/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-greengrass/package.json b/packages/@aws-cdk/aws-greengrass/package.json index 3d9e5f4a5aeb4..d4b6a23bc436e 100644 --- a/packages/@aws-cdk/aws-greengrass/package.json +++ b/packages/@aws-cdk/aws-greengrass/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-greengrassv2/package.json b/packages/@aws-cdk/aws-greengrassv2/package.json index 9c6217595cba7..af50ddd6ab9c6 100644 --- a/packages/@aws-cdk/aws-greengrassv2/package.json +++ b/packages/@aws-cdk/aws-greengrassv2/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-groundstation/package.json b/packages/@aws-cdk/aws-groundstation/package.json index dfa3a183aed81..faf4496480b5f 100644 --- a/packages/@aws-cdk/aws-groundstation/package.json +++ b/packages/@aws-cdk/aws-groundstation/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-groundstation", "module": "aws_cdk.aws_groundstation" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-guardduty/package.json b/packages/@aws-cdk/aws-guardduty/package.json index 532e2f1554e23..e802c1d15247d 100644 --- a/packages/@aws-cdk/aws-guardduty/package.json +++ b/packages/@aws-cdk/aws-guardduty/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-healthlake/package.json b/packages/@aws-cdk/aws-healthlake/package.json index 556be6a207dd9..20fabb1ffe47f 100644 --- a/packages/@aws-cdk/aws-healthlake/package.json +++ b/packages/@aws-cdk/aws-healthlake/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-healthlake", "module": "aws_cdk.aws_healthlake" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-imagebuilder/package.json b/packages/@aws-cdk/aws-imagebuilder/package.json index 4a03d80bcc982..bacd907148a73 100644 --- a/packages/@aws-cdk/aws-imagebuilder/package.json +++ b/packages/@aws-cdk/aws-imagebuilder/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-inspector/package.json b/packages/@aws-cdk/aws-inspector/package.json index b237844ea1221..5bdb7a30c188c 100644 --- a/packages/@aws-cdk/aws-inspector/package.json +++ b/packages/@aws-cdk/aws-inspector/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-iot1click/package.json b/packages/@aws-cdk/aws-iot1click/package.json index 8c3bf4dbdfa02..656dee749a698 100644 --- a/packages/@aws-cdk/aws-iot1click/package.json +++ b/packages/@aws-cdk/aws-iot1click/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-iotanalytics/package.json b/packages/@aws-cdk/aws-iotanalytics/package.json index 69865e7d5cf54..534ffed3675a9 100644 --- a/packages/@aws-cdk/aws-iotanalytics/package.json +++ b/packages/@aws-cdk/aws-iotanalytics/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-iotcoredeviceadvisor/package.json b/packages/@aws-cdk/aws-iotcoredeviceadvisor/package.json index 4fb4501c9beef..ecb59fded3ba8 100644 --- a/packages/@aws-cdk/aws-iotcoredeviceadvisor/package.json +++ b/packages/@aws-cdk/aws-iotcoredeviceadvisor/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.IoTCoreDeviceAdvisor", diff --git a/packages/@aws-cdk/aws-iotevents/package.json b/packages/@aws-cdk/aws-iotevents/package.json index f9ac79e55395a..37c2035b4378f 100644 --- a/packages/@aws-cdk/aws-iotevents/package.json +++ b/packages/@aws-cdk/aws-iotevents/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-iotevents/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-iotevents/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..50d86e8a055ce --- /dev/null +++ b/packages/@aws-cdk/aws-iotevents/rosetta/default.ts-fixture @@ -0,0 +1,10 @@ +// Fixture with packages imported, but nothing else +import { Stack } from '@aws-cdk/core'; +import { Construct } from 'constructs'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-iotfleethub/package.json b/packages/@aws-cdk/aws-iotfleethub/package.json index 0265539be552c..dde15541e17b5 100644 --- a/packages/@aws-cdk/aws-iotfleethub/package.json +++ b/packages/@aws-cdk/aws-iotfleethub/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-iotfleethub", "module": "aws_cdk.aws_iotfleethub" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-iotsitewise/package.json b/packages/@aws-cdk/aws-iotsitewise/package.json index 1d4fcbae037cd..d84b4f75d06dc 100644 --- a/packages/@aws-cdk/aws-iotsitewise/package.json +++ b/packages/@aws-cdk/aws-iotsitewise/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-iotsitewise", "module": "aws_cdk.aws_iotsitewise" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-iotthingsgraph/package.json b/packages/@aws-cdk/aws-iotthingsgraph/package.json index 38352027ee8ae..fd5ffd5531c81 100644 --- a/packages/@aws-cdk/aws-iotthingsgraph/package.json +++ b/packages/@aws-cdk/aws-iotthingsgraph/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-iotwireless/package.json b/packages/@aws-cdk/aws-iotwireless/package.json index b9cdebdb5a3d8..b5a5f1aee6dc7 100644 --- a/packages/@aws-cdk/aws-iotwireless/package.json +++ b/packages/@aws-cdk/aws-iotwireless/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-iotwireless", "module": "aws_cdk.aws_iotwireless" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-ivs/package.json b/packages/@aws-cdk/aws-ivs/package.json index 2ef5a15ca7b34..d078cf3eceeaa 100644 --- a/packages/@aws-cdk/aws-ivs/package.json +++ b/packages/@aws-cdk/aws-ivs/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-ivs", "module": "aws_cdk.aws_ivs" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "awslint": { diff --git a/packages/@aws-cdk/aws-kendra/package.json b/packages/@aws-cdk/aws-kendra/package.json index 4c1c9b79a4d9b..2da553adf56a5 100644 --- a/packages/@aws-cdk/aws-kendra/package.json +++ b/packages/@aws-cdk/aws-kendra/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.Kendra", diff --git a/packages/@aws-cdk/aws-lakeformation/package.json b/packages/@aws-cdk/aws-lakeformation/package.json index e1cdfff184bc3..2c37cb38a608f 100644 --- a/packages/@aws-cdk/aws-lakeformation/package.json +++ b/packages/@aws-cdk/aws-lakeformation/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-licensemanager/package.json b/packages/@aws-cdk/aws-licensemanager/package.json index 802c3eaebd97f..2a080395c788e 100644 --- a/packages/@aws-cdk/aws-licensemanager/package.json +++ b/packages/@aws-cdk/aws-licensemanager/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-licensemanager", "module": "aws_cdk.aws_licensemanager" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-lightsail/package.json b/packages/@aws-cdk/aws-lightsail/package.json index 75ce8a8401de5..c99305e2ad42c 100644 --- a/packages/@aws-cdk/aws-lightsail/package.json +++ b/packages/@aws-cdk/aws-lightsail/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.Lightsail", diff --git a/packages/@aws-cdk/aws-location/package.json b/packages/@aws-cdk/aws-location/package.json index 714e4a652448c..7acaf2d81fd60 100644 --- a/packages/@aws-cdk/aws-location/package.json +++ b/packages/@aws-cdk/aws-location/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-location", "module": "aws_cdk.aws_location" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-logs-destinations/package.json b/packages/@aws-cdk/aws-logs-destinations/package.json index ceb9c5c120499..e1e43b017c992 100644 --- a/packages/@aws-cdk/aws-logs-destinations/package.json +++ b/packages/@aws-cdk/aws-logs-destinations/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-lookoutequipment/package.json b/packages/@aws-cdk/aws-lookoutequipment/package.json index 673dce8a9e5db..26dc399bb1d3d 100644 --- a/packages/@aws-cdk/aws-lookoutequipment/package.json +++ b/packages/@aws-cdk/aws-lookoutequipment/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-lookoutequipment", "module": "aws_cdk.aws_lookoutequipment" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-lookoutmetrics/package.json b/packages/@aws-cdk/aws-lookoutmetrics/package.json index dd6721487fb9e..257c1ccad03c5 100644 --- a/packages/@aws-cdk/aws-lookoutmetrics/package.json +++ b/packages/@aws-cdk/aws-lookoutmetrics/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-lookoutmetrics", "module": "aws_cdk.aws_lookoutmetrics" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-lookoutvision/package.json b/packages/@aws-cdk/aws-lookoutvision/package.json index da277979b41e2..3722553279a80 100644 --- a/packages/@aws-cdk/aws-lookoutvision/package.json +++ b/packages/@aws-cdk/aws-lookoutvision/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-lookoutvision", "module": "aws_cdk.aws_lookoutvision" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-macie/package.json b/packages/@aws-cdk/aws-macie/package.json index cf5dcf3ddc027..0db2eaf329169 100644 --- a/packages/@aws-cdk/aws-macie/package.json +++ b/packages/@aws-cdk/aws-macie/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-managedblockchain/package.json b/packages/@aws-cdk/aws-managedblockchain/package.json index 2a56972081f67..8f8f77907edb4 100644 --- a/packages/@aws-cdk/aws-managedblockchain/package.json +++ b/packages/@aws-cdk/aws-managedblockchain/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-mediaconnect/package.json b/packages/@aws-cdk/aws-mediaconnect/package.json index 4fa2d509bc28f..ca2d9a593ea5a 100644 --- a/packages/@aws-cdk/aws-mediaconnect/package.json +++ b/packages/@aws-cdk/aws-mediaconnect/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-mediaconnect", "module": "aws_cdk.aws_mediaconnect" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-mediaconvert/package.json b/packages/@aws-cdk/aws-mediaconvert/package.json index a65ece075fb44..0ee4ec64dcbe7 100644 --- a/packages/@aws-cdk/aws-mediaconvert/package.json +++ b/packages/@aws-cdk/aws-mediaconvert/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-medialive/package.json b/packages/@aws-cdk/aws-medialive/package.json index a857dc5e4280a..f87426fc1fd81 100644 --- a/packages/@aws-cdk/aws-medialive/package.json +++ b/packages/@aws-cdk/aws-medialive/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-mediapackage/package.json b/packages/@aws-cdk/aws-mediapackage/package.json index 0a3ca05146fb9..31e2b39fe0c9a 100644 --- a/packages/@aws-cdk/aws-mediapackage/package.json +++ b/packages/@aws-cdk/aws-mediapackage/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.MediaPackage", diff --git a/packages/@aws-cdk/aws-mediastore/package.json b/packages/@aws-cdk/aws-mediastore/package.json index 34b83f88e975b..ece435e1c014f 100644 --- a/packages/@aws-cdk/aws-mediastore/package.json +++ b/packages/@aws-cdk/aws-mediastore/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-memorydb/package.json b/packages/@aws-cdk/aws-memorydb/package.json index aaeacc2305d5f..b85421f3713f9 100644 --- a/packages/@aws-cdk/aws-memorydb/package.json +++ b/packages/@aws-cdk/aws-memorydb/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-memorydb", "module": "aws_cdk.aws_memorydb" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-mwaa/package.json b/packages/@aws-cdk/aws-mwaa/package.json index e0c7e0c26544e..f0a0cec6a6877 100644 --- a/packages/@aws-cdk/aws-mwaa/package.json +++ b/packages/@aws-cdk/aws-mwaa/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-mwaa", "module": "aws_cdk.aws_mwaa" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-neptune/README.md b/packages/@aws-cdk/aws-neptune/README.md index c4f131b27d550..77f50a7f6192d 100644 --- a/packages/@aws-cdk/aws-neptune/README.md +++ b/packages/@aws-cdk/aws-neptune/README.md @@ -36,7 +36,7 @@ To set up a Neptune database, define a `DatabaseCluster`. You must always launch ```ts const cluster = new neptune.DatabaseCluster(this, 'Database', { vpc, - instanceType: neptune.InstanceType.R5_LARGE + instanceType: neptune.InstanceType.R5_LARGE, }); ``` @@ -92,7 +92,7 @@ const clusterParams = new neptune.ClusterParameterGroup(this, 'ClusterParams', { const dbParams = new neptune.ParameterGroup(this, 'DbParams', { description: 'Db parameter group', parameters: { - neptune_query_timeout: '120000' + neptune_query_timeout: '120000', }, }); @@ -113,7 +113,7 @@ attribute. const cluster = new neptune.DatabaseCluster(this, 'Database', { vpc, instanceType: neptune.InstanceType.R5_LARGE, - instances: 2 + instances: 2, }); ``` @@ -122,7 +122,7 @@ Additionally it is also possible to add replicas using `DatabaseInstance` for an ```ts fixture=with-cluster const replica1 = new neptune.DatabaseInstance(this, 'Instance', { cluster, - instanceType: neptune.InstanceType.R5_LARGE + instanceType: neptune.InstanceType.R5_LARGE, }); ``` @@ -133,9 +133,9 @@ the engine of the entire cluster to the latest minor version after a stabilizati window of 2 to 3 weeks. ```ts -new neptune.DatabaseCluster(stack, 'Cluster', { - vpc, - instanceType: InstanceType.R5_LARGE, - autoMinorVersionUpgrade: true - }); +new neptune.DatabaseCluster(this, 'Cluster', { + vpc, + instanceType: neptune.InstanceType.R5_LARGE, + autoMinorVersionUpgrade: true, +}); ``` diff --git a/packages/@aws-cdk/aws-neptune/package.json b/packages/@aws-cdk/aws-neptune/package.json index 0f524965e61f5..27c8c35f6e980 100644 --- a/packages/@aws-cdk/aws-neptune/package.json +++ b/packages/@aws-cdk/aws-neptune/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-networkfirewall/package.json b/packages/@aws-cdk/aws-networkfirewall/package.json index 0fb6559679080..91e96fd0b3a46 100644 --- a/packages/@aws-cdk/aws-networkfirewall/package.json +++ b/packages/@aws-cdk/aws-networkfirewall/package.json @@ -28,6 +28,13 @@ "distName": "aws-cdk.aws-networkfirewall", "module": "aws_cdk.aws_networkfirewall" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-networkmanager/package.json b/packages/@aws-cdk/aws-networkmanager/package.json index e86cd346d6a3c..696efca60f8eb 100644 --- a/packages/@aws-cdk/aws-networkmanager/package.json +++ b/packages/@aws-cdk/aws-networkmanager/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-nimblestudio/package.json b/packages/@aws-cdk/aws-nimblestudio/package.json index 4a760f3ca04f2..c033e0066f94e 100644 --- a/packages/@aws-cdk/aws-nimblestudio/package.json +++ b/packages/@aws-cdk/aws-nimblestudio/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-nimblestudio", "module": "aws_cdk.aws_nimblestudio" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-opsworks/package.json b/packages/@aws-cdk/aws-opsworks/package.json index ab1b39f13d8d6..838ff7003ff62 100644 --- a/packages/@aws-cdk/aws-opsworks/package.json +++ b/packages/@aws-cdk/aws-opsworks/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-opsworkscm/package.json b/packages/@aws-cdk/aws-opsworkscm/package.json index 1b32bd96310aa..1220456e3ff0b 100644 --- a/packages/@aws-cdk/aws-opsworkscm/package.json +++ b/packages/@aws-cdk/aws-opsworkscm/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-panorama/package.json b/packages/@aws-cdk/aws-panorama/package.json index 5149569f8ff38..37658a09b0c61 100644 --- a/packages/@aws-cdk/aws-panorama/package.json +++ b/packages/@aws-cdk/aws-panorama/package.json @@ -37,6 +37,13 @@ "distName": "aws-cdk.aws-panorama", "module": "aws_cdk.aws_panorama" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-pinpoint/package.json b/packages/@aws-cdk/aws-pinpoint/package.json index fd77ed7f9c3c3..30801027c4e06 100644 --- a/packages/@aws-cdk/aws-pinpoint/package.json +++ b/packages/@aws-cdk/aws-pinpoint/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-pinpointemail/package.json b/packages/@aws-cdk/aws-pinpointemail/package.json index d50d8720e25e3..26486ee72627b 100644 --- a/packages/@aws-cdk/aws-pinpointemail/package.json +++ b/packages/@aws-cdk/aws-pinpointemail/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-qldb/package.json b/packages/@aws-cdk/aws-qldb/package.json index 584ee48921e4c..a35637354c0c1 100644 --- a/packages/@aws-cdk/aws-qldb/package.json +++ b/packages/@aws-cdk/aws-qldb/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-quicksight/package.json b/packages/@aws-cdk/aws-quicksight/package.json index 495c2e3fa0a5f..270c171d3b5cb 100644 --- a/packages/@aws-cdk/aws-quicksight/package.json +++ b/packages/@aws-cdk/aws-quicksight/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-quicksight", "module": "aws_cdk.aws_quicksight" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-ram/package.json b/packages/@aws-cdk/aws-ram/package.json index c66d84681500c..1064bb16fc89f 100644 --- a/packages/@aws-cdk/aws-ram/package.json +++ b/packages/@aws-cdk/aws-ram/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-rekognition/package.json b/packages/@aws-cdk/aws-rekognition/package.json index 9787e9a8715b7..9cf5d2e0d407d 100644 --- a/packages/@aws-cdk/aws-rekognition/package.json +++ b/packages/@aws-cdk/aws-rekognition/package.json @@ -37,6 +37,13 @@ "distName": "aws-cdk.aws-rekognition", "module": "aws_cdk.aws_rekognition" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-resourcegroups/package.json b/packages/@aws-cdk/aws-resourcegroups/package.json index 67dc38bf37492..caf23fb138d50 100644 --- a/packages/@aws-cdk/aws-resourcegroups/package.json +++ b/packages/@aws-cdk/aws-resourcegroups/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-robomaker/package.json b/packages/@aws-cdk/aws-robomaker/package.json index 6748a1e52affc..d40dc417d86d6 100644 --- a/packages/@aws-cdk/aws-robomaker/package.json +++ b/packages/@aws-cdk/aws-robomaker/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-route53recoverycontrol/package.json b/packages/@aws-cdk/aws-route53recoverycontrol/package.json index 316ce7ec6b312..0ec2546ada38d 100644 --- a/packages/@aws-cdk/aws-route53recoverycontrol/package.json +++ b/packages/@aws-cdk/aws-route53recoverycontrol/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-route53recoverycontrol", "module": "aws_cdk.aws_route53recoverycontrol" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-route53recoveryreadiness/package.json b/packages/@aws-cdk/aws-route53recoveryreadiness/package.json index f0a1538967e6b..6dcaed6cb8433 100644 --- a/packages/@aws-cdk/aws-route53recoveryreadiness/package.json +++ b/packages/@aws-cdk/aws-route53recoveryreadiness/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-route53recoveryreadiness", "module": "aws_cdk.aws_route53recoveryreadiness" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-s3objectlambda/package.json b/packages/@aws-cdk/aws-s3objectlambda/package.json index 3e7849ee2de72..0e1020f5e6dc1 100644 --- a/packages/@aws-cdk/aws-s3objectlambda/package.json +++ b/packages/@aws-cdk/aws-s3objectlambda/package.json @@ -30,6 +30,13 @@ "distName": "aws-cdk.aws-s3objectlambda", "module": "aws_cdk.aws_s3objectlambda" } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } } }, "repository": { diff --git a/packages/@aws-cdk/aws-s3outposts/package.json b/packages/@aws-cdk/aws-s3outposts/package.json index 230241444e76d..9c1b9dc830771 100644 --- a/packages/@aws-cdk/aws-s3outposts/package.json +++ b/packages/@aws-cdk/aws-s3outposts/package.json @@ -7,6 +7,13 @@ "jsii": { "outdir": "dist", "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, "targets": { "dotnet": { "namespace": "Amazon.CDK.AWS.S3Outposts", diff --git a/packages/@aws-cdk/aws-sagemaker/package.json b/packages/@aws-cdk/aws-sagemaker/package.json index 49d7b6d54f5ac..9741c8b8d96a3 100644 --- a/packages/@aws-cdk/aws-sagemaker/package.json +++ b/packages/@aws-cdk/aws-sagemaker/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-sam/package.json b/packages/@aws-cdk/aws-sam/package.json index 37ddba18cf79b..7b955ade95a3f 100644 --- a/packages/@aws-cdk/aws-sam/package.json +++ b/packages/@aws-cdk/aws-sam/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-sdb/package.json b/packages/@aws-cdk/aws-sdb/package.json index 466c7fc72acf1..4636ae5160146 100644 --- a/packages/@aws-cdk/aws-sdb/package.json +++ b/packages/@aws-cdk/aws-sdb/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-servicecatalog/package.json b/packages/@aws-cdk/aws-servicecatalog/package.json index e11b48a0c3392..d5493a3813974 100644 --- a/packages/@aws-cdk/aws-servicecatalog/package.json +++ b/packages/@aws-cdk/aws-servicecatalog/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-servicediscovery/package.json b/packages/@aws-cdk/aws-servicediscovery/package.json index 0cd7758a3f1a4..ba4ab174a807e 100644 --- a/packages/@aws-cdk/aws-servicediscovery/package.json +++ b/packages/@aws-cdk/aws-servicediscovery/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-ses-actions/package.json b/packages/@aws-cdk/aws-ses-actions/package.json index 2d42ecb26c71b..0165754b44065 100644 --- a/packages/@aws-cdk/aws-ses-actions/package.json +++ b/packages/@aws-cdk/aws-ses-actions/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-waf/package.json b/packages/@aws-cdk/aws-waf/package.json index d1f980c9a985b..8aaf46f4b625f 100644 --- a/packages/@aws-cdk/aws-waf/package.json +++ b/packages/@aws-cdk/aws-waf/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-wafregional/package.json b/packages/@aws-cdk/aws-wafregional/package.json index c3aff82a3a269..485d9962f8424 100644 --- a/packages/@aws-cdk/aws-wafregional/package.json +++ b/packages/@aws-cdk/aws-wafregional/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/aws-workspaces/package.json b/packages/@aws-cdk/aws-workspaces/package.json index e652fa57e8549..95758a0601e75 100644 --- a/packages/@aws-cdk/aws-workspaces/package.json +++ b/packages/@aws-cdk/aws-workspaces/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/cdk-assets-schema/package.json b/packages/@aws-cdk/cdk-assets-schema/package.json index a020985f920a7..682764dae229f 100644 --- a/packages/@aws-cdk/cdk-assets-schema/package.json +++ b/packages/@aws-cdk/cdk-assets-schema/package.json @@ -28,7 +28,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "scripts": { "build": "cdk-build", diff --git a/packages/@aws-cdk/example-construct-library/package.json b/packages/@aws-cdk/example-construct-library/package.json index e0d91b4c3a21d..f37f388b24062 100644 --- a/packages/@aws-cdk/example-construct-library/package.json +++ b/packages/@aws-cdk/example-construct-library/package.json @@ -29,7 +29,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "repository": { "type": "git", diff --git a/packages/@aws-cdk/yaml-cfn/package.json b/packages/@aws-cdk/yaml-cfn/package.json index b0035c4e80552..c30424077862f 100644 --- a/packages/@aws-cdk/yaml-cfn/package.json +++ b/packages/@aws-cdk/yaml-cfn/package.json @@ -48,7 +48,14 @@ ] } }, - "projectReferences": true + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + } }, "scripts": { "build": "cdk-build", From 2eeaebc3cdc9c5c7ef3fa312b3d1abca265dcbb6 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Fri, 28 Jan 2022 07:25:54 +0900 Subject: [PATCH 07/26] feat(iotevents): allow setting description, evaluation method and key of DetectorModel (#18644) This PR is about https://github.com/aws/aws-cdk/issues/17711 (but out of the roadmap). This PR (especially `key` property) make it easier to test the features we will implement. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-iotevents/README.md | 5 +- .../aws-iotevents/lib/detector-model.ts | 51 +++++++++++++++++++ .../aws-iotevents/test/detector-model.test.ts | 13 +++-- .../test/integ.detector-model.expected.json | 8 ++- .../test/integ.detector-model.ts | 5 +- 5 files changed, 74 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index fe071d7baecc6..760b6098d9d41 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -51,7 +51,7 @@ import * as iotevents from '@aws-cdk/aws-iotevents'; const input = new iotevents.Input(this, 'MyInput', { inputName: 'my_input', // optional - attributeJsonPaths: ['payload.temperature'], + attributeJsonPaths: ['payload.deviceId', 'payload.temperature'], }); const onlineState = new iotevents.State({ @@ -64,6 +64,9 @@ const onlineState = new iotevents.State({ new iotevents.DetectorModel(this, 'MyDetectorModel', { detectorModelName: 'test-detector-model', // optional + description: 'test-detector-model-description', // optional property, default is none + evaluationMethod: iotevents.EventEvaluation.SERIAL, // optional property, default is iotevents.EventEvaluation.BATCH + detectorKey: 'payload.deviceId', // optional property, default is none and single detector instance will be created and all inputs will be routed to it initialState: onlineState, }); ``` diff --git a/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts b/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts index 2a5d270fb0cde..5ef50fd871d75 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts @@ -16,6 +16,22 @@ export interface IDetectorModel extends IResource { readonly detectorModelName: string; } +/** + * Information about the order in which events are evaluated and how actions are executed. + */ +export enum EventEvaluation { + /** + * When setting to SERIAL, variables are updated and event conditions are evaluated in the order + * that the events are defined. + */ + BATCH = 'BATCH', + /** + * When setting to BATCH, variables within a state are updated and events within a state are + * performed only after all event conditions are evaluated. + */ + SERIAL = 'SERIAL', +} + /** * Properties for defining an AWS IoT Events detector model */ @@ -27,6 +43,38 @@ export interface DetectorModelProps { */ readonly detectorModelName?: string; + /** + * A brief description of the detector model. + * + * @default none + */ + readonly description?: string; + + /** + * Information about the order in which events are evaluated and how actions are executed. + * + * When setting to SERIAL, variables are updated and event conditions are evaluated in the order + * that the events are defined. + * When setting to BATCH, variables within a state are updated and events within a state are + * performed only after all event conditions are evaluated. + * + * @default EventEvaluation.BATCH + */ + readonly evaluationMethod?: EventEvaluation; + + /** + * The value used to identify a detector instance. When a device or system sends input, a new + * detector instance with a unique key value is created. AWS IoT Events can continue to route + * input to its corresponding detector instance based on this identifying information. + * + * This parameter uses a JSON-path expression to select the attribute-value pair in the message + * payload that is used for identification. To route the message to the correct detector instance, + * the device must send a message payload that contains the same attribute-value. + * + * @default - none (single detector instance will be created and all inputs will be routed to it) + */ + readonly detectorKey?: string; + /** * The state that is entered at the creation of each detector. */ @@ -70,6 +118,9 @@ export class DetectorModel extends Resource implements IDetectorModel { const resource = new CfnDetectorModel(this, 'Resource', { detectorModelName: this.physicalName, + detectorModelDescription: props.description, + evaluationMethod: props.evaluationMethod, + key: props.detectorKey, detectorModelDefinition: { initialStateName: props.initialState.stateName, states: [props.initialState._toStateJson()], diff --git a/packages/@aws-cdk/aws-iotevents/test/detector-model.test.ts b/packages/@aws-cdk/aws-iotevents/test/detector-model.test.ts index d6fbadd5baf9b..a15ba6a986049 100644 --- a/packages/@aws-cdk/aws-iotevents/test/detector-model.test.ts +++ b/packages/@aws-cdk/aws-iotevents/test/detector-model.test.ts @@ -76,10 +76,15 @@ test('can get detector model name', () => { }); }); -test('can set physical name', () => { +test.each([ + ['physical name', { detectorModelName: 'test-detector-model' }, { DetectorModelName: 'test-detector-model' }], + ['description', { description: 'test-detector-model-description' }, { DetectorModelDescription: 'test-detector-model-description' }], + ['evaluationMethod', { evaluationMethod: iotevents.EventEvaluation.SERIAL }, { EvaluationMethod: 'SERIAL' }], + ['detectorKey', { detectorKey: 'payload.deviceId' }, { Key: 'payload.deviceId' }], +])('can set %s', (_, partialProps, expected) => { // WHEN new iotevents.DetectorModel(stack, 'MyDetectorModel', { - detectorModelName: 'test-detector-model', + ...partialProps, initialState: new iotevents.State({ stateName: 'test-state', onEnter: [{ @@ -90,9 +95,7 @@ test('can set physical name', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('AWS::IoTEvents::DetectorModel', { - DetectorModelName: 'test-detector-model', - }); + Template.fromStack(stack).hasResourceProperties('AWS::IoTEvents::DetectorModel', expected); }); test('can set multiple events to State', () => { diff --git a/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.expected.json b/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.expected.json index f97d40bc6da25..3b1b598427701 100644 --- a/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.expected.json +++ b/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.expected.json @@ -5,6 +5,9 @@ "Properties": { "InputDefinition": { "Attributes": [ + { + "JsonPath": "payload.deviceId" + }, { "JsonPath": "payload.temperature" } @@ -70,7 +73,10 @@ "Arn" ] }, - "DetectorModelName": "test-detector-model" + "DetectorModelDescription": "test-detector-model-description", + "DetectorModelName": "test-detector-model", + "EvaluationMethod": "SERIAL", + "Key": "payload.deviceId" } } } diff --git a/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.ts b/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.ts index 8eeef110d5b8a..dc90a7d505dbf 100644 --- a/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.ts +++ b/packages/@aws-cdk/aws-iotevents/test/integ.detector-model.ts @@ -7,7 +7,7 @@ class TestStack extends cdk.Stack { const input = new iotevents.Input(this, 'MyInput', { inputName: 'test_input', - attributeJsonPaths: ['payload.temperature'], + attributeJsonPaths: ['payload.deviceId', 'payload.temperature'], }); const onlineState = new iotevents.State({ @@ -27,6 +27,9 @@ class TestStack extends cdk.Stack { new iotevents.DetectorModel(this, 'MyDetectorModel', { detectorModelName: 'test-detector-model', + description: 'test-detector-model-description', + evaluationMethod: iotevents.EventEvaluation.SERIAL, + detectorKey: 'payload.deviceId', initialState: onlineState, }); } From 554645d1ca4d4223a0ab9490ea5cf5c0f201ed3a Mon Sep 17 00:00:00 2001 From: arcrank Date: Thu, 27 Jan 2022 18:15:45 -0500 Subject: [PATCH 08/26] chore(servicecatalog): cleanup unit tests for TagOptions (#18672) We implemented TagOptions as a full construct, and created its own unit test suite. We are moving some of the basic validation tests out of the other resources unit tests, and then the cross resource association tests as well. The only TagOption tests that remain in portfolio/product are for testing the association and adding as a prop, validation and multi resource tests will be in the `tag-option` test suite. The removed validation tests are already in the `tag-option` test suite. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-servicecatalog/test/portfolio.test.ts | 38 ------------------- .../aws-servicecatalog/test/product.test.ts | 20 ---------- .../test/tag-option.test.ts | 31 +++++++++++++++ 3 files changed, 31 insertions(+), 58 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/test/portfolio.test.ts b/packages/@aws-cdk/aws-servicecatalog/test/portfolio.test.ts index 74406931a069f..e53062e0a6752 100644 --- a/packages/@aws-cdk/aws-servicecatalog/test/portfolio.test.ts +++ b/packages/@aws-cdk/aws-servicecatalog/test/portfolio.test.ts @@ -350,44 +350,6 @@ describe('portfolio associations and product constraints', () => { Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOptionAssociation', 3); }), - test('fails to create and then add tag options with invalid minimum key length', () => { - expect(() => { - const tagOptions = new servicecatalog.TagOptions(stack, 'TagOptions', { - allowedValuesForTags: { - '': ['value1', 'value2'], - 'key2': ['value1'], - }, - }); - - portfolio.associateTagOptions(tagOptions); - }).toThrowError(/Invalid TagOption key for resource/); - }); - - test('fails to create and then add tag options with invalid maxium key length', () => { - expect(() => { - const tagOptions = new servicecatalog.TagOptions(stack, 'TagOptions', { - allowedValuesForTags: { - ['key1'.repeat(1000)]: ['value1', 'value2'], - key2: ['value1'], - }, - }); - - portfolio.associateTagOptions(tagOptions); - }).toThrowError(/Invalid TagOption key for resource/); - }), - - test('fails to create and then add tag options with invalid value length', () => { - expect(() => { - const tagOptions = new servicecatalog.TagOptions(stack, 'TagOptions', { - allowedValuesForTags: { - key1: ['value1'.repeat(1000), 'value2'], - key2: ['value1'], - }, - }); - portfolio.associateTagOptions(tagOptions); - }).toThrowError(/Invalid TagOption value for resource/); - }), - test('add tag update constraint', () => { portfolio.addProduct(product); portfolio.constrainTagUpdates(product, { diff --git a/packages/@aws-cdk/aws-servicecatalog/test/product.test.ts b/packages/@aws-cdk/aws-servicecatalog/test/product.test.ts index 691ae9d14d9f1..d27e18a1c3358 100644 --- a/packages/@aws-cdk/aws-servicecatalog/test/product.test.ts +++ b/packages/@aws-cdk/aws-servicecatalog/test/product.test.ts @@ -338,26 +338,6 @@ describe('Product', () => { Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOption', 3); //Generates a resource for each unique key-value pair Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOptionAssociation', 3); - }), - - test('adding tag options to portfolio and product creates unique tag options and enumerated associations', () => { - const tagOptions = new servicecatalog.TagOptions(stack, 'TagOptions', { - allowedValuesForTags: { - key1: ['value1', 'value2'], - key2: ['value1'], - }, - }); - - const portfolio = new servicecatalog.Portfolio(stack, 'MyPortfolio', { - displayName: 'testPortfolio', - providerName: 'testProvider', - }); - - portfolio.associateTagOptions(tagOptions); - product.associateTagOptions(tagOptions); - - Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOption', 3); //Generates a resource for each unique key-value pair - Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOptionAssociation', 6); }); }); }); diff --git a/packages/@aws-cdk/aws-servicecatalog/test/tag-option.test.ts b/packages/@aws-cdk/aws-servicecatalog/test/tag-option.test.ts index 67f601ed6e521..54e0464da467e 100644 --- a/packages/@aws-cdk/aws-servicecatalog/test/tag-option.test.ts +++ b/packages/@aws-cdk/aws-servicecatalog/test/tag-option.test.ts @@ -133,6 +133,37 @@ describe('TagOptions', () => { Template.fromStack(stack).hasResource('AWS::ServiceCatalog::TagOptionAssociation', 10); }), + test('adding tag options to portfolio and product creates unique tag options and enumerated associations', () => { + const tagOptions = new servicecatalog.TagOptions(stack, 'TagOptions', { + allowedValuesForTags: { + key1: ['value1', 'value2'], + key2: ['value1'], + }, + }); + + const portfolio = new servicecatalog.Portfolio(stack, 'MyPortfolio', { + displayName: 'testPortfolio', + providerName: 'testProvider', + }); + + const product = new servicecatalog.CloudFormationProduct(stack, 'MyProduct', { + productName: 'testProduct', + owner: 'testOwner', + productVersions: [ + { + cloudFormationTemplate: servicecatalog.CloudFormationTemplate.fromUrl('https://awsdocs.s3.amazonaws.com/servicecatalog/development-environment.template'), + }, + ], + tagOptions: tagOptions, + }); + + portfolio.associateTagOptions(tagOptions); + product.associateTagOptions(tagOptions); + + Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOption', 3); //Generates a resource for each unique key-value pair + Template.fromStack(stack).resourceCountIs('AWS::ServiceCatalog::TagOptionAssociation', 6); + }); + test('create and associate tag options in another stack', () => { const tagOptionsStack = new cdk.Stack(app, 'TagOptionsStack'); const productStack = new cdk.Stack(app, 'ProductStack'); From 76b983226d9dad580b9fd519da111303005efc42 Mon Sep 17 00:00:00 2001 From: Peter Woodworth <44349620+peterwoodworth@users.noreply.github.com> Date: Thu, 27 Jan 2022 18:06:24 -0800 Subject: [PATCH 09/26] chore: optimize autolabeler (#18702) The autolabeler will now do different things depending on how the issue comes in. If it's guidance, it's automatically assigned to OSDS. If it's a PR, the autolabeler will not continue to work if the PR has `contribution/core`. For issues, the autolabeler will not continue to work on the issue if `needs-triage` is removed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/issue-label-assign.yml | 44 +++++++++++++++++++++--- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index 1def145a8e6c5..05145cc7d51c3 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -8,7 +8,7 @@ on: types: [opened, edited] jobs: - triage-manager: + issue-triage-manager: permissions: issues: write pull-requests: write @@ -17,14 +17,50 @@ jobs: - uses: aws-github-ops/aws-issue-triage-manager@main with: github-token: "${{ secrets.GITHUB_TOKEN }}" + target: "issues" excluded-expressions: "[CDK CLI Version|TypeScript|Java|Python]" area-is-keyword: true - excluded-labels: "[p1|p2|p0|contribution/core]" - default-area: > + included-labels: "[needs-triage]" + excluded-labels: "[p1|p2|p0|effort-small|effort-medium|effort-large|guidance]" + default-area: ${{ env.OSDS_DEVS }} + parameters: ${{ env.AREA_PARAMS }} + guidance-triage-manager: + permissions: + issues: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: aws-github-ops/aws-issue-triage-manager@main + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + target: "issues" + excluded-expressions: "[CDK CLI Version|TypeScript|Java|Python]" + area-is-keyword: true + included-labels: "[guidance]" + default-area: ${{ env.OSDS_DEVS }} + parameters: > + [{"area":"guidance","keywords":["guidance"]}] + pr-triage-manager: + permissions: + issues: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: aws-github-ops/aws-issue-triage-manager@main + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + target: "pull-requests" + area-is-keyword: true + excluded-labels: "[contribution/core]" + parameters: ${{ env.AREA_PARAMS }} + +env: + OSDS_DEVS: > { "assignees":["NGL321","peterwoodworth","ryparker"] } - parameters: > + + AREA_PARAMS: > [ {"area":"package/tools","keywords":["cli","command line","init","synth","diff","bootstrap"],"labels":["package/tools"],"assignees":["rix0rrr"]}, {"area":"@aws-cdk/alexa-ask","keywords":["alexa-ask","alexa", "cfnskill"],"labels":["@aws-cdk/alexa-ask"],"assignees":["madeline-k"]}, From 9de9bfe8f40b293ecaf8410ecf0f6e6990b7e678 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Fri, 28 Jan 2022 01:51:43 -0800 Subject: [PATCH 10/26] docs(cfnspec): update CloudFormation documentation (#18708) Co-authored-by: AWS CDK Team --- .../cfnspec/spec-source/cfn-docs/cfn-docs.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 49265fa72117a..15f7b552fb409 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -647,13 +647,13 @@ }, "description": "The AWS::AmplifyUIBuilder::Component resource specifies a component within an Amplify app. A component is a user interface (UI) element that you can customize. Use `ComponentChild` to configure an instance of a `Component` . A `ComponentChild` instance inherits the configuration of the main `Component` .", "properties": { - "BindingProperties": "The information to connect a component's properties to data at runtime.", + "BindingProperties": "The information to connect a component's properties to data at runtime. You can't specify `tags` as a valid property for `bindingProperties` .", "Children": "A list of the component's `ComponentChild` instances.", - "CollectionProperties": "The data binding configuration for the component's properties. Use this for a collection component.", + "CollectionProperties": "The data binding configuration for the component's properties. Use this for a collection component. You can't specify `tags` as a valid property for `collectionProperties` .", "ComponentType": "The type of the component. This can be an Amplify custom UI component or another custom component.", "Name": "The name of the component.", - "Overrides": "Describes the component's properties that can be overriden in a customized instance of the component.", - "Properties": "Describes the component's properties.", + "Overrides": "Describes the component's properties that can be overriden in a customized instance of the component. You can't specify `tags` as a valid property for `overrides` .", + "Properties": "Describes the component's properties. You can't specify `tags` as a valid property for `properties` .", "SourceId": "The unique ID of the component in its original source system, such as Figma.", "Tags": "One or more key-value pairs to use when tagging the component.", "Variants": "A list of the component's variants. A variant is a unique style configuration of a main component." @@ -688,7 +688,7 @@ "Children": "The list of `ComponentChild` instances for this component.", "ComponentType": "The type of the child component.", "Name": "The name of the child component.", - "Properties": "Describes the properties of the child component." + "Properties": "Describes the properties of the child component. You can't specify `tags` as a valid property for `properties` ." } }, "AWS::AmplifyUIBuilder::Component.ComponentConditionProperty": { @@ -759,7 +759,7 @@ "attributes": {}, "description": "The `ComponentVariant` property specifies the style configuration of a unique variation of a main component.", "properties": { - "Overrides": "The properties of the component variant that can be overriden when customizing an instance of the component.", + "Overrides": "The properties of the component variant that can be overriden when customizing an instance of the component. You can't specify `tags` as a valid property for `overrides` .", "VariantValues": "The combination of variants that comprise this variant." } }, @@ -35073,7 +35073,7 @@ "AutomationTargetParameterName": "Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of AWS Systems Manager .", "CalendarNames": "The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see [AWS Systems Manager Change Calendar](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar) .", "ComplianceSeverity": "The severity level that is assigned to the association.", - "DocumentVersion": "The version of the SSM document to associate with the target.", + "DocumentVersion": "The version of the SSM document to associate with the target.\n\n> `DocumentVersion` is not valid for documents owned by AWS , such as `AWS-RunPatchBaseline` or `AWS-UpdateSSMAgent` . If you specify `DocumentVersion` for an AWS document, the system returns the following error: \"Error occurred during operation 'CreateAssociation'.\" (RequestToken: , HandlerErrorCode: GeneralServiceException).", "InstanceId": "The ID of the instance that the SSM document is associated with. You must specify the `InstanceId` or `Targets` property.\n\n> `InstanceId` has been deprecated. To specify an instance ID for an association, use the `Targets` parameter. If you use the parameter `InstanceId` , you cannot use the parameters `AssociationName` , `DocumentVersion` , `MaxErrors` , `MaxConcurrency` , `OutputLocation` , or `ScheduleExpression` . To use these parameters, you must use the `Targets` parameter.", "MaxConcurrency": "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.\n\nIf a new managed node starts and attempts to run an association while Systems Manager is running `MaxConcurrency` associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for `MaxConcurrency` .", "MaxErrors": "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set `MaxError` to 10%, then the system stops sending the request when the sixth error is received.\n\nExecutions that are already running an association when `MaxErrors` is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set `MaxConcurrency` to 1 so that executions proceed one at a time.", From e64de677cdfc014f68e92b204f4728e60a8bb111 Mon Sep 17 00:00:00 2001 From: Flavio Leggio Date: Fri, 28 Jan 2022 12:05:49 +0100 Subject: [PATCH 11/26] feat(cloudfront-origins): extend `readTimeout` maximum value for `HttpOriginProps` (#18697) This pull request extends the maximum value of the `readTimeout` property for `HttpOriginProps` up to 180 seconds. This allows the use of the construct also in the case that a limit increase has been approved for CloudFront [origin request timeout quota](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions). The 180 seconds cap should be AWS hard limit for that quota. Closes #18628 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-cloudfront-origins/README.md | 5 +++++ .../@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts | 7 +++++-- .../aws-cloudfront-origins/test/http-origin.test.ts | 6 +++--- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront-origins/README.md b/packages/@aws-cdk/aws-cloudfront-origins/README.md index b0de0e2ffdaf4..f88a7e7111b1b 100644 --- a/packages/@aws-cdk/aws-cloudfront-origins/README.md +++ b/packages/@aws-cdk/aws-cloudfront-origins/README.md @@ -75,10 +75,15 @@ declare const loadBalancer: elbv2.ApplicationLoadBalancer; const origin = new origins.LoadBalancerV2Origin(loadBalancer, { connectionAttempts: 3, connectionTimeout: Duration.seconds(5), + readTimeout: Duration.seconds(45), protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER, }); ``` +Note that the `readTimeout` property can extend its value over 60 seconds only if a limit increase request for CloudFront origin response timeout +quota has been approved in the target account; otherwise, values over 60 seconds will produce an error at deploy time. Consider that this value is +still limited to a maximum value of 180 seconds, which is a hard limit for that quota. + ## From an HTTP endpoint Origins can also be created from any other HTTP endpoint, given the domain name, and optionally, other origin properties. diff --git a/packages/@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts b/packages/@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts index d6aa44c0bb73d..50b94b0c52191 100644 --- a/packages/@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts +++ b/packages/@aws-cdk/aws-cloudfront-origins/lib/http-origin.ts @@ -35,7 +35,10 @@ export interface HttpOriginProps extends cloudfront.OriginProps { /** * Specifies how long, in seconds, CloudFront waits for a response from the origin, also known as the origin response timeout. - * The valid range is from 1 to 60 seconds, inclusive. + * The valid range is from 1 to 180 seconds, inclusive. + * + * Note that values over 60 seconds are possible only after a limit increase request for the origin response timeout quota + * has been approved in the target account; otherwise, values over 60 seconds will produce an error at deploy time. * * @default Duration.seconds(30) */ @@ -58,7 +61,7 @@ export class HttpOrigin extends cloudfront.OriginBase { constructor(domainName: string, private readonly props: HttpOriginProps = {}) { super(domainName, props); - validateSecondsInRangeOrUndefined('readTimeout', 1, 60, props.readTimeout); + validateSecondsInRangeOrUndefined('readTimeout', 1, 180, props.readTimeout); validateSecondsInRangeOrUndefined('keepaliveTimeout', 1, 60, props.keepaliveTimeout); } diff --git a/packages/@aws-cdk/aws-cloudfront-origins/test/http-origin.test.ts b/packages/@aws-cdk/aws-cloudfront-origins/test/http-origin.test.ts index c64a04bf26ced..df149f56753b2 100644 --- a/packages/@aws-cdk/aws-cloudfront-origins/test/http-origin.test.ts +++ b/packages/@aws-cdk/aws-cloudfront-origins/test/http-origin.test.ts @@ -70,14 +70,14 @@ test.each([ Duration.seconds(0), Duration.seconds(0.5), Duration.seconds(60.5), - Duration.seconds(61), + Duration.seconds(181), Duration.minutes(5), -])('validates readTimeout is an integer between 1 and 60 seconds', (readTimeout) => { +])('validates readTimeout is an integer between 1 and 180 seconds', (readTimeout) => { expect(() => { new HttpOrigin('www.example.com', { readTimeout, }); - }).toThrow(`readTimeout: Must be an int between 1 and 60 seconds (inclusive); received ${readTimeout.toSeconds()}.`); + }).toThrow(`readTimeout: Must be an int between 1 and 180 seconds (inclusive); received ${readTimeout.toSeconds()}.`); }); test.each([ From 30e223333fef0b0d7f12287dab170a34e092d7fa Mon Sep 17 00:00:00 2001 From: Setu Shah Date: Fri, 28 Jan 2022 05:54:17 -0800 Subject: [PATCH 12/26] feat(lambda-python): support setting environment vars for bundling (#18635) While using the Python Lambda with Code Artifact, discovered that Code Artifact was still inaccessible because bundling occurs at _run_ time, which can only access env vars, not build args. This is not a security issue because bundled output doesn't contain any of the secret values. **Note:** Without this, using Code Artifact (or any other private packaging for Python Lambdas) is currently broken. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-lambda-python/README.md | 29 +++++++++++++++++-- .../aws-lambda-python/lib/bundling.ts | 2 ++ .../@aws-cdk/aws-lambda-python/lib/types.ts | 7 +++++ .../aws-lambda-python/test/bundling.test.ts | 19 ++++++++++++ 4 files changed, 55 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-python/README.md b/packages/@aws-cdk/aws-lambda-python/README.md index 2a8de2d34c4de..ef52db457ef2b 100644 --- a/packages/@aws-cdk/aws-lambda-python/README.md +++ b/packages/@aws-cdk/aws-lambda-python/README.md @@ -167,9 +167,34 @@ new lambda.PythonFunction(this, 'function', { entry, runtime: Runtime.PYTHON_3_8, bundling: { - buildArgs: { PIP_INDEX_URL: indexUrl }, + environment: { PIP_INDEX_URL: indexUrl }, }, }); ``` -This type of an example should work for `pip` and `poetry` based dependencies, but will not work for `pipenv`. +The index URL or the token are only used during bundling and thus not included in the final asset. Setting only environment variable for `PIP_INDEX_URL` or `PIP_EXTRA_INDEX_URL` should work for accesing private Python repositories with `pip`, `pipenv` and `poetry` based dependencies. + +If you also want to use the Code Artifact repo for building the base Docker image for bundling, use `buildArgs`. However, note that setting custom build args for bundling will force the base bundling image to be rebuilt every time (i.e. skip the Docker cache). Build args can be customized as: + +```ts +import { execSync } from 'child_process'; + +const entry = '/path/to/function'; +const image = DockerImage.fromBuild(entry); + +const domain = 'my-domain'; +const domainOwner = '111122223333'; +const repoName = 'my_repo'; +const region = 'us-east-1'; +const codeArtifactAuthToken = execSync(`aws codeartifact get-authorization-token --domain ${domain} --domain-owner ${domainOwner} --query authorizationToken --output text`).toString().trim(); + +const indexUrl = `https://aws:${codeArtifactAuthToken}@${domain}-${domainOwner}.d.codeartifact.${region}.amazonaws.com/pypi/${repoName}/simple/`; + +new lambda.PythonFunction(this, 'function', { + entry, + runtime: Runtime.PYTHON_3_8, + bundling: { + buildArgs: { PIP_INDEX_URL: indexUrl }, + }, +}); +``` diff --git a/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts b/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts index ddd3e167204c9..bd2020a5a228b 100644 --- a/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts +++ b/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts @@ -51,6 +51,7 @@ export class Bundling implements CdkBundlingOptions { public readonly image: DockerImage; public readonly command: string[]; + public readonly environment?: { [key: string]: string }; constructor(props: BundlingProps) { const { @@ -78,6 +79,7 @@ export class Bundling implements CdkBundlingOptions { }); this.image = image ?? defaultImage; this.command = ['bash', '-c', chain(bundlingCommands)]; + this.environment = props.environment; } private createBundlingCommand(options: BundlingCommandOptions): string[] { diff --git a/packages/@aws-cdk/aws-lambda-python/lib/types.ts b/packages/@aws-cdk/aws-lambda-python/lib/types.ts index 1f2b1e8c7aabf..e818eadc4401b 100644 --- a/packages/@aws-cdk/aws-lambda-python/lib/types.ts +++ b/packages/@aws-cdk/aws-lambda-python/lib/types.ts @@ -30,6 +30,13 @@ export interface BundlingOptions { */ readonly buildArgs?: { [key: string]: string }; + /** + * Environment variables defined when bundling runs. + * + * @default - no environment variables are defined. + */ + readonly environment?: { [key: string]: string; }; + /** * Determines how asset hash is calculated. Assets will get rebuild and * uploaded only if their hash has changed. diff --git a/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts b/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts index 4af556b3b9a62..a75ecc8625960 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts +++ b/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts @@ -229,3 +229,22 @@ test('Bundling with custom build args', () => { }), })); }); + +test('Bundling with custom environment vars`', () => { + const entry = path.join(__dirname, 'lambda-handler'); + Bundling.bundle({ + entry: entry, + runtime: Runtime.PYTHON_3_7, + environment: { + KEY: 'value', + }, + }); + + expect(Code.fromAsset).toHaveBeenCalledWith(entry, expect.objectContaining({ + bundling: expect.objectContaining({ + environment: { + KEY: 'value', + }, + }), + })); +}); From 7ac7221aff3c612ab80e7812c371b11c56e5db0a Mon Sep 17 00:00:00 2001 From: Hassan Azhar <57677979+hassanazharkhan@users.noreply.github.com> Date: Fri, 28 Jan 2022 21:20:09 +0500 Subject: [PATCH 13/26] fix(aws-lambda-nodejs): pre compilation with tsc is not being run (#18062) Revamped the logic of running `tsc`, previously we were running `tsc` once for the whole project and due to this logic, `tsc` was not running as on the first run as `createBundlingCommand` first prepare command to execute on Docker and then for local bundling and on the first run we already updated the flag to not run `tsc` now. Closes [#18002](https://github.com/aws/aws-cdk/issues/18002) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-lambda-nodejs/lib/bundling.ts | 30 +++----- .../@aws-cdk/aws-lambda-nodejs/lib/util.ts | 62 +++++++++++++++++ .../aws-lambda-nodejs/test/bundling.test.ts | 69 ++----------------- .../aws-lambda-nodejs/test/util.test.ts | 17 ++++- 4 files changed, 93 insertions(+), 85 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-nodejs/lib/bundling.ts b/packages/@aws-cdk/aws-lambda-nodejs/lib/bundling.ts index d0cae32489818..8a251bf8dda24 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/lib/bundling.ts +++ b/packages/@aws-cdk/aws-lambda-nodejs/lib/bundling.ts @@ -5,7 +5,7 @@ import * as cdk from '@aws-cdk/core'; import { PackageInstallation } from './package-installation'; import { PackageManager } from './package-manager'; import { BundlingOptions, OutputFormat, SourceMapMode } from './types'; -import { exec, extractDependencies, findUp } from './util'; +import { exec, extractDependencies, findUp, getTsconfigCompilerOptions } from './util'; const ESBUILD_MAJOR_VERSION = '0'; @@ -68,13 +68,8 @@ export class Bundling implements cdk.BundlingOptions { this.tscInstallation = undefined; } - public static clearTscCompilationCache(): void { - this.tscCompiled = false; - } - private static esbuildInstallation?: PackageInstallation; private static tscInstallation?: PackageInstallation; - private static tscCompiled = false // Core bundling options public readonly image: cdk.DockerImage; @@ -156,26 +151,17 @@ export class Bundling implements cdk.BundlingOptions { private createBundlingCommand(options: BundlingCommandOptions): string { const pathJoin = osPathJoin(options.osPlatform); - let tscCommand: string = ''; - let relativeEntryPath = this.relativeEntryPath; + let relativeEntryPath = pathJoin(options.inputDir, this.relativeEntryPath); + let tscCommand = ''; if (this.props.preCompilation) { - - let tsconfig = this.relativeTsconfigPath; + const tsconfig = this.props.tsconfig ?? findUp('tsconfig.json', path.dirname(this.props.entry)); if (!tsconfig) { - const findConfig = findUp('tsconfig.json', path.dirname(this.props.entry)); - if (!findConfig) { - throw new Error('Cannot find a tsconfig.json, please specify the prop: tsconfig'); - } - tsconfig = path.relative(this.projectRoot, findConfig); + throw new Error('Cannot find a `tsconfig.json` but `preCompilation` is set to `true`, please specify it via `tsconfig`'); } - + const compilerOptions = getTsconfigCompilerOptions(tsconfig); + tscCommand = `${options.tscRunner} "${relativeEntryPath}" ${compilerOptions}`; relativeEntryPath = relativeEntryPath.replace(/\.ts(x?)$/, '.js$1'); - if (!Bundling.tscCompiled) { - // Intentionally Setting rootDir and outDir, so that the compiled js file always end up next ts file. - tscCommand = `${options.tscRunner} --project ${pathJoin(options.inputDir, tsconfig)} --rootDir ./ --outDir ./`; - Bundling.tscCompiled = true; - } } const loaders = Object.entries(this.props.loader ?? {}); @@ -193,7 +179,7 @@ export class Bundling implements cdk.BundlingOptions { const outFile = this.props.format === OutputFormat.ESM ? 'index.mjs' : 'index.js'; const esbuildCommand: string[] = [ options.esbuildRunner, - '--bundle', `"${pathJoin(options.inputDir, relativeEntryPath)}"`, + '--bundle', `"${relativeEntryPath}"`, `--target=${this.props.target ?? toTarget(this.props.runtime)}`, '--platform=node', ...this.props.format ? [`--format=${this.props.format}`] : [], diff --git a/packages/@aws-cdk/aws-lambda-nodejs/lib/util.ts b/packages/@aws-cdk/aws-lambda-nodejs/lib/util.ts index 0ececb74ab95f..cc3d314c32416 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/lib/util.ts +++ b/packages/@aws-cdk/aws-lambda-nodejs/lib/util.ts @@ -144,3 +144,65 @@ export function extractDependencies(pkgPath: string, modules: string[]): { [key: return dependencies; } + +export function getTsconfigCompilerOptions(tsconfigPath: string): string { + const compilerOptions = extractTsConfig(tsconfigPath); + const excludedCompilerOptions = [ + 'composite', + 'tsBuildInfoFile', + ]; + + const options: Record = { + ...compilerOptions, + // Overrides + incremental: false, + // Intentionally Setting rootDir and outDir, so that the compiled js file always end up next to .ts file. + rootDir: './', + outDir: './', + }; + + let compilerOptionsString = ''; + Object.keys(options).forEach((key: string) => { + + if (excludedCompilerOptions.includes(key)) { + return; + } + + const value = options[key]; + const option = '--' + key; + const type = typeof value; + + if (type === 'boolean') { + if (value) { + compilerOptionsString += option + ' '; + } + } else if (type === 'string') { + compilerOptionsString += option + ' ' + value + ' '; + } else if (type === 'object') { + if (Array.isArray(value)) { + compilerOptionsString += option + ' ' + value.join(',') + ' '; + } + } else { + throw new Error(`Missing support for compilerOption: [${key}]: { ${type}, ${value}} \n`); + } + }); + + return compilerOptionsString.trim(); +} + + +function extractTsConfig(tsconfigPath: string, previousCompilerOptions?: Record): Record | undefined { + // eslint-disable-next-line @typescript-eslint/no-require-imports + const { extends: extendedConfig, compilerOptions } = require(tsconfigPath); + const updatedCompilerOptions = { + ...(previousCompilerOptions ?? {}), + ...compilerOptions, + }; + if (extendedConfig) { + return extractTsConfig( + path.resolve(tsconfigPath.replace(/[^\/]+$/, ''), extendedConfig), + updatedCompilerOptions, + ); + } + return updatedCompilerOptions; +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/bundling.test.ts b/packages/@aws-cdk/aws-lambda-nodejs/test/bundling.test.ts index f9b8301eacacc..3224d1afbd014 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/test/bundling.test.ts +++ b/packages/@aws-cdk/aws-lambda-nodejs/test/bundling.test.ts @@ -16,7 +16,6 @@ beforeEach(() => { jest.resetAllMocks(); jest.restoreAllMocks(); Bundling.clearEsbuildInstallationCache(); - Bundling.clearTscInstallationCache(); jest.spyOn(Code, 'fromAsset'); @@ -574,61 +573,6 @@ test('esbuild bundling with projectRoot and externals and dependencies', () => { }); test('esbuild bundling with pre compilations', () => { - Bundling.bundle({ - entry, - projectRoot, - depsLockFilePath, - runtime: Runtime.NODEJS_14_X, - forceDockerBundling: true, - tsconfig, - preCompilation: true, - architecture: Architecture.X86_64, - }); - - // Correctly bundles with esbuild - expect(Code.fromAsset).toHaveBeenCalledWith(path.dirname(depsLockFilePath), { - assetHashType: AssetHashType.OUTPUT, - bundling: expect.objectContaining({ - command: [ - 'bash', '-c', - [ - 'tsc --project /asset-input/lib/custom-tsconfig.ts --rootDir ./ --outDir ./ &&', - 'esbuild --bundle \"/asset-input/lib/handler.js\" --target=node14 --platform=node --outfile=\"/asset-output/index.js\"', - '--external:aws-sdk --tsconfig=/asset-input/lib/custom-tsconfig.ts', - ].join(' '), - ], - }), - }); - - Bundling.bundle({ - entry, - projectRoot, - depsLockFilePath, - runtime: Runtime.NODEJS_14_X, - forceDockerBundling: true, - tsconfig, - preCompilation: true, - architecture: Architecture.X86_64, - }); - - // Correctly bundles with esbuild - expect(Code.fromAsset).toHaveBeenCalledWith(path.dirname(depsLockFilePath), { - assetHashType: AssetHashType.OUTPUT, - bundling: expect.objectContaining({ - command: [ - 'bash', '-c', - [ - 'esbuild --bundle \"/asset-input/lib/handler.js\" --target=node14 --platform=node --outfile=\"/asset-output/index.js\"', - '--external:aws-sdk --tsconfig=/asset-input/lib/custom-tsconfig.ts', - ].join(' '), - ], - }), - }); - -}); - -test('esbuild bundling with pre compilations with undefined tsconfig ( Should find in root directory )', () => { - Bundling.clearTscCompilationCache(); const packageLock = path.join(__dirname, '..', 'package-lock.json'); Bundling.bundle({ @@ -636,11 +580,13 @@ test('esbuild bundling with pre compilations with undefined tsconfig ( Should fi projectRoot: path.dirname(packageLock), depsLockFilePath: packageLock, runtime: Runtime.NODEJS_14_X, - forceDockerBundling: true, preCompilation: true, + forceDockerBundling: true, architecture: Architecture.X86_64, }); + const compilerOptions = util.getTsconfigCompilerOptions(path.join(__dirname, '..', 'tsconfig.json')); + // Correctly bundles with esbuild expect(Code.fromAsset).toHaveBeenCalledWith(path.dirname(packageLock), { assetHashType: AssetHashType.OUTPUT, @@ -648,16 +594,15 @@ test('esbuild bundling with pre compilations with undefined tsconfig ( Should fi command: [ 'bash', '-c', [ - 'tsc --project /asset-input/tsconfig.json --rootDir ./ --outDir ./ &&', - 'esbuild --bundle \"/asset-input/test/bundling.test.js\" --target=node14 --platform=node --outfile=\"/asset-output/index.js\"', - '--external:aws-sdk', + `tsc \"/asset-input/test/bundling.test.ts\" ${compilerOptions} &&`, + 'esbuild --bundle \"/asset-input/test/bundling.test.js\" --target=node14 --platform=node --outfile=\"/asset-output/index.js\" --external:aws-sdk', ].join(' '), ], }), }); }); -test('esbuild bundling with pre compilations and undefined tsconfig ( Should throw) ', () => { +test('throws with pre compilation and not found tsconfig', () => { expect(() => { Bundling.bundle({ entry, @@ -668,7 +613,7 @@ test('esbuild bundling with pre compilations and undefined tsconfig ( Should thr preCompilation: true, architecture: Architecture.X86_64, }); - }).toThrow('Cannot find a tsconfig.json, please specify the prop: tsconfig'); + }).toThrow('Cannot find a `tsconfig.json` but `preCompilation` is set to `true`, please specify it via `tsconfig`'); }); diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/util.test.ts b/packages/@aws-cdk/aws-lambda-nodejs/test/util.test.ts index d2249f4f59118..085c333579933 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/test/util.test.ts +++ b/packages/@aws-cdk/aws-lambda-nodejs/test/util.test.ts @@ -1,7 +1,7 @@ import * as child_process from 'child_process'; import * as fs from 'fs'; import * as path from 'path'; -import { callsites, exec, extractDependencies, findUp, findUpMultiple } from '../lib/util'; +import { callsites, exec, extractDependencies, findUp, findUpMultiple, getTsconfigCompilerOptions } from '../lib/util'; beforeEach(() => { jest.clearAllMocks(); @@ -179,3 +179,18 @@ describe('extractDependencies', () => { fs.unlinkSync(pkgPath); }); }); + +describe('getTsconfigCompilerOptions', () => { + test('should extract compiler options and returns as string', () => { + const tsconfig = path.join(__dirname, '..', 'tsconfig.json'); + const compilerOptions = getTsconfigCompilerOptions(tsconfig); + expect(compilerOptions).toEqual([ + '--alwaysStrict --charset utf8 --declaration --experimentalDecorators', + '--inlineSourceMap --inlineSources --lib es2019 --module CommonJS', + '--newLine lf --noEmitOnError --noFallthroughCasesInSwitch --noImplicitAny', + '--noImplicitReturns --noImplicitThis --noUnusedLocals --noUnusedParameters', + '--resolveJsonModule --strict --strictNullChecks --strictPropertyInitialization', + '--target ES2019 --rootDir ./ --outDir ./', + ].join(' ')); + }); +}); From 009d68912267de9dcf4136a7d80a652a891b7bb9 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 28 Jan 2022 18:13:51 +0100 Subject: [PATCH 14/26] fix(pipelines): undeployable due to dependency cycle (#18686) A dependency cycle was inadvertently introduced to CDK Pipelines in #18492. Fix that dependency cycle, and also one in Cognito IdentityPools. Add facilities to the `assertions` library to automatically detect this in the future, to stop errors like this from slipping in. We could make it a separate assertion method (`Template.fromStack().assertNoCycles()`), but the only thing that will do is give you an opportunity to forget to put the test in. Instead, we just check it by default for every generated template. Fixes #18673. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../assertions/lib/private/conditions.ts | 4 +- .../@aws-cdk/assertions/lib/private/cyclic.ts | 175 ++++++++++++++++++ .../assertions/lib/private/mappings.ts | 4 +- .../assertions/lib/private/outputs.ts | 4 +- .../assertions/lib/private/parameters.ts | 4 +- .../assertions/lib/private/resources.ts | 8 +- .../assertions/lib/private/template.ts | 14 +- packages/@aws-cdk/assertions/lib/template.ts | 2 + .../@aws-cdk/assertions/test/template.test.ts | 31 +++- .../lib/identitypool.ts | 14 +- .../test/integ.identitypool.expected.json | 5 - .../lib/codepipeline/_codebuild-factory.ts | 8 +- .../test/codepipeline/codebuild-step.test.ts | 7 +- .../integ.newpipeline-with-vpc.expected.json | 52 +----- .../test/integ.newpipeline.expected.json | 26 +-- .../@monocdk-experiment/assert/tsconfig.json | 4 +- packages/aws-cdk-lib/package.json | 5 +- 17 files changed, 254 insertions(+), 113 deletions(-) create mode 100644 packages/@aws-cdk/assertions/lib/private/cyclic.ts diff --git a/packages/@aws-cdk/assertions/lib/private/conditions.ts b/packages/@aws-cdk/assertions/lib/private/conditions.ts index e7c4665dee219..6ed10379dea9e 100644 --- a/packages/@aws-cdk/assertions/lib/private/conditions.ts +++ b/packages/@aws-cdk/assertions/lib/private/conditions.ts @@ -2,7 +2,7 @@ import { filterLogicalId, formatFailure, matchSection } from './section'; import { Template } from './template'; export function findConditions(template: Template, logicalId: string, props: any = {}): { [key: string]: { [key: string]: any } } { - const section: { [key: string] : {} } = template.Conditions; + const section: { [key: string] : {} } = template.Conditions ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (!result.match) { @@ -13,7 +13,7 @@ export function findConditions(template: Template, logicalId: string, props: any } export function hasCondition(template: Template, logicalId: string, props: any): string | void { - const section: { [key: string] : {} } = template.Conditions; + const section: { [key: string] : {} } = template.Conditions ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (result.match) { return; diff --git a/packages/@aws-cdk/assertions/lib/private/cyclic.ts b/packages/@aws-cdk/assertions/lib/private/cyclic.ts new file mode 100644 index 0000000000000..07451a126ad28 --- /dev/null +++ b/packages/@aws-cdk/assertions/lib/private/cyclic.ts @@ -0,0 +1,175 @@ +import { Resource, Template } from './template'; + +/** + * Check a template for cyclic dependencies + * + * This will make sure that we don't happily validate templates + * in unit tests that wouldn't deploy to CloudFormation anyway. + */ +export function checkTemplateForCyclicDependencies(template: Template): void { + const logicalIds = new Set(Object.keys(template.Resources ?? {})); + + const dependencies = new Map>(); + for (const [logicalId, resource] of Object.entries(template.Resources ?? {})) { + dependencies.set(logicalId, intersect(findResourceDependencies(resource), logicalIds)); + } + + // We will now progressively remove entries from the map of 'dependencies' that have + // 0 elements in them. If we can't do that anymore and the map isn't empty, we + // have a cyclic dependency. + while (dependencies.size > 0) { + const free = Array.from(dependencies.entries()).filter(([_, deps]) => deps.size === 0); + if (free.length === 0) { + // Oops! + const cycle = findCycle(dependencies); + + const cycleResources: any = {}; + for (const logicalId of cycle) { + cycleResources[logicalId] = template.Resources?.[logicalId]; + } + + throw new Error(`Template is undeployable, these resources have a dependency cycle: ${cycle.join(' -> ')}:\n\n${JSON.stringify(cycleResources, undefined, 2)}`); + } + + for (const [logicalId, _] of free) { + for (const deps of dependencies.values()) { + deps.delete(logicalId); + } + dependencies.delete(logicalId); + } + } +} + +function findResourceDependencies(res: Resource): Set { + return new Set([ + ...toArray(res.DependsOn ?? []), + ...findExpressionDependencies(res.Properties), + ]); +} + +function toArray(x: A | A[]): A[] { + return Array.isArray(x) ? x : [x]; +} + +function findExpressionDependencies(obj: any): Set { + const ret = new Set(); + recurse(obj); + return ret; + + function recurse(x: any): void { + if (!x) { return; } + if (Array.isArray(x)) { + x.forEach(recurse); + } + if (typeof x === 'object') { + const keys = Object.keys(x); + if (keys.length === 1 && keys[0] === 'Ref') { + ret.add(x[keys[0]]); + } else if (keys.length === 1 && keys[0] === 'Fn::GetAtt') { + ret.add(x[keys[0]][0]); + } else if (keys.length === 1 && keys[0] === 'Fn::Sub') { + const argument = x[keys[0]]; + const pattern = Array.isArray(argument) ? argument[0] : argument; + for (const logId of logicalIdsInSubString(pattern)) { + ret.add(logId); + } + const contextDict = Array.isArray(argument) ? argument[1] : undefined; + if (contextDict) { + Object.values(contextDict).forEach(recurse); + } + } else { + Object.values(x).forEach(recurse); + } + } + } +} + +/** + * Return the logical IDs found in a {Fn::Sub} format string + */ +function logicalIdsInSubString(x: string): string[] { + return analyzeSubPattern(x).flatMap((fragment) => { + switch (fragment.type) { + case 'getatt': + case 'ref': + return [fragment.logicalId]; + case 'literal': + return []; + } + }); +} + + +function analyzeSubPattern(pattern: string): SubFragment[] { + const ret: SubFragment[] = []; + let start = 0; + + let ph0 = pattern.indexOf('${', start); + while (ph0 > -1) { + if (pattern[ph0 + 2] === '!') { + // "${!" means "don't actually substitute" + start = ph0 + 3; + ph0 = pattern.indexOf('${', start); + continue; + } + + const ph1 = pattern.indexOf('}', ph0 + 2); + if (ph1 === -1) { + break; + } + const placeholder = pattern.substring(ph0 + 2, ph1); + + if (ph0 > start) { + ret.push({ type: 'literal', content: pattern.substring(start, ph0) }); + } + if (placeholder.includes('.')) { + const [logicalId, attr] = placeholder.split('.'); + ret.push({ type: 'getatt', logicalId: logicalId!, attr: attr! }); + } else { + ret.push({ type: 'ref', logicalId: placeholder }); + } + + start = ph1 + 1; + ph0 = pattern.indexOf('${', start); + } + + if (start < pattern.length - 1) { + ret.push({ type: 'literal', content: pattern.substr(start) }); + } + + return ret; +} + +type SubFragment = + | { readonly type: 'literal'; readonly content: string } + | { readonly type: 'ref'; readonly logicalId: string } + | { readonly type: 'getatt'; readonly logicalId: string; readonly attr: string }; + + +function intersect(xs: Set, ys: Set): Set { + return new Set(Array.from(xs).filter(x => ys.has(x))); +} + +/** + * Find cycles in a graph + * + * Not the fastest, but effective and should be rare + */ +function findCycle(deps: ReadonlyMap>): string[] { + for (const node of deps.keys()) { + const cycle = recurse(node, [node]); + if (cycle) { return cycle; } + } + throw new Error('No cycle found. Assertion failure!'); + + function recurse(node: string, path: string[]): string[] | undefined { + for (const dep of deps.get(node) ?? []) { + if (dep === path[0]) { return [...path, dep]; } + + const cycle = recurse(dep, [...path, dep]); + if (cycle) { return cycle; } + } + + return undefined; + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/assertions/lib/private/mappings.ts b/packages/@aws-cdk/assertions/lib/private/mappings.ts index e080843dd87f8..e8788fb2ef112 100644 --- a/packages/@aws-cdk/assertions/lib/private/mappings.ts +++ b/packages/@aws-cdk/assertions/lib/private/mappings.ts @@ -2,7 +2,7 @@ import { filterLogicalId, formatFailure, matchSection } from './section'; import { Template } from './template'; export function findMappings(template: Template, logicalId: string, props: any = {}): { [key: string]: { [key: string]: any } } { - const section: { [key: string] : {} } = template.Mappings; + const section: { [key: string] : {} } = template.Mappings ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (!result.match) { @@ -13,7 +13,7 @@ export function findMappings(template: Template, logicalId: string, props: any = } export function hasMapping(template: Template, logicalId: string, props: any): string | void { - const section: { [key: string]: {} } = template.Mappings; + const section: { [key: string]: {} } = template.Mappings ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (result.match) { diff --git a/packages/@aws-cdk/assertions/lib/private/outputs.ts b/packages/@aws-cdk/assertions/lib/private/outputs.ts index f00f05bc9bb0f..39509698d0e43 100644 --- a/packages/@aws-cdk/assertions/lib/private/outputs.ts +++ b/packages/@aws-cdk/assertions/lib/private/outputs.ts @@ -2,7 +2,7 @@ import { filterLogicalId, formatFailure, matchSection } from './section'; import { Template } from './template'; export function findOutputs(template: Template, logicalId: string, props: any = {}): { [key: string]: { [key: string]: any } } { - const section = template.Outputs; + const section = template.Outputs ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (!result.match) { @@ -13,7 +13,7 @@ export function findOutputs(template: Template, logicalId: string, props: any = } export function hasOutput(template: Template, logicalId: string, props: any): string | void { - const section: { [key: string]: {} } = template.Outputs; + const section: { [key: string]: {} } = template.Outputs ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (result.match) { return; diff --git a/packages/@aws-cdk/assertions/lib/private/parameters.ts b/packages/@aws-cdk/assertions/lib/private/parameters.ts index b708460caf399..0e73160ea5a75 100644 --- a/packages/@aws-cdk/assertions/lib/private/parameters.ts +++ b/packages/@aws-cdk/assertions/lib/private/parameters.ts @@ -2,7 +2,7 @@ import { filterLogicalId, formatFailure, matchSection } from './section'; import { Template } from './template'; export function findParameters(template: Template, logicalId: string, props: any = {}): { [key: string]: { [key: string]: any } } { - const section: { [key: string] : {} } = template.Parameters; + const section: { [key: string] : {} } = template.Parameters ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (!result.match) { @@ -13,7 +13,7 @@ export function findParameters(template: Template, logicalId: string, props: any } export function hasParameter(template: Template, logicalId: string, props: any): string | void { - const section: { [key: string] : {} } = template.Parameters; + const section: { [key: string] : {} } = template.Parameters ?? {}; const result = matchSection(filterLogicalId(section, logicalId), props); if (result.match) { return; diff --git a/packages/@aws-cdk/assertions/lib/private/resources.ts b/packages/@aws-cdk/assertions/lib/private/resources.ts index 68e8e6c2ddff8..00a57c05f9b26 100644 --- a/packages/@aws-cdk/assertions/lib/private/resources.ts +++ b/packages/@aws-cdk/assertions/lib/private/resources.ts @@ -4,7 +4,7 @@ import { formatFailure, matchSection } from './section'; import { Resource, Template } from './template'; export function findResources(template: Template, type: string, props: any = {}): { [key: string]: { [key: string]: any } } { - const section = template.Resources; + const section = template.Resources ?? {}; const result = matchSection(filterType(section, type), props); if (!result.match) { @@ -15,7 +15,7 @@ export function findResources(template: Template, type: string, props: any = {}) } export function hasResource(template: Template, type: string, props: any): string | void { - const section = template.Resources; + const section = template.Resources ?? {}; const result = matchSection(filterType(section, type), props); if (result.match) { return; @@ -46,14 +46,14 @@ export function hasResourceProperties(template: Template, type: string, props: a } export function countResources(template: Template, type: string): number { - const section = template.Resources; + const section = template.Resources ?? {}; const types = filterType(section, type); return Object.entries(types).length; } function addEmptyProperties(template: Template): Template { - let section = template.Resources; + let section = template.Resources ?? {}; Object.keys(section).map((key) => { if (!section[key].hasOwnProperty('Properties')) { diff --git a/packages/@aws-cdk/assertions/lib/private/template.ts b/packages/@aws-cdk/assertions/lib/private/template.ts index fc5d0cb6b1e01..4aea34a2b5132 100644 --- a/packages/@aws-cdk/assertions/lib/private/template.ts +++ b/packages/@aws-cdk/assertions/lib/private/template.ts @@ -1,15 +1,19 @@ // Partial types for CloudFormation Template export type Template = { - Resources: { [logicalId: string]: Resource }, - Outputs: { [logicalId: string]: Output }, - Mappings: { [logicalId: string]: Mapping }, - Parameters: { [logicalId: string]: Parameter }, - Conditions: { [logicalId: string]: Condition }, + // In actuality this is not optional, but we sometimes don't generate it so we + // need to account for that. + Resources?: { [logicalId: string]: Resource }, + Outputs?: { [logicalId: string]: Output }, + Mappings?: { [logicalId: string]: Mapping }, + Parameters?: { [logicalId: string]: Parameter }, + Conditions?: { [logicalId: string]: Condition }, } export type Resource = { Type: string; + DependsOn?: string | string[]; + Properties?: { [key: string]: any }; [key: string]: any; } diff --git a/packages/@aws-cdk/assertions/lib/template.ts b/packages/@aws-cdk/assertions/lib/template.ts index ec23538eaf4aa..6399d3a971897 100644 --- a/packages/@aws-cdk/assertions/lib/template.ts +++ b/packages/@aws-cdk/assertions/lib/template.ts @@ -4,6 +4,7 @@ import * as fs from 'fs-extra'; import { Match } from './match'; import { Matcher } from './matcher'; import { findConditions, hasCondition } from './private/conditions'; +import { checkTemplateForCyclicDependencies } from './private/cyclic'; import { findMappings, hasMapping } from './private/mappings'; import { findOutputs, hasOutput } from './private/outputs'; import { findParameters, hasParameter } from './private/parameters'; @@ -47,6 +48,7 @@ export class Template { private constructor(template: { [key: string]: any }) { this.template = template as TemplateType; + checkTemplateForCyclicDependencies(this.template); } /** diff --git a/packages/@aws-cdk/assertions/test/template.test.ts b/packages/@aws-cdk/assertions/test/template.test.ts index 92bdb405ab9ce..dcdb73e61da71 100644 --- a/packages/@aws-cdk/assertions/test/template.test.ts +++ b/packages/@aws-cdk/assertions/test/template.test.ts @@ -5,11 +5,11 @@ import { Capture, Match, Template } from '../lib'; describe('Template', () => { test('fromString', () => { const template = Template.fromString(`{ - "Resources": { - "Foo": { + "Resources": { + "Foo": { "Type": "Baz::Qux", "Properties": { "Fred": "Waldo" } - } + } } }`); @@ -79,11 +79,11 @@ describe('Template', () => { describe('fromString', () => { test('default', () => { const assertions = Template.fromString(`{ - "Resources": { - "Foo": { + "Resources": { + "Foo": { "Type": "Baz::Qux", "Properties": { "Fred": "Waldo" } - } + } } }`); assertions.resourceCountIs('Baz::Qux', 1); @@ -1084,6 +1084,25 @@ describe('Template', () => { expect(Object.keys(result).length).toEqual(0); }); }); + + test('throws when given a template with cyclic dependencies', () => { + expect(() => { + Template.fromJSON({ + Resources: { + Res1: { + Type: 'Foo', + Properties: { + Thing: { Ref: 'Res2' }, + }, + }, + Res2: { + Type: 'Foo', + DependsOn: ['Res1'], + }, + }, + }); + }).toThrow(/dependency cycle/); + }); }); function expectToThrow(fn: () => void, msgs: (RegExp | string)[], done: jest.DoneCallback): void { diff --git a/packages/@aws-cdk/aws-cognito-identitypool/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool/lib/identitypool.ts index cefab0caa54d9..1fd89f238e0b0 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool/lib/identitypool.ts @@ -437,7 +437,12 @@ export class IdentityPool extends Resource implements IIdentityPool { unauthenticatedRole: this.unauthenticatedRole, roleMappings: props.roleMappings, }); - attachment.node.addDependency(this); + + // This added by the original author, but it's causing cyclic dependencies. + // Don't know why this was added in the first place, but I'm disabling it for now and if + // no complaints come from this, we're probably safe to remove it altogether. + // attachment.node.addDependency(this); + Array.isArray(attachment); } /** @@ -461,7 +466,12 @@ export class IdentityPool extends Resource implements IIdentityPool { unauthenticatedRole: this.unauthenticatedRole, roleMappings, }); - attachment.node.addDependency(this); + + // This added by the original author, but it's causing cyclic dependencies. + // Don't know why this was added in the first place, but I'm disabling it for now and if + // no complaints come from this, we're probably safe to remove it altogether. + // attachment.node.addDependency(this); + Array.isArray(attachment); } /** diff --git a/packages/@aws-cdk/aws-cognito-identitypool/test/integ.identitypool.expected.json b/packages/@aws-cdk/aws-cognito-identitypool/test/integ.identitypool.expected.json index b555de31baa1e..b2ec1baf42d81 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool/test/integ.identitypool.expected.json +++ b/packages/@aws-cdk/aws-cognito-identitypool/test/integ.identitypool.expected.json @@ -402,11 +402,6 @@ } }, "DependsOn": [ - "identitypoolAuthenticatedRoleDefaultPolicyCB4D2992", - "identitypoolAuthenticatedRoleB074B49D", - "identitypoolE2A6D099", - "identitypoolUnauthenticatedRoleDefaultPolicyBFACCE98", - "identitypoolUnauthenticatedRoleE61CAC70", "OtherPool7DA7F2F7", "OtherPoolUserPoolAuthenticationProviderClient08F670F8", "PoolD3F588B8", diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts index 5d73e23784314..3414554cd5197 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts @@ -5,7 +5,7 @@ import * as codepipeline from '@aws-cdk/aws-codepipeline'; import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; -import { IDependable, Stack } from '@aws-cdk/core'; +import { IDependable, Stack, Token } from '@aws-cdk/core'; import { Construct, Node } from 'constructs'; import { FileSetLocation, ShellStep, StackOutputReference } from '../blueprint'; import { PipelineQueries } from '../helpers-internal/pipeline-queries'; @@ -271,9 +271,13 @@ export class CodeBuildFactory implements ICodePipelineActionFactory { projectScope = obtainScope(scope, actionName); } + const safePipelineName = Token.isUnresolved(options.pipeline.pipeline.pipelineName) + ? `${Stack.of(options.pipeline).stackName}/${Node.of(options.pipeline.pipeline).id}` + : options.pipeline.pipeline.pipelineName; + const project = new codebuild.PipelineProject(projectScope, this.constructId, { projectName: this.props.projectName, - description: `Pipeline step ${options.pipeline.pipeline.pipelineName}/${stage.stageName}/${actionName}`, + description: `Pipeline step ${safePipelineName}/${stage.stageName}/${actionName}`.substring(0, 255), environment, vpc: projectOptions.vpc, subnetSelection: projectOptions.subnetSelection, diff --git a/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts b/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts index 01069ee7adee0..393f1ffb965ba 100644 --- a/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts +++ b/packages/@aws-cdk/pipelines/test/codepipeline/codebuild-step.test.ts @@ -55,12 +55,7 @@ test('CodeBuild projects have a description', () => { Template.fromStack(pipelineStack).hasResourceProperties( 'AWS::CodeBuild::Project', { - Description: { - 'Fn::Join': [ - '', - ['Pipeline step ', { Ref: 'Pipeline9850B417' }, '/Build/Synth'], - ], - }, + Description: 'Pipeline step PipelineStack/Pipeline/Build/Synth', }, ); }); diff --git a/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json b/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json index a3f12aa278c48..4bd2e638afb4c 100644 --- a/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json @@ -1363,18 +1363,7 @@ "Cache": { "Type": "NO_CACHE" }, - "Description": { - "Fn::Join": [ - "", - [ - "Pipeline step ", - { - "Ref": "Pipeline9850B417" - }, - "/Build/Synth" - ] - ] - }, + "Description": "Pipeline step PipelineStack/Pipeline/Build/Synth", "EncryptionKey": "alias/aws/s3", "VpcConfig": { "SecurityGroupIds": [ @@ -1962,18 +1951,7 @@ "Cache": { "Type": "NO_CACHE" }, - "Description": { - "Fn::Join": [ - "", - [ - "Pipeline step ", - { - "Ref": "Pipeline9850B417" - }, - "/UpdatePipeline/SelfMutate" - ] - ] - }, + "Description": "Pipeline step PipelineStack/Pipeline/UpdatePipeline/SelfMutate", "EncryptionKey": "alias/aws/s3", "VpcConfig": { "SecurityGroupIds": [ @@ -2316,18 +2294,7 @@ "Cache": { "Type": "NO_CACHE" }, - "Description": { - "Fn::Join": [ - "", - [ - "Pipeline step ", - { - "Ref": "Pipeline9850B417" - }, - "/Assets/FileAsset1" - ] - ] - }, + "Description": "Pipeline step PipelineStack/Pipeline/Assets/FileAsset1", "EncryptionKey": "alias/aws/s3", "VpcConfig": { "SecurityGroupIds": [ @@ -2429,18 +2396,7 @@ "Cache": { "Type": "NO_CACHE" }, - "Description": { - "Fn::Join": [ - "", - [ - "Pipeline step ", - { - "Ref": "Pipeline9850B417" - }, - "/Assets/FileAsset2" - ] - ] - }, + "Description": "Pipeline step PipelineStack/Pipeline/Assets/FileAsset2", "EncryptionKey": "alias/aws/s3", "VpcConfig": { "SecurityGroupIds": [ diff --git a/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json index 47c1f4d129631..37cd5d99fd7f8 100644 --- a/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json @@ -2044,18 +2044,7 @@ "Cache": { "Type": "NO_CACHE" }, - "Description": { - "Fn::Join": [ - "", - [ - "Pipeline step ", - { - "Ref": "Pipeline9850B417" - }, - "/Build/Synth" - ] - ] - }, + "Description": "Pipeline step PipelineStack/Pipeline/Build/Synth", "EncryptionKey": "alias/aws/s3" } }, @@ -2355,18 +2344,7 @@ "Cache": { "Type": "NO_CACHE" }, - "Description": { - "Fn::Join": [ - "", - [ - "Pipeline step ", - { - "Ref": "Pipeline9850B417" - }, - "/UpdatePipeline/SelfMutate" - ] - ] - }, + "Description": "Pipeline step PipelineStack/Pipeline/UpdatePipeline/SelfMutate", "EncryptionKey": "alias/aws/s3" } } diff --git a/packages/@monocdk-experiment/assert/tsconfig.json b/packages/@monocdk-experiment/assert/tsconfig.json index b426f95fcb96a..e1b9688cb975e 100644 --- a/packages/@monocdk-experiment/assert/tsconfig.json +++ b/packages/@monocdk-experiment/assert/tsconfig.json @@ -1,7 +1,7 @@ { "compilerOptions": { - "target":"ES2018", - "lib": ["es2018"], + "target":"ES2019", + "lib": ["es2019"], "module": "CommonJS", "declaration": true, "strict": true, diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index e2ec7540fb741..61d5b8455d10f 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -433,7 +433,6 @@ "./aws-codestarconnections": "./aws-codestarconnections/index.js", "./aws-codestarnotifications": "./aws-codestarnotifications/index.js", "./aws-cognito": "./aws-cognito/index.js", - "./aws-cognito-identitypool": "./aws-cognito-identitypool/index.js", "./aws-config": "./aws-config/index.js", "./aws-connect": "./aws-connect/index.js", "./aws-cur": "./aws-cur/index.js", @@ -472,6 +471,7 @@ "./aws-finspace": "./aws-finspace/index.js", "./aws-fis": "./aws-fis/index.js", "./aws-fms": "./aws-fms/index.js", + "./aws-forecast": "./aws-forecast/index.js", "./aws-frauddetector": "./aws-frauddetector/index.js", "./aws-fsx": "./aws-fsx/index.js", "./aws-gamelift": "./aws-gamelift/index.js", @@ -486,6 +486,7 @@ "./aws-iam": "./aws-iam/index.js", "./aws-imagebuilder": "./aws-imagebuilder/index.js", "./aws-inspector": "./aws-inspector/index.js", + "./aws-inspectorv2": "./aws-inspectorv2/index.js", "./aws-iot": "./aws-iot/index.js", "./aws-iot1click": "./aws-iot1click/index.js", "./aws-iotanalytics": "./aws-iotanalytics/index.js", @@ -499,7 +500,9 @@ "./aws-kendra": "./aws-kendra/index.js", "./aws-kinesis": "./aws-kinesis/index.js", "./aws-kinesisanalytics": "./aws-kinesisanalytics/index.js", + "./aws-kinesisanalyticsv2": "./aws-kinesisanalyticsv2/index.js", "./aws-kinesisfirehose": "./aws-kinesisfirehose/index.js", + "./aws-kinesisvideo": "./aws-kinesisvideo/index.js", "./aws-kms": "./aws-kms/index.js", "./aws-lakeformation": "./aws-lakeformation/index.js", "./aws-lambda": "./aws-lambda/index.js", From 6860fec70862ce223c8a668bb2a5eb606cb528fb Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Fri, 28 Jan 2022 13:03:17 -0500 Subject: [PATCH 15/26] docs(assertions): publish migration script (#18653) Publishing our internal migration script written by @rix0rrr for others to benefit. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/assertions/MIGRATING.md | 123 ++++++++++++++++++++++ packages/@aws-cdk/assertions/README.md | 3 + packages/@aws-cdk/assertions/rewrite.toml | 115 ++++++++++++++++++++ 3 files changed, 241 insertions(+) create mode 100644 packages/@aws-cdk/assertions/MIGRATING.md create mode 100644 packages/@aws-cdk/assertions/rewrite.toml diff --git a/packages/@aws-cdk/assertions/MIGRATING.md b/packages/@aws-cdk/assertions/MIGRATING.md new file mode 100644 index 0000000000000..afa40bf9b1c5f --- /dev/null +++ b/packages/@aws-cdk/assertions/MIGRATING.md @@ -0,0 +1,123 @@ +# Migrating to Assertions + +Most of the APIs in the old `assert` module has a corresponding API in `assertions`. +Make the following modifications to your CDK test files to migrate to the +`@aws-cdk/assertions` module. + +For a migration script that handles most common use cases for you, see +[Migration Script](migration-script). + +## Translation Guide + +- Rewrite module imports that use `@aws-cdk/aws-assert` to `@aws-cdk/aws-assertions`. + For example: + + ```ts + import '@aws-cdk/assert/jest'; + import { ABSENT, SynthUtils, ResourcePart } from '@aws-cdk/assert'; + ``` + + ...becomes... + + ```ts + import { Template } from '@aws-cdk/assertions'; + import { Match, Template } from '@aws-cdk/assertions'; + ``` + +- Replace instances of `toHaveResource()` with `hasResourceProperties()` or `hasResource()`. + For example: + + ```ts + expect(stack).toHaveResource('FOO::BAR', {/*...*/}); + expect(stack).toHaveResource('FOO::BAR', {/*...*/}, ResourcePart.CompleteDefinition); + ``` + + ...becomes... + + ```ts + Template.fromStack(stack).hasResourceProperties('FOO::BAR', {/*...*/}); + Template.fromStack(stacK).hasResource('FOO::BAR', {/*...*/}); + ``` + +- Replace instances of `toCountResources()` with `resourceCountIs`. For example: + + ```ts + expect(stack).toCountResources('FOO::BAR', 1); + ``` + + ...becomes... + + ```ts + Template.fromStack(stack).resourceCountIs('FOO::BAR', 1); + ``` +- Replace instances of `toMatchTemplate()` with `templateMatches()`. For example: + + ```ts + expect(stack).toMatchTemplate({/*...*/}); + ``` + + ...becomes... + + ```ts + Template.fromStack(stack).templateMatches({/*...*/}); + ``` + +- Replace `arrayWith()` with `Match.arrayWith()`, `objectLike()` with `Match.objectLike()`, and + `ABSENT` with `Match.absent()`. + +- `not` can be replaced with `Match.not()` _or_ `resourceCountIs()` depending on the use case. + + ```ts + // asserting that the stack does not have a particular resource. + expect(stack).not.toHaveResource('FOO::BAR'); + ``` + + ...becomes... + + ```ts + Template.fromStack(stack).resourceCountIs('FOO::BAR', 0); + ``` + + ```ts + // asserting that the stack does not have a resource with these properties + expect(stack).not.toHaveResource('FOO::BAR', { + prop: 'does not exist', + }); + ``` + + ...becomes... + + ```ts + Template.fromStack(stack).hasResourceProperties('FOO::BAR', Match.not({ + prop: 'does not exist', + })); + ``` + +- `SynthUtils.synthesize(stack)` can be replaced as well. For example: + + ```ts + expect(SynthUtils.synthesize(stack).template).toEqual(/*...*/); + SynthUtils.syntesize(stack); + ``` + + ...becomes... + + ```ts + expect(Template.fromStack(stack).toJSON()).toEqual(/*...*/); + App.of(stack).synth(); + ``` + +## Migration Script + +> NOTE: We have some code rewrite rules that will make it easier to migrate from one library +> to the other. This tool will not do a complete rewrite and is not guaranteed to produce +> compilable code! It will just save you the effort of performing a lot of code substitutions +> you would otherwise have to do by hand. + +Comby is a tool used to do structured code rewriting. You can install it +[here](https://comby.dev/). Download the [rewrite.toml](rewrite.toml) file from our GitHub +repository, and run the following command in the root directory of your project: + +```bash +comby -config ~/rewrite.toml -f .ts -d test -in-place -timeout 10 +``` \ No newline at end of file diff --git a/packages/@aws-cdk/assertions/README.md b/packages/@aws-cdk/assertions/README.md index 5370b1d094c8e..d23c37a08b099 100644 --- a/packages/@aws-cdk/assertions/README.md +++ b/packages/@aws-cdk/assertions/README.md @@ -9,6 +9,9 @@ +If you're migrating from the old `assert` library, the migration guide can be found in +[our GitHub repository](https://github.com/aws/aws-cdk/blob/master/packages/@aws-cdk/assertions/MIGRATING.md). + Functions for writing test asserting against CDK applications, with focus on CloudFormation templates. The `Template` class includes a set of methods for writing assertions against CloudFormation templates. Use one of the `Template.fromXxx()` static methods to create an instance of this class. diff --git a/packages/@aws-cdk/assertions/rewrite.toml b/packages/@aws-cdk/assertions/rewrite.toml new file mode 100644 index 0000000000000..66459d1a6991f --- /dev/null +++ b/packages/@aws-cdk/assertions/rewrite.toml @@ -0,0 +1,115 @@ +# comby -config ~/rewrite.toml -f .ts -d test -in-place -timeout 10 + +[000_import] +match="import '@aws-cdk/assert-internal/jest'" +rewrite="import { Template } from '@aws-cdk/assertions'" + +[000_import2] +match="import :[_] from '@aws-cdk/assert-internal'" +rewrite="import { Template } from '@aws-cdk/assertions'" + +[100_jest_toHaveResourceLike_CompleteDefinition] +match="expect(:[stack]).toHaveResourceLike(:[args], ResourcePart.CompleteDefinition)" +rewrite="Template.fromStack(:[stack]).hasResource(:[args])" + +[100_assert_toHaveResourceLike_CompleteDefinition] +match=":[[expect]](:[stack]).to(haveResourceLike(:[args], ResourcePart.CompleteDefinition))" +rewrite="Template.fromStack(:[stack]).hasResource(:[args])" +rule='''where match :[expect] { + | "expect" -> true + | "cdkExpect" -> true + | ":[_]" -> false +}''' + +[100_jest_toHaveResource_CompleteDefinition] +match="expect(:[stack]).toHaveResource(:[args], ResourcePart.CompleteDefinition)" +rewrite="Template.fromStack(:[stack]).hasResource(:[args])" + +[100_assert_toHaveResource_CompleteDefinition] +match=":[[expect]](:[stack]).to(haveResource(:[args], ResourcePart.CompleteDefinition))" +rewrite="Template.fromStack(:[stack]).hasResource(:[args])" +rule='''where match :[expect] { + | "expect" -> true + | "cdkExpect" -> true + | ":[_]" -> false +}''' + +[200_jest_toHaveResourceLike] +match="expect(:[stack]).toHaveResourceLike(:[args])" +rewrite="Template.fromStack(:[stack]).hasResourceProperties(:[args])" + +[200_assert_toHaveResourceLike] +match=":[[expect]](:[stack]).to(haveResourceLike(:[args]))" +rewrite="Template.fromStack(:[stack]).hasResourceProperties(:[args])" +rule='''where match :[expect] { + | "expect" -> true + | "cdkExpect" -> true + | ":[_]" -> false +}''' + +[200_jest_toHaveResource] +match="expect(:[stack]).toHaveResource(:[args])" +rewrite="Template.fromStack(:[stack]).hasResourceProperties(:[args])" + +[200_assert_toHaveResource] +match=":[[expect]](:[stack]).to(haveResource(:[args]))" +rewrite="Template.fromStack(:[stack]).hasResourceProperties(:[args])" +rule='''where match :[expect] { + | "expect" -> true + | "cdkExpect" -> true + | ":[_]" -> false +}''' + +[200_jest_toCountResources] +match="expect(:[stack]).toCountResources" +rewrite="Template.fromStack(:[stack]).resourceCountIs" + +[200_assert_toCountResources2] +match=":[[expect]](:[stack]).to(countResources(:[args]))" +rewrite="Template.fromStack(:[stack]).resourceCountIs(:[args])" +rule='''where match :[expect] { + | "expect" -> true + | "cdkExpect" -> true + | ":[_]" -> false +}''' + +[200_jest_toMatchTemplate] +match="expect(:[stack]).toMatchTemplate" +rewrite="Template.fromStack(:[stack]).templateMatches" + +[200_assert_toMatchTemplate] +match=":[[expect]](:[stack]).toMatchTemplate" +rewrite="Template.fromStack(:[stack]).templateMatches" +rule='''where match :[expect] { + | "expect" -> true + | "cdkExpect" -> true + | ":[_]" -> false +}''' + +[300_notToHaveResourceLike] +match="expect(:[stack]).not.toHaveResourceLike(:[args])" +rewrite="Template.fromStack(:[stack]).resourceCountIs(:[args], 0)" + +[300_notToHaveResource] +match="expect(:[stack]).not.toHaveResource(:[args])" +rewrite="Template.fromStack(:[stack]).resourceCountIs(:[args], 0)" + +[arrayWith] +match="arrayWith(:[args])" +rewrite="Match.arrayWith([:[args]])" + +[objectLike] +match="objectLike" +rewrite="Match.objectLike" + +[absent] +match="ABSENT" +rewrite="Match.absent()" + +[400_synthutils_template] +match="SynthUtils.synthesize(:[stack]).template" +rewrite="Template.fromStack(:[stack]).toJSON()" + +[401_synthutils_assembly] +match="SynthUtils.synthesize(:[stack])" +rewrite="App.of(:[stack]).synth()" \ No newline at end of file From 872277b9e853dbf5f2cac84b5afb6d26e0ed5659 Mon Sep 17 00:00:00 2001 From: Choryu Park Date: Sat, 29 Jan 2022 03:51:56 +0900 Subject: [PATCH 16/26] feat(eks): cluster logging (#18112) Fixes #4159 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-eks/README.md | 25 +++++++++++ .../lib/cluster-resource-handler/cluster.ts | 4 ++ .../@aws-cdk/aws-eks/lib/cluster-resource.ts | 2 + packages/@aws-cdk/aws-eks/lib/cluster.ts | 44 +++++++++++++++++++ .../test/integ.eks-cluster.expected.json | 8 ++++ .../aws-eks/test/integ.eks-cluster.ts | 5 +++ 6 files changed, 88 insertions(+) diff --git a/packages/@aws-cdk/aws-eks/README.md b/packages/@aws-cdk/aws-eks/README.md index 1403e56d817fe..d389487e2f419 100644 --- a/packages/@aws-cdk/aws-eks/README.md +++ b/packages/@aws-cdk/aws-eks/README.md @@ -1397,6 +1397,31 @@ Kubernetes [endpoint access](#endpoint-access), you must also specify: * `kubectlPrivateSubnetIds` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. +## Logging + +EKS supports cluster logging for 5 different types of events: + +* API requests to the cluster. +* Cluster access via the Kubernetes API. +* Authentication requests into the cluster. +* State of cluster controllers. +* Scheduling decisions. + +You can enable logging for each one separately using the `clusterLogging` +property. For example: + +```ts +const cluster = new eks.Cluster(this, 'Cluster', { + // ... + version: eks.KubernetesVersion.V1_21, + clusterLogging: [ + eks.ClusterLoggingTypes.API, + eks.ClusterLoggingTypes.AUTHENTICATOR, + eks.ClusterLoggingTypes.SCHEDULER, + ], +}); +``` + ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts index 61a33ddb3ab05..0ad46af16eaef 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts @@ -285,6 +285,10 @@ function parseProps(props: any): aws.EKS.CreateClusterRequest { parsed.resourcesVpcConfig.endpointPublicAccess = parsed.resourcesVpcConfig.endpointPublicAccess === 'true'; } + if (typeof (parsed.logging?.clusterLogging[0].enabled) === 'string') { + parsed.logging.clusterLogging[0].enabled = parsed.logging.clusterLogging[0].enabled === 'true'; + } + return parsed; } diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts index 6a947380e3dd1..db5dc023ae32a 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts @@ -29,6 +29,7 @@ export interface ClusterResourceProps { readonly onEventLayer?: lambda.ILayerVersion; readonly clusterHandlerSecurityGroup?: ec2.ISecurityGroup; readonly tags?: { [key: string]: string }; + readonly logging?: { [key: string]: [ { [key: string]: any } ] }; } /** @@ -91,6 +92,7 @@ export class ClusterResource extends CoreConstruct { publicAccessCidrs: props.publicAccessCidrs, }, tags: props.tags, + logging: props.logging, }, AssumeRoleArn: this.adminRole.roleArn, diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts index 10a3f2123aac1..c8a05ef59beaa 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster.ts @@ -757,6 +757,13 @@ export interface ClusterProps extends ClusterOptions { * @default - none */ readonly tags?: { [key: string]: string }; + + /** + * The cluster log types which you want to enable. + * + * @default - none + */ + readonly clusterLogging?: ClusterLoggingTypes[]; } /** @@ -815,6 +822,32 @@ export class KubernetesVersion { private constructor(public readonly version: string) { } } +/** + * EKS cluster logging types + */ +export enum ClusterLoggingTypes { + /** + * Logs pertaining to API requests to the cluster. + */ + API = 'api', + /** + * Logs pertaining to cluster access via the Kubernetes API. + */ + AUDIT = 'audit', + /** + * Logs pertaining to authentication requests into the cluster. + */ + AUTHENTICATOR = 'authenticator', + /** + * Logs pertaining to state of cluster controllers. + */ + CONTROLLER_MANAGER = 'controllerManager', + /** + * Logs pertaining to scheduling decisions. + */ + SCHEDULER = 'scheduler', +} + abstract class ClusterBase extends Resource implements ICluster { public abstract readonly connections: ec2.Connections; public abstract readonly vpc: ec2.IVpc; @@ -1253,6 +1286,8 @@ export class Cluster extends ClusterBase { private readonly version: KubernetesVersion; + private readonly logging?: { [key: string]: [ { [key: string]: any } ] }; + /** * A dummy CloudFormation resource that is used as a wait barrier which * represents that the cluster is ready to receive "kubectl" commands. @@ -1313,6 +1348,14 @@ export class Cluster extends ClusterBase { // Get subnetIds for all selected subnets const subnetIds = Array.from(new Set(flatten(selectedSubnetIdsPerGroup))); + this.logging = props.clusterLogging ? { + clusterLogging: [ + { + enabled: true, + types: Object.values(props.clusterLogging), + }, + ], + } : undefined; this.endpointAccess = props.endpointAccess ?? EndpointAccess.PUBLIC_AND_PRIVATE; this.kubectlEnvironment = props.kubectlEnvironment; @@ -1379,6 +1422,7 @@ export class Cluster extends ClusterBase { clusterHandlerSecurityGroup: this.clusterHandlerSecurityGroup, onEventLayer: this.onEventLayer, tags: props.tags, + logging: this.logging, }); if (this.endpointAccess._config.privateAccess && privateSubnets.length !== 0) { diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 7b5af8f848f2e..1476182e23c37 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -954,6 +954,14 @@ }, "tags": { "foo": "bar" + }, + "logging": { + "clusterLogging": [ + { + "enabled": true, + "types": [ "api", "authenticator", "scheduler" ] + } + ] } }, "AssumeRoleArn": { diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts index 8dd012b3e2d66..1ae9a97e5bb37 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts @@ -41,6 +41,11 @@ class EksClusterStack extends TestStack { tags: { foo: 'bar', }, + clusterLogging: [ + eks.ClusterLoggingTypes.API, + eks.ClusterLoggingTypes.AUTHENTICATOR, + eks.ClusterLoggingTypes.SCHEDULER, + ], }); this.assertFargateProfile(); From fc5b7c6bca3c984dec11be1554b24d29030d8df4 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 28 Jan 2022 20:42:23 +0100 Subject: [PATCH 17/26] chore(lambda-python): remove Pillow dependency (#18722) `Pillow` is an image processing library that we don't need at all, but our tests use. It has a high priority CVE reported against it. Since we don't actually need it, away it goes. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/lambda-handler-custom-build/index.py | 3 - .../requirements.txt | 2 - .../test/lambda-handler-pipenv/Pipfile | 1 - .../test/lambda-handler-pipenv/Pipfile.lock | 61 +++---------------- .../test/lambda-handler-pipenv/index.py | 3 - .../test/lambda-handler-poetry/index.py | 3 - .../test/lambda-handler-poetry/poetry.lock | 51 ---------------- .../test/lambda-handler-poetry/pyproject.toml | 1 - .../lambda-handler-project/lambda/index.py | 3 - .../shared/requirements.txt | 2 - .../test/lambda-handler/index.py | 3 - .../test/lambda-handler/requirements.txt | 2 - 12 files changed, 7 insertions(+), 128 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/index.py b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/index.py index c033f37560534..04f99eb108b30 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/index.py +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/index.py @@ -1,11 +1,8 @@ import requests -from PIL import Image def handler(event, context): response = requests.get('https://a0.awsstatic.com/main/images/logos/aws_smile-header-desktop-en-white_59x35.png', stream=True) - img = Image.open(response.raw) print(response.status_code) - print(img.size) return response.status_code diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/requirements.txt b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/requirements.txt index c636db83b8c9e..4fcd85719fe3a 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-custom-build/requirements.txt @@ -5,5 +5,3 @@ idna==2.10 urllib3==1.26.7 # Requests used by this lambda requests==2.26.0 -# Pillow 6.x so that python 2.7 and 3.x can both use this fixture -Pillow==8.4.0 diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile index a309b821c5801..78d783bc4b9b0 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile @@ -5,4 +5,3 @@ verify_ssl = true [packages] requests = "==2.26.0" -Pillow = "==8.4.0" diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile.lock b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile.lock index f92befb9e3dd6..441acc679505f 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile.lock +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "fe29bbb3f12db421fd27678820291d33cf6b3dce6bb189274449dee89cf434e8" + "sha256": "6cfaa5a495be5cf47942a14b04d50e639f14743101e621684e86449dbac8da61" }, "pipfile-spec": 6, "requires": {}, @@ -23,11 +23,11 @@ }, "charset-normalizer": { "hashes": [ - "sha256:1eecaa09422db5be9e29d7fc65664e6c33bd06f9ced7838578ba40d58bdf3721", - "sha256:b0b883e8e874edfdece9c28f314e3dd5badf067342e42fb162203335ae61aa2c" + "sha256:876d180e9d7432c5d1dfd4c5d26b72f099d503e8fcc0feb7532c9289be60fcbd", + "sha256:cb957888737fc0bbcd78e3df769addb41fd1ff8cf950dc9e7ad7793f1bf44455" ], "markers": "python_version >= '3'", - "version": "==2.0.9" + "version": "==2.0.10" }, "idna": { "hashes": [ @@ -37,53 +37,6 @@ "markers": "python_version >= '3'", "version": "==3.3" }, - "pillow": { - "hashes": [ - "sha256:066f3999cb3b070a95c3652712cffa1a748cd02d60ad7b4e485c3748a04d9d76", - "sha256:0a0956fdc5defc34462bb1c765ee88d933239f9a94bc37d132004775241a7585", - "sha256:0b052a619a8bfcf26bd8b3f48f45283f9e977890263e4571f2393ed8898d331b", - "sha256:1394a6ad5abc838c5cd8a92c5a07535648cdf6d09e8e2d6df916dfa9ea86ead8", - "sha256:1bc723b434fbc4ab50bb68e11e93ce5fb69866ad621e3c2c9bdb0cd70e345f55", - "sha256:244cf3b97802c34c41905d22810846802a3329ddcb93ccc432870243211c79fc", - "sha256:25a49dc2e2f74e65efaa32b153527fc5ac98508d502fa46e74fa4fd678ed6645", - "sha256:2e4440b8f00f504ee4b53fe30f4e381aae30b0568193be305256b1462216feff", - "sha256:3862b7256046fcd950618ed22d1d60b842e3a40a48236a5498746f21189afbbc", - "sha256:3eb1ce5f65908556c2d8685a8f0a6e989d887ec4057326f6c22b24e8a172c66b", - "sha256:3f97cfb1e5a392d75dd8b9fd274d205404729923840ca94ca45a0af57e13dbe6", - "sha256:493cb4e415f44cd601fcec11c99836f707bb714ab03f5ed46ac25713baf0ff20", - "sha256:4acc0985ddf39d1bc969a9220b51d94ed51695d455c228d8ac29fcdb25810e6e", - "sha256:5503c86916d27c2e101b7f71c2ae2cddba01a2cf55b8395b0255fd33fa4d1f1a", - "sha256:5b7bb9de00197fb4261825c15551adf7605cf14a80badf1761d61e59da347779", - "sha256:5e9ac5f66616b87d4da618a20ab0a38324dbe88d8a39b55be8964eb520021e02", - "sha256:620582db2a85b2df5f8a82ddeb52116560d7e5e6b055095f04ad828d1b0baa39", - "sha256:62cc1afda735a8d109007164714e73771b499768b9bb5afcbbee9d0ff374b43f", - "sha256:70ad9e5c6cb9b8487280a02c0ad8a51581dcbbe8484ce058477692a27c151c0a", - "sha256:72b9e656e340447f827885b8d7a15fc8c4e68d410dc2297ef6787eec0f0ea409", - "sha256:72cbcfd54df6caf85cc35264c77ede902452d6df41166010262374155947460c", - "sha256:792e5c12376594bfcb986ebf3855aa4b7c225754e9a9521298e460e92fb4a488", - "sha256:7b7017b61bbcdd7f6363aeceb881e23c46583739cb69a3ab39cb384f6ec82e5b", - "sha256:81f8d5c81e483a9442d72d182e1fb6dcb9723f289a57e8030811bac9ea3fef8d", - "sha256:82aafa8d5eb68c8463b6e9baeb4f19043bb31fefc03eb7b216b51e6a9981ae09", - "sha256:84c471a734240653a0ec91dec0996696eea227eafe72a33bd06c92697728046b", - "sha256:8c803ac3c28bbc53763e6825746f05cc407b20e4a69d0122e526a582e3b5e153", - "sha256:93ce9e955cc95959df98505e4608ad98281fff037350d8c2671c9aa86bcf10a9", - "sha256:9a3e5ddc44c14042f0844b8cf7d2cd455f6cc80fd7f5eefbe657292cf601d9ad", - "sha256:a4901622493f88b1a29bd30ec1a2f683782e57c3c16a2dbc7f2595ba01f639df", - "sha256:a5a4532a12314149d8b4e4ad8ff09dde7427731fcfa5917ff16d0291f13609df", - "sha256:b8831cb7332eda5dc89b21a7bce7ef6ad305548820595033a4b03cf3091235ed", - "sha256:b8e2f83c56e141920c39464b852de3719dfbfb6e3c99a2d8da0edf4fb33176ed", - "sha256:c70e94281588ef053ae8998039610dbd71bc509e4acbc77ab59d7d2937b10698", - "sha256:c8a17b5d948f4ceeceb66384727dde11b240736fddeda54ca740b9b8b1556b29", - "sha256:d82cdb63100ef5eedb8391732375e6d05993b765f72cb34311fab92103314649", - "sha256:d89363f02658e253dbd171f7c3716a5d340a24ee82d38aab9183f7fdf0cdca49", - "sha256:d99ec152570e4196772e7a8e4ba5320d2d27bf22fdf11743dd882936ed64305b", - "sha256:ddc4d832a0f0b4c52fff973a0d44b6c99839a9d016fe4e6a1cb8f3eea96479c2", - "sha256:e3dacecfbeec9a33e932f00c6cd7996e62f53ad46fbe677577394aaa90ee419a", - "sha256:eb9fc393f3c61f9054e1ed26e6fe912c7321af2f41ff49d3f83d05bacf22cc78" - ], - "index": "pypi", - "version": "==8.4.0" - }, "requests": { "hashes": [ "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", @@ -94,11 +47,11 @@ }, "urllib3": { "hashes": [ - "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece", - "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844" + "sha256:000ca7f471a233c2251c6c7023ee85305721bfdf18621ebff4fd17a8653427ed", + "sha256:0e7c33d9a63e7ddfcb86780aac87befc2fbddf46c58dbb487e0855f7ceec283c" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", - "version": "==1.26.7" + "version": "==1.26.8" } }, "develop": {} diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/index.py b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/index.py index c033f37560534..04f99eb108b30 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/index.py +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-pipenv/index.py @@ -1,11 +1,8 @@ import requests -from PIL import Image def handler(event, context): response = requests.get('https://a0.awsstatic.com/main/images/logos/aws_smile-header-desktop-en-white_59x35.png', stream=True) - img = Image.open(response.raw) print(response.status_code) - print(img.size) return response.status_code diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/index.py b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/index.py index c033f37560534..04f99eb108b30 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/index.py +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/index.py @@ -1,11 +1,8 @@ import requests -from PIL import Image def handler(event, context): response = requests.get('https://a0.awsstatic.com/main/images/logos/aws_smile-header-desktop-en-white_59x35.png', stream=True) - img = Image.open(response.raw) print(response.status_code) - print(img.size) return response.status_code diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/poetry.lock b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/poetry.lock index d07a92e9ef100..6b59241f10c2d 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/poetry.lock +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/poetry.lock @@ -25,14 +25,6 @@ category = "main" optional = false python-versions = ">=3.5" -[[package]] -name = "pillow" -version = "8.4.0" -description = "Python Imaging Library (Fork)" -category = "main" -optional = false -python-versions = ">=3.6" - [[package]] name = "requests" version = "2.26.0" @@ -82,49 +74,6 @@ idna = [ {file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"}, {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"}, ] -pillow = [ - {file = "Pillow-8.4.0-cp310-cp310-macosx_10_10_universal2.whl", hash = "sha256:81f8d5c81e483a9442d72d182e1fb6dcb9723f289a57e8030811bac9ea3fef8d"}, - {file = "Pillow-8.4.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3f97cfb1e5a392d75dd8b9fd274d205404729923840ca94ca45a0af57e13dbe6"}, - {file = "Pillow-8.4.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eb9fc393f3c61f9054e1ed26e6fe912c7321af2f41ff49d3f83d05bacf22cc78"}, - {file = "Pillow-8.4.0-cp310-cp310-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d82cdb63100ef5eedb8391732375e6d05993b765f72cb34311fab92103314649"}, - {file = "Pillow-8.4.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:62cc1afda735a8d109007164714e73771b499768b9bb5afcbbee9d0ff374b43f"}, - {file = "Pillow-8.4.0-cp310-cp310-win32.whl", hash = "sha256:e3dacecfbeec9a33e932f00c6cd7996e62f53ad46fbe677577394aaa90ee419a"}, - {file = "Pillow-8.4.0-cp310-cp310-win_amd64.whl", hash = "sha256:620582db2a85b2df5f8a82ddeb52116560d7e5e6b055095f04ad828d1b0baa39"}, - {file = "Pillow-8.4.0-cp36-cp36m-macosx_10_10_x86_64.whl", hash = "sha256:1bc723b434fbc4ab50bb68e11e93ce5fb69866ad621e3c2c9bdb0cd70e345f55"}, - {file = "Pillow-8.4.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:72cbcfd54df6caf85cc35264c77ede902452d6df41166010262374155947460c"}, - {file = "Pillow-8.4.0-cp36-cp36m-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:70ad9e5c6cb9b8487280a02c0ad8a51581dcbbe8484ce058477692a27c151c0a"}, - {file = "Pillow-8.4.0-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:25a49dc2e2f74e65efaa32b153527fc5ac98508d502fa46e74fa4fd678ed6645"}, - {file = "Pillow-8.4.0-cp36-cp36m-win32.whl", hash = "sha256:93ce9e955cc95959df98505e4608ad98281fff037350d8c2671c9aa86bcf10a9"}, - {file = "Pillow-8.4.0-cp36-cp36m-win_amd64.whl", hash = "sha256:2e4440b8f00f504ee4b53fe30f4e381aae30b0568193be305256b1462216feff"}, - {file = "Pillow-8.4.0-cp37-cp37m-macosx_10_10_x86_64.whl", hash = "sha256:8c803ac3c28bbc53763e6825746f05cc407b20e4a69d0122e526a582e3b5e153"}, - {file = "Pillow-8.4.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c8a17b5d948f4ceeceb66384727dde11b240736fddeda54ca740b9b8b1556b29"}, - {file = "Pillow-8.4.0-cp37-cp37m-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1394a6ad5abc838c5cd8a92c5a07535648cdf6d09e8e2d6df916dfa9ea86ead8"}, - {file = "Pillow-8.4.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:792e5c12376594bfcb986ebf3855aa4b7c225754e9a9521298e460e92fb4a488"}, - {file = "Pillow-8.4.0-cp37-cp37m-win32.whl", hash = "sha256:d99ec152570e4196772e7a8e4ba5320d2d27bf22fdf11743dd882936ed64305b"}, - {file = "Pillow-8.4.0-cp37-cp37m-win_amd64.whl", hash = "sha256:7b7017b61bbcdd7f6363aeceb881e23c46583739cb69a3ab39cb384f6ec82e5b"}, - {file = "Pillow-8.4.0-cp38-cp38-macosx_10_10_x86_64.whl", hash = "sha256:d89363f02658e253dbd171f7c3716a5d340a24ee82d38aab9183f7fdf0cdca49"}, - {file = "Pillow-8.4.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:0a0956fdc5defc34462bb1c765ee88d933239f9a94bc37d132004775241a7585"}, - {file = "Pillow-8.4.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5b7bb9de00197fb4261825c15551adf7605cf14a80badf1761d61e59da347779"}, - {file = "Pillow-8.4.0-cp38-cp38-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:72b9e656e340447f827885b8d7a15fc8c4e68d410dc2297ef6787eec0f0ea409"}, - {file = "Pillow-8.4.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a5a4532a12314149d8b4e4ad8ff09dde7427731fcfa5917ff16d0291f13609df"}, - {file = "Pillow-8.4.0-cp38-cp38-win32.whl", hash = "sha256:82aafa8d5eb68c8463b6e9baeb4f19043bb31fefc03eb7b216b51e6a9981ae09"}, - {file = "Pillow-8.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:066f3999cb3b070a95c3652712cffa1a748cd02d60ad7b4e485c3748a04d9d76"}, - {file = "Pillow-8.4.0-cp39-cp39-macosx_10_10_x86_64.whl", hash = "sha256:5503c86916d27c2e101b7f71c2ae2cddba01a2cf55b8395b0255fd33fa4d1f1a"}, - {file = "Pillow-8.4.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:4acc0985ddf39d1bc969a9220b51d94ed51695d455c228d8ac29fcdb25810e6e"}, - {file = "Pillow-8.4.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0b052a619a8bfcf26bd8b3f48f45283f9e977890263e4571f2393ed8898d331b"}, - {file = "Pillow-8.4.0-cp39-cp39-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:493cb4e415f44cd601fcec11c99836f707bb714ab03f5ed46ac25713baf0ff20"}, - {file = "Pillow-8.4.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b8831cb7332eda5dc89b21a7bce7ef6ad305548820595033a4b03cf3091235ed"}, - {file = "Pillow-8.4.0-cp39-cp39-win32.whl", hash = "sha256:5e9ac5f66616b87d4da618a20ab0a38324dbe88d8a39b55be8964eb520021e02"}, - {file = "Pillow-8.4.0-cp39-cp39-win_amd64.whl", hash = "sha256:3eb1ce5f65908556c2d8685a8f0a6e989d887ec4057326f6c22b24e8a172c66b"}, - {file = "Pillow-8.4.0-pp36-pypy36_pp73-macosx_10_10_x86_64.whl", hash = "sha256:ddc4d832a0f0b4c52fff973a0d44b6c99839a9d016fe4e6a1cb8f3eea96479c2"}, - {file = "Pillow-8.4.0-pp36-pypy36_pp73-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9a3e5ddc44c14042f0844b8cf7d2cd455f6cc80fd7f5eefbe657292cf601d9ad"}, - {file = "Pillow-8.4.0-pp36-pypy36_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c70e94281588ef053ae8998039610dbd71bc509e4acbc77ab59d7d2937b10698"}, - {file = "Pillow-8.4.0-pp37-pypy37_pp73-macosx_10_10_x86_64.whl", hash = "sha256:3862b7256046fcd950618ed22d1d60b842e3a40a48236a5498746f21189afbbc"}, - {file = "Pillow-8.4.0-pp37-pypy37_pp73-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a4901622493f88b1a29bd30ec1a2f683782e57c3c16a2dbc7f2595ba01f639df"}, - {file = "Pillow-8.4.0-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:84c471a734240653a0ec91dec0996696eea227eafe72a33bd06c92697728046b"}, - {file = "Pillow-8.4.0-pp37-pypy37_pp73-win_amd64.whl", hash = "sha256:244cf3b97802c34c41905d22810846802a3329ddcb93ccc432870243211c79fc"}, - {file = "Pillow-8.4.0.tar.gz", hash = "sha256:b8e2f83c56e141920c39464b852de3719dfbfb6e3c99a2d8da0edf4fb33176ed"}, -] requests = [ {file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"}, {file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"}, diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/pyproject.toml b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/pyproject.toml index c4dd461c007a7..6d90c4b4fec9b 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/pyproject.toml +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-poetry/pyproject.toml @@ -7,7 +7,6 @@ authors = ["Your Name "] [tool.poetry.dependencies] python = "^3.6" requests = "2.26.0" -Pillow = "8.4.0" [tool.poetry.dev-dependencies] diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/lambda/index.py b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/lambda/index.py index 6ac592242c8fb..fb1e8bb1ce0ab 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/lambda/index.py +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/lambda/index.py @@ -1,12 +1,9 @@ import requests -from PIL import Image import shared def handler(event, context): response = requests.get(shared.get_url(), stream=True) - img = Image.open(response.raw) print(response.status_code) - print(img.size) return response.status_code diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/shared/requirements.txt b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/shared/requirements.txt index d87aff1f66a75..eff24435fa632 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/shared/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler-project/shared/requirements.txt @@ -4,5 +4,3 @@ chardet==3.0.4 idna==2.10 urllib3==1.26.7 # Requests used by this lambda -requests==2.26.0 -Pillow==8.4.0 diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/index.py b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/index.py index c033f37560534..04f99eb108b30 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/index.py +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/index.py @@ -1,11 +1,8 @@ import requests -from PIL import Image def handler(event, context): response = requests.get('https://a0.awsstatic.com/main/images/logos/aws_smile-header-desktop-en-white_59x35.png', stream=True) - img = Image.open(response.raw) print(response.status_code) - print(img.size) return response.status_code diff --git a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/requirements.txt b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/requirements.txt index c636db83b8c9e..4fcd85719fe3a 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python/test/lambda-handler/requirements.txt @@ -5,5 +5,3 @@ idna==2.10 urllib3==1.26.7 # Requests used by this lambda requests==2.26.0 -# Pillow 6.x so that python 2.7 and 3.x can both use this fixture -Pillow==8.4.0 From 32b62434a0aed805c91910dd0db1a0e2a6c1e622 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 28 Jan 2022 21:30:56 +0100 Subject: [PATCH 18/26] chore(lambda-layer-awscli): contains a CLI version with a CVE (#18727) The version of PyYAML that comes wit the AWS CLI we use has a CVE reported against it: CVE-2020-14343 Upgrade to a version of AWS CLI that has PyYAML >= 5.4. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/lambda-layer-awscli/layer/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/Dockerfile b/packages/@aws-cdk/lambda-layer-awscli/layer/Dockerfile index 7cf1287e2023c..8c5d754c04c03 100644 --- a/packages/@aws-cdk/lambda-layer-awscli/layer/Dockerfile +++ b/packages/@aws-cdk/lambda-layer-awscli/layer/Dockerfile @@ -4,7 +4,8 @@ FROM public.ecr.aws/lambda/provided:latest # versions # -ARG AWSCLI_VERSION=1.18.198 +# This is the last version that still supports Python 2.7 +ARG AWSCLI_VERSION=1.19.112 USER root RUN mkdir -p /opt From 1d3a318edf997e104223afb8630365e67fd0cf0c Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Fri, 28 Jan 2022 20:59:36 +0000 Subject: [PATCH 19/26] chore(release): 1.142.0 --- CHANGELOG.md | 17 +++++++++++++++++ version.v1.json | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b6096290abec..c9cd105471ab4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,23 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.142.0](https://github.com/aws/aws-cdk/compare/v1.141.0...v1.142.0) (2022-01-28) + + +### Features + +* **cfnspec:** cloudformation spec v53.1.0 ([#18680](https://github.com/aws/aws-cdk/issues/18680)) ([f385059](https://github.com/aws/aws-cdk/commit/f38505911a3e140a9cb6b269bdf22abe9803c515)) +* **cloudfront-origins:** extend `readTimeout` maximum value for `HttpOriginProps` ([#18697](https://github.com/aws/aws-cdk/issues/18697)) ([e64de67](https://github.com/aws/aws-cdk/commit/e64de677cdfc014f68e92b204f4728e60a8bb111)), closes [#18628](https://github.com/aws/aws-cdk/issues/18628) +* **eks:** cluster logging ([#18112](https://github.com/aws/aws-cdk/issues/18112)) ([872277b](https://github.com/aws/aws-cdk/commit/872277b9e853dbf5f2cac84b5afb6d26e0ed5659)), closes [#4159](https://github.com/aws/aws-cdk/issues/4159) +* **iotevents:** allow setting description, evaluation method and key of DetectorModel ([#18644](https://github.com/aws/aws-cdk/issues/18644)) ([2eeaebc](https://github.com/aws/aws-cdk/commit/2eeaebc3cdc9c5c7ef3fa312b3d1abca265dcbb6)) +* **lambda-python:** support setting environment vars for bundling ([#18635](https://github.com/aws/aws-cdk/issues/18635)) ([30e2233](https://github.com/aws/aws-cdk/commit/30e223333fef0b0d7f12287dab170a34e092d7fa)) + + +### Bug Fixes + +* **aws-lambda-nodejs:** pre compilation with tsc is not being run ([#18062](https://github.com/aws/aws-cdk/issues/18062)) ([7ac7221](https://github.com/aws/aws-cdk/commit/7ac7221aff3c612ab80e7812c371b11c56e5db0a)), closes [#18002](https://github.com/aws/aws-cdk/issues/18002) +* **pipelines:** undeployable due to dependency cycle ([#18686](https://github.com/aws/aws-cdk/issues/18686)) ([009d689](https://github.com/aws/aws-cdk/commit/009d68912267de9dcf4136a7d80a652a891b7bb9)), closes [#18492](https://github.com/aws/aws-cdk/issues/18492) [#18673](https://github.com/aws/aws-cdk/issues/18673) + ## [1.141.0](https://github.com/aws/aws-cdk/compare/v1.140.0...v1.141.0) (2022-01-27) diff --git a/version.v1.json b/version.v1.json index 98a18d4b799df..93f1a34486943 100644 --- a/version.v1.json +++ b/version.v1.json @@ -1,3 +1,3 @@ { - "version": "1.141.0" + "version": "1.142.0" } \ No newline at end of file From 44910149aec1edbd51aeaa2021837db7773768db Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 31 Jan 2022 01:52:05 -0800 Subject: [PATCH 20/26] docs(cfnspec): update CloudFormation documentation (#18741) Co-authored-by: AWS CDK Team --- .../spec-source/cfn-docs/cfn-docs.json | 172 +++++++++++------- 1 file changed, 109 insertions(+), 63 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 15f7b552fb409..e8af034e81480 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -2522,6 +2522,31 @@ "Object": "The object specified in the Zendesk flow source." } }, + "AWS::AppIntegrations::DataIntegration": { + "attributes": { + "DataIntegrationArn": "The Amazon Resource Name (ARN) for the DataIntegration.", + "Id": "A unique identifier.", + "Ref": "`Ref` returns the DataIntegration name. For example:\n\n`{ \"Ref\": \"myDataIntegrationName\" }`" + }, + "description": "Creates and persists a DataIntegration resource.", + "properties": { + "Description": "A description of the DataIntegration.", + "KmsKey": "The KMS key for the DataIntegration.", + "Name": "The name of the DataIntegration.", + "ScheduleConfig": "The name of the data and how often it should be pulled from the source.", + "SourceURI": "The URI of the data source.", + "Tags": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." + } + }, + "AWS::AppIntegrations::DataIntegration.ScheduleConfig": { + "attributes": {}, + "description": "The name of the data and how often it should be pulled from the source.", + "properties": { + "FirstExecutionFrom": "The start date for objects to import in the first flow run as an Unix/epoch timestamp in milliseconds or in ISO-8601 format.", + "Object": "The name of the object to pull from the data source.", + "ScheduleExpression": "How often the data should be pulled from data source." + } + }, "AWS::AppIntegrations::EventIntegration": { "attributes": { "Associations": "The association status of the event integration, returned as an array of EventIntegrationAssociation objects.", @@ -11492,6 +11517,7 @@ "Arn": "The ARN of the scope.", "IpamArn": "The ARN of an IPAM.", "IpamScopeId": "The ID of an IPAM scope.", + "IpamScopeType": "The type of the scope.", "IsDefault": "Defines if the scope is the default scope or not.", "PoolCount": "The number of pools in a scope.", "Ref": "`Ref` returns the IPAM scope ID." @@ -11500,7 +11526,6 @@ "properties": { "Description": "The description of the scope.", "IpamId": "The ID of the IPAM for which you're creating this scope.", - "IpamScopeType": "The type of the scope.", "Tags": "The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key `Owner` and the value `TeamA` , specify `tag:Owner` for the filter name and `TeamA` for the filter value." } }, @@ -11658,7 +11683,6 @@ "attributes": {}, "description": "Specifies a network interface that is to be attached to an instance.\n\nYou can create a network interface when launching an instance. For an example, see the [AWS::EC2::Instance examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#aws-properties-ec2-instance--examples--Automatically_assign_a_public_IP_address) .\n\nAlternatively, you can attach an existing network interface when launching an instance. For an example, see the [AWS::EC2:NetworkInterface examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface.html#aws-resource-ec2-network-interface--examples--Basic_network_interface) .", "properties": { - "AssociateCarrierIpAddress": "", "AssociatePublicIpAddress": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .", "DeleteOnTermination": "Indicates whether the network interface is deleted when the instance is terminated. Applies only if creating a network interface when launching an instance.", "Description": "The description of the network interface. Applies only if creating a network interface when launching an instance.", @@ -13282,8 +13306,6 @@ "EnableDnsHostnames": "Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support) .\n\nYou can only enable DNS hostnames if you've enabled DNS support.", "EnableDnsSupport": "Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range \"plus two\" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support) .", "InstanceTenancy": "The allowed tenancy of instances launched into the VPC.\n\n- `\"default\"` : An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.\n- `\"dedicated\"` : An instance launched into the VPC is a Dedicated Instance by default, unless you explicitly specify a tenancy of host during instance launch. You cannot specify a tenancy of default during instance launch.\n\nUpdating `InstanceTenancy` requires no replacement only if you are updating its value from `\"dedicated\"` to `\"default\"` . Updating `InstanceTenancy` from `\"default\"` to `\"dedicated\"` requires replacement.", - "Ipv4IpamPoolId": "The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", - "Ipv4NetmaskLength": "The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", "Tags": "The tags for the VPC." } }, @@ -13295,11 +13317,7 @@ "properties": { "AmazonProvidedIpv6CidrBlock": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.", "CidrBlock": "An IPv4 CIDR block to associate with the VPC.", - "Ipv4IpamPoolId": "Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", - "Ipv4NetmaskLength": "The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", "Ipv6CidrBlock": "An IPv6 CIDR block from the IPv6 address pool. You must also specify `Ipv6Pool` in the request.\n\nTo let Amazon choose the IPv6 CIDR block for you, omit this parameter.", - "Ipv6IpamPoolId": "Associates a CIDR allocated from an IPv6 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", - "Ipv6NetmaskLength": "The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", "Ipv6Pool": "The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.", "VpcId": "The ID of the VPC." } @@ -16596,7 +16614,7 @@ "EventPattern": "The EventBridge event pattern that defines how the metric is recorded.\n\nFor more information about EventBridge event patterns, see [Amazon EventBridge event patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html) .", "MetricName": "A name for the metric. It can include up to 255 characters.", "UnitLabel": "A label for the units that the metric is measuring.", - "ValueKey": "A label for the units that the metric is measuring." + "ValueKey": "The JSON path to reference the numerical metric value in the event." } }, "AWS::Evidently::Experiment.OnlineAbConfigObject": { @@ -19590,11 +19608,26 @@ }, "AWS::GuardDuty::Detector.CFNDataSourceConfigurations": { "attributes": {}, - "description": "Describes whether S3 data event logs will be enabled as a data source when the detector is created.", + "description": "Describes whether S3 data event logs or Kubernetes audit logs will be enabled as a data source when the detector is created.", "properties": { + "Kubernetes": "Describes which Kuberentes data sources are enabled for a detector.", "S3Logs": "Describes whether S3 data event logs are enabled as a data source." } }, + "AWS::GuardDuty::Detector.CFNKubernetesAuditLogsConfiguration": { + "attributes": {}, + "description": "Describes which optional data sources are enabled for a detector.", + "properties": { + "Enable": "Describes whether Kubernetes audit logs are enabled as a data source for the detector." + } + }, + "AWS::GuardDuty::Detector.CFNKubernetesConfiguration": { + "attributes": {}, + "description": "Describes which Kubernetes protection data sources are enabled for the detector.", + "properties": { + "AuditLogs": "Describes whether Kubernetes audit logs are enabled as a data source for the detector." + } + }, "AWS::GuardDuty::Detector.CFNS3LogsConfiguration": { "attributes": {}, "description": "Describes whether S3 data event logs will be enabled as a data source when the detector is created.", @@ -19613,7 +19646,7 @@ "DetectorId": "The ID of the detector belonging to the GuardDuty account that you want to create a filter for.", "FindingCriteria": "Represents the criteria to be used in the filter for querying findings.", "Name": "The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.", - "Rank": "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.\n\n> By default filters may not be created in the same order as they are ranked. To ensure filters are created in the correct order you can use the optional `DependsOn` attribute with the following syntax: `\"DependsOn\":[ \"ObjectName\" ]` . You can find more information on using this attribute [here](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) ." + "Rank": "" } }, "AWS::GuardDuty::Filter.Condition": { @@ -19970,7 +20003,8 @@ "properties": { "DestinationConfiguration": "A destination configuration contains information about where recorded video will be stored. See the [DestinationConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-destinationconfiguration.html) property type for more information.", "Name": "Recording-configuration name. The value does not need to be unique.", - "Tags": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." + "Tags": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "ThumbnailConfiguration": "A thumbnail configuration enables/disables the recording of thumbnails for a live session and controls the interval at which thumbnails are generated for the live session. See the [ThumbnailConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thunbnailconfiguration.html) property type for more information." } }, "AWS::IVS::RecordingConfiguration.DestinationConfiguration": { @@ -19987,6 +20021,14 @@ "BucketName": "Location (S3 bucket name) where recorded videos will be stored." } }, + "AWS::IVS::RecordingConfiguration.ThumbnailConfiguration": { + "attributes": {}, + "description": "The ThumbnailConfiguration property type describes a configuration of thumbnails for recorded video.", + "properties": { + "RecordingMode": "Thumbnail recording mode. Valid values:\n\n- `DISABLED` : Use DISABLED to disable the generation of thumbnails for recorded video.\n- `INTERVAL` : Use INTERVAL to enable the generation of thumbnails for recorded video at a time interval controlled by the [TargetIntervalSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-targetintervalseconds) property.\n\n*Default* : `INTERVAL`", + "TargetIntervalSeconds": "The targeted thumbnail-generation interval in seconds. This is configurable (and required) only if [RecordingMode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ivs-recordingconfiguration-thumbnailconfiguration.html#cfn-ivs-recordingconfiguration-thumbnailconfiguration-recordingmode) is `INTERVAL` .\n\n> Setting a value for `TargetIntervalSeconds` does not guarantee that thumbnails are generated at the specified interval. For thumbnails to be generated at the `TargetIntervalSeconds` interval, the `IDR/Keyframe` value for the input video must be less than the `TargetIntervalSeconds` value. See [Amazon IVS Streaming Configuration](https://docs.aws.amazon.com/ivs/latest/userguide/streaming-config.html) for information on setting `IDR/Keyframe` to the recommended value in video-encoder settings. \n\n*Default* : 60\n\n*Valid Range* : Minumum value of 5. Maximum value of 60." + } + }, "AWS::IVS::StreamKey": { "attributes": { "Arn": "The stream-key ARN. For example: `arn:aws:ivs:us-west-2:123456789012:stream-key/g1H2I3j4k5L6`", @@ -22697,7 +22739,7 @@ "KeyId": "The key ID of the KMS key, such as `1234abcd-12ab-34cd-56ef-1234567890ab` .\n\nFor information about the key ID of a KMS key, see [Key ID](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id) in the *AWS Key Management Service Developer Guide* .", "Ref": "`Ref` returns the key ID, such as `1234abcd-12ab-34cd-56ef-1234567890ab` ." }, - "description": "The `AWS::KMS::Key` resource specifies a [symmetric or asymmetric](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service ( AWS KMS ).\n\nYou can use the `AWS::KMS::Key` resource to specify a multi-Region primary key (symmetric or asymmetric). To specify a replica key, use the [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource. For information about multi-Region keys, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\n> AWS KMS is replacing the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. \n\nYou can use symmetric KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use symmetric KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [What is AWS Key Management Service ?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value.\n\n> If you change the value of a `Replacement` property, such as `KeyUsage` or `KeySpec` , on an existing KMS key, the existing KMS key is [scheduled for deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) and a new KMS key is created with the specified value.\n> \n> While scheduled for deletion, the existing KMS key becomes unusable. If you don't [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the existing KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted.", + "description": "The `AWS::KMS::Key` resource specifies a [symmetric or asymmetric](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service ( AWS KMS ).\n\nYou can use the `AWS::KMS::Key` resource to specify a symmetric or asymmetric multi-Region primary key. To specify a replica key, use the [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource. For information about multi-Region keys, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou cannot use the `AWS::KMS::Key` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) .\n\n> AWS KMS is replacing the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. \n\nYou can use symmetric KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use symmetric KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [What is AWS Key Management Service ?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide* .\n\nYou can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value.\n\n> If you change the value of the `KeyUsage` , `KeySpec` , or `MultiRegion` property on an existing KMS key, the existing KMS key is [scheduled for deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) and a new KMS key is created with the specified value.\n> \n> While scheduled for deletion, the existing KMS key becomes unusable. If you don't [cancel the scheduled deletion](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-keys-scheduling-key-deletion) of the existing KMS key outside of CloudFormation, all data encrypted under the existing KMS key becomes unrecoverable when the KMS key is deleted. \n\n*Regions*\n\nAWS KMS CloudFormation resources are supported in all Regions in which AWS CloudFormation is supported. However, in the (ap-southeast-3), you cannot use a CloudFormation template to create or manage asymmetric KMS keys or multi-Region KMS keys (primary or replica).", "properties": { "Description": "A description of the KMS key. Use a description that helps you to distinguish this KMS key from others in the account, such as its intended use.", "EnableKeyRotation": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n\nAWS KMS does not support automatic key rotation on asymmetric KMS keys. For asymmetric KMS keys, omit the `EnableKeyRotation` property or set it to `false` .\n\nWhen you enable automatic rotation, AWS KMS automatically creates new key material for the KMS key 365 days after the enable (or reenable) date and every 365 days thereafter. AWS KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *AWS Key Management Service Developer Guide* .", @@ -22716,7 +22758,7 @@ "KeyId": "The key ID of the replica key, such as `mrk-1234abcd12ab34cd56ef1234567890ab` .\n\nRelated multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see [How multi-Region keys work](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-how-it-works) in the *AWS Key Management Service Developer Guide* .", "Ref": "`Ref` returns the key ID, such as `mrk-1234abcd12ab34cd56ef1234567890ab` ." }, - "description": "The `AWS::KMS::ReplicaKey` resource specifies a multi-Region replica key that is based on a multi-Region primary key.\n\n*Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nA multi-Region *primary key* is a fully functional symmetric or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an [AWS::KMS::Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html) resource to your CloudFormation stack. Set its `MultiRegion` property to true.\n\nA multi-Region *replica key* is a fully functional symmetric or asymmetric KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .\n\nA primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as *shared properties* . If they change, AWS KMS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS KMS does not synchronize these properties.", + "description": "The `AWS::KMS::ReplicaKey` resource specifies a multi-Region replica key that is based on a multi-Region primary key.\n\n*Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nA multi-Region *primary key* is a fully functional symmetric or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an [AWS::KMS::Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html) resource to your CloudFormation stack. Set its `MultiRegion` property to true.\n\nA multi-Region *replica key* is a fully functional symmetric or asymmetric KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .\n\nA primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as *shared properties* . If they change, AWS KMS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS KMS does not synchronize these properties.\n\n*Regions*\n\nAWS KMS CloudFormation resources are supported in all Regions in which AWS CloudFormation is supported. However, in the (ap-southeast-3), you cannot use a CloudFormation template to create or manage multi-Region KMS keys (primary or replica).", "properties": { "Description": "A description of the KMS key.\n\nThe default value is an empty string (no description).\n\nThe description is not a shared property of multi-Region keys. You can specify the same description or a different description for each key in a set of related multi-Region keys. AWS Key Management Service does not synchronize this property.", "Enabled": "Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations.\n\nWhen `Enabled` is `true` , the *key state* of the KMS key is `Enabled` . When `Enabled` is `false` , the key state of the KMS key is `Disabled` . The default value is `true` .\n\nThe actual key state of the replica might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html) , [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html) , or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations. Also, while the replica key is being created, its key state is `Creating` . When the process is complete, the key state of the replica key changes to `Enabled` .\n\nFor information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *AWS Key Management Service Developer Guide* .", @@ -25943,8 +25985,8 @@ "CollectionName": "The name for the geofence collection.", "Description": "An optional description for the geofence collection.", "KmsKeyId": "A key identifier for an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) . Enter a key ID, key ARN, alias name, or alias ARN.", - "PricingPlan": "Specifies the pricing plan for the geofence collection.\n\nFor additional details and restrictions on each pricing plan option, see the [Amazon Location Service pricing page](https://docs.aws.amazon.com/location/pricing/) .", - "PricingPlanDataSource": "Specifies the data provider for the geofence collection.\n\n- Required value for the following pricing plans: `MobileAssetTracking` | `MobileAssetManagement`\n\nFor more information about [Data Providers](https://docs.aws.amazon.com/location/data-providers/) , and [Pricing plans](https://docs.aws.amazon.com/location/pricing/) , see the Amazon Location Service product page.\n\n> Amazon Location Service only uses `PricingPlanDataSource` to calculate billing for your geofence collection. Your data will not be shared with the data provider, and will remain in your AWS account or region unless you move it. \n\nValid Values: `Esri` | `Here`" + "PricingPlan": "No longer used. If included, the only allowed value is `RequestBasedUsage` .\n\n*Allowed Values* : `RequestBasedUsage`", + "PricingPlanDataSource": "This parameter is no longer used." } }, "AWS::Location::Map": { @@ -25961,7 +26003,7 @@ "Configuration": "Specifies the map style selected from an available data provider.", "Description": "An optional description for the map resource.", "MapName": "The name for the map resource.\n\nRequirements:\n\n- Must contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), hyphens (-), periods (.), and underscores (_).\n- Must be a unique map resource name.\n- No spaces allowed. For example, `ExampleMap` .", - "PricingPlan": "Specifies the pricing plan for your map resource.\n\nFor additional details and restrictions on each pricing plan option, see the [Amazon Location Service pricing page](https://docs.aws.amazon.com/location/pricing/) ." + "PricingPlan": "No longer used. If included, the only allowed value is `RequestBasedUsage` .\n\n*Allowed Values* : `RequestBasedUsage`" } }, "AWS::Location::Map.MapConfiguration": { @@ -25985,7 +26027,7 @@ "DataSourceConfiguration": "Specifies the data storage option for requesting Places.", "Description": "The optional description for the place index resource.", "IndexName": "The name of the place index resource.\n\nRequirements:\n\n- Contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), hyphens (-), periods (.), and underscores (_).\n- Must be a unique place index resource name.\n- No spaces allowed. For example, `ExamplePlaceIndex` .", - "PricingPlan": "Specifies the pricing plan for your place index resource.\n\nFor additional details and restrictions on each pricing plan option, see the [Amazon Location Service pricing page](https://docs.aws.amazon.com/location/pricing/) ." + "PricingPlan": "No longer used. If included, the only allowed value is `RequestBasedUsage` .\n\n*Allowed Values* : `RequestBasedUsage`" } }, "AWS::Location::PlaceIndex.DataSourceConfiguration": { @@ -26008,7 +26050,7 @@ "CalculatorName": "The name of the route calculator resource.\n\nRequirements:\n\n- Can use alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139) , hyphens (-), periods (.), and underscores (_).\n- Must be a unique route calculator resource name.\n- No spaces allowed. For example, `ExampleRouteCalculator` .", "DataSource": "Specifies the data provider of traffic and road network data.\n\n> This field is case-sensitive. Enter the valid values as shown. For example, entering `HERE` returns an error. \n\nValid values include:\n\n- `Esri`\n- `Here`\n\nFor more information about data providers, see the [Amazon Location Service data providers page](https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html) .", "Description": "The optional description for the route calculator resource.", - "PricingPlan": "Specifies the pricing plan for your route calculator resource.\n\nFor additional details and restrictions on each pricing plan option, see the [Amazon Location Service pricing page](https://docs.aws.amazon.com/location/pricing/) ." + "PricingPlan": "No longer used. If included, the only allowed value is `RequestBasedUsage` .\n\n*Allowed Values* : `RequestBasedUsage`" } }, "AWS::Location::Tracker": { @@ -26023,9 +26065,9 @@ "properties": { "Description": "An optional description for the tracker resource.", "KmsKeyId": "A key identifier for an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) . Enter a key ID, key ARN, alias name, or alias ARN.", - "PositionFiltering": "Specifies the position filtering for the tracker resource.\n\nValid values:\n\n- `TimeBased` - Location updates are evaluated against linked geofence collections, but not every location update is stored. If your update frequency is more often than 30 seconds, only one update per 30 seconds is stored for each unique device ID.\n- `DistanceBased` - If the device has moved less than 30 m (98.4 ft), location updates are ignored. Location updates within this area are neither evaluated against linked geofence collections, nor stored. This helps control costs by reducing the number of geofence evaluations and historical device positions to paginate through. Distance-based filtering can also reduce the effects of GPS noise when displaying device trajectories on a map.\n\nThis field is optional. If not specified, the default value is `TimeBased` .", - "PricingPlan": "Specifies the pricing plan for the tracker resource.\n\nFor additional details and restrictions on each pricing plan option, see the [Amazon Location Service pricing page](https://docs.aws.amazon.com/location/pricing/) .", - "PricingPlanDataSource": "Specifies the data provider for the tracker resource.\n\n- Required value for the following pricing plans: `MobileAssetTracking` | `MobileAssetManagement`\n\nFor more information about [Data Providers](https://docs.aws.amazon.com/location/data-providers/) , and [Pricing plans](https://docs.aws.amazon.com/location/pricing/) , see the Amazon Location Service product page.\n\n> Amazon Location Service only uses `PricingPlanDataSource` to calculate billing for your tracker resource. Your data will not be shared with the data provider, and will remain in your AWS account or region unless you move it. \n\nValid Values: `Esri` | `Here`", + "PositionFiltering": "Specifies the position filtering for the tracker resource.\n\nValid values:\n\n- `TimeBased` - Location updates are evaluated against linked geofence collections, but not every location update is stored. If your update frequency is more often than 30 seconds, only one update per 30 seconds is stored for each unique device ID.\n- `DistanceBased` - If the device has moved less than 30 m (98.4 ft), location updates are ignored. Location updates within this area are neither evaluated against linked geofence collections, nor stored. This helps control costs by reducing the number of geofence evaluations and historical device positions to paginate through. Distance-based filtering can also reduce the effects of GPS noise when displaying device trajectories on a map.\n- `AccuracyBased` - If the device has moved less than the measured accuracy, location updates are ignored. For example, if two consecutive updates from a device have a horizontal accuracy of 5 m and 10 m, the second update is ignored if the device has moved less than 15 m. Ignored location updates are neither evaluated against linked geofence collections, nor stored. This can reduce the effects of GPS noise when displaying device trajectories on a map, and can help control your costs by reducing the number of geofence evaluations.\n\nThis field is optional. If not specified, the default value is `TimeBased` .", + "PricingPlan": "No longer used. If included, the only allowed value is `RequestBasedUsage` .", + "PricingPlanDataSource": "This parameter is no longer used.", "TrackerName": "The name for the tracker resource.\n\nRequirements:\n\n- Contain only alphanumeric characters (A-Z, a-z, 0-9) , hyphens (-), periods (.), and underscores (_).\n- Must be a unique tracker resource name.\n- No spaces allowed. For example, `ExampleTracker` ." } }, @@ -32416,7 +32458,7 @@ "AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n\nConstraints: Major version upgrades must be allowed when specifying a value for the `EngineVersion` parameter that is a different major version than the DB instance's current version.", "AssociatedRoles": "The AWS Identity and Access Management (IAM) roles associated with the DB instance.", "AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.", - "AvailabilityZone": "The Availability Zone that the database instance will be created in.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's region.\n\nExample: `us-east-1d`\n\nConstraint: The AvailabilityZone parameter cannot be specified if the MultiAZ parameter is set to `true` . The specified Availability Zone must be in the same region as the current endpoint.", + "AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) .\n\n*Amazon Aurora*\n\nNot applicable. Availability Zones are managed by the DB cluster.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's AWS Region.\n\nExample: `us-east-1d`\n\nConstraint: The `AvailabilityZone` parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same AWS Region as the current endpoint.\n\n> If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.\n> \n> For more information about RDS on VMware, see the [RDS on VMware User Guide.](https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html)", "BackupRetentionPeriod": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.\n\n*Amazon Aurora*\n\nNot applicable. The retention period for automated backups is managed by the DB cluster.\n\nDefault: 1\n\nConstraints:\n\n- Must be a value from 0 to 35\n- Can't be set to 0 if the DB instance is a source to read replicas", "CACertificateIdentifier": "The identifier of the CA certificate for this DB instance.\n\n> Specifying or updating this property triggers a reboot. \n\nFor more information about CA certificate identifiers for RDS DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide* .\n\nFor more information about CA certificate identifiers for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide* .", "CharacterSetName": "For supported engines, indicates that the DB instance should be associated with the specified character set.\n\n*Amazon Aurora*\n\nNot applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html) .", @@ -32488,7 +32530,7 @@ }, "description": "The `AWS::RDS::DBParameterGroup` resource creates a custom parameter group for an RDS database family.\n\nThis type can be declared in a template and referenced in the `DBParameterGroupName` property of an `[AWS::RDS::DBInstance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html)` resource.\n\nFor information about configuring parameters for Amazon RDS DB instances, see [Working with DB parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide* .\n\nFor information about configuring parameters for Amazon Aurora DB instances, see [Working with DB parameter groups and DB cluster parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide* .\n\n> Applying a parameter group to a DB instance may require the DB instance to reboot, resulting in a database outage for the duration of the reboot.", "properties": { - "Description": "Provides the customer-specified description for this DB Parameter Group.", + "Description": "Provides the customer-specified description for this DB parameter group.", "Family": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family.\n\n> The DB parameter group family can't be changed when updating a DB parameter group. \n\nTo list all of the available parameter group families, use the following command:\n\n`aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"`\n\nThe output contains duplicates.\n\nFor more information, see `[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)` .", "Parameters": "An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional.\n\nFor more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide* .\n\nFor more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide* .\n\n> AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", "Tags": "Tags to assign to the DB parameter group." @@ -32592,7 +32634,7 @@ "properties": { "DBSecurityGroupIngress": "Ingress rules to be applied to the DB security group.", "EC2VpcId": "The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.\n\n> The `EC2VpcId` property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.", - "GroupDescription": "Provides the description of the DB Security Group.", + "GroupDescription": "Provides the description of the DB security group.", "Tags": "Tags to assign to the DB security group." } }, @@ -32601,9 +32643,9 @@ "description": "The `Ingress` property type specifies an individual ingress rule within an `AWS::RDS::DBSecurityGroup` resource.", "properties": { "CIDRIP": "The IP range to authorize.", - "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSecurityGroupIngress": { @@ -32613,10 +32655,10 @@ "description": "The `AWS::RDS::DBSecurityGroupIngress` resource enables ingress to a DB security group using one of two forms of authorization. First, you can add EC2 or VPC security groups to the DB security group if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet.\n\nThis type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .\n\nFor details about the settings for DB security group ingress, see [AuthorizeDBSecurityGroupIngress](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html) .", "properties": { "CIDRIP": "The IP range to authorize.", - "DBSecurityGroupName": "The name of the DB Security Group to add authorization to.", - "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "DBSecurityGroupName": "The name of the DB security group to add authorization to.", + "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSubnetGroup": { @@ -32625,9 +32667,9 @@ }, "description": "The `AWS::RDS::DBSubnetGroup` resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.\n\nFor more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide* .", "properties": { - "DBSubnetGroupDescription": "The description for the DB Subnet Group.", + "DBSubnetGroupDescription": "The description for the DB subnet group.", "DBSubnetGroupName": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: `mysubnetgroup`", - "SubnetIds": "The EC2 Subnet IDs for the DB Subnet Group.", + "SubnetIds": "The EC2 Subnet IDs for the DB subnet group.", "Tags": "Tags to assign to the DB subnet group." } }, @@ -32637,8 +32679,8 @@ }, "description": "The `AWS::RDS::EventSubscription` resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see [Using Amazon RDS Event Notification](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) in the *Amazon RDS User Guide* .", "properties": { - "Enabled": "A Boolean value; set to *true* to activate the subscription, set to *false* to create the subscription but not active it.", - "EventCategories": "A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the [Events](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) topic in the Amazon RDS User Guide or by using the *DescribeEventCategories* action.", + "Enabled": "A value that indicates whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active.", + "EventCategories": "A list of event categories for a particular source type ( `SourceType` ) that you want to subscribe to. You can see a list of the categories for a given source type in the \"Amazon RDS event categories and event messages\" section of the [*Amazon RDS User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [*Amazon Aurora User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html) . You can also see this list by using the `DescribeEventCategories` operation.", "SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it.", "SourceIds": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n\nConstraints:\n\n- If a `SourceIds` value is supplied, `SourceType` must also be provided.\n- If the source type is a DB instance, a `DBInstanceIdentifier` value must be supplied.\n- If the source type is a DB cluster, a `DBClusterIdentifier` value must be supplied.\n- If the source type is a DB parameter group, a `DBParameterGroupName` value must be supplied.\n- If the source type is a DB security group, a `DBSecurityGroupName` value must be supplied.\n- If the source type is a DB snapshot, a `DBSnapshotIdentifier` value must be supplied.\n- If the source type is a DB cluster snapshot, a `DBClusterSnapshotIdentifier` value must be supplied.", "SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to `db-instance` . If this value isn't specified, all events are returned.\n\nValid values: `db-instance` | `db-cluster` | `db-parameter-group` | `db-security-group` | `db-snapshot` | `db-cluster-snapshot`" @@ -33069,6 +33111,17 @@ "Url": "The URL to route traffic to. The URL must be an [rfc3986-formatted URL](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc3986) . If the host is a domain name, the name must be resolvable over the public internet. If the scheme is `https` , the top level domain of the host must be listed in the [IANA root zone database](https://docs.aws.amazon.com/https://www.iana.org/domains/root/db) ." } }, + "AWS::Rekognition::Collection": { + "attributes": { + "Arn": "Returns the Amazon Resource Name of the collection.", + "Ref": "`Ref` returns the collection ID. For example:\n\n`{ \"Ref\": \"MyCollection\" }`" + }, + "description": "The `AWS::Rekognition::Collection` type creates a server-side container called a collection. You can use a collection to store information about detected faces and search for known faces in images, stored videos, and streaming videos.", + "properties": { + "CollectionId": "ID for the collection that you are creating.", + "Tags": "A set of tags (key-value pairs) that you want to attach to the collection." + } + }, "AWS::Rekognition::Project": { "attributes": { "Arn": "Returns the Amazon Resource Name of the project.", @@ -34133,7 +34186,6 @@ "attributes": {}, "description": "Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For examples, see [AWS::S3::Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#aws-properties-s3-bucket--examples) . For more information, see [PUT Bucket metrics](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) in the *Amazon S3 API Reference* .", "properties": { - "AccessPointArn": "The access point that was used while performing operations on the object. The metrics configuration only includes objects that meet the filter's criteria.", "Id": "The ID used to identify the metrics configuration. This can be any value you choose that helps you identify your metrics configuration.", "Prefix": "The prefix that an object must have to be included in the metrics results.", "TagFilters": "Specifies a list of tag filters to use as a metrics configuration filter. The metrics configuration includes only objects that meet the filter's criteria." @@ -34160,7 +34212,6 @@ "attributes": {}, "description": "Describes the notification configuration for an Amazon S3 bucket.\n\n> If you create the target resource and related permissions in the same template, you might have a circular dependency.\n> \n> For example, you might use the `AWS::Lambda::Permission` resource to grant the bucket permission to invoke an AWS Lambda function. However, AWS CloudFormation can't create the bucket until the bucket has permission to invoke the function ( AWS CloudFormation checks whether the bucket can invoke the function). If you're using Refs to pass the bucket name, this leads to a circular dependency.\n> \n> To avoid this dependency, you can create all resources without specifying the notification configuration. Then, update the stack with a notification configuration.\n> \n> For more information on permissions, see [AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html) and [Granting Permissions to Publish Event Notification Messages to a Destination](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#grant-destinations-permissions-to-s3) .", "properties": { - "EventBridgeConfiguration": "Enables delivery of events to Amazon EventBridge.", "LambdaConfigurations": "Describes the AWS Lambda functions to invoke and the events for which to invoke them.", "QueueConfigurations": "The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages.", "TopicConfigurations": "The topic to which notifications are sent and the events for which notifications are generated." @@ -34441,12 +34492,7 @@ "AWS::S3::Bucket.WebsiteConfiguration": { "attributes": {}, "description": "Specifies website configuration parameters for an Amazon S3 bucket.", - "properties": { - "ErrorDocument": "The name of the error document for the website.", - "IndexDocument": "The name of the index document for the website.", - "RedirectAllRequestsTo": "The redirect behavior for every request to this bucket's website endpoint.\n\n> If you specify this property, you can't specify any other property.", - "RoutingRules": "Rules that define when a redirect is applied and the redirect behavior." - } + "properties": {} }, "AWS::S3::BucketPolicy": { "attributes": {}, @@ -34763,7 +34809,7 @@ "attributes": { "Ref": "`Ref` returns the resource name." }, - "description": "The name of the configuration set.\n\nConfiguration sets let you create groups of rules that you can apply to the emails you send using Amazon SES. For more information about using configuration sets, see [Using Amazon SES Configuration Sets](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-configuration-sets.html) in the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/) .", + "description": "The name of the configuration set.\n\nConfiguration sets let you create groups of rules that you can apply to the emails you send using Amazon SES. For more information about using configuration sets, see [Using Amazon SES Configuration Sets](https://docs.aws.amazon.com/ses/latest/dg/using-configuration-sets.html) in the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/) .", "properties": { "Name": "" } @@ -34778,14 +34824,14 @@ }, "AWS::SES::ConfigurationSetEventDestination.CloudWatchDestination": { "attributes": {}, - "description": "Contains information associated with an Amazon CloudWatch event destination to which email sending events are published.\n\nEvent destinations, such as Amazon CloudWatch, are associated with configuration sets, which enable you to publish email sending events. For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/monitor-sending-activity.html) .", + "description": "Contains information associated with an Amazon CloudWatch event destination to which email sending events are published.\n\nEvent destinations, such as Amazon CloudWatch, are associated with configuration sets, which enable you to publish email sending events. For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) .", "properties": { "DimensionConfigurations": "A list of dimensions upon which to categorize your emails when you publish email sending events to Amazon CloudWatch." } }, "AWS::SES::ConfigurationSetEventDestination.DimensionConfiguration": { "attributes": {}, - "description": "Contains the dimension configuration to use when you publish email sending events to Amazon CloudWatch.\n\nFor information about publishing email sending events to Amazon CloudWatch, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/monitor-sending-activity.html) .", + "description": "Contains the dimension configuration to use when you publish email sending events to Amazon CloudWatch.\n\nFor information about publishing email sending events to Amazon CloudWatch, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) .", "properties": { "DefaultDimensionValue": "The default value of the dimension that is published to Amazon CloudWatch if you do not provide the value of the dimension when you send an email. The default value must meet the following requirements:\n\n- Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), at signs (@), or periods (.).\n- Contain 256 characters or fewer.", "DimensionName": "The name of an Amazon CloudWatch dimension associated with an email sending metric. The name must meet the following requirements:\n\n- Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-).\n- Contain 256 characters or fewer.", @@ -34794,7 +34840,7 @@ }, "AWS::SES::ConfigurationSetEventDestination.EventDestination": { "attributes": {}, - "description": "Contains information about an event destination.\n\n> When you create or update an event destination, you must provide one, and only one, destination. The destination can be Amazon CloudWatch, Amazon Kinesis Firehose or Amazon Simple Notification Service (Amazon SNS). \n\nEvent destinations are associated with configuration sets, which enable you to publish email sending events to Amazon CloudWatch, Amazon Kinesis Firehose, or Amazon Simple Notification Service (Amazon SNS). For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/monitor-sending-activity.html) .", + "description": "Contains information about an event destination.\n\n> When you create or update an event destination, you must provide one, and only one, destination. The destination can be Amazon CloudWatch, Amazon Kinesis Firehose or Amazon Simple Notification Service (Amazon SNS). \n\nEvent destinations are associated with configuration sets, which enable you to publish email sending events to Amazon CloudWatch, Amazon Kinesis Firehose, or Amazon Simple Notification Service (Amazon SNS). For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) .", "properties": { "CloudWatchDestination": "An object that contains the names, default values, and sources of the dimensions associated with an Amazon CloudWatch event destination.", "Enabled": "Sets whether Amazon SES publishes events to this destination when you send an email with the associated configuration set. Set to `true` to enable publishing to this destination; set to `false` to prevent publishing to this destination. The default value is `false` .", @@ -34805,7 +34851,7 @@ }, "AWS::SES::ConfigurationSetEventDestination.KinesisFirehoseDestination": { "attributes": {}, - "description": "Contains the delivery stream ARN and the IAM role ARN associated with an Amazon Kinesis Firehose event destination.\n\nEvent destinations, such as Amazon Kinesis Firehose, are associated with configuration sets, which enable you to publish email sending events. For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/monitor-sending-activity.html) .", + "description": "Contains the delivery stream ARN and the IAM role ARN associated with an Amazon Kinesis Firehose event destination.\n\nEvent destinations, such as Amazon Kinesis Firehose, are associated with configuration sets, which enable you to publish email sending events. For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) .", "properties": { "DeliveryStreamARN": "The ARN of the Amazon Kinesis Firehose stream that email sending events should be published to.", "IAMRoleARN": "The ARN of the IAM role under which Amazon SES publishes email sending events to the Amazon Kinesis Firehose stream." @@ -34850,7 +34896,7 @@ }, "AWS::SES::ReceiptFilter.IpFilter": { "attributes": {}, - "description": "A receipt IP address filter enables you to specify whether to accept or reject mail originating from an IP address or range of IP addresses.\n\nFor information about setting up IP address filters, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-ip-filters.html) .", + "description": "A receipt IP address filter enables you to specify whether to accept or reject mail originating from an IP address or range of IP addresses.\n\nFor information about setting up IP address filters, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-ip-filtering-console-walkthrough.html) .", "properties": { "Cidr": "A single IP address or a range of IP addresses to block or allow, specified in Classless Inter-Domain Routing (CIDR) notation. An example of a single email address is 10.0.0.1. An example of a range of IP addresses is 10.0.0.1/24. For more information about CIDR notation, see [RFC 2317](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc2317) .", "Policy": "Indicates whether to block or allow incoming mail from the specified IP addresses." @@ -34869,7 +34915,7 @@ }, "AWS::SES::ReceiptRule.Action": { "attributes": {}, - "description": "An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.\n\nFor information about setting up receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-receipt-rules.html) .", + "description": "An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.\n\nFor information about setting up receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-receipt-rules-console-walkthrough.html) .", "properties": { "AddHeaderAction": "Adds a header to the received email.", "BounceAction": "Rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).", @@ -34882,7 +34928,7 @@ }, "AWS::SES::ReceiptRule.AddHeaderAction": { "attributes": {}, - "description": "When included in a receipt rule, this action adds a header to the received email.\n\nFor information about adding a header using a receipt rule, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-add-header.html) .", + "description": "When included in a receipt rule, this action adds a header to the received email.\n\nFor information about adding a header using a receipt rule, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-add-header.html) .", "properties": { "HeaderName": "The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric (a\u2013z, A\u2013Z, 0\u20139) characters and dashes.", "HeaderValue": "The content to include in the header. This value can contain up to 2048 characters. It can't contain newline ( `\\n` ) or carriage return ( `\\r` ) characters." @@ -34890,7 +34936,7 @@ }, "AWS::SES::ReceiptRule.BounceAction": { "attributes": {}, - "description": "When included in a receipt rule, this action rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nFor information about sending a bounce message in response to a received email, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-bounce.html) .", + "description": "When included in a receipt rule, this action rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nFor information about sending a bounce message in response to a received email, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-bounce.html) .", "properties": { "Message": "Human-readable text to include in the bounce message.", "Sender": "The email address of the sender of the bounced email. This is the address from which the bounce message is sent.", @@ -34901,7 +34947,7 @@ }, "AWS::SES::ReceiptRule.LambdaAction": { "attributes": {}, - "description": "When included in a receipt rule, this action calls an AWS Lambda function and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nTo enable Amazon SES to call your AWS Lambda function or to publish to an Amazon SNS topic of another account, Amazon SES must have permission to access those resources. For information about giving permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html) .\n\nFor information about using AWS Lambda actions in receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-lambda.html) .", + "description": "When included in a receipt rule, this action calls an AWS Lambda function and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nTo enable Amazon SES to call your AWS Lambda function or to publish to an Amazon SNS topic of another account, Amazon SES must have permission to access those resources. For information about giving permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html) .\n\nFor information about using AWS Lambda actions in receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-lambda.html) .", "properties": { "FunctionArn": "The Amazon Resource Name (ARN) of the AWS Lambda function. An example of an AWS Lambda function ARN is `arn:aws:lambda:us-west-2:account-id:function:MyFunction` . For more information about AWS Lambda, see the [AWS Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html) .", "InvocationType": "The invocation type of the AWS Lambda function. An invocation type of `RequestResponse` means that the execution of the function immediately results in a response, and a value of `Event` means that the function is invoked asynchronously. The default value is `Event` . For information about AWS Lambda invocation types, see the [AWS Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html) .\n\n> There is a 30-second timeout on `RequestResponse` invocations. You should use `Event` invocation in most cases. Use `RequestResponse` only to make a mail flow decision, such as whether to stop the receipt rule or the receipt rule set.", @@ -34910,7 +34956,7 @@ }, "AWS::SES::ReceiptRule.Rule": { "attributes": {}, - "description": "Receipt rules enable you to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own.\n\nEach receipt rule defines a set of email addresses or domains that it applies to. If the email addresses or domains match at least one recipient address of the message, Amazon SES executes all of the receipt rule's actions on the message.\n\nFor information about setting up receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-receipt-rules.html) .", + "description": "Receipt rules enable you to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own.\n\nEach receipt rule defines a set of email addresses or domains that it applies to. If the email addresses or domains match at least one recipient address of the message, Amazon SES executes all of the receipt rule's actions on the message.\n\nFor information about setting up receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-receipt-rules-console-walkthrough.html) .", "properties": { "Actions": "An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule.", "Enabled": "If `true` , the receipt rule is active. The default value is `false` .", @@ -34922,17 +34968,17 @@ }, "AWS::SES::ReceiptRule.S3Action": { "attributes": {}, - "description": "When included in a receipt rule, this action saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nTo enable Amazon SES to write emails to your Amazon S3 bucket, use an AWS KMS key to encrypt your emails, or publish to an Amazon SNS topic of another account, Amazon SES must have permission to access those resources. For information about granting permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html) .\n\n> When you save your emails to an Amazon S3 bucket, the maximum email size (including headers) is 30 MB. Emails larger than that bounces. \n\nFor information about specifying Amazon S3 actions in receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-s3.html) .", + "description": "When included in a receipt rule, this action saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nTo enable Amazon SES to write emails to your Amazon S3 bucket, use an AWS KMS key to encrypt your emails, or publish to an Amazon SNS topic of another account, Amazon SES must have permission to access those resources. For information about granting permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html) .\n\n> When you save your emails to an Amazon S3 bucket, the maximum email size (including headers) is 30 MB. Emails larger than that bounces. \n\nFor information about specifying Amazon S3 actions in receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-s3.html) .", "properties": { "BucketName": "The name of the Amazon S3 bucket for incoming email.", - "KmsKeyArn": "The customer master key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default master key or a custom master key that you created in AWS KMS as follows:\n\n- To use the default master key, provide an ARN in the form of `arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses` . For example, if your AWS account ID is 123456789012 and you want to use the default master key in the US West (Oregon) Region, the ARN of the default master key would be `arn:aws:kms:us-west-2:123456789012:alias/aws/ses` . If you use the default master key, you don't need to perform any extra steps to give Amazon SES permission to use the key.\n- To use a custom master key that you created in AWS KMS, provide the ARN of the master key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html) .\n\nFor more information about key policies, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) . If you do not specify a master key, Amazon SES does not encrypt your emails.\n\n> Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your AWS KMS keys for decryption. This encryption client is currently available with the [AWS SDK for Java](https://docs.aws.amazon.com/sdk-for-java/) and [AWS SDK for Ruby](https://docs.aws.amazon.com/sdk-for-ruby/) only. For more information about client-side encryption using AWS KMS master keys, see the [Amazon S3 Developer Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) .", + "KmsKeyArn": "The customer master key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default master key or a custom master key that you created in AWS KMS as follows:\n\n- To use the default master key, provide an ARN in the form of `arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses` . For example, if your AWS account ID is 123456789012 and you want to use the default master key in the US West (Oregon) Region, the ARN of the default master key would be `arn:aws:kms:us-west-2:123456789012:alias/aws/ses` . If you use the default master key, you don't need to perform any extra steps to give Amazon SES permission to use the key.\n- To use a custom master key that you created in AWS KMS, provide the ARN of the master key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html) .\n\nFor more information about key policies, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) . If you do not specify a master key, Amazon SES does not encrypt your emails.\n\n> Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your AWS KMS keys for decryption. This encryption client is currently available with the [AWS SDK for Java](https://docs.aws.amazon.com/sdk-for-java/) and [AWS SDK for Ruby](https://docs.aws.amazon.com/sdk-for-ruby/) only. For more information about client-side encryption using AWS KMS master keys, see the [Amazon S3 Developer Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) .", "ObjectKeyPrefix": "The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.", "TopicArn": "The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the [ListTopics](https://docs.aws.amazon.com/sns/latest/api/API_ListTopics.html) operation in Amazon SNS.\n\nFor more information about Amazon SNS topics, see the [Amazon SNS Developer Guide](https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) ." } }, "AWS::SES::ReceiptRule.SNSAction": { "attributes": {}, - "description": "When included in a receipt rule, this action publishes a notification to Amazon Simple Notification Service (Amazon SNS). This action includes a complete copy of the email content in the Amazon SNS notifications. Amazon SNS notifications for all other actions simply provide information about the email. They do not include the email content itself.\n\nIf you own the Amazon SNS topic, you don't need to do anything to give Amazon SES permission to publish emails to it. However, if you don't own the Amazon SNS topic, you need to attach a policy to the topic to give Amazon SES permissions to access it. For information about giving permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html) .\n\n> You can only publish emails that are 150 KB or less (including the header) to Amazon SNS. Larger emails bounce. If you anticipate emails larger than 150 KB, use the S3 action instead. \n\nFor information about using a receipt rule to publish an Amazon SNS notification, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-sns.html) .", + "description": "When included in a receipt rule, this action publishes a notification to Amazon Simple Notification Service (Amazon SNS). This action includes a complete copy of the email content in the Amazon SNS notifications. Amazon SNS notifications for all other actions simply provide information about the email. They do not include the email content itself.\n\nIf you own the Amazon SNS topic, you don't need to do anything to give Amazon SES permission to publish emails to it. However, if you don't own the Amazon SNS topic, you need to attach a policy to the topic to give Amazon SES permissions to access it. For information about giving permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html) .\n\n> You can only publish emails that are 150 KB or less (including the header) to Amazon SNS. Larger emails bounce. If you anticipate emails larger than 150 KB, use the S3 action instead. \n\nFor information about using a receipt rule to publish an Amazon SNS notification, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-sns.html) .", "properties": { "Encoding": "The encoding to use for the email within the Amazon SNS notification. UTF-8 is easier to use, but may not preserve all special characters when a message was encoded with a different encoding format. Base64 preserves all special characters. The default value is UTF-8.", "TopicArn": "The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. You can find the ARN of a topic by using the [ListTopics](https://docs.aws.amazon.com/sns/latest/api/API_ListTopics.html) operation in Amazon SNS.\n\nFor more information about Amazon SNS topics, see the [Amazon SNS Developer Guide](https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) ." @@ -34940,7 +34986,7 @@ }, "AWS::SES::ReceiptRule.StopAction": { "attributes": {}, - "description": "When included in a receipt rule, this action terminates the evaluation of the receipt rule set and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nFor information about setting a stop action in a receipt rule, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-stop.html) .", + "description": "When included in a receipt rule, this action terminates the evaluation of the receipt rule set and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).\n\nFor information about setting a stop action in a receipt rule, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-stop.html) .", "properties": { "Scope": "The scope of the StopAction. The only acceptable value is `RuleSet` .", "TopicArn": "The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. You can find the ARN of a topic by using the [ListTopics](https://docs.aws.amazon.com/sns/latest/api/API_ListTopics.html) Amazon SNS operation.\n\nFor more information about Amazon SNS topics, see the [Amazon SNS Developer Guide](https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) ." @@ -34948,7 +34994,7 @@ }, "AWS::SES::ReceiptRule.WorkmailAction": { "attributes": {}, - "description": "When included in a receipt rule, this action calls Amazon WorkMail and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS). It usually isn't necessary to set this up manually, because Amazon WorkMail adds the rule automatically during its setup procedure.\n\nFor information using a receipt rule to call Amazon WorkMail, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-workmail.html) .", + "description": "When included in a receipt rule, this action calls Amazon WorkMail and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS). It usually isn't necessary to set this up manually, because Amazon WorkMail adds the rule automatically during its setup procedure.\n\nFor information using a receipt rule to call Amazon WorkMail, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-workmail.html) .", "properties": { "OrganizationArn": "The Amazon Resource Name (ARN) of the Amazon WorkMail organization. Amazon WorkMail ARNs use the following format:\n\n`arn:aws:workmail:::organization/`\n\nYou can find the ID of your organization by using the [ListOrganizations](https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListOrganizations.html) operation in Amazon WorkMail. Amazon WorkMail organization IDs begin with \" `m-` \", followed by a string of alphanumeric characters.\n\nFor information about Amazon WorkMail organizations, see the [Amazon WorkMail Administrator Guide](https://docs.aws.amazon.com/workmail/latest/adminguide/organizations_overview.html) .", "TopicArn": "The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. You can find the ARN of a topic by using the [ListTopics](https://docs.aws.amazon.com/sns/latest/api/API_ListTopics.html) operation in Amazon SNS.\n\nFor more information about Amazon SNS topics, see the [Amazon SNS Developer Guide](https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html) ." @@ -34958,7 +35004,7 @@ "attributes": { "Ref": "`Ref` returns the resource name. For example:" }, - "description": "Creates an empty receipt rule set.\n\nFor information about setting up receipt rule sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-receipt-rule-set.html) .\n\nYou can execute this operation no more than once per second.", + "description": "Creates an empty receipt rule set.\n\nFor information about setting up receipt rule sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-concepts.html#receiving-email-concepts-rules) .\n\nYou can execute this operation no more than once per second.", "properties": { "RuleSetName": "The name of the receipt rule set to reorder." } @@ -34967,12 +35013,12 @@ "attributes": {}, "description": "Specifies an email template. Email templates enable you to send personalized email to one or more destinations in a single API operation.", "properties": { - "Template": "The content of the email, composed of a subject line, an HTML part, and a text-only part." + "Template": "The content of the email, composed of a subject line and either an HTML part or a text-only part." } }, "AWS::SES::Template.Template": { "attributes": {}, - "description": "The content of the email, composed of a subject line, an HTML part, and a text-only part.", + "description": "The content of the email, composed of a subject line and either an HTML part or a text-only part.", "properties": { "HtmlPart": "The HTML body of the email.", "SubjectPart": "The subject line of the email.", From c6b33830f5c1b120b5076bde79af8e2de74b4d90 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 31 Jan 2022 11:57:34 +0100 Subject: [PATCH 21/26] chore: override `markdown-it` version (#18723) We have a dependency chain of: ``` build-tools -> markdownlint-cli -> markdownlint -> markdown-it ^^^ straggler ^^^ CVE ``` Override the dependency to get rid of a CVE warning. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- package.json | 3 ++- yarn.lock | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index b99f8690e2171..b29235f97a8dc 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,8 @@ }, "resolutions": { "colors": "1.4.0", - "string-width": "^4.2.3" + "string-width": "^4.2.3", + "markdown-it": "^12.3.2" }, "repository": { "type": "git", diff --git a/yarn.lock b/yarn.lock index 3600a0c04e4b0..d69b35201a8c3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6469,10 +6469,10 @@ map-obj@^4.0.0: resolved "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz#9304f906e93faae70880da102a9f1df0ea8bb05a" integrity sha512-hdN1wVrZbb29eBGiGjJbeP8JbKjq1urkHJ/LIP/NY48MZ1QVXUsQBV1G1zvYFHn1XE06cwjBsOI2K3Ulnj1YXQ== -markdown-it@12.2.0: - version "12.2.0" - resolved "https://registry.npmjs.org/markdown-it/-/markdown-it-12.2.0.tgz#091f720fd5db206f80de7a8d1f1a7035fd0d38db" - integrity sha512-Wjws+uCrVQRqOoJvze4HCqkKl1AsSh95iFAeQDwnyfxM09divCBSXlDR1uTvyUP3Grzpn4Ru8GeCxYPM8vkCQg== +markdown-it@12.2.0, markdown-it@^12.3.2: + version "12.3.2" + resolved "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz#bf92ac92283fe983fe4de8ff8abfb5ad72cd0c90" + integrity sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg== dependencies: argparse "^2.0.1" entities "~2.1.0" From 164d50bf1f505954208c65c104f61a53b010f383 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 31 Jan 2022 12:48:24 +0100 Subject: [PATCH 22/26] docs(dynamodb): add note around table encryption (#18721) Whether creating a Table with a custom KMS key succeeds depends on the permissions on the key. The default permissions are correct, but only if the appropriate feature flag is set. Without changing code yet, add the caveat on proper configuration to the documentation. Fixes #18616 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-dynamodb/lib/table.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/packages/@aws-cdk/aws-dynamodb/lib/table.ts b/packages/@aws-cdk/aws-dynamodb/lib/table.ts index 020ca091aa777..b109558752ab7 100644 --- a/packages/@aws-cdk/aws-dynamodb/lib/table.ts +++ b/packages/@aws-cdk/aws-dynamodb/lib/table.ts @@ -117,6 +117,12 @@ export enum TableEncryption { /** * Server-side KMS encryption with a customer master key managed by customer. * If `encryptionKey` is specified, this key will be used, otherwise, one will be defined. + * + * > **NOTE**: if `encryptionKey` is not specified and the `Table` construct creates + * > a KMS key for you, the key will be created with default permissions. If you are using + * > CDKv2, these permissions will be sufficient to enable the key for use with DynamoDB tables. + * > If you are using CDKv1, make sure the feature flag `@aws-cdk/aws-kms:defaultKeyPolicies` + * > is set to `true` in your `cdk.json`. */ CUSTOMER_MANAGED = 'CUSTOMER_MANAGED', @@ -198,6 +204,13 @@ export interface TableOptions extends SchemaOptions { * * This property cannot be set if `serverSideEncryption` is set. * + * > **NOTE**: if you set this to `CUSTOMER_MANAGED` and `encryptionKey` is not + * > specified, the key that the Tablet generates for you will be created with + * > default permissions. If you are using CDKv2, these permissions will be + * > sufficient to enable the key for use with DynamoDB tables. If you are + * > using CDKv1, make sure the feature flag + * > `@aws-cdk/aws-kms:defaultKeyPolicies` is set to `true` in your `cdk.json`. + * * @default - server-side encryption is enabled with an AWS owned customer master key */ readonly encryption?: TableEncryption; From 13e1c7f10b81fc350953fe69fcccb61ff5aa9c1e Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 31 Jan 2022 07:37:07 -0500 Subject: [PATCH 23/26] fix(vpc): Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (#18714) Currently if `subnetGroupNameTag` is provided in `Vpc.fromLookup()` and a tag with that key does not exist, the error that is returned is very generic and just indicates that the VPC could not be found. This makes it very hard to troubleshoot what the real issue is (invalid subnetGroupNameTag). Now if the user provides a `subnetGroupNameTag` and a tag with that Key does not exist an error is thrown indicating that an invalid `subnetGroupNameTag` was provided fixes #13962 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk/lib/context-providers/vpcs.ts | 4 + .../test/context-providers/vpcs.test.ts | 138 ++++++++++++++++++ 2 files changed, 142 insertions(+) diff --git a/packages/aws-cdk/lib/context-providers/vpcs.ts b/packages/aws-cdk/lib/context-providers/vpcs.ts index 99b2f6e7820a9..66a5e8e6d2cc5 100644 --- a/packages/aws-cdk/lib/context-providers/vpcs.ts +++ b/packages/aws-cdk/lib/context-providers/vpcs.ts @@ -80,6 +80,10 @@ export class VpcNetworkContextProviderPlugin implements ContextProviderPlugin { throw new Error(`Subnet ${subnet.SubnetArn} has invalid subnet type ${type} (must be ${SubnetType.Public}, ${SubnetType.Private} or ${SubnetType.Isolated})`); } + if (args.subnetGroupNameTag && !getTag(args.subnetGroupNameTag, subnet.Tags)) { + throw new Error(`Invalid subnetGroupNameTag: Subnet ${subnet.SubnetArn} does not have an associated tag with Key='${args.subnetGroupNameTag}'`); + } + const name = getTag(args.subnetGroupNameTag || 'aws-cdk:subnet-name', subnet.Tags) || type; const routeTableId = routeTables.routeTableIdForSubnetId(subnet.SubnetId); diff --git a/packages/aws-cdk/test/context-providers/vpcs.test.ts b/packages/aws-cdk/test/context-providers/vpcs.test.ts index e97090666d710..0b03aaf4cacd9 100644 --- a/packages/aws-cdk/test/context-providers/vpcs.test.ts +++ b/packages/aws-cdk/test/context-providers/vpcs.test.ts @@ -110,6 +110,144 @@ test('throws when no such VPC is found', async () => { })).rejects.toThrow(/Could not find any VPCs matching/); }); +test('throws when subnet with subnetGroupNameTag not found', async () => { + // GIVEN + const filter = { foo: 'bar' }; + const provider = new VpcNetworkContextProviderPlugin(mockSDK); + + mockVpcLookup({ + subnets: [ + { SubnetId: 'sub-123456', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: true }, + { SubnetId: 'sub-789012', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false }, + ], + routeTables: [ + { + Associations: [{ SubnetId: 'sub-123456' }], + RouteTableId: 'rtb-123456', + Routes: [ + { + DestinationCidrBlock: '1.1.1.1/24', + GatewayId: 'local', + Origin: 'CreateRouteTable', + State: 'active', + }, + { + DestinationCidrBlock: '0.0.0.0/0', + GatewayId: 'igw-xxxxxx', + Origin: 'CreateRoute', + State: 'active', + }, + ], + }, + { + Associations: [{ SubnetId: 'sub-789012' }], + RouteTableId: 'rtb-789012', + Routes: [ + { + DestinationCidrBlock: '1.1.2.1/24', + GatewayId: 'local', + Origin: 'CreateRouteTable', + State: 'active', + }, + { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: 'nat-xxxxxx', + Origin: 'CreateRoute', + State: 'active', + }, + ], + }, + ], + vpnGateways: [{ VpnGatewayId: 'gw-abcdef' }], + }); + + // WHEN + await expect(provider.getValue({ + account: '1234', + region: 'us-east-1', + subnetGroupNameTag: 'DOES_NOT_EXIST', + filter, + })).rejects.toThrow(/Invalid subnetGroupNameTag: Subnet .* does not have an associated tag with Key='DOES_NOT_EXIST'/); +}); + +test('does not throw when subnet with subnetGroupNameTag is found', async () => { + // GIVEN + const filter = { foo: 'bar' }; + const provider = new VpcNetworkContextProviderPlugin(mockSDK); + + mockVpcLookup({ + subnets: [ + { SubnetId: 'sub-123456', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: true, Tags: [{ Key: 'DOES_EXIST', Value: 'SubnetName1' }] }, + { SubnetId: 'sub-789012', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false, Tags: [{ Key: 'DOES_EXIST', Value: 'SubnetName2' }] }, + ], + routeTables: [ + { + Associations: [{ SubnetId: 'sub-123456' }], + RouteTableId: 'rtb-123456', + Routes: [ + { + DestinationCidrBlock: '1.1.1.1/24', + GatewayId: 'local', + Origin: 'CreateRouteTable', + State: 'active', + }, + { + DestinationCidrBlock: '0.0.0.0/0', + GatewayId: 'igw-xxxxxx', + Origin: 'CreateRoute', + State: 'active', + }, + ], + }, + { + Associations: [{ SubnetId: 'sub-789012' }], + RouteTableId: 'rtb-789012', + Routes: [ + { + DestinationCidrBlock: '1.1.2.1/24', + GatewayId: 'local', + Origin: 'CreateRouteTable', + State: 'active', + }, + { + DestinationCidrBlock: '0.0.0.0/0', + NatGatewayId: 'nat-xxxxxx', + Origin: 'CreateRoute', + State: 'active', + }, + ], + }, + ], + vpnGateways: [{ VpnGatewayId: 'gw-abcdef' }], + }); + + // WHEN + const result = await provider.getValue({ + account: '1234', + region: 'us-east-1', + subnetGroupNameTag: 'DOES_EXIST', + filter, + }); + + // THEN + expect(result).toEqual({ + vpcId: 'vpc-1234567', + vpcCidrBlock: '1.1.1.1/16', + availabilityZones: ['bermuda-triangle-1337'], + isolatedSubnetIds: undefined, + isolatedSubnetNames: undefined, + isolatedSubnetRouteTableIds: undefined, + privateSubnetIds: ['sub-789012'], + privateSubnetNames: ['SubnetName2'], + privateSubnetRouteTableIds: ['rtb-789012'], + publicSubnetIds: ['sub-123456'], + publicSubnetNames: ['SubnetName1'], + publicSubnetRouteTableIds: ['rtb-123456'], + vpnGatewayId: 'gw-abcdef', + subnetGroups: undefined, + }); +}); + test('throws when multiple VPCs are found', async () => { // GIVEN const filter = { foo: 'bar' }; From afdc550ee372dd25d9d2eef81a545da1e923f796 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Mon, 31 Jan 2022 08:46:28 -0500 Subject: [PATCH 24/26] fix(ec2): `UserData.addSignalOnExitCommand` does not work in combination with `userDataCausesReplacement` (#18726) If both `addSignalOnExitCommand` _and_ `userDataCausesReplacement` are used it results in an invalid logicalId being used in the `cfn-signal` call. This is due to `addSignalOnExitCommand` getting the logicalID from `Stack.getLogicalId` which does not take into consideration logicalId overrides which `userDataCausesReplacement` uses. This updates `addSignalOnExitCommand` to use the `logicalId` of the resource which is evaluated lazily and happens after all overrides. fixes #12749 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ec2/lib/user-data.ts | 6 +- .../@aws-cdk/aws-ec2/test/userdata.test.ts | 86 ++++++++++++++++++- 2 files changed, 86 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/user-data.ts b/packages/@aws-cdk/aws-ec2/lib/user-data.ts index 1e92eb888e6f8..82e256b9a895a 100644 --- a/packages/@aws-cdk/aws-ec2/lib/user-data.ts +++ b/packages/@aws-cdk/aws-ec2/lib/user-data.ts @@ -1,5 +1,5 @@ import { IBucket } from '@aws-cdk/aws-s3'; -import { CfnElement, Fn, Resource, Stack } from '@aws-cdk/core'; +import { Fn, Resource, Stack, CfnResource } from '@aws-cdk/core'; import { OperatingSystemType } from './machine-image'; /** @@ -178,7 +178,7 @@ class LinuxUserData extends UserData { public addSignalOnExitCommand( resource: Resource ): void { const stack = Stack.of(resource); - const resourceID = stack.getLogicalId(resource.node.defaultChild as CfnElement); + const resourceID = (resource.node.defaultChild as CfnResource).logicalId; this.addOnExitCommands(`/opt/aws/bin/cfn-signal --stack ${stack.stackName} --resource ${resourceID} --region ${stack.region} -e $exitCode || echo 'Failed to send Cloudformation Signal'`); } @@ -235,7 +235,7 @@ class WindowsUserData extends UserData { public addSignalOnExitCommand( resource: Resource ): void { const stack = Stack.of(resource); - const resourceID = stack.getLogicalId(resource.node.defaultChild as CfnElement); + const resourceID = (resource.node.defaultChild as CfnResource).logicalId; this.addOnExitCommands(`cfn-signal --stack ${stack.stackName} --resource ${resourceID} --region ${stack.region} --success ($success.ToString().ToLower())`); } diff --git a/packages/@aws-cdk/aws-ec2/test/userdata.test.ts b/packages/@aws-cdk/aws-ec2/test/userdata.test.ts index e2596d8699abd..c385ce83a7254 100644 --- a/packages/@aws-cdk/aws-ec2/test/userdata.test.ts +++ b/packages/@aws-cdk/aws-ec2/test/userdata.test.ts @@ -1,5 +1,6 @@ import { Bucket } from '@aws-cdk/aws-s3'; -import { Aws, Stack } from '@aws-cdk/core'; +import { Template, Match } from '@aws-cdk/assertions'; +import { Aws, Stack, CfnResource } from '@aws-cdk/core'; import * as ec2 from '../lib'; describe('user data', () => { @@ -41,6 +42,7 @@ describe('user data', () => { const stack = new Stack(); const resource = new ec2.Vpc(stack, 'RESOURCE'); const userData = ec2.UserData.forWindows(); + const logicalId = (resource.node.defaultChild as CfnResource).logicalId; // WHEN userData.addSignalOnExitCommand( resource ); @@ -49,9 +51,10 @@ describe('user data', () => { // THEN const rendered = userData.render(); + expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552F'); expect(rendered).toEqual('trap {\n' + '$success=($PSItem.Exception.Message -eq "Success")\n' + - `cfn-signal --stack Default --resource RESOURCE1989552F --region ${Aws.REGION} --success ($success.ToString().ToLower())\n` + + `cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} --success ($success.ToString().ToLower())\n` + 'break\n' + '}\n' + 'command1\n' + @@ -59,6 +62,44 @@ describe('user data', () => { ); }); + test('can create Windows with Signal Command and userDataCausesReplacement', () => { + // GIVEN + const stack = new Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + const userData = ec2.UserData.forWindows(); + const resource = new ec2.Instance(stack, 'RESOURCE', { + vpc, + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.LARGE), + machineImage: ec2.MachineImage.genericWindows({ ['us-east-1']: 'ami-12345678' }), + userDataCausesReplacement: true, + userData, + }); + + const logicalId = (resource.node.defaultChild as CfnResource).logicalId; + + // WHEN + userData.addSignalOnExitCommand( resource ); + userData.addCommands('command1'); + + // THEN + Template.fromStack(stack).templateMatches({ + Resources: Match.objectLike({ + RESOURCE1989552Fdfd505305f427919: { + Type: 'AWS::EC2::Instance', + }, + }), + }); + expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552Fdfd505305f427919'); + const rendered = userData.render(); + expect(rendered).toEqual('trap {\n' + + '$success=($PSItem.Exception.Message -eq "Success")\n' + + `cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} --success ($success.ToString().ToLower())\n` + + 'break\n' + + '}\n' + + 'command1\n' + + 'throw "Success"', + ); + }); test('can windows userdata download S3 files', () => { // GIVEN const stack = new Stack(); @@ -174,6 +215,7 @@ describe('user data', () => { // GIVEN const stack = new Stack(); const resource = new ec2.Vpc(stack, 'RESOURCE'); + const logicalId = (resource.node.defaultChild as CfnResource).logicalId; // WHEN const userData = ec2.UserData.forLinux(); @@ -182,15 +224,53 @@ describe('user data', () => { // THEN const rendered = userData.render(); + expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552F'); expect(rendered).toEqual('#!/bin/bash\n' + 'function exitTrap(){\n' + 'exitCode=$?\n' + - `/opt/aws/bin/cfn-signal --stack Default --resource RESOURCE1989552F --region ${Aws.REGION} -e $exitCode || echo \'Failed to send Cloudformation Signal\'\n` + + `/opt/aws/bin/cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} -e $exitCode || echo \'Failed to send Cloudformation Signal\'\n` + '}\n' + 'trap exitTrap EXIT\n' + 'command1'); }); + test('can create Linux with Signal Command and userDataCausesReplacement', () => { + // GIVEN + const stack = new Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + const userData = ec2.UserData.forLinux(); + const resource = new ec2.Instance(stack, 'RESOURCE', { + vpc, + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.LARGE), + machineImage: ec2.MachineImage.genericLinux({ ['us-east-1']: 'ami-12345678' }), + userDataCausesReplacement: true, + userData, + }); + + const logicalId = (resource.node.defaultChild as CfnResource).logicalId; + + // WHEN + userData.addSignalOnExitCommand( resource ); + userData.addCommands('command1'); + + // THEN + Template.fromStack(stack).templateMatches({ + Resources: Match.objectLike({ + RESOURCE1989552F74a24ef4fbc89422: { + Type: 'AWS::EC2::Instance', + }, + }), + }); + expect(stack.resolve(logicalId)).toEqual('RESOURCE1989552F74a24ef4fbc89422'); + const rendered = userData.render(); + expect(rendered).toEqual('#!/bin/bash\n' + + 'function exitTrap(){\n' + + 'exitCode=$?\n' + + `/opt/aws/bin/cfn-signal --stack Default --resource ${logicalId} --region ${Aws.REGION} -e $exitCode || echo \'Failed to send Cloudformation Signal\'\n` + + '}\n' + + 'trap exitTrap EXIT\n' + + 'command1'); + }); test('can linux userdata download S3 files', () => { // GIVEN const stack = new Stack(); From 9f6e10ed0a751c06fe0cc1d79f38d5fb4b686087 Mon Sep 17 00:00:00 2001 From: Daniel Bartholomae Date: Mon, 31 Jan 2022 15:35:24 +0100 Subject: [PATCH 25/26] fix(core): correctly reference versionless secure parameters (#18730) When no version is specified, the `:` at the end is not allowed. Closes #18729. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/core/lib/secret-value.ts | 5 +++-- packages/@aws-cdk/core/test/secret-value.test.ts | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/core/lib/secret-value.ts b/packages/@aws-cdk/core/lib/secret-value.ts index 84e668a1b4306..270a70a519065 100644 --- a/packages/@aws-cdk/core/lib/secret-value.ts +++ b/packages/@aws-cdk/core/lib/secret-value.ts @@ -71,8 +71,9 @@ export class SecretValue extends Intrinsic { * latest version of the parameter. */ public static ssmSecure(parameterName: string, version?: string): SecretValue { - const parts = [parameterName, version ?? '']; - return this.cfnDynamicReference(new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE, parts.join(':'))); + return this.cfnDynamicReference( + new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE, + version ? `${parameterName}:${version}` : parameterName)); } /** diff --git a/packages/@aws-cdk/core/test/secret-value.test.ts b/packages/@aws-cdk/core/test/secret-value.test.ts index a987cfaff0c87..4a9b7bbe56093 100644 --- a/packages/@aws-cdk/core/test/secret-value.test.ts +++ b/packages/@aws-cdk/core/test/secret-value.test.ts @@ -127,7 +127,7 @@ describe('secret value', () => { const v = SecretValue.ssmSecure('param-name'); // THEN - expect(stack.resolve(v)).toEqual('{{resolve:ssm-secure:param-name:}}'); + expect(stack.resolve(v)).toEqual('{{resolve:ssm-secure:param-name}}'); }); test('cfnDynamicReference', () => { From 203cd9a43ed612eea8f71dc7eeb39f9b69216dc8 Mon Sep 17 00:00:00 2001 From: Niko Virtala Date: Mon, 31 Jan 2022 18:59:39 +0200 Subject: [PATCH 26/26] chore(rds): add support for PostgreSQL 14 (#18713) Amazon RDS for PostgreSQL supports now a major version 14. https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-rds-postgresql-14-outposts/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-rds/lib/instance-engine.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/@aws-cdk/aws-rds/lib/instance-engine.ts b/packages/@aws-cdk/aws-rds/lib/instance-engine.ts index 20b00a06f38f8..01f2f62d7a4da 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance-engine.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance-engine.ts @@ -903,6 +903,11 @@ export class PostgresEngineVersion { /** Version "13.5". */ public static readonly VER_13_5 = PostgresEngineVersion.of('13.5', '13', { s3Import: true, s3Export: true }); + /** Version "14" (only a major version, without a specific minor version). */ + public static readonly VER_14 = PostgresEngineVersion.of('14', '14', { s3Import: true, s3Export: true }); + /** Version "14.1". */ + public static readonly VER_14_1 = PostgresEngineVersion.of('14.1', '14', { s3Import: true, s3Export: true }); + /** * Create a new PostgresEngineVersion with an arbitrary version. *