From cf923bc4eacd3bb0efdc469708dc389a67d38bcc Mon Sep 17 00:00:00 2001 From: Grayden <38144548+graydenshand@users.noreply.github.com> Date: Tue, 19 Dec 2023 16:25:06 -0500 Subject: [PATCH 1/7] feat(stepfunctions): CustomState addCatch (#28422) Adds a public `addCatch` method to the stepfunctions `CustomState` state. Closes #25798. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...functions-custom-state-integ.template.json | 2 +- .../test/integ.custom-state.ts | 7 +++ .../aws-cdk-lib/aws-stepfunctions/README.md | 4 ++ .../lib/states/custom-state.ts | 16 ++++++- .../test/custom-state.test.ts | 48 +++++++++++++++++++ 5 files changed, 74 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.js.snapshot/aws-stepfunctions-custom-state-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.js.snapshot/aws-stepfunctions-custom-state-integ.template.json index fde50d40dc7b7..b090502f0294b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.js.snapshot/aws-stepfunctions-custom-state-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.js.snapshot/aws-stepfunctions-custom-state-integ.template.json @@ -26,7 +26,7 @@ "Arn" ] }, - "DefinitionString": "{\"StartAt\":\"my custom task\",\"States\":{\"my custom task\":{\"Next\":\"final step\",\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}},\"ResultPath\":null},\"final step\":{\"Type\":\"Pass\",\"End\":true}},\"TimeoutSeconds\":30}" + "DefinitionString": "{\"StartAt\":\"my custom task\",\"States\":{\"my custom task\":{\"Next\":\"final step\",\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}},\"ResultPath\":null,\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"failed\"}]},\"final step\":{\"Type\":\"Pass\",\"End\":true},\"failed\":{\"Type\":\"Fail\",\"Error\":\"DidNotWork\",\"Cause\":\"We got stuck\"}},\"TimeoutSeconds\":30}" }, "DependsOn": [ "StateMachineRoleB840431D" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.ts index d65b0e373945b..5d28b12436975 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.custom-state.ts @@ -25,10 +25,17 @@ const stateJson = { ResultPath: null, }; +const failure = new sfn.Fail(stack, 'failed', { + error: 'DidNotWork', + cause: 'We got stuck', +}); + const custom = new sfn.CustomState(stack, 'my custom task', { stateJson, }); +custom.addCatch(failure); + const chain = sfn.Chain.start(custom).next(finalStatus); const sm = new sfn.StateMachine(stack, 'StateMachine', { diff --git a/packages/aws-cdk-lib/aws-stepfunctions/README.md b/packages/aws-cdk-lib/aws-stepfunctions/README.md index ab142c0f1ddbd..aef1e2ffaa631 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions/README.md @@ -598,6 +598,10 @@ const custom = new sfn.CustomState(this, 'my custom task', { stateJson, }); +// catch errors with addCatch +const errorHandler = new sfn.Pass(this, 'handle failure'); +custom.addCatch(errorHandler); + const chain = sfn.Chain.start(custom) .next(finalStatus); diff --git a/packages/aws-cdk-lib/aws-stepfunctions/lib/states/custom-state.ts b/packages/aws-cdk-lib/aws-stepfunctions/lib/states/custom-state.ts index 3bf14fc249b80..db66a5a8de17f 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/lib/states/custom-state.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/lib/states/custom-state.ts @@ -1,7 +1,7 @@ import { Construct } from 'constructs'; import { State } from './state'; import { Chain } from '..'; -import { IChainable, INextable } from '../types'; +import { CatchProps, IChainable, INextable } from '../types'; /** * Properties for defining a custom state definition @@ -25,7 +25,7 @@ export class CustomState extends State implements IChainable, INextable { /** * Amazon States Language (JSON-based) definition of the state */ - private readonly stateJson: { [key: string]: any}; + private readonly stateJson: { [key: string]: any }; constructor(scope: Construct, id: string, props: CustomStateProps) { super(scope, id, {}); @@ -34,6 +34,17 @@ export class CustomState extends State implements IChainable, INextable { this.stateJson = props.stateJson; } + /** + * Add a recovery handler for this state + * + * When a particular error occurs, execution will continue at the error + * handler instead of failing the state machine execution. + */ + public addCatch(handler: IChainable, props: CatchProps = {}): CustomState { + super._addCatch(handler.startState, props); + return this; + } + /** * Continue normal execution with the given state */ @@ -49,6 +60,7 @@ export class CustomState extends State implements IChainable, INextable { return { ...this.renderNextEnd(), ...this.stateJson, + ...this.renderRetryCatch(), }; } } diff --git a/packages/aws-cdk-lib/aws-stepfunctions/test/custom-state.test.ts b/packages/aws-cdk-lib/aws-stepfunctions/test/custom-state.test.ts index 98ccf387bad49..766b8ac659abe 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/test/custom-state.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/test/custom-state.test.ts @@ -33,6 +33,7 @@ describe('Custom State', () => { // THEN expect(customState.toStateJson()).toStrictEqual({ ...stateJson, + ...{ Catch: undefined, Retry: undefined }, End: true, }); }); @@ -72,4 +73,51 @@ describe('Custom State', () => { }, ); }); + + test('can add a catch state', () => { + // GIVEN + const failure = new sfn.Fail(stack, 'failed', { + error: 'DidNotWork', + cause: 'We got stuck', + }); + const custom = new sfn.CustomState(stack, 'Custom', { + stateJson, + }); + const chain = sfn.Chain.start(custom); + + // WHEN + custom.addCatch(failure); + + // THEN + expect(render(stack, chain)).toStrictEqual( + { + StartAt: 'Custom', + States: { + Custom: { + Type: 'Task', + Resource: 'arn:aws:states:::dynamodb:putItem', + Parameters: { + TableName: 'MyTable', + Item: { + id: { + S: 'MyEntry', + }, + }, + }, + ResultPath: null, + Catch: [{ + ErrorEquals: ['States.ALL'], + Next: 'failed', + }], + End: true, + }, + failed: { + Type: 'Fail', + Error: 'DidNotWork', + Cause: 'We got stuck', + }, + }, + }, + ); + }); }); \ No newline at end of file From 4dde5021a4e69de0ca2e49226ef0d2cde76d4235 Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Tue, 19 Dec 2023 14:52:02 -0700 Subject: [PATCH 2/7] feat(events): add multiple event bus policies on a single event bus (#27340) Enable the creation of multiple event bus policies on a single event bus. Closes #24671. The result of the Policies created by the integration test is a resource policy on the event bus that looks like ```json { "Version": "2012-10-17", "Statement": [{ "Sid": "Statement2", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam:::root" }, "Action": "events:PutRule", "Resource": "arn:aws:events:us-west-2::event-bus/StackBusAA0A1E4B" }, { "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam:::root" }, "Action": "events:PutEvents", "Resource": "arn:aws:events:us-west-2::event-bus/StackBusAA0A1E4B" }] } ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...faultTestDeployAssertE6DF8EA9.assets.json} | 4 +- ...ultTestDeployAssertE6DF8EA9.template.json} | 0 .../Stack.assets.json | 13 +- .../Stack.template.json | 52 +++++++- .../test/integ.eventbus.js.snapshot/cdk.out | 2 +- .../integ.eventbus.js.snapshot/integ.json | 8 +- .../integ.eventbus.js.snapshot/manifest.json | 42 +++--- .../test/integ.eventbus.js.snapshot/tree.json | 122 +++++++++++++----- .../test/aws-events/test/integ.eventbus.ts | 18 ++- .../aws-cdk-lib/aws-events/lib/event-bus.ts | 11 +- .../aws-events/test/event-bus.test.ts | 21 ++- 11 files changed, 204 insertions(+), 89 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/{IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json => IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json} (82%) rename packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/{IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json => IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json} (100%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json similarity index 82% rename from packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json index 0558ec65bb4a1..4209c700d9bd4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json @@ -1,9 +1,9 @@ { - "version": "22.0.0", + "version": "34.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { - "path": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json", + "path": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json", "packaging": "file" }, "destinations": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json index 1227cf564778b..0f867605130fa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json @@ -1,17 +1,16 @@ { - "version": "22.0.0", + "version": "34.0.0", "files": { - "c71ed4ea3da796e03fa29834408d0b65d9093011ecfedfbb40bae050834974cc": { + "57e14b65d6e62634abcf2a64f00eb08e99ee92617490f92b45eff16399d6173a": { "source": { "path": "Stack.template.json", "packaging": "file" }, "destinations": { - "current_account-us-east-1": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "c71ed4ea3da796e03fa29834408d0b65d9093011ecfedfbb40bae050834974cc.json", - "region": "us-east-1", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "57e14b65d6e62634abcf2a64f00eb08e99ee92617490f92b45eff16399d6173a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json index 27cd68f2924c7..f13964b9866c7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json @@ -6,10 +6,9 @@ "Name": "StackBusAA0A1E4B" } }, - "BusPolicyCF00D793": { + "BusStatement1B4D0336C": { "Type": "AWS::Events::EventBusPolicy", "Properties": { - "StatementId": "123", "EventBusName": { "Ref": "BusEA82B648" }, @@ -21,7 +20,11 @@ "Fn::Join": [ "", [ - "arn:aws:iam::", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", { "Ref": "AWS::AccountId" }, @@ -36,8 +39,47 @@ "Arn" ] }, - "Sid": "123" - } + "Sid": "Statement1" + }, + "StatementId": "Statement1" + } + }, + "BusStatement2B5FB314B": { + "Type": "AWS::Events::EventBusPolicy", + "Properties": { + "EventBusName": { + "Ref": "BusEA82B648" + }, + "Statement": { + "Action": "events:PutRule", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "BusEA82B648", + "Arn" + ] + }, + "Sid": "Statement2" + }, + "StatementId": "Statement2" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out index 145739f539580..2313ab5436501 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"22.0.0"} \ No newline at end of file +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json index 4ccd06ac2c606..6fe4c5f82830c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json @@ -1,12 +1,12 @@ { - "version": "22.0.0", + "version": "34.0.0", "testCases": { - "IntegTest-BatchDefaultEnvVarsStack/DefaultTest": { + "IntegTest-EventBusStack/DefaultTest": { "stacks": [ "Stack" ], - "assertionStack": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert", - "assertionStackName": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2" + "assertionStack": "IntegTest-EventBusStack/DefaultTest/DeployAssert", + "assertionStackName": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json index a447751618586..11bedb11869b1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "22.0.0", + "version": "34.0.0", "artifacts": { "Stack.assets": { "type": "cdk:asset-manifest", @@ -11,20 +11,21 @@ }, "Stack": { "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/us-east-1", + "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "Stack.template.json", + "terminationProtection": false, "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/c71ed4ea3da796e03fa29834408d0b65d9093011ecfedfbb40bae050834974cc.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/57e14b65d6e62634abcf2a64f00eb08e99ee92617490f92b45eff16399d6173a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ "Stack.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } @@ -39,10 +40,16 @@ "data": "BusEA82B648" } ], - "/Stack/Bus/Policy/Resource": [ + "/Stack/Bus/Statement1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BusStatement1B4D0336C" + } + ], + "/Stack/Bus/Statement2/Resource": [ { "type": "aws:cdk:logicalId", - "data": "BusPolicyCF00D793" + "data": "BusStatement2B5FB314B" } ], "/Stack/BootstrapVersion": [ @@ -60,19 +67,20 @@ }, "displayName": "Stack" }, - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets": { + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json", + "file": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2": { + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json", + "templateFile": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", @@ -80,7 +88,7 @@ "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets" + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -89,23 +97,23 @@ } }, "dependencies": [ - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets" + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets" ], "metadata": { - "/IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/BootstrapVersion": [ + "/IntegTest-EventBusStack/DefaultTest/DeployAssert/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + "/IntegTest-EventBusStack/DefaultTest/DeployAssert/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert" + "displayName": "IntegTest-EventBusStack/DefaultTest/DeployAssert" }, "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json index c75244482411a..d6fbe1678d677 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json @@ -22,21 +22,20 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/core.CfnResource", + "fqn": "aws-cdk-lib.aws_events.CfnEventBus", "version": "0.0.0" } }, - "Policy": { - "id": "Policy", - "path": "Stack/Bus/Policy", + "Statement1": { + "id": "Statement1", + "path": "Stack/Bus/Statement1", "children": { "Resource": { "id": "Resource", - "path": "Stack/Bus/Policy/Resource", + "path": "Stack/Bus/Statement1/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy", "aws:cdk:cloudformation:props": { - "statementId": "123", "eventBusName": { "Ref": "BusEA82B648" }, @@ -48,7 +47,11 @@ "Fn::Join": [ "", [ - "arn:aws:iam::", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", { "Ref": "AWS::AccountId" }, @@ -63,24 +66,81 @@ "Arn" ] }, - "Sid": "123" - } + "Sid": "Statement1" + }, + "statementId": "Statement1" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.CfnEventBusPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.EventBusPolicy", + "version": "0.0.0" + } + }, + "Statement2": { + "id": "Statement2", + "path": "Stack/Bus/Statement2", + "children": { + "Resource": { + "id": "Resource", + "path": "Stack/Bus/Statement2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy", + "aws:cdk:cloudformation:props": { + "eventBusName": { + "Ref": "BusEA82B648" + }, + "statement": { + "Action": "events:PutRule", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "BusEA82B648", + "Arn" + ] + }, + "Sid": "Statement2" + }, + "statementId": "Statement2" } }, "constructInfo": { - "fqn": "@aws-cdk/core.CfnResource", + "fqn": "aws-cdk-lib.aws_events.CfnEventBusPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.aws_events.EventBusPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.aws_events.EventBus", "version": "0.0.0" } }, @@ -88,7 +148,7 @@ "id": "BootstrapVersion", "path": "Stack/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -96,67 +156,67 @@ "id": "CheckBootstrapVersion", "path": "Stack/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, - "IntegTest-BatchDefaultEnvVarsStack": { - "id": "IntegTest-BatchDefaultEnvVarsStack", - "path": "IntegTest-BatchDefaultEnvVarsStack", + "IntegTest-EventBusStack": { + "id": "IntegTest-EventBusStack", + "path": "IntegTest-EventBusStack", "children": { "DefaultTest": { "id": "DefaultTest", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest", + "path": "IntegTest-EventBusStack/DefaultTest", "children": { "Default": { "id": "Default", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/Default", + "path": "IntegTest-EventBusStack/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.168" + "version": "10.2.70" } }, "DeployAssert": { "id": "DeployAssert", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert", + "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert", "children": { "BootstrapVersion": { "id": "BootstrapVersion", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/BootstrapVersion", + "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/CheckBootstrapVersion", + "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", "version": "0.0.0" } }, @@ -165,12 +225,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.168" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts index 2afeb6e23df3c..08b54b635dd1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts @@ -4,21 +4,25 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { EventBus } from 'aws-cdk-lib/aws-events'; const app = new App(); -const stack = new Stack(app, 'Stack', { - env: { - region: 'us-east-1', - }, -}); +const stack = new Stack(app, 'Stack'); const bus = new EventBus(stack, 'Bus'); bus.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, principals: [new iam.AccountPrincipal(stack.account)], actions: ['events:PutEvents'], - sid: '123', + sid: 'Statement1', + resources: [bus.eventBusArn], +})); + +bus.addToResourcePolicy(new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [new iam.AccountPrincipal(stack.account)], + actions: ['events:PutRule'], + sid: 'Statement2', resources: [bus.eventBusArn], })); -new IntegTest(app, 'IntegTest-BatchDefaultEnvVarsStack', { +new IntegTest(app, 'IntegTest-EventBusStack', { testCases: [stack], }); diff --git a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts index 0a4d2a7107b66..a59aa8c1b4cca 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts @@ -309,8 +309,6 @@ export class EventBus extends EventBusBase { */ public readonly eventSourceName?: string; - private policy?: EventBusPolicy; - constructor(scope: Construct, id: string, props?: EventBusProps) { const { eventBusName, eventSourceName } = EventBus.eventBusProps( Lazy.string({ produce: () => Names.uniqueId(this) }), @@ -343,18 +341,13 @@ export class EventBus extends EventBusBase { throw new Error('Event Bus policy statements must have a sid'); } - if (this.policy) { - // The policy can contain only one statement - return { statementAdded: false }; - } - - this.policy = new EventBusPolicy(this, 'Policy', { + const policy = new EventBusPolicy(this, statement.sid, { eventBus: this, statement: statement.toJSON(), statementId: statement.sid, }); - return { statementAdded: true, policyDependable: this.policy }; + return { statementAdded: true, policyDependable: policy }; } } diff --git a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts index 70ab0fa14e71d..3d9b4de91994c 100644 --- a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts @@ -580,27 +580,36 @@ describe('event bus', () => { }); }); - test('cannot add more than one event bus policy', () => { + test('can add more than one event bus policy', () => { // GIVEN const app = new App(); const stack = new Stack(app, 'Stack'); const bus = new EventBus(stack, 'Bus'); - const statement = new iam.PolicyStatement({ + const statement1 = new iam.PolicyStatement({ effect: Effect.ALLOW, principals: [new iam.ArnPrincipal('arn')], actions: ['events:PutEvents'], - sid: '123', + sid: 'statement1', + resources: [bus.eventBusArn], + }); + + const statement2 = new iam.PolicyStatement({ + effect: Effect.ALLOW, + principals: [new iam.ArnPrincipal('arn')], + actions: ['events:DeleteRule'], + sid: 'statement2', resources: [bus.eventBusArn], }); // WHEN - const add1 = bus.addToResourcePolicy(statement); - const add2 = bus.addToResourcePolicy(statement); + const add1 = bus.addToResourcePolicy(statement1); + const add2 = bus.addToResourcePolicy(statement2); // THEN expect(add1.statementAdded).toBe(true); - expect(add2.statementAdded).toBe(false); + expect(add2.statementAdded).toBe(true); + Template.fromStack(stack).resourceCountIs('AWS::Events::EventBusPolicy', 2); }); test('Event Bus policy statements must have a sid', () => { From 5d6b8eefc66d326325673bda2b86b72aa4579199 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Wed, 20 Dec 2023 07:21:19 +0900 Subject: [PATCH 3/7] fix(ecs-patterns): taskDefinition ignored by queueProcessingFargateService (#28220) Fixed a bug in queueProcessingFargateService where the taskDefinition provided as an argument was not being used, and a default taskDefinition was always being generated instead. Closes #27360 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../Dockerfile | 10 + .../index.py | 22 + .../aws-ecs-patterns-queue.assets.json | 32 + .../aws-ecs-patterns-queue.template.json | 927 ++++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 371 ++++ ...efaultTestDeployAssert406F467D.assets.json | 19 + ...aultTestDeployAssert406F467D.template.json | 36 + .../tree.json | 1600 +++++++++++++++++ ...cessing-fargate-service-task-definition.ts | 35 + .../lib/base/queue-processing-service-base.ts | 7 +- .../lib/ecs/queue-processing-ecs-service.ts | 6 +- .../queue-processing-fargate-service.ts | 47 +- .../ec2/queue-processing-ecs-service.test.ts | 13 + .../queue-processing-fargate-service.test.ts | 86 + 16 files changed, 3202 insertions(+), 22 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/index.py create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile new file mode 100644 index 0000000000000..919fabfc3f637 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile @@ -0,0 +1,10 @@ +FROM public.ecr.aws/lambda/python:3.6 + +RUN pip3 install boto3 + +ENV QUEUE_NAME $QUEUE_NAME + +WORKDIR /src +ADD . /src + +CMD python3 index.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/index.py new file mode 100644 index 0000000000000..8b53f5149cb24 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/index.py @@ -0,0 +1,22 @@ +#!/usr/bin/python +import os +import boto3 + +QUEUE_NAME = os.environ.get('QUEUE_NAME') +print('QUEUE_NAME ' + QUEUE_NAME) + +if __name__ == '__main__': + client = boto3.client('sqs') + queue_url = client.get_queue_url(QueueName=QUEUE_NAME)['QueueUrl'] + print('queue_url ' + queue_url) + while True: + response = client.receive_message( + QueueUrl=queue_url, + WaitTimeSeconds=10, + ) + if response and 'Messages' in response: + for msg in response['Messages']: + print(msg['Body']) + entries = [{'Id': x['MessageId'], 'ReceiptHandle': x['ReceiptHandle']} for x in response['Messages']] + client.delete_message_batch(QueueUrl=queue_url, Entries=entries) + diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.assets.json new file mode 100644 index 0000000000000..454d0550721ef --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.assets.json @@ -0,0 +1,32 @@ +{ + "version": "35.0.0", + "files": { + "7bb9af94727d4a18ae0929321b0ef2f29cd6f89d6653d9676483f8edc1cf3edc": { + "source": { + "path": "aws-ecs-patterns-queue.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7bb9af94727d4a18ae0929321b0ef2f29cd6f89d6653d9676483f8edc1cf3edc.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": { + "95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417": { + "source": { + "directory": "asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" + }, + "destinations": { + "current_account-current_region": { + "repositoryName": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}", + "imageTag": "95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-image-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.template.json new file mode 100644 index 0000000000000..a5af9e6dea707 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/aws-ecs-patterns-queue.template.json @@ -0,0 +1,927 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2RouteTableAssociation5A808732" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-patterns-queue/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "TaskDefTaskRole1EDB4A67": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDefTaskRoleDefaultPolicyA592CB18": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "sqs:ChangeMessageVisibility", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TaskDefTaskRoleDefaultPolicyA592CB18", + "Roles": [ + { + "Ref": "TaskDefTaskRole1EDB4A67" + } + ] + } + }, + "TaskDef54694570": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" + }, + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "TaskDefTheContainerLogGroupD94C8EF5" + }, + "awslogs-stream-prefix": "QueueProcessingFargateService", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "TheContainer" + } + ], + "Cpu": "512", + "EphemeralStorage": { + "SizeInGiB": 30 + }, + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + "Family": "awsecspatternsqueueTaskDefD9E658F3", + "Memory": "1024", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "TaskDefTheContainerLogGroupD94C8EF5": { + "Type": "AWS::Logs::LogGroup", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "TaskDefExecutionRoleB4775C97": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDefExecutionRoleDefaultPolicy0DBB737A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TaskDefTheContainerLogGroupD94C8EF5", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TaskDefExecutionRoleDefaultPolicy0DBB737A", + "Roles": [ + { + "Ref": "TaskDefExecutionRoleB4775C97" + } + ] + } + }, + "QueueProcessingServiceEcsProcessingDeadLetterQueueD47A7C6B": { + "Type": "AWS::SQS::Queue", + "Properties": { + "MessageRetentionPeriod": 1209600 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "QueueProcessingServiceEcsProcessingQueue552F0B37": { + "Type": "AWS::SQS::Queue", + "Properties": { + "RedrivePolicy": { + "deadLetterTargetArn": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingDeadLetterQueueD47A7C6B", + "Arn" + ] + }, + "maxReceiveCount": 3 + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "QueueProcessingServiceQueueProcessingFargateService0340DB9F": { + "Type": "AWS::ECS::Service", + "Properties": { + "Cluster": { + "Ref": "EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3" + }, + "DeploymentConfiguration": { + "Alarms": { + "AlarmNames": [], + "Enable": false, + "Rollback": false + }, + "MaximumPercent": 200, + "MinimumHealthyPercent": 50 + }, + "EnableECSManagedTags": false, + "LaunchType": "FARGATE", + "NetworkConfiguration": { + "AwsvpcConfiguration": { + "AssignPublicIp": "DISABLED", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "QueueProcessingServiceQueueProcessingFargateServiceSecurityGroup8FDF413D", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + }, + "TaskDefinition": { + "Ref": "TaskDef54694570" + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceSecurityGroup8FDF413D": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444": { + "Type": "AWS::ApplicationAutoScaling::ScalableTarget", + "Properties": { + "MaxCapacity": 2, + "MinCapacity": 1, + "ResourceId": { + "Fn::Join": [ + "", + [ + "service/", + { + "Ref": "EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3" + }, + "/", + { + "Fn::GetAtt": [ + "QueueProcessingServiceQueueProcessingFargateService0340DB9F", + "Name" + ] + } + ] + ] + }, + "RoleARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" + ] + ] + }, + "ScalableDimension": "ecs:service:DesiredCount", + "ServiceNamespace": "ecs" + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetCpuScaling330150E9": { + "Type": "AWS::ApplicationAutoScaling::ScalingPolicy", + "Properties": { + "PolicyName": "awsecspatternsqueueQueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetCpuScaling374CE648", + "PolicyType": "TargetTrackingScaling", + "ScalingTargetId": { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + }, + "TargetTrackingScalingPolicyConfiguration": { + "PredefinedMetricSpecification": { + "PredefinedMetricType": "ECSServiceAverageCPUUtilization" + }, + "TargetValue": 50 + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerPolicy332E2644": { + "Type": "AWS::ApplicationAutoScaling::ScalingPolicy", + "Properties": { + "PolicyName": "awsecspatternsqueueQueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerPolicy74582401", + "PolicyType": "StepScaling", + "ScalingTargetId": { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + }, + "StepScalingPolicyConfiguration": { + "AdjustmentType": "ChangeInCapacity", + "MetricAggregationType": "Maximum", + "StepAdjustments": [ + { + "MetricIntervalUpperBound": 0, + "ScalingAdjustment": -1 + } + ] + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerAlarm20C30A06": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "AlarmActions": [ + { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerPolicy332E2644" + } + ], + "AlarmDescription": "Lower threshold scaling alarm", + "ComparisonOperator": "LessThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "QueueName", + "Value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "QueueName" + ] + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "ApproximateNumberOfMessagesVisible", + "Namespace": "AWS/SQS", + "Period": 300, + "Statistic": "Maximum", + "Threshold": 0 + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperPolicy84DD739A": { + "Type": "AWS::ApplicationAutoScaling::ScalingPolicy", + "Properties": { + "PolicyName": "awsecspatternsqueueQueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperPolicy23C5F983", + "PolicyType": "StepScaling", + "ScalingTargetId": { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + }, + "StepScalingPolicyConfiguration": { + "AdjustmentType": "ChangeInCapacity", + "MetricAggregationType": "Maximum", + "StepAdjustments": [ + { + "MetricIntervalLowerBound": 0, + "MetricIntervalUpperBound": 400, + "ScalingAdjustment": 1 + }, + { + "MetricIntervalLowerBound": 400, + "ScalingAdjustment": 5 + } + ] + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperAlarm2660BEDF": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "AlarmActions": [ + { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperPolicy84DD739A" + } + ], + "AlarmDescription": "Upper threshold scaling alarm", + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "QueueName", + "Value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "QueueName" + ] + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "ApproximateNumberOfMessagesVisible", + "Namespace": "AWS/SQS", + "Period": 300, + "Statistic": "Maximum", + "Threshold": 100 + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3": { + "Type": "AWS::ECS::Cluster" + } + }, + "Outputs": { + "QueueProcessingServiceSQSDeadLetterQueueE9058015": { + "Value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingDeadLetterQueueD47A7C6B", + "QueueName" + ] + } + }, + "QueueProcessingServiceSQSDeadLetterQueueArnF7C6D3A8": { + "Value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingDeadLetterQueueD47A7C6B", + "Arn" + ] + } + }, + "QueueProcessingServiceSQSQueue1AD9CD9C": { + "Value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "QueueName" + ] + } + }, + "QueueProcessingServiceSQSQueueArn8C4AE4AE": { + "Value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "Arn" + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c5cb2e5de6344 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"35.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/integ.json new file mode 100644 index 0000000000000..b12f5a9bd497e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "35.0.0", + "testCases": { + "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest": { + "stacks": [ + "aws-ecs-patterns-queue" + ], + "assertionStack": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert", + "assertionStackName": "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/manifest.json new file mode 100644 index 0000000000000..42b2310f5959c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/manifest.json @@ -0,0 +1,371 @@ +{ + "version": "35.0.0", + "artifacts": { + "aws-ecs-patterns-queue.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-ecs-patterns-queue.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-ecs-patterns-queue": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-ecs-patterns-queue.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7bb9af94727d4a18ae0929321b0ef2f29cd6f89d6653d9676483f8edc1cf3edc.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-ecs-patterns-queue.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-ecs-patterns-queue.assets" + ], + "metadata": { + "/aws-ecs-patterns-queue/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/aws-ecs-patterns-queue/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/aws-ecs-patterns-queue/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/aws-ecs-patterns-queue/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/aws-ecs-patterns-queue/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/aws-ecs-patterns-queue/TaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRole1EDB4A67" + } + ], + "/aws-ecs-patterns-queue/TaskDef/TaskRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRoleDefaultPolicyA592CB18" + } + ], + "/aws-ecs-patterns-queue/TaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef54694570" + } + ], + "/aws-ecs-patterns-queue/TaskDef/TheContainer/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTheContainerLogGroupD94C8EF5" + } + ], + "/aws-ecs-patterns-queue/TaskDef/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefExecutionRoleB4775C97" + } + ], + "/aws-ecs-patterns-queue/TaskDef/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefExecutionRoleDefaultPolicy0DBB737A" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/EcsProcessingDeadLetterQueue/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceEcsProcessingDeadLetterQueueD47A7C6B" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/EcsProcessingQueue/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceEcsProcessingQueue552F0B37" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/SQSDeadLetterQueue": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceSQSDeadLetterQueueE9058015" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/SQSDeadLetterQueueArn": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceSQSDeadLetterQueueArnF7C6D3A8" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/SQSQueue": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceSQSQueue1AD9CD9C" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/SQSQueueArn": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceSQSQueueArn8C4AE4AE" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/Service": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateService0340DB9F" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceSecurityGroup8FDF413D" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/CpuScaling/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetCpuScaling330150E9" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/LowerPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerPolicy332E2644" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/LowerAlarm/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerAlarm20C30A06" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/UpperPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperPolicy84DD739A" + } + ], + "/aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/UpperAlarm/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperAlarm2660BEDF" + } + ], + "/aws-ecs-patterns-queue/EcsDefaultClusterMnL3mNNYNVPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3" + } + ], + "/aws-ecs-patterns-queue/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-ecs-patterns-queue/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-ecs-patterns-queue" + }, + "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets" + ], + "metadata": { + "/taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets.json new file mode 100644 index 0000000000000..2e718fe2e5943 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.assets.json @@ -0,0 +1,19 @@ +{ + "version": "35.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/taskDefinitionQueueProcessingFargateServiceTestDefaultTestDeployAssert406F467D.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/tree.json new file mode 100644 index 0000000000000..ef3e857462320 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/tree.json @@ -0,0 +1,1600 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-ecs-patterns-queue": { + "id": "aws-ecs-patterns-queue", + "path": "aws-ecs-patterns-queue", + "children": { + "VPC": { + "id": "VPC", + "path": "aws-ecs-patterns-queue/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-ecs-patterns-queue/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-patterns-queue/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-ecs-patterns-queue/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-patterns-queue/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-ecs-patterns-queue/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "TaskDef": { + "id": "TaskDef", + "path": "aws-ecs-patterns-queue/TaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-ecs-patterns-queue/TaskDef/TaskRole", + "children": { + "ImportTaskRole": { + "id": "ImportTaskRole", + "path": "aws-ecs-patterns-queue/TaskDef/TaskRole/ImportTaskRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/TaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-patterns-queue/TaskDef/TaskRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/TaskDef/TaskRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "sqs:ChangeMessageVisibility", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "TaskDefTaskRoleDefaultPolicyA592CB18", + "roles": [ + { + "Ref": "TaskDefTaskRole1EDB4A67" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/TaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417" + }, + "name": "TheContainer", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "TaskDefTheContainerLogGroupD94C8EF5" + }, + "awslogs-stream-prefix": "QueueProcessingFargateService", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "512", + "ephemeralStorage": { + "sizeInGiB": 30 + }, + "executionRoleArn": { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + "family": "awsecspatternsqueueTaskDefD9E658F3", + "memory": "1024", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "TheContainer": { + "id": "TheContainer", + "path": "aws-ecs-patterns-queue/TaskDef/TheContainer", + "children": { + "AssetImage": { + "id": "AssetImage", + "path": "aws-ecs-patterns-queue/TaskDef/TheContainer/AssetImage", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-ecs-patterns-queue/TaskDef/TheContainer/AssetImage/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "aws-ecs-patterns-queue/TaskDef/TheContainer/AssetImage/Repository", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "aws-ecs-patterns-queue/TaskDef/TheContainer/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/TaskDef/TheContainer/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "aws-ecs-patterns-queue/TaskDef/ExecutionRole", + "children": { + "ImportExecutionRole": { + "id": "ImportExecutionRole", + "path": "aws-ecs-patterns-queue/TaskDef/ExecutionRole/ImportExecutionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/TaskDef/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-patterns-queue/TaskDef/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/TaskDef/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TaskDefTheContainerLogGroupD94C8EF5", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "TaskDefExecutionRoleDefaultPolicy0DBB737A", + "roles": [ + { + "Ref": "TaskDefExecutionRoleB4775C97" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "0.0.0" + } + }, + "QueueProcessingService": { + "id": "QueueProcessingService", + "path": "aws-ecs-patterns-queue/QueueProcessingService", + "children": { + "EcsProcessingDeadLetterQueue": { + "id": "EcsProcessingDeadLetterQueue", + "path": "aws-ecs-patterns-queue/QueueProcessingService/EcsProcessingDeadLetterQueue", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/EcsProcessingDeadLetterQueue/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SQS::Queue", + "aws:cdk:cloudformation:props": { + "messageRetentionPeriod": 1209600 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sqs.CfnQueue", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sqs.Queue", + "version": "0.0.0" + } + }, + "EcsProcessingQueue": { + "id": "EcsProcessingQueue", + "path": "aws-ecs-patterns-queue/QueueProcessingService/EcsProcessingQueue", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/EcsProcessingQueue/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SQS::Queue", + "aws:cdk:cloudformation:props": { + "redrivePolicy": { + "deadLetterTargetArn": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingDeadLetterQueueD47A7C6B", + "Arn" + ] + }, + "maxReceiveCount": 3 + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sqs.CfnQueue", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sqs.Queue", + "version": "0.0.0" + } + }, + "SQSDeadLetterQueue": { + "id": "SQSDeadLetterQueue", + "path": "aws-ecs-patterns-queue/QueueProcessingService/SQSDeadLetterQueue", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "SQSDeadLetterQueueArn": { + "id": "SQSDeadLetterQueueArn", + "path": "aws-ecs-patterns-queue/QueueProcessingService/SQSDeadLetterQueueArn", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "SQSQueue": { + "id": "SQSQueue", + "path": "aws-ecs-patterns-queue/QueueProcessingService/SQSQueue", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "SQSQueueArn": { + "id": "SQSQueueArn", + "path": "aws-ecs-patterns-queue/QueueProcessingService/SQSQueueArn", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "QueueProcessingFargateService": { + "id": "QueueProcessingFargateService", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService", + "children": { + "Service": { + "id": "Service", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/Service", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Service", + "aws:cdk:cloudformation:props": { + "cluster": { + "Ref": "EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3" + }, + "deploymentConfiguration": { + "maximumPercent": 200, + "minimumHealthyPercent": 50, + "alarms": { + "alarmNames": [], + "enable": false, + "rollback": false + } + }, + "enableEcsManagedTags": false, + "launchType": "FARGATE", + "networkConfiguration": { + "awsvpcConfiguration": { + "assignPublicIp": "DISABLED", + "subnets": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "securityGroups": [ + { + "Fn::GetAtt": [ + "QueueProcessingServiceQueueProcessingFargateServiceSecurityGroup8FDF413D", + "GroupId" + ] + } + ] + } + }, + "taskDefinition": { + "Ref": "TaskDef54694570" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnService", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "ScalingRole": { + "id": "ScalingRole", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/ScalingRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "TaskCount": { + "id": "TaskCount", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount", + "children": { + "Target": { + "id": "Target", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApplicationAutoScaling::ScalableTarget", + "aws:cdk:cloudformation:props": { + "maxCapacity": 2, + "minCapacity": 1, + "resourceId": { + "Fn::Join": [ + "", + [ + "service/", + { + "Ref": "EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3" + }, + "/", + { + "Fn::GetAtt": [ + "QueueProcessingServiceQueueProcessingFargateService0340DB9F", + "Name" + ] + } + ] + ] + }, + "roleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" + ] + ] + }, + "scalableDimension": "ecs:service:DesiredCount", + "serviceNamespace": "ecs" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.CfnScalableTarget", + "version": "0.0.0" + } + }, + "CpuScaling": { + "id": "CpuScaling", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/CpuScaling", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/CpuScaling/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApplicationAutoScaling::ScalingPolicy", + "aws:cdk:cloudformation:props": { + "policyName": "awsecspatternsqueueQueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetCpuScaling374CE648", + "policyType": "TargetTrackingScaling", + "scalingTargetId": { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + }, + "targetTrackingScalingPolicyConfiguration": { + "predefinedMetricSpecification": { + "predefinedMetricType": "ECSServiceAverageCPUUtilization" + }, + "targetValue": 50 + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.CfnScalingPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.TargetTrackingScalingPolicy", + "version": "0.0.0" + } + }, + "QueueMessagesVisibleScaling": { + "id": "QueueMessagesVisibleScaling", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling", + "children": { + "LowerPolicy": { + "id": "LowerPolicy", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/LowerPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/LowerPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApplicationAutoScaling::ScalingPolicy", + "aws:cdk:cloudformation:props": { + "policyName": "awsecspatternsqueueQueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerPolicy74582401", + "policyType": "StepScaling", + "scalingTargetId": { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + }, + "stepScalingPolicyConfiguration": { + "adjustmentType": "ChangeInCapacity", + "metricAggregationType": "Maximum", + "stepAdjustments": [ + { + "metricIntervalUpperBound": 0, + "scalingAdjustment": -1 + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.CfnScalingPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.StepScalingAction", + "version": "0.0.0" + } + }, + "LowerAlarm": { + "id": "LowerAlarm", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/LowerAlarm", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/LowerAlarm/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "alarmActions": [ + { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingLowerPolicy332E2644" + } + ], + "alarmDescription": "Lower threshold scaling alarm", + "comparisonOperator": "LessThanOrEqualToThreshold", + "dimensions": [ + { + "name": "QueueName", + "value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "QueueName" + ] + } + } + ], + "evaluationPeriods": 1, + "metricName": "ApproximateNumberOfMessagesVisible", + "namespace": "AWS/SQS", + "period": 300, + "statistic": "Maximum", + "threshold": 0 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "UpperPolicy": { + "id": "UpperPolicy", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/UpperPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/UpperPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApplicationAutoScaling::ScalingPolicy", + "aws:cdk:cloudformation:props": { + "policyName": "awsecspatternsqueueQueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperPolicy23C5F983", + "policyType": "StepScaling", + "scalingTargetId": { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetA9D54444" + }, + "stepScalingPolicyConfiguration": { + "adjustmentType": "ChangeInCapacity", + "metricAggregationType": "Maximum", + "stepAdjustments": [ + { + "metricIntervalLowerBound": 0, + "metricIntervalUpperBound": 400, + "scalingAdjustment": 1 + }, + { + "metricIntervalLowerBound": 400, + "scalingAdjustment": 5 + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.CfnScalingPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.StepScalingAction", + "version": "0.0.0" + } + }, + "UpperAlarm": { + "id": "UpperAlarm", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/UpperAlarm", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/QueueProcessingService/QueueProcessingFargateService/TaskCount/Target/QueueMessagesVisibleScaling/UpperAlarm/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "alarmActions": [ + { + "Ref": "QueueProcessingServiceQueueProcessingFargateServiceTaskCountTargetQueueMessagesVisibleScalingUpperPolicy84DD739A" + } + ], + "alarmDescription": "Upper threshold scaling alarm", + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "QueueName", + "value": { + "Fn::GetAtt": [ + "QueueProcessingServiceEcsProcessingQueue552F0B37", + "QueueName" + ] + } + } + ], + "evaluationPeriods": 1, + "metricName": "ApproximateNumberOfMessagesVisible", + "namespace": "AWS/SQS", + "period": 300, + "statistic": "Maximum", + "threshold": 100 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.StepScalingPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_applicationautoscaling.ScalableTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ScalableTaskCount", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateService", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs_patterns.QueueProcessingFargateService", + "version": "0.0.0" + } + }, + "EcsDefaultClusterMnL3mNNYNVPC": { + "id": "EcsDefaultClusterMnL3mNNYNVPC", + "path": "aws-ecs-patterns-queue/EcsDefaultClusterMnL3mNNYNVPC", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-patterns-queue/EcsDefaultClusterMnL3mNNYNVPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-ecs-patterns-queue/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-ecs-patterns-queue/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "taskDefinitionQueueProcessingFargateServiceTest": { + "id": "taskDefinitionQueueProcessingFargateServiceTest", + "path": "taskDefinitionQueueProcessingFargateServiceTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "taskDefinitionQueueProcessingFargateServiceTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts new file mode 100644 index 0000000000000..422c409311809 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.ts @@ -0,0 +1,35 @@ +import * as path from 'path'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as ecs from 'aws-cdk-lib/aws-ecs'; +import { App, Stack } from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { QueueProcessingFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; + +const app = new App(); +const stack = new Stack(app, 'aws-ecs-patterns-queue'); +const vpc = new ec2.Vpc(stack, 'VPC', { + restrictDefaultSecurityGroup: false, + maxAzs: 2, +}); + +const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { + memoryLimitMiB: 1024, + cpu: 512, + ephemeralStorageGiB: 30, +}); + +taskDefinition.addContainer('TheContainer', { + image: new ecs.AssetImage(path.join(__dirname, '..', 'sqs-reader')), + logging: new ecs.AwsLogDriver({ streamPrefix: 'QueueProcessingFargateService' }), +}); + +new QueueProcessingFargateService(stack, 'QueueProcessingService', { + vpc, + taskDefinition, +}); + +new integ.IntegTest(app, 'taskDefinitionQueueProcessingFargateServiceTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/queue-processing-service-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/queue-processing-service-base.ts index 385caafdc0ca2..0393b391076e7 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/queue-processing-service-base.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/queue-processing-service-base.ts @@ -38,8 +38,13 @@ export interface QueueProcessingServiceBaseProps { /** * The image used to start a container. + * + * For `QueueProcessingFargateService`, either `image` or `taskDefinition` must be specified, but not both. + * For `QueueProcessingEc2Service`, `image` is required. + * + * @default - the image of the task definition is used for Fargate, required otherwise */ - readonly image: ContainerImage; + readonly image?: ContainerImage; /** * The command that is passed to the container. diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts index fa53d91f0898d..8ddce9b40419d 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/ecs/queue-processing-ecs-service.ts @@ -103,9 +103,13 @@ export class QueueProcessingEc2Service extends QueueProcessingServiceBase { /** * Constructs a new instance of the QueueProcessingEc2Service class. */ - constructor(scope: Construct, id: string, props: QueueProcessingEc2ServiceProps) { + constructor(scope: Construct, id: string, props: QueueProcessingEc2ServiceProps = {}) { super(scope, id, props); + if (!props.image) { + throw new Error('image must be specified for EC2 queue processing service'); + } + const containerName = props.containerName ?? 'QueueProcessingContainer'; // Create a Task Definition for the container to start diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts index 5d3ba07353b7c..f2f26d5e8669d 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts @@ -10,9 +10,9 @@ import { QueueProcessingServiceBase, QueueProcessingServiceBaseProps } from '../ * The properties for the QueueProcessingFargateService service. */ export interface QueueProcessingFargateServiceProps extends QueueProcessingServiceBaseProps, FargateServiceBaseProps { - /** - * Optional name for the container added + * Optional name for the container added. + * This name is not used when `taskDefinition` is provided. * * @default - QueueProcessingContainer */ @@ -65,27 +65,34 @@ export class QueueProcessingFargateService extends QueueProcessingServiceBase { /** * Constructs a new instance of the QueueProcessingFargateService class. */ - constructor(scope: Construct, id: string, props: QueueProcessingFargateServiceProps) { + constructor(scope: Construct, id: string, props: QueueProcessingFargateServiceProps = {}) { super(scope, id, props); - // Create a Task Definition for the container to start - this.taskDefinition = new FargateTaskDefinition(this, 'QueueProcessingTaskDef', { - memoryLimitMiB: props.memoryLimitMiB || 512, - cpu: props.cpu || 256, - family: props.family, - runtimePlatform: props.runtimePlatform, - }); - - const containerName = props.containerName ?? 'QueueProcessingContainer'; + if (props.taskDefinition && props.image) { + throw new Error('You must specify only one of taskDefinition or image'); + } else if (props.taskDefinition) { + this.taskDefinition = props.taskDefinition; + } else if (props.image) { + // Create a Task Definition for the container to start + this.taskDefinition = new FargateTaskDefinition(this, 'QueueProcessingTaskDef', { + memoryLimitMiB: props.memoryLimitMiB || 512, + cpu: props.cpu || 256, + family: props.family, + runtimePlatform: props.runtimePlatform, + }); - this.taskDefinition.addContainer(containerName, { - image: props.image, - command: props.command, - environment: this.environment, - secrets: this.secrets, - logging: this.logDriver, - healthCheck: props.healthCheck, - }); + const containerName = props.containerName ?? 'QueueProcessingContainer'; + this.taskDefinition.addContainer(containerName, { + image: props.image, + command: props.command, + environment: this.environment, + secrets: this.secrets, + logging: this.logDriver, + healthCheck: props.healthCheck, + }); + } else { + throw new Error('You must specify one of: taskDefinition or image'); + } // The desiredCount should be removed from the fargate service when the feature flag is removed. const desiredCount = FeatureFlags.of(this).isEnabled(cxapi.ECS_REMOVE_DEFAULT_DESIRED_COUNT) ? undefined : this.desiredCount; diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts index 7be7e67aa95c5..66844caceb3bd 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts @@ -568,3 +568,16 @@ it('throws validation errors of the specific queue prop, when setting queue and }); }).toThrow(new Error('visibilityTimeout can be set only when queue is not set. Specify them in the QueueProps of the queue')); }); + +test('throws if image is undefined', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + // WHEN + expect(() => { + new ecsPatterns.QueueProcessingEc2Service(stack, 'Service', { + cluster: new ecs.Cluster(stack, 'Cluster', { vpc }), + memoryLimitMiB: 512, + }); + }).toThrow(new Error('image must be specified for EC2 queue processing service')); +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/queue-processing-fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/queue-processing-fargate-service.test.ts index 05a4755e5bbdc..3af988aa0bdc1 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/queue-processing-fargate-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/queue-processing-fargate-service.test.ts @@ -740,3 +740,89 @@ it('throws validation errors of the specific queue prop, when setting queue and }); }).toThrow(new Error('visibilityTimeout can be set only when queue is not set. Specify them in the QueueProps of the queue')); }); + +test('test Fargate queue worker service construct - with task definition', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); + cluster.addAsgCapacityProvider( + new AsgCapacityProvider(stack, 'DefaultAutoScalingGroupProvider', { + autoScalingGroup: new AutoScalingGroup(stack, 'DefaultAutoScalingGroup', { + vpc, + instanceType: new ec2.InstanceType('t2.micro'), + machineImage: MachineImage.latestAmazonLinux(), + }), + }), + ); + + // WHEN + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { + memoryLimitMiB: 1024, + cpu: 512, + ephemeralStorageGiB: 30, + }); + taskDefinition.addContainer('QueueProcessingContainer', { + image: ecs.ContainerImage.fromRegistry('test'), + }); + + new ecsPatterns.QueueProcessingFargateService(stack, 'Service', { + vpc, + taskDefinition, + }); + + // THEN - The separately created TaskDefinition is used. Memory is 1024, cpu is 512, and ephemeralStorage is 30 + Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { + ContainerDefinitions: [ + Match.objectLike({ + Image: 'test', + }), + ], + Family: 'TaskDef', + Memory: '1024', + Cpu: '512', + EphemeralStorage: { + SizeInGiB: 30, + }, + NetworkMode: 'awsvpc', + RequiresCompatibilities: ['FARGATE'], + TaskRoleArn: { 'Fn::GetAtt': ['TaskDefTaskRole1EDB4A67', 'Arn'] }, + }); +}); + +test('test Fargate queue worker service construct - with task definition and image', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', { + memoryLimitMiB: 1024, + cpu: 512, + ephemeralStorageGiB: 30, + }); + taskDefinition.addContainer('QueueProcessingContainer', { + image: ecs.ContainerImage.fromRegistry('test'), + }); + + expect(() => { + new ecsPatterns.QueueProcessingFargateService(stack, 'Service', { + vpc, + taskDefinition, + image: ecs.ContainerImage.fromRegistry('test'), + }); + }).toThrow(new Error('You must specify only one of taskDefinition or image')); +}); + +test('test Fargate queue worker service construct - with no taskDefinition or image', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + expect(() => { + new ecsPatterns.QueueProcessingFargateService(stack, 'Service', { + vpc, + }); + }).toThrow(new Error('You must specify one of: taskDefinition or image')); +}); + From d0999c304c0aa81cbb07a7ce201bd36202ba1ade Mon Sep 17 00:00:00 2001 From: Masashi Tomooka Date: Thu, 21 Dec 2023 00:01:06 +0900 Subject: [PATCH 4/7] docs(apigatewayv2): revive README.md (#28435) The readme for apigatewayv2 is currently [removed](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2-readme.html), and this PR gets it back. I got the original README.md from this commit (just before it got removed): https://github.com/aws/aws-cdk/blob/187f67b3430dca7ea96a94c66b18694bce213f03/packages/%40aws-cdk/aws-apigatewayv2-alpha/README.md I confirmed other two modules (integration and authorizers) have correct READMEs already. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-lib/aws-apigatewayv2/README.md | 447 +++++++++++++++++- 1 file changed, 429 insertions(+), 18 deletions(-) diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/README.md b/packages/aws-cdk-lib/aws-apigatewayv2/README.md index 3f51a0213e62b..dcf5e9c0b40fc 100644 --- a/packages/aws-cdk-lib/aws-apigatewayv2/README.md +++ b/packages/aws-cdk-lib/aws-apigatewayv2/README.md @@ -1,32 +1,443 @@ -# AWS::ApiGatewayV2 Construct Library +# AWS APIGatewayv2 Construct Library +## Table of Contents -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. +- [Introduction](#introduction) +- [HTTP API](#http-api) + - [Defining HTTP APIs](#defining-http-apis) + - [Cross Origin Resource Sharing (CORS)](#cross-origin-resource-sharing-cors) + - [Publishing HTTP APIs](#publishing-http-apis) + - [Custom Domain](#custom-domain) + - [Mutual TLS](#mutual-tls-mtls) + - [Managing access to HTTP APIs](#managing-access-to-http-apis) + - [Metrics](#metrics) + - [VPC Link](#vpc-link) + - [Private Integration](#private-integration) +- [WebSocket API](#websocket-api) + - [Manage Connections Permission](#manage-connections-permission) + - [Managing access to WebSocket APIs](#managing-access-to-websocket-apis) -```ts nofixture -import * as apigateway from 'aws-cdk-lib/aws-apigatewayv2'; +## Introduction + +Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket +APIs at any scale. API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud. +As an API Gateway API developer, you can create APIs for use in your own client applications. Read the +[Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html). + +This module supports features under [API Gateway v2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ApiGatewayV2.html) +that lets users set up Websocket and HTTP APIs. +REST APIs can be created using the `aws-cdk-lib/aws-apigateway` module. + +HTTP and Websocket APIs use the same CloudFormation resources under the hood. However, this module separates them into two separate constructs for a more efficient abstraction since there are a number of CloudFormation properties that specifically apply only to each type of API. + +## HTTP API + +HTTP APIs enable creation of RESTful APIs that integrate with AWS Lambda functions, known as Lambda proxy integration, +or to any routable HTTP endpoint, known as HTTP proxy integration. + +### Defining HTTP APIs + +HTTP APIs have two fundamental concepts - Routes and Integrations. + +Routes direct incoming API requests to backend resources. Routes consist of two parts: an HTTP method and a resource +path, such as, `GET /books`. Learn more at [Working with +routes](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html). Use the `ANY` method +to match any methods for a route that are not explicitly defined. + +Integrations define how the HTTP API responds when a client reaches a specific Route. HTTP APIs support Lambda proxy +integration, HTTP proxy integration and, AWS service integrations, also known as private integrations. Learn more at +[Configuring integrations](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations.html). + +Integrations are available at the `aws-apigatewayv2-integrations` module and more information is available in that module. +As an early example, we have a website for a bookstore where the following code snippet configures a route `GET /books` with an HTTP proxy integration. All other HTTP method calls to `/books` route to a default lambda proxy for the bookstore. + +```ts +import { HttpUrlIntegration, HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +const getBooksIntegration = new HttpUrlIntegration('GetBooksIntegration', 'https://get-books-proxy.example.com'); + +declare const bookStoreDefaultFn: lambda.Function; +const bookStoreDefaultIntegration = new HttpLambdaIntegration('BooksIntegration', bookStoreDefaultFn); + +const httpApi = new apigwv2.HttpApi(this, 'HttpApi'); + +httpApi.addRoutes({ + path: '/books', + methods: [ apigwv2.HttpMethod.GET ], + integration: getBooksIntegration, +}); +httpApi.addRoutes({ + path: '/books', + methods: [ apigwv2.HttpMethod.ANY ], + integration: bookStoreDefaultIntegration, +}); +``` + +The URL to the endpoint can be retrieved via the `apiEndpoint` attribute. By default this URL is enabled for clients. Use `disableExecuteApiEndpoint` to disable it. + +```ts +const httpApi = new apigwv2.HttpApi(this, 'HttpApi', { + disableExecuteApiEndpoint: true, +}); +``` + +The `defaultIntegration` option while defining HTTP APIs lets you create a default catch-all integration that is +matched when a client reaches a route that is not explicitly defined. + +```ts +import { HttpUrlIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +new apigwv2.HttpApi(this, 'HttpProxyApi', { + defaultIntegration: new HttpUrlIntegration('DefaultIntegration', 'https://example.com'), +}); +``` + +### Cross Origin Resource Sharing (CORS) + +[Cross-origin resource sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) is a browser security +feature that restricts HTTP requests that are initiated from scripts running in the browser. Enabling CORS will allow +requests to your API from a web application hosted in a domain different from your API domain. + +When configured CORS for an HTTP API, API Gateway automatically sends a response to preflight `OPTIONS` requests, even +if there isn't an `OPTIONS` route configured. Note that, when this option is used, API Gateway will ignore CORS headers +returned from your backend integration. Learn more about [Configuring CORS for an HTTP +API](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html). + +The `corsPreflight` option lets you specify a CORS configuration for an API. + +```ts +new apigwv2.HttpApi(this, 'HttpProxyApi', { + corsPreflight: { + allowHeaders: ['Authorization'], + allowMethods: [ + apigwv2.CorsHttpMethod.GET, + apigwv2.CorsHttpMethod.HEAD, + apigwv2.CorsHttpMethod.OPTIONS, + apigwv2.CorsHttpMethod.POST, + ], + allowOrigins: ['*'], + maxAge: Duration.days(10), + }, +}); +``` + +### Publishing HTTP APIs + +A Stage is a logical reference to a lifecycle state of your API (for example, `dev`, `prod`, `beta`, or `v2`). API +stages are identified by their stage name. Each stage is a named reference to a deployment of the API made available for +client applications to call. + +Use `HttpStage` to create a Stage resource for HTTP APIs. The following code sets up a Stage, whose URL is available at +`https://{api_id}.execute-api.{region}.amazonaws.com/beta`. + +```ts +declare const api: apigwv2.HttpApi; + +new apigwv2.HttpStage(this, 'Stage', { + httpApi: api, + stageName: 'beta', +}); +``` + +If you omit the `stageName` will create a `$default` stage. A `$default` stage is one that is served from the base of +the API's URL - `https://{api_id}.execute-api.{region}.amazonaws.com/`. + +Note that, `HttpApi` will always creates a `$default` stage, unless the `createDefaultStage` property is unset. + +### Custom Domain + +Custom domain names are simpler and more intuitive URLs that you can provide to your API users. Custom domain name are associated to API stages. + +The code snippet below creates a custom domain and configures a default domain mapping for your API that maps the +custom domain to the `$default` stage of the API. + +```ts +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; +import { HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +const certArn = 'arn:aws:acm:us-east-1:111111111111:certificate'; +const domainName = 'example.com'; + +const dn = new apigwv2.DomainName(this, 'DN', { + domainName: domainName, + certificate: acm.Certificate.fromCertificateArn(this, 'cert', certArn), +}); + +declare const handler: lambda.Function; +const api = new apigwv2.HttpApi(this, 'HttpProxyProdApi', { + defaultIntegration: new HttpLambdaIntegration('DefaultIntegration', handler), + // https://${dn.domainName}/foo goes to prodApi $default stage + defaultDomainMapping: { + domainName: dn, + mappingKey: 'foo', + }, +}); +``` + +To migrate a domain endpoint from one type to another, you can add a new endpoint configuration via `addEndpoint()` +and then configure DNS records to route traffic to the new endpoint. After that, you can remove the previous endpoint configuration. +Learn more at [Migrating a custom domain name](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-regional-api-custom-domain-migrate.html) + +To associate a specific `Stage` to a custom domain mapping - + +```ts +declare const api: apigwv2.HttpApi; +declare const dn: apigwv2.DomainName; + +api.addStage('beta', { + stageName: 'beta', + autoDeploy: true, + // https://${dn.domainName}/bar goes to the beta stage + domainMapping: { + domainName: dn, + mappingKey: 'bar', + }, +}); +``` + +The same domain name can be associated with stages across different `HttpApi` as so - + +```ts +import { HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +declare const handler: lambda.Function; +declare const dn: apigwv2.DomainName; + +const apiDemo = new apigwv2.HttpApi(this, 'DemoApi', { + defaultIntegration: new HttpLambdaIntegration('DefaultIntegration', handler), + // https://${dn.domainName}/demo goes to apiDemo $default stage + defaultDomainMapping: { + domainName: dn, + mappingKey: 'demo', + }, +}); +``` + +The `mappingKey` determines the base path of the URL with the custom domain. Each custom domain is only allowed +to have one API mapping with undefined `mappingKey`. If more than one API mappings are specified, `mappingKey` will be required for all of them. In the sample above, the custom domain is associated +with 3 API mapping resources across different APIs and Stages. + +| API | Stage | URL | +| :------------: | :---------: | :----: | +| api | $default | `https://${domainName}/foo` | +| api | beta | `https://${domainName}/bar` | +| apiDemo | $default | `https://${domainName}/demo` | + +You can retrieve the full domain URL with mapping key using the `domainUrl` property as so - + +```ts +declare const apiDemo: apigwv2.HttpApi; +const demoDomainUrl = apiDemo.defaultStage?.domainUrl; // returns "https://example.com/demo" +``` + +### Mutual TLS (mTLS) + +Mutual TLS can be configured to limit access to your API based by using client certificates instead of (or as an extension of) using authorization headers. + +```ts +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as acm from 'aws-cdk-lib/aws-certificatemanager'; + +const certArn = 'arn:aws:acm:us-east-1:111111111111:certificate'; +const domainName = 'example.com'; +declare const bucket: s3.Bucket; + +new apigwv2.DomainName(this, 'DomainName', { + domainName, + certificate: acm.Certificate.fromCertificateArn(this, 'cert', certArn), + mtls: { + bucket, + key: 'someca.pem', + version: 'version', + }, +}); +``` + +Instructions for configuring your trust store can be found [here](https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/) + +### Managing access to HTTP APIs + +API Gateway supports multiple mechanisms for [controlling and managing access to your HTTP +API](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-access-control.html) through authorizers. + +These authorizers can be found in the [APIGatewayV2-Authorizers](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2_authorizers-readme.html) constructs library. + +### Metrics + +The API Gateway v2 service sends metrics around the performance of HTTP APIs to Amazon CloudWatch. +These metrics can be referred to using the metric APIs available on the `HttpApi` construct. +The APIs with the `metric` prefix can be used to get reference to specific metrics for this API. For example, +the method below refers to the client side errors metric for this API. + +```ts +const api = new apigwv2.HttpApi(this, 'my-api'); +const clientErrorMetric = api.metricClientError(); +``` + +Please note that this will return a metric for all the stages defined in the api. It is also possible to refer to metrics for a specific Stage using +the `metric` methods from the `Stage` construct. + +```ts +const api = new apigwv2.HttpApi(this, 'my-api'); +const stage = new apigwv2.HttpStage(this, 'Stage', { + httpApi: api, +}); +const clientErrorMetric = stage.metricClientError(); +``` + +### VPC Link + +Private integrations let HTTP APIs connect with AWS resources that are placed behind a VPC. These are usually Application +Load Balancers, Network Load Balancers or a Cloud Map service. The `VpcLink` construct enables this integration. +The following code creates a `VpcLink` to a private VPC. + +```ts +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as elb from 'aws-cdk-lib/aws-elasticloadbalancingv2'; +import { HttpAlbIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +const vpc = new ec2.Vpc(this, 'VPC'); +const alb = new elb.ApplicationLoadBalancer(this, 'AppLoadBalancer', { vpc }); + +const vpcLink = new apigwv2.VpcLink(this, 'VpcLink', { vpc }); + +// Creating an HTTP ALB Integration: +const albIntegration = new HttpAlbIntegration('ALBIntegration', alb.listeners[0], {}); +``` + +Any existing `VpcLink` resource can be imported into the CDK app via the `VpcLink.fromVpcLinkAttributes()`. + +```ts +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +declare const vpc: ec2.Vpc; +const awesomeLink = apigwv2.VpcLink.fromVpcLinkAttributes(this, 'awesome-vpc-link', { + vpcLinkId: 'us-east-1_oiuR12Abd', + vpc, +}); +``` + +### Private Integration + +Private integrations enable integrating an HTTP API route with private resources in a VPC, such as Application Load Balancers or +Amazon ECS container-based applications. Using private integrations, resources in a VPC can be exposed for access by +clients outside of the VPC. + +These integrations can be found in the [aws-apigatewayv2-integrations](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2_integrations-readme.html) constructs library. + +## WebSocket API + +A WebSocket API in API Gateway is a collection of WebSocket routes that are integrated with backend HTTP endpoints, +Lambda functions, or other AWS services. You can use API Gateway features to help you with all aspects of the API +lifecycle, from creation through monitoring your production APIs. [Read more](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-overview.html) + +WebSocket APIs have two fundamental concepts - Routes and Integrations. + +WebSocket APIs direct JSON messages to backend integrations based on configured routes. (Non-JSON messages are directed +to the configured `$default` route.) + +Integrations define how the WebSocket API behaves when a client reaches a specific Route. Learn more at +[Configuring integrations](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-integration-requests.html). + +Integrations are available in the `aws-apigatewayv2-integrations` module and more information is available in that module. + +To add the default WebSocket routes supported by API Gateway (`$connect`, `$disconnect` and `$default`), configure them as part of api props: + +```ts +import { WebSocketLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +declare const connectHandler: lambda.Function; +declare const disconnectHandler: lambda.Function; +declare const defaultHandler: lambda.Function; + +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi', { + connectRouteOptions: { integration: new WebSocketLambdaIntegration('ConnectIntegration', connectHandler) }, + disconnectRouteOptions: { integration: new WebSocketLambdaIntegration('DisconnectIntegration',disconnectHandler) }, + defaultRouteOptions: { integration: new WebSocketLambdaIntegration('DefaultIntegration', defaultHandler) }, +}); + +new apigwv2.WebSocketStage(this, 'mystage', { + webSocketApi, + stageName: 'dev', + autoDeploy: true, +}); +``` + +To retrieve a websocket URL and a callback URL: + +```ts +declare const webSocketStage: apigwv2.WebSocketStage; + +const webSocketURL = webSocketStage.url; +// wss://${this.api.apiId}.execute-api.${s.region}.${s.urlSuffix}/${urlPath} +const callbackURL = webSocketStage.callbackUrl; +// https://${this.api.apiId}.execute-api.${s.region}.${s.urlSuffix}/${urlPath} +``` + +To add any other route: + +```ts +import { WebSocketLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; + +declare const messageHandler: lambda.Function; +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi'); +webSocketApi.addRoute('sendmessage', { + integration: new WebSocketLambdaIntegration('SendMessageIntegration', messageHandler), +}); ``` - +To add a route that can return a result: -There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: +```ts +import { WebSocketLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations'; -- Search [Construct Hub for ApiGatewayV2 construct libraries](https://constructs.dev/search?q=apigatewayv2) -- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::ApiGatewayV2 resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ApiGatewayV2.html) directly. +declare const messageHandler: lambda.Function; +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi'); +webSocketApi.addRoute('sendmessage', { + integration: new WebSocketLambdaIntegration('SendMessageIntegration', messageHandler), + returnResponse: true, +}); +``` +To import an existing WebSocketApi: -> An experimental construct library for this service is available in preview. Since it is not stable yet, it is distributed -> as a separate package so that you can pin its version independently of the rest of the CDK. See the package: -> -> aws-cdk-lib/aws-apigatewayv2 +```ts +const webSocketApi = apigwv2.WebSocketApi.fromWebSocketApiAttributes(this, 'mywsapi', { webSocketId: 'api-1234' }); +``` - +### Manage Connections Permission -There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. -However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. +Grant permission to use API Gateway Management API of a WebSocket API by calling the `grantManageConnections` API. +You can use Management API to send a callback message to a connected client, get connection information, or disconnect the client. Learn more at [Use @connections commands in your backend service](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html). -For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::ApiGatewayV2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ApiGatewayV2.html). +```ts +declare const fn: lambda.Function; -(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi'); +const stage = new apigwv2.WebSocketStage(this, 'mystage', { + webSocketApi, + stageName: 'dev', +}); +// per stage permission +stage.grantManagementApiAccess(fn); +// for all the stages permission +webSocketApi.grantManageConnections(fn); +``` - +### Managing access to WebSocket APIs + +API Gateway supports multiple mechanisms for [controlling and managing access to a WebSocket API](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-control-access.html) through authorizers. + +These authorizers can be found in the [APIGatewayV2-Authorizers](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2_authorizers-readme.html) constructs library. + +### API Keys + +Websocket APIs also support usage of API Keys. An API Key is a key that is used to grant access to an API. These are useful for controlling and tracking access to an API, when used together with [usage plans](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html). These together allow you to configure controls around API access such as quotas and throttling, along with per-API Key metrics on usage. + +To require an API Key when accessing the Websocket API: + +```ts +const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi',{ + apiKeySelectionExpression: apigwv2.WebSocketApiKeySelectionExpression.HEADER_X_API_KEY, +}); +``` From 98cd46a8a2aaf3401144037f77aa0fdd57b81210 Mon Sep 17 00:00:00 2001 From: Evgeny Karasik Date: Wed, 20 Dec 2023 17:52:16 +0200 Subject: [PATCH 5/7] chore(roadmap): add GC to the roadmap (#28413) Adding CDK GC to the roadmap. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ROADMAP.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ROADMAP.md b/ROADMAP.md index 9231704a0b36d..07c82363d85f1 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -33,6 +33,7 @@ Security and stability of the CDK is a top priority. If you think you’ve found * 🚀 [App Staging Synthesizer for Resource Isolation](https://aws.amazon.com/blogs/devops/enhancing-resource-isolation-in-aws-cdk-with-the-app-staging-synthesizer/) - This feature enhances resource isolation and cleanup control by creating separate staging resources for each application * 👂🏽 [CDK Refactoring](https://github.com/aws/aws-cdk-rfcs/issues/162) - We’re looking into providing built-in support for builder refactoring work. * 🛠️ [Understand deployment progress within CloudFormation](https://github.com/aws/aws-cdk-rfcs/issues/586) - This will help builders understand what CloudFormation is doing as deployments are in progress. +* 🔍 [Garbage Collection for Assets](https://github.com/aws/aws-cdk-rfcs/issues/64) - Assets which are uploaded to the CDK's S3 bucket and ECR repository are never deleted. ### Speed up development and testing * 🚀 [Enable CloudFormation builders to migrate existing infrastructure to CDK](https://github.com/aws/aws-cdk/blob/6004a17c593728e36ad4f5c3dcdd578ff46fa9bb/packages/aws-cdk/README.md#cdk-migrate) - CloudFormation builders can now generate a CDK application using an existing CloudFormation template in JSON or YAML format using cdk migrate! From c488035db893532c6aca97c59717a351539fa2ec Mon Sep 17 00:00:00 2001 From: sakurai-ryo <58683719+sakurai-ryo@users.noreply.github.com> Date: Thu, 21 Dec 2023 02:22:13 +0900 Subject: [PATCH 6/7] fix(integ-tests): apply correct IAM policy to waiterProvider (#28424) ### Description The following issue describes a bug where the IAM Policy is not correctly set to the calling Lambda when using `invokeFunction` and `waitForAssertions`. Normally, when the `waitForAssertions` method is invoked, the necessary Policy is granted to the `waiterProvider` using the `adPolicyStatementFromSdkCall` method. https://github.com/aws/aws-cdk/blob/52a5579aa52c88bb289a7a9677c35385763c8fff/packages/%40aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts#L136 In the case of a Lambda function call, the API name and the Action name of the Policy are different (invoke => invokeFunction), so the `addPolicyStatementFromSdkCall` method cannot grant the correct Policy. The `LambdaInvokeFunction` is doing the correct Policy assignment to deal with this in the constructor. https://github.com/aws/aws-cdk/blob/52a5579aa52c88bb289a7a9677c35385763c8fff/packages/%40aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts#L247 However, this is not done for the `waiterProvider`, resulting in an access denied error. This PR has been modified so that the correct Policy is granted to `waiterProvider`. fixes #27865 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ-tests-alpha/lib/assertions/sdk.ts | 18 +- ...efaultTestDeployAssertDC0672BB.assets.json | 32 ++ ...aultTestDeployAssertDC0672BB.template.json | 452 ++++++++++++++++++ .../InvokeFunctionAssertions.assets.json | 19 + .../InvokeFunctionAssertions.template.json | 98 ++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 204 ++++++++ .../tree.json | 452 ++++++++++++++++++ .../integ.invoke-function-assertions.ts | 31 ++ .../test/assertions/sdk.test.ts | 83 ++++ 11 files changed, 1400 insertions(+), 2 deletions(-) create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.assets.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.template.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.assets.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.template.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.ts diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts index 931a91a6f1347..fff9f88cc8f0e 100644 --- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts +++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts @@ -214,7 +214,7 @@ export interface LambdaInvokeFunctionProps { /** * An AWS Lambda Invoke function API call. - * Use this istead of the generic AwsApiCall in order to + * Use this instead of the generic AwsApiCall in order to * invoke a lambda function. This will automatically create * the correct permissions to invoke the function */ @@ -250,6 +250,20 @@ export class LambdaInvokeFunction extends AwsApiCall { arnFormat: ArnFormat.COLON_RESOURCE_NAME, resourceName: props.functionName, })]); + + // If using `waitForAssertions`, do the same for `waiterProvider` as above. + // Aspects are used here because we do not know if the user is using `waitForAssertions` at this point. + Aspects.of(this).add({ + visit(node: IConstruct) { + if (node instanceof AwsApiCall && node.waiterProvider) { + node.waiterProvider.addPolicyStatementFromSdkCall('Lambda', 'invokeFunction', [stack.formatArn({ + service: 'lambda', + resource: 'function', + arnFormat: ArnFormat.COLON_RESOURCE_NAME, + resourceName: props.functionName, + })]); + } + }, + }); } } - diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.assets.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.assets.json new file mode 100644 index 0000000000000..e0e0cca8c4e74 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.assets.json @@ -0,0 +1,32 @@ +{ + "version": "35.0.0", + "files": { + "df6156f884f46480078633afbd0b768581022c5e444c5f72752980280ae15bd9": { + "source": { + "path": "asset.df6156f884f46480078633afbd0b768581022c5e444c5f72752980280ae15bd9.bundle", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "df6156f884f46480078633afbd0b768581022c5e444c5f72752980280ae15bd9.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "83be8bf848814226b887baa05c0b9a6da10e068890f74859654bb30637464d79": { + "source": { + "path": "AssertionsTestDefaultTestDeployAssertDC0672BB.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "83be8bf848814226b887baa05c0b9a6da10e068890f74859654bb30637464d79.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.template.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.template.json new file mode 100644 index 0000000000000..73745330c312d --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/AssertionsTestDefaultTestDeployAssertDC0672BB.template.json @@ -0,0 +1,452 @@ +{ + "Resources": { + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2": { + "Type": "Custom::DeployAssert@SdkCallLambdainvoke", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F", + "Arn" + ] + }, + "service": "Lambda", + "api": "invoke", + "expected": "{\"$ObjectLike\":{\"StatusCode\":202}}", + "stateMachineArn": { + "Ref": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitFor14F593B5" + }, + "parameters": { + "FunctionName": { + "Fn::Join": [ + "", + [ + "\"", + { + "Fn::ImportValue": "InvokeFunctionAssertions:ExportsOutputRefTargetFunc08E2AFD9BD39CDAE" + }, + "\"" + ] + ] + }, + "InvocationType": "\"Event\"", + "Payload": "\"{\\\"days\\\":1}\"" + }, + "flattenResponse": "false", + "salt": "1702960389230" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2InvokeB9825AB9": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::ImportValue": "InvokeFunctionAssertions:ExportsOutputRefTargetFunc08E2AFD9BD39CDAE" + }, + "Principal": { + "Fn::GetAtt": [ + "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73", + "Arn" + ] + } + } + }, + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForIsCompleteProviderInvoke77DE6350": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE", + "Arn" + ] + }, + "Principal": { + "Fn::GetAtt": [ + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForRoleD163D5A7", + "Arn" + ] + } + } + }, + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForTimeoutProviderInvoke0EAE6FD8": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA", + "Arn" + ] + }, + "Principal": { + "Fn::GetAtt": [ + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForRoleD163D5A7", + "Arn" + ] + } + } + }, + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForRoleD163D5A7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ] + }, + "Policies": [ + { + "PolicyName": "InlineInvokeFunctions", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA", + "Arn" + ] + } + ] + } + ] + } + } + ] + } + }, + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitFor14F593B5": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":30,\"MaxAttempts\":180,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE", + "Arn" + ] + }, + "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA", + "Arn" + ] + }, + "\"}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForRoleD163D5A7", + "Arn" + ] + } + }, + "DependsOn": [ + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForRoleD163D5A7" + ] + }, + "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "lambda:Invoke" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":lambda:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":function:", + { + "Fn::ImportValue": "InvokeFunctionAssertions:ExportsOutputRefTargetFunc08E2AFD9BD39CDAE" + } + ] + ] + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ] + } + } + ] + } + }, + "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Runtime": "nodejs18.x", + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "df6156f884f46480078633afbd0b768581022c5e444c5f72752980280ae15bd9.zip" + }, + "Timeout": 120, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73", + "Arn" + ] + } + } + }, + "SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "lambda:Invoke" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":lambda:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":function:", + { + "Fn::ImportValue": "InvokeFunctionAssertions:ExportsOutputRefTargetFunc08E2AFD9BD39CDAE" + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Runtime": "nodejs18.x", + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "df6156f884f46480078633afbd0b768581022c5e444c5f72752980280ae15bd9.zip" + }, + "Timeout": 120, + "Handler": "index.isComplete", + "Role": { + "Fn::GetAtt": [ + "SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB", + "Arn" + ] + } + } + }, + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aRoleB84BD8CE": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Runtime": "nodejs18.x", + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "df6156f884f46480078633afbd0b768581022c5e444c5f72752980280ae15bd9.zip" + }, + "Timeout": 120, + "Handler": "index.onTimeout", + "Role": { + "Fn::GetAtt": [ + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aRoleB84BD8CE", + "Arn" + ] + } + } + } + }, + "Outputs": { + "AssertionResultsLambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2": { + "Value": { + "Fn::GetAtt": [ + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2", + "assertion" + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.assets.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.assets.json new file mode 100644 index 0000000000000..777688fdcdda6 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.assets.json @@ -0,0 +1,19 @@ +{ + "version": "35.0.0", + "files": { + "3e6d70d727e44d2bb1b20be7a2b63f22fb5227e41d64b54a1b02ed62d00e7926": { + "source": { + "path": "InvokeFunctionAssertions.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3e6d70d727e44d2bb1b20be7a2b63f22fb5227e41d64b54a1b02ed62d00e7926.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.template.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.template.json new file mode 100644 index 0000000000000..9321a6d5fa7c3 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/InvokeFunctionAssertions.template.json @@ -0,0 +1,98 @@ +{ + "Resources": { + "TargetFuncServiceRoleD60C6577": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "TargetFunc08E2AFD9": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event, context) => { return { foo: \"bar\" }; };" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "TargetFuncServiceRoleD60C6577", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "TargetFuncServiceRoleD60C6577" + ] + } + }, + "Outputs": { + "ExportsOutputRefTargetFunc08E2AFD9BD39CDAE": { + "Value": { + "Ref": "TargetFunc08E2AFD9" + }, + "Export": { + "Name": "InvokeFunctionAssertions:ExportsOutputRefTargetFunc08E2AFD9BD39CDAE" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/cdk.out b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c5cb2e5de6344 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"35.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/integ.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/integ.json new file mode 100644 index 0000000000000..a9ddde45181d9 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "35.0.0", + "testCases": { + "AssertionsTest/DefaultTest": { + "stacks": [ + "InvokeFunctionAssertions" + ], + "assertionStack": "AssertionsTest/DefaultTest/DeployAssert", + "assertionStackName": "AssertionsTestDefaultTestDeployAssertDC0672BB" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/manifest.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/manifest.json new file mode 100644 index 0000000000000..691477c0def67 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/manifest.json @@ -0,0 +1,204 @@ +{ + "version": "35.0.0", + "artifacts": { + "InvokeFunctionAssertions.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "InvokeFunctionAssertions.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "InvokeFunctionAssertions": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "InvokeFunctionAssertions.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3e6d70d727e44d2bb1b20be7a2b63f22fb5227e41d64b54a1b02ed62d00e7926.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "InvokeFunctionAssertions.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "InvokeFunctionAssertions.assets" + ], + "metadata": { + "/InvokeFunctionAssertions/TargetFunc/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TargetFuncServiceRoleD60C6577" + } + ], + "/InvokeFunctionAssertions/TargetFunc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TargetFunc08E2AFD9" + } + ], + "/InvokeFunctionAssertions/Exports/Output{\"Ref\":\"TargetFunc08E2AFD9\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefTargetFunc08E2AFD9BD39CDAE" + } + ], + "/InvokeFunctionAssertions/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/InvokeFunctionAssertions/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "InvokeFunctionAssertions" + }, + "AssertionsTestDefaultTestDeployAssertDC0672BB.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "AssertionsTestDefaultTestDeployAssertDC0672BB.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "AssertionsTestDefaultTestDeployAssertDC0672BB": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "AssertionsTestDefaultTestDeployAssertDC0672BB.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/83be8bf848814226b887baa05c0b9a6da10e068890f74859654bb30637464d79.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "AssertionsTestDefaultTestDeployAssertDC0672BB.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "InvokeFunctionAssertions", + "AssertionsTestDefaultTestDeployAssertDC0672BB.assets" + ], + "metadata": { + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/Default/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/Invoke": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2InvokeB9825AB9" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/IsCompleteProvider/Invoke": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForIsCompleteProviderInvoke77DE6350" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/TimeoutProvider/Invoke": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForTimeoutProviderInvoke0EAE6FD8" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitForRoleD163D5A7" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2WaitFor14F593B5" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/AssertionResults": [ + { + "type": "aws:cdk:logicalId", + "data": "AssertionResultsLambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aRoleB84BD8CE" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/AssertionsTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "AssertionsTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/tree.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/tree.json new file mode 100644 index 0000000000000..2fa4e941f1772 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.js.snapshot/tree.json @@ -0,0 +1,452 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "InvokeFunctionAssertions": { + "id": "InvokeFunctionAssertions", + "path": "InvokeFunctionAssertions", + "children": { + "TargetFunc": { + "id": "TargetFunc", + "path": "InvokeFunctionAssertions/TargetFunc", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "InvokeFunctionAssertions/TargetFunc/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "InvokeFunctionAssertions/TargetFunc/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "InvokeFunctionAssertions/TargetFunc/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "InvokeFunctionAssertions/TargetFunc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "exports.handler = async (event, context) => { return { foo: \"bar\" }; };" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "TargetFuncServiceRoleD60C6577", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "Exports": { + "id": "Exports", + "path": "InvokeFunctionAssertions/Exports", + "children": { + "Output{\"Ref\":\"TargetFunc08E2AFD9\"}": { + "id": "Output{\"Ref\":\"TargetFunc08E2AFD9\"}", + "path": "InvokeFunctionAssertions/Exports/Output{\"Ref\":\"TargetFunc08E2AFD9\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "InvokeFunctionAssertions/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "InvokeFunctionAssertions/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "AssertionsTest": { + "id": "AssertionsTest", + "path": "AssertionsTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "AssertionsTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "AssertionsTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "AssertionsTest/DefaultTest/DeployAssert", + "children": { + "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2": { + "id": "LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2", + "children": { + "SdkProvider": { + "id": "SdkProvider", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/SdkProvider", + "children": { + "AssertionsProvider": { + "id": "AssertionsProvider", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/SdkProvider/AssertionsProvider", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.AssertionsProvider", + "version": "0.0.0" + } + }, + "Default": { + "id": "Default", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/Default", + "children": { + "Default": { + "id": "Default", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/Default/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + }, + "Invoke": { + "id": "Invoke", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/Invoke", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "WaitFor": { + "id": "WaitFor", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor", + "children": { + "IsCompleteProvider": { + "id": "IsCompleteProvider", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/IsCompleteProvider", + "children": { + "AssertionsProvider": { + "id": "AssertionsProvider", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/IsCompleteProvider/AssertionsProvider", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Invoke": { + "id": "Invoke", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/IsCompleteProvider/Invoke", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.AssertionsProvider", + "version": "0.0.0" + } + }, + "TimeoutProvider": { + "id": "TimeoutProvider", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/TimeoutProvider", + "children": { + "AssertionsProvider": { + "id": "AssertionsProvider", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/TimeoutProvider/AssertionsProvider", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Invoke": { + "id": "Invoke", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/TimeoutProvider/Invoke", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.AssertionsProvider", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/WaitFor/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.WaiterStateMachine", + "version": "0.0.0" + } + }, + "AssertionResults": { + "id": "AssertionResults", + "path": "AssertionsTest/DefaultTest/DeployAssert/LambdaInvokeb3f9bfb591e0fc999c1bceaa910c7ca2/AssertionResults", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.LambdaInvokeFunction", + "version": "0.0.0" + } + }, + "SingletonFunction1488541a7b23466481b69b4408076b81": { + "id": "SingletonFunction1488541a7b23466481b69b4408076b81", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81", + "children": { + "Staging": { + "id": "Staging", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "SingletonFunction76b3e830a873425f8453eddd85c86925": { + "id": "SingletonFunction76b3e830a873425f8453eddd85c86925", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925", + "children": { + "Staging": { + "id": "Staging", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a": { + "id": "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a", + "children": { + "Staging": { + "id": "Staging", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "AssertionsTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "AssertionsTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "AssertionsTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.ts new file mode 100644 index 0000000000000..0be06a68d2b26 --- /dev/null +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions.ts @@ -0,0 +1,31 @@ +import { App, Stack, Duration } from 'aws-cdk-lib'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { ExpectedResult, IntegTest, InvocationType } from '../../../lib'; + +const app = new App(); +const stack = new Stack(app, 'InvokeFunctionAssertions'); + +const targetFunc = new lambda.Function(stack, 'TargetFunc', { + code: lambda.Code.fromInline('exports.handler = async (event, context) => { return { foo: "bar" }; };'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, +}); + +const integ = new IntegTest(app, 'AssertionsTest', { + testCases: [stack], +}); + +// In this test, we are verifying that when 'invokeFunction' is used in conjunction with 'waitForAssertions', +// the invocation of the Lambda function is handled by the 'waiterProvider'. +// We are specifically checking that the correct IAM policy is set for the 'waiterProvider' and, +// that the Lambda function can be invoked correctly. +integ.assertions.invokeFunction({ + functionName: targetFunc.functionName, + invocationType: InvocationType.EVENT, + payload: JSON.stringify({ days: 1 }), +}).expect( + ExpectedResult.objectLike({ StatusCode: 202 }), +).waitForAssertions({ + interval: Duration.seconds(30), + totalTimeout: Duration.minutes(90), +}); diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts index 1e97fc3fabf35..2662606178621 100644 --- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts @@ -479,5 +479,88 @@ describe('AwsApiCall', () => { ], }); }); + + test('invokeFunction with waitForAssertions applies correct IAM policy to waiterProvider', () => { + // GIVEN + const app = new App(); + const deployAssert = new DeployAssert(app); + + // WHEN + deployAssert.invokeFunction({ + functionName: 'my-func', + invocationType: InvocationType.EVENT, + payload: JSON.stringify({ days: 1 }), + }).expect( + ExpectedResult.objectLike({ Key: 'Value' }), + ).waitForAssertions({ + interval: Duration.seconds(30), + totalTimeout: Duration.minutes(90), + }); + + // THEN + const waiterProviderRole = Template.fromStack( + deployAssert.scope, + ).findResources( + 'AWS::IAM::Role', + ).SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB; + expect(waiterProviderRole).toEqual({ + Type: 'AWS::IAM::Role', + Properties: { + AssumeRolePolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'lambda.amazonaws.com', + }, + }, + ], + }, + ManagedPolicyArns: [ + { + 'Fn::Sub': 'arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole', + }, + ], + Policies: expect.arrayContaining([ + { + PolicyName: 'Inline', + PolicyDocument: { + Version: '2012-10-17', + Statement: expect.arrayContaining([ + { + Action: ['lambda:InvokeFunction'], + Effect: 'Allow', + Resource: [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':lambda:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':function:my-func', + ], + ], + }, + ], + }, + ]), + }, + }, + ]), + }, + }); + }); }); }); From 6b3caff7ac4321ca79e70821991de041d33eaa7c Mon Sep 17 00:00:00 2001 From: Kyle Laker Date: Wed, 20 Dec 2023 12:50:05 -0500 Subject: [PATCH 7/7] feat(ec2): support creating key pairs (#28138) This adds support for creating `AWS::EC2::KeyPair` resources. These are added as a property to `Instance`, `LaunchTemplate`, and `NatInstance` and the older `keyName` prop is deprecated in favor of the new `keyPair: IKeyPair` property. A getter is added to retrieve the SSM parameter that hold the private key for non-imported keys and checks are added to make sure that ED25519 keys are not used with a Windows instance. Closes #5252. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssertF103D058.assets.json | 19 + ...aultTestDeployAssertF103D058.template.json | 36 + .../__entrypoint__.js | 147 +++ .../index.js | 1 + .../aws-cdk-ec2-key-pair-1.assets.json | 32 + .../aws-cdk-ec2-key-pair-1.template.json | 655 +++++++++++ .../test/integ.key-pair.js.snapshot/cdk.out | 1 + .../integ.key-pair.js.snapshot/integ.json | 12 + .../integ.key-pair.js.snapshot/manifest.json | 299 +++++ .../test/integ.key-pair.js.snapshot/tree.json | 1003 +++++++++++++++++ .../test/aws-ec2/test/integ.key-pair.ts | 24 + packages/aws-cdk-lib/aws-ec2/README.md | 64 ++ packages/aws-cdk-lib/aws-ec2/lib/index.ts | 1 + packages/aws-cdk-lib/aws-ec2/lib/instance.ts | 19 +- packages/aws-cdk-lib/aws-ec2/lib/key-pair.ts | 273 +++++ .../aws-ec2/lib/launch-template.ts | 19 +- packages/aws-cdk-lib/aws-ec2/lib/nat.ts | 14 + .../aws-cdk-lib/aws-ec2/test/instance.test.ts | 33 + .../aws-cdk-lib/aws-ec2/test/key-pair.test.ts | 188 +++ .../aws-ec2/test/launch-template.test.ts | 26 + 20 files changed, 2864 insertions(+), 2 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.ts create mode 100644 packages/aws-cdk-lib/aws-ec2/lib/key-pair.ts create mode 100644 packages/aws-cdk-lib/aws-ec2/test/key-pair.test.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.assets.json new file mode 100644 index 0000000000000..25e7ca0bd298d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.assets.json @@ -0,0 +1,19 @@ +{ + "version": "35.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "KeyPairTestDefaultTestDeployAssertF103D058.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/KeyPairTestDefaultTestDeployAssertF103D058.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/__entrypoint__.js new file mode 100644 index 0000000000000..c83ecebaaadac --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/__entrypoint__.js @@ -0,0 +1,147 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + exports.external.log('submit response to cloudformation', json); + const responseBody = JSON.stringify(json); + const parsedUrl = url.parse(event.ResponseURL); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, responseBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, _ => resolve()); + request.on('error', reject); + request.write(responseBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibm9kZWpzLWVudHJ5cG9pbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJub2RlanMtZW50cnlwb2ludC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBRTNCLGlCQUFpQjtBQUNKLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGVBQWUsRUFBRSxzQkFBc0I7SUFDdkMsR0FBRyxFQUFFLFVBQVU7SUFDZixrQkFBa0IsRUFBRSxJQUFJO0lBQ3hCLGdCQUFnQixFQUFFLFNBQVM7Q0FDNUIsQ0FBQztBQUVGLE1BQU0sZ0NBQWdDLEdBQUcsd0RBQXdELENBQUM7QUFDbEcsTUFBTSwwQkFBMEIsR0FBRyw4REFBOEQsQ0FBQztBQVczRixLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWtELEVBQUUsT0FBMEI7SUFDMUcsTUFBTSxjQUFjLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFM0QsdUVBQXVFO0lBQ3ZFLHVFQUF1RTtJQUN2RSxhQUFhO0lBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssZ0NBQWdDLEVBQUU7UUFDbkcsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUN0RSxNQUFNLGNBQWMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDdkMsT0FBTztLQUNSO0lBRUQsSUFBSTtRQUNGLHlFQUF5RTtRQUN6RSxpRUFBaUU7UUFDakUsd0NBQXdDO1FBQ3hDLGlFQUFpRTtRQUNqRSxNQUFNLFdBQVcsR0FBWSxPQUFPLENBQUMsZ0JBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLE9BQU8sQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxNQUFNLFdBQVcsQ0FBQyxjQUFjLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFMUQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFcEQsMkJBQTJCO1FBQzNCLE1BQU0sY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztLQUNoRDtJQUFDLE9BQU8sQ0FBTSxFQUFFO1FBQ2YsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxLQUFLO1lBQ1IsTUFBTSxFQUFFLGdCQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPO1NBQzFELENBQUM7UUFFRixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQzVCLHlFQUF5RTtZQUN6RSxtRUFBbUU7WUFDbkUsd0VBQXdFO1lBQ3hFLHFFQUFxRTtZQUNyRSxnQ0FBZ0M7WUFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtnQkFDbEMsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsNEdBQTRHLENBQUMsQ0FBQztnQkFDM0gsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGdDQUFnQyxDQUFDO2FBQzVEO2lCQUFNO2dCQUNMLGtFQUFrRTtnQkFDbEUsNkRBQTZEO2dCQUM3RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7YUFDcEc7U0FDRjtRQUVELG1FQUFtRTtRQUNuRSxNQUFNLGNBQWMsQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDdEM7QUFDSCxDQUFDO0FBbkRELDBCQW1EQztBQUVELFNBQVMsY0FBYyxDQUNyQixVQUF5RixFQUN6RixrQkFBMEMsRUFBRztJQUU3QyxzRUFBc0U7SUFDdEUsdUJBQXVCO0lBQ3ZCLE1BQU0sa0JBQWtCLEdBQUcsZUFBZSxDQUFDLGtCQUFrQixJQUFJLFVBQVUsQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDO0lBRXZILGtFQUFrRTtJQUNsRSxJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRTtRQUMvRixNQUFNLElBQUksS0FBSyxDQUFDLHdEQUF3RCxVQUFVLENBQUMsa0JBQWtCLFNBQVMsZUFBZSxDQUFDLGtCQUFrQixtQkFBbUIsQ0FBQyxDQUFDO0tBQ3RLO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGVBQWU7UUFDbEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxNQUE0QixFQUFFLEtBQWU7SUFDekUsTUFBTSxJQUFJLEdBQW1EO1FBQzNELE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTTtRQUM5QixPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSwwQkFBMEI7UUFDMUUsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtRQUMxQyxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07UUFDcEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO0tBQ2pCLENBQUM7SUFFRixnQkFBUSxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUV4RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFDLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9DLE1BQU0sR0FBRyxHQUFHO1FBQ1YsUUFBUSxFQUFFLFNBQVMsQ0FBQyxRQUFRO1FBQzVCLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtRQUNwQixNQUFNLEVBQUUsS0FBSztRQUNiLE9BQU8sRUFBRTtZQUNQLGNBQWMsRUFBRSxFQUFFO1lBQ2xCLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLE1BQU0sQ0FBQztTQUMxRDtLQUNGLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRztRQUNuQixRQUFRLEVBQUUsQ0FBQztRQUNYLEtBQUssRUFBRSxJQUFJO0tBQ1osQ0FBQztJQUNGLE1BQU0sV0FBVyxDQUFDLFlBQVksRUFBRSxnQkFBUSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEdBQUcsRUFBRSxZQUFZLENBQUMsQ0FBQztBQUMvRSxDQUFDO0FBRUQsS0FBSyxVQUFVLHNCQUFzQixDQUFDLE9BQTZCLEVBQUUsWUFBb0I7SUFDdkYsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsRUFBRTtRQUNyQyxJQUFJO1lBQ0YsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZELE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDNUIsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO1NBQ2Y7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNYO0lBQ0gsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsU0FBUyxVQUFVLENBQUMsR0FBVyxFQUFFLEdBQUcsTUFBYTtJQUMvQyxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxNQUFNLENBQUMsQ0FBQztBQUM5QixDQUFDO0FBU0QsU0FBZ0IsV0FBVyxDQUEwQixPQUFxQixFQUFFLEVBQTRCO0lBQ3RHLE9BQU8sS0FBSyxFQUFFLEdBQUcsRUFBSyxFQUFFLEVBQUU7UUFDeEIsSUFBSSxRQUFRLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQztRQUNoQyxJQUFJLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQ3ZCLE9BQU8sSUFBSSxFQUFFO1lBQ1gsSUFBSTtnQkFDRixPQUFPLE1BQU0sRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7YUFDeEI7WUFBQyxPQUFPLENBQUMsRUFBRTtnQkFDVixJQUFJLFFBQVEsRUFBRSxJQUFJLENBQUMsRUFBRTtvQkFDbkIsTUFBTSxDQUFDLENBQUM7aUJBQ1Q7Z0JBQ0QsTUFBTSxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDNUMsRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNUO1NBQ0Y7SUFDSCxDQUFDLENBQUM7QUFDSixDQUFDO0FBaEJELGtDQWdCQztBQUVELEtBQUssVUFBVSxLQUFLLENBQUMsRUFBVTtJQUM3QixPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDakQsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGh0dHBzIGZyb20gJ2h0dHBzJztcbmltcG9ydCAqIGFzIHVybCBmcm9tICd1cmwnO1xuXG4vLyBmb3IgdW5pdCB0ZXN0c1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBzZW5kSHR0cFJlcXVlc3Q6IGRlZmF1bHRTZW5kSHR0cFJlcXVlc3QsXG4gIGxvZzogZGVmYXVsdExvZyxcbiAgaW5jbHVkZVN0YWNrVHJhY2VzOiB0cnVlLFxuICB1c2VySGFuZGxlckluZGV4OiAnLi9pbmRleCcsXG59O1xuXG5jb25zdCBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUiA9ICdBV1NDREs6OkN1c3RvbVJlc291cmNlUHJvdmlkZXJGcmFtZXdvcms6OkNSRUFURV9GQUlMRUQnO1xuY29uc3QgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpNSVNTSU5HX1BIWVNJQ0FMX0lEJztcblxuZXhwb3J0IHR5cGUgUmVzcG9uc2UgPSBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50ICYgSGFuZGxlclJlc3BvbnNlO1xuZXhwb3J0IHR5cGUgSGFuZGxlciA9IChldmVudDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCwgY29udGV4dDogQVdTTGFtYmRhLkNvbnRleHQpID0+IFByb21pc2U8SGFuZGxlclJlc3BvbnNlIHwgdm9pZD47XG5leHBvcnQgdHlwZSBIYW5kbGVyUmVzcG9uc2UgPSB1bmRlZmluZWQgfCB7XG4gIERhdGE/OiBhbnk7XG4gIFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZztcbiAgUmVhc29uPzogc3RyaW5nO1xuICBOb0VjaG8/OiBib29sZWFuO1xufTtcblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQsIGNvbnRleHQ6IEFXU0xhbWJkYS5Db250ZXh0KSB7XG4gIGNvbnN0IHNhbml0aXplZEV2ZW50ID0geyAuLi5ldmVudCwgUmVzcG9uc2VVUkw6ICcuLi4nIH07XG4gIGV4dGVybmFsLmxvZyhKU09OLnN0cmluZ2lmeShzYW5pdGl6ZWRFdmVudCwgdW5kZWZpbmVkLCAyKSk7XG5cbiAgLy8gaWdub3JlIERFTEVURSBldmVudCB3aGVuIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBpcyB0aGUgbWFya2VyIHRoYXRcbiAgLy8gaW5kaWNhdGVzIHRoYXQgdGhpcyBERUxFVEUgaXMgYSBzdWJzZXF1ZW50IERFTEVURSB0byBhIGZhaWxlZCBDUkVBVEVcbiAgLy8gb3BlcmF0aW9uLlxuICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnICYmIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA9PT0gQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIpIHtcbiAgICBleHRlcm5hbC5sb2coJ2lnbm9yaW5nIERFTEVURSBldmVudCBjYXVzZWQgYnkgYSBmYWlsZWQgQ1JFQVRFIGV2ZW50Jyk7XG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCBldmVudCk7XG4gICAgcmV0dXJuO1xuICB9XG5cbiAgdHJ5IHtcbiAgICAvLyBpbnZva2UgdGhlIHVzZXIgaGFuZGxlci4gdGhpcyBpcyBpbnRlbnRpb25hbGx5IGluc2lkZSB0aGUgdHJ5LWNhdGNoIHRvXG4gICAgLy8gZW5zdXJlIHRoYXQgaWYgdGhlcmUgaXMgYW4gZXJyb3IgaXQncyByZXBvcnRlZCBhcyBhIGZhaWx1cmUgdG9cbiAgICAvLyBjbG91ZGZvcm1hdGlvbiAob3RoZXJ3aXNlIGNmbiB3YWl0cykuXG4gICAgLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1yZXF1aXJlLWltcG9ydHNcbiAgICBjb25zdCB1c2VySGFuZGxlcjogSGFuZGxlciA9IHJlcXVpcmUoZXh0ZXJuYWwudXNlckhhbmRsZXJJbmRleCkuaGFuZGxlcjtcbiAgICBjb25zdCByZXN1bHQgPSBhd2FpdCB1c2VySGFuZGxlcihzYW5pdGl6ZWRFdmVudCwgY29udGV4dCk7XG5cbiAgICAvLyB2YWxpZGF0ZSB1c2VyIHJlc3BvbnNlIGFuZCBjcmVhdGUgdGhlIGNvbWJpbmVkIGV2ZW50XG4gICAgY29uc3QgcmVzcG9uc2VFdmVudCA9IHJlbmRlclJlc3BvbnNlKGV2ZW50LCByZXN1bHQpO1xuXG4gICAgLy8gc3VibWl0IHRvIGNmbiBhcyBzdWNjZXNzXG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCByZXNwb25zZUV2ZW50KTtcbiAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgY29uc3QgcmVzcDogUmVzcG9uc2UgPSB7XG4gICAgICAuLi5ldmVudCxcbiAgICAgIFJlYXNvbjogZXh0ZXJuYWwuaW5jbHVkZVN0YWNrVHJhY2VzID8gZS5zdGFjayA6IGUubWVzc2FnZSxcbiAgICB9O1xuXG4gICAgaWYgKCFyZXNwLlBoeXNpY2FsUmVzb3VyY2VJZCkge1xuICAgICAgLy8gc3BlY2lhbCBjYXNlOiBpZiBDUkVBVEUgZmFpbHMsIHdoaWNoIHVzdWFsbHkgaW1wbGllcywgd2UgdXN1YWxseSBkb24ndFxuICAgICAgLy8gaGF2ZSBhIHBoeXNpY2FsIHJlc291cmNlIGlkLiBpbiB0aGlzIGNhc2UsIHRoZSBzdWJzZXF1ZW50IERFTEVURVxuICAgICAgLy8gb3BlcmF0aW9uIGRvZXMgbm90IGhhdmUgYW55IG1lYW5pbmcsIGFuZCB3aWxsIGxpa2VseSBmYWlsIGFzIHdlbGwuIHRvXG4gICAgICAvLyBhZGRyZXNzIHRoaXMsIHdlIHVzZSBhIG1hcmtlciBzbyB0aGUgcHJvdmlkZXIgZnJhbWV3b3JrIGNhbiBzaW1wbHlcbiAgICAgIC8vIGlnbm9yZSB0aGUgc3Vic2VxdWVudCBERUxFVEUuXG4gICAgICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdDcmVhdGUnKSB7XG4gICAgICAgIGV4dGVybmFsLmxvZygnQ1JFQVRFIGZhaWxlZCwgcmVzcG9uZGluZyB3aXRoIGEgbWFya2VyIHBoeXNpY2FsIHJlc291cmNlIGlkIHNvIHRoYXQgdGhlIHN1YnNlcXVlbnQgREVMRVRFIHdpbGwgYmUgaWdub3JlZCcpO1xuICAgICAgICByZXNwLlBoeXNpY2FsUmVzb3VyY2VJZCA9IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgLy8gb3RoZXJ3aXNlLCBpZiBQaHlzaWNhbFJlc291cmNlSWQgaXMgbm90IHNwZWNpZmllZCwgc29tZXRoaW5nIGlzXG4gICAgICAgIC8vIHRlcnJpYmx5IHdyb25nIGJlY2F1c2UgYWxsIG90aGVyIGV2ZW50cyBzaG91bGQgaGF2ZSBhbiBJRC5cbiAgICAgICAgZXh0ZXJuYWwubG9nKGBFUlJPUjogTWFsZm9ybWVkIGV2ZW50LiBcIlBoeXNpY2FsUmVzb3VyY2VJZFwiIGlzIHJlcXVpcmVkOiAke0pTT04uc3RyaW5naWZ5KGV2ZW50KX1gKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyB0aGlzIGlzIGFuIGFjdHVhbCBlcnJvciwgZmFpbCB0aGUgYWN0aXZpdHkgYWx0b2dldGhlciBhbmQgZXhpc3QuXG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ0ZBSUxFRCcsIHJlc3ApO1xuICB9XG59XG5cbmZ1bmN0aW9uIHJlbmRlclJlc3BvbnNlKFxuICBjZm5SZXF1ZXN0OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50ICYgeyBQaHlzaWNhbFJlc291cmNlSWQ/OiBzdHJpbmcgfSxcbiAgaGFuZGxlclJlc3BvbnNlOiB2b2lkIHwgSGFuZGxlclJlc3BvbnNlID0geyB9KTogUmVzcG9uc2Uge1xuXG4gIC8vIGlmIHBoeXNpY2FsIElEIGlzIG5vdCByZXR1cm5lZCwgd2UgaGF2ZSBzb21lIGRlZmF1bHRzIGZvciB5b3UgYmFzZWRcbiAgLy8gb24gdGhlIHJlcXVlc3QgdHlwZS5cbiAgY29uc3QgcGh5c2ljYWxSZXNvdXJjZUlkID0gaGFuZGxlclJlc3BvbnNlLlBoeXNpY2FsUmVzb3VyY2VJZCA/PyBjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZCA/PyBjZm5SZXF1ZXN0LlJlcXVlc3RJZDtcblxuICAvLyBpZiB3ZSBhcmUgaW4gREVMRVRFIGFuZCBwaHlzaWNhbCBJRCB3YXMgY2hhbmdlZCwgaXQncyBhbiBlcnJvci5cbiAgaWYgKGNmblJlcXVlc3QuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnICYmIHBoeXNpY2FsUmVzb3VyY2VJZCAhPT0gY2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoYERFTEVURTogY2Fubm90IGNoYW5nZSB0aGUgcGh5c2ljYWwgcmVzb3VyY2UgSUQgZnJvbSBcIiR7Y2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWR9XCIgdG8gXCIke2hhbmRsZXJSZXNwb25zZS5QaHlzaWNhbFJlc291cmNlSWR9XCIgZHVyaW5nIGRlbGV0aW9uYCk7XG4gIH1cblxuICAvLyBtZXJnZSByZXF1ZXN0IGV2ZW50IGFuZCByZXN1bHQgZXZlbnQgKHJlc3VsdCBwcmV2YWlscykuXG4gIHJldHVybiB7XG4gICAgLi4uY2ZuUmVxdWVzdCxcbiAgICAuLi5oYW5kbGVyUmVzcG9uc2UsXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBwaHlzaWNhbFJlc291cmNlSWQsXG4gIH07XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHN1Ym1pdFJlc3BvbnNlKHN0YXR1czogJ1NVQ0NFU1MnIHwgJ0ZBSUxFRCcsIGV2ZW50OiBSZXNwb25zZSkge1xuICBjb25zdCBqc29uOiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZVJlc3BvbnNlID0ge1xuICAgIFN0YXR1czogc3RhdHVzLFxuICAgIFJlYXNvbjogZXZlbnQuUmVhc29uID8/IHN0YXR1cyxcbiAgICBTdGFja0lkOiBldmVudC5TdGFja0lkLFxuICAgIFJlcXVlc3RJZDogZXZlbnQuUmVxdWVzdElkLFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkIHx8IE1JU1NJTkdfUEhZU0lDQUxfSURfTUFSS0VSLFxuICAgIExvZ2ljYWxSZXNvdXJjZUlkOiBldmVudC5Mb2dpY2FsUmVzb3VyY2VJZCxcbiAgICBOb0VjaG86IGV2ZW50Lk5vRWNobyxcbiAgICBEYXRhOiBldmVudC5EYXRhLFxuICB9O1xuXG4gIGV4dGVybmFsLmxvZygnc3VibWl0IHJlc3BvbnNlIHRvIGNsb3VkZm9ybWF0aW9uJywganNvbik7XG5cbiAgY29uc3QgcmVzcG9uc2VCb2R5ID0gSlNPTi5zdHJpbmdpZnkoanNvbik7XG4gIGNvbnN0IHBhcnNlZFVybCA9IHVybC5wYXJzZShldmVudC5SZXNwb25zZVVSTCk7XG4gIGNvbnN0IHJlcSA9IHtcbiAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgIG1ldGhvZDogJ1BVVCcsXG4gICAgaGVhZGVyczoge1xuICAgICAgJ2NvbnRlbnQtdHlwZSc6ICcnLFxuICAgICAgJ2NvbnRlbnQtbGVuZ3RoJzogQnVmZmVyLmJ5dGVMZW5ndGgocmVzcG9uc2VCb2R5LCAndXRmOCcpLFxuICAgIH0sXG4gIH07XG5cbiAgY29uc3QgcmV0cnlPcHRpb25zID0ge1xuICAgIGF0dGVtcHRzOiA1LFxuICAgIHNsZWVwOiAxMDAwLFxuICB9O1xuICBhd2FpdCB3aXRoUmV0cmllcyhyZXRyeU9wdGlvbnMsIGV4dGVybmFsLnNlbmRIdHRwUmVxdWVzdCkocmVxLCByZXNwb25zZUJvZHkpO1xufVxuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0U2VuZEh0dHBSZXF1ZXN0KG9wdGlvbnM6IGh0dHBzLlJlcXVlc3RPcHRpb25zLCByZXNwb25zZUJvZHk6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICByZXR1cm4gbmV3IFByb21pc2UoKHJlc29sdmUsIHJlamVjdCkgPT4ge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXF1ZXN0ID0gaHR0cHMucmVxdWVzdChvcHRpb25zLCBfID0+IHJlc29sdmUoKSk7XG4gICAgICByZXF1ZXN0Lm9uKCdlcnJvcicsIHJlamVjdCk7XG4gICAgICByZXF1ZXN0LndyaXRlKHJlc3BvbnNlQm9keSk7XG4gICAgICByZXF1ZXN0LmVuZCgpO1xuICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgIHJlamVjdChlKTtcbiAgICB9XG4gIH0pO1xufVxuXG5mdW5jdGlvbiBkZWZhdWx0TG9nKGZtdDogc3RyaW5nLCAuLi5wYXJhbXM6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4ucGFyYW1zKTtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBSZXRyeU9wdGlvbnMge1xuICAvKiogSG93IG1hbnkgcmV0cmllcyAod2lsbCBhdCBsZWFzdCB0cnkgb25jZSkgKi9cbiAgcmVhZG9ubHkgYXR0ZW1wdHM6IG51bWJlcjtcbiAgLyoqIFNsZWVwIGJhc2UsIGluIG1zICovXG4gIHJlYWRvbmx5IHNsZWVwOiBudW1iZXI7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiB3aXRoUmV0cmllczxBIGV4dGVuZHMgQXJyYXk8YW55PiwgQj4ob3B0aW9uczogUmV0cnlPcHRpb25zLCBmbjogKC4uLnhzOiBBKSA9PiBQcm9taXNlPEI+KTogKC4uLnhzOiBBKSA9PiBQcm9taXNlPEI+IHtcbiAgcmV0dXJuIGFzeW5jICguLi54czogQSkgPT4ge1xuICAgIGxldCBhdHRlbXB0cyA9IG9wdGlvbnMuYXR0ZW1wdHM7XG4gICAgbGV0IG1zID0gb3B0aW9ucy5zbGVlcDtcbiAgICB3aGlsZSAodHJ1ZSkge1xuICAgICAgdHJ5IHtcbiAgICAgICAgcmV0dXJuIGF3YWl0IGZuKC4uLnhzKTtcbiAgICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgICAgaWYgKGF0dGVtcHRzLS0gPD0gMCkge1xuICAgICAgICAgIHRocm93IGU7XG4gICAgICAgIH1cbiAgICAgICAgYXdhaXQgc2xlZXAoTWF0aC5mbG9vcihNYXRoLnJhbmRvbSgpICogbXMpKTtcbiAgICAgICAgbXMgKj0gMjtcbiAgICAgIH1cbiAgICB9XG4gIH07XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHNsZWVwKG1zOiBudW1iZXIpOiBQcm9taXNlPHZvaWQ+IHtcbiAgcmV0dXJuIG5ldyBQcm9taXNlKChvaykgPT4gc2V0VGltZW91dChvaywgbXMpKTtcbn1cbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.assets.json new file mode 100644 index 0000000000000..2c8f5dc8b9a80 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.assets.json @@ -0,0 +1,32 @@ +{ + "version": "35.0.0", + "files": { + "a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03": { + "source": { + "path": "asset.a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "a17370fc201600e810dc71ba186bc1364ba4ba62f0be6d1728a6c27cefbc3314": { + "source": { + "path": "aws-cdk-ec2-key-pair-1.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a17370fc201600e810dc71ba186bc1364ba4ba62f0be6d1728a6c27cefbc3314.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.template.json new file mode 100644 index 0000000000000..5ef53a1122263 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/aws-cdk-ec2-key-pair-1.template.json @@ -0,0 +1,655 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2EIP3C605A87": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2NATGateway9182C01D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTableAssociationDD5762D8" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "a099fdfc61c84ffc56cef4fb2c9472483623ac865ce5d8fca88c89cf60d48d03.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "TestKeyPair38B6CD21": { + "Type": "AWS::EC2::KeyPair", + "Properties": { + "KeyFormat": "pem", + "KeyName": "awscdkec2keypair1TestKeyPairC0110E9D", + "KeyType": "rsa" + } + }, + "TestInstanceInstanceSecurityGroupFC9BD332": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/TestInstance" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "TestInstanceInstanceRole73B579CC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/TestInstance" + } + ] + } + }, + "TestInstanceInstanceProfileD0E25910": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "TestInstanceInstanceRole73B579CC" + } + ] + } + }, + "TestInstance44016A9E": { + "Type": "AWS::EC2::Instance", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "IamInstanceProfile": { + "Ref": "TestInstanceInstanceProfileD0E25910" + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.micro", + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "TestInstanceInstanceSecurityGroupFC9BD332", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-ec2-key-pair-1/TestInstance" + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash" + } + }, + "DependsOn": [ + "TestInstanceInstanceRole73B579CC" + ] + } + }, + "Parameters": { + "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c5cb2e5de6344 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"35.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/integ.json new file mode 100644 index 0000000000000..bb4e985790260 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "35.0.0", + "testCases": { + "KeyPairTest/DefaultTest": { + "stacks": [ + "aws-cdk-ec2-key-pair-1" + ], + "assertionStack": "KeyPairTest/DefaultTest/DeployAssert", + "assertionStackName": "KeyPairTestDefaultTestDeployAssertF103D058" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/manifest.json new file mode 100644 index 0000000000000..4d7164db4e4eb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/manifest.json @@ -0,0 +1,299 @@ +{ + "version": "35.0.0", + "artifacts": { + "aws-cdk-ec2-key-pair-1.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-ec2-key-pair-1.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-ec2-key-pair-1": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-ec2-key-pair-1.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a17370fc201600e810dc71ba186bc1364ba4ba62f0be6d1728a6c27cefbc3314.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-ec2-key-pair-1.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-ec2-key-pair-1.assets" + ], + "metadata": { + "/aws-cdk-ec2-key-pair-1/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2EIP3C605A87" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2NATGateway9182C01D" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/aws-cdk-ec2-key-pair-1/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/aws-cdk-ec2-key-pair-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/aws-cdk-ec2-key-pair-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/aws-cdk-ec2-key-pair-1/TestKeyPair/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestKeyPair38B6CD21" + } + ], + "/aws-cdk-ec2-key-pair-1/TestInstance/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestInstanceInstanceSecurityGroupFC9BD332" + } + ], + "/aws-cdk-ec2-key-pair-1/TestInstance/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestInstanceInstanceRole73B579CC" + } + ], + "/aws-cdk-ec2-key-pair-1/TestInstance/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "TestInstanceInstanceProfileD0E25910" + } + ], + "/aws-cdk-ec2-key-pair-1/TestInstance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestInstance44016A9E" + } + ], + "/aws-cdk-ec2-key-pair-1/SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/aws-cdk-ec2-key-pair-1/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-ec2-key-pair-1/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-ec2-key-pair-1" + }, + "KeyPairTestDefaultTestDeployAssertF103D058.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "KeyPairTestDefaultTestDeployAssertF103D058.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "KeyPairTestDefaultTestDeployAssertF103D058": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "KeyPairTestDefaultTestDeployAssertF103D058.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "KeyPairTestDefaultTestDeployAssertF103D058.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "KeyPairTestDefaultTestDeployAssertF103D058.assets" + ], + "metadata": { + "/KeyPairTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/KeyPairTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "KeyPairTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/tree.json new file mode 100644 index 0000000000000..64cc246f6004d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.js.snapshot/tree.json @@ -0,0 +1,1003 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-ec2-key-pair-1": { + "id": "aws-cdk-ec2-key-pair-1", + "path": "aws-cdk-ec2-key-pair-1", + "children": { + "Vpc": { + "id": "Vpc", + "path": "aws-cdk-ec2-key-pair-1/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-ec2-key-pair-1/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-ec2-key-pair-1/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-cdk-ec2-key-pair-1/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-cdk-ec2-key-pair-1/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "aws-cdk-ec2-key-pair-1/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-ec2-key-pair-1/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "aws-cdk-ec2-key-pair-1/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-cdk-ec2-key-pair-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-ec2-key-pair-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-cdk-ec2-key-pair-1/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProvider", + "version": "0.0.0" + } + }, + "TestKeyPair": { + "id": "TestKeyPair", + "path": "aws-cdk-ec2-key-pair-1/TestKeyPair", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-ec2-key-pair-1/TestKeyPair/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::KeyPair", + "aws:cdk:cloudformation:props": { + "keyFormat": "pem", + "keyName": "awscdkec2keypair1TestKeyPairC0110E9D", + "keyType": "rsa" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnKeyPair", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.KeyPair", + "version": "0.0.0" + } + }, + "TestInstance": { + "id": "TestInstance", + "path": "aws-cdk-ec2-key-pair-1/TestInstance", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/TestInstance" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/TestInstance" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "TestInstanceInstanceRole73B579CC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-ec2-key-pair-1/TestInstance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Instance", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "iamInstanceProfile": { + "Ref": "TestInstanceInstanceProfileD0E25910" + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t3.micro", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "TestInstanceInstanceSecurityGroupFC9BD332", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "tags": [ + { + "key": "Name", + "value": "aws-cdk-ec2-key-pair-1/TestInstance" + } + ], + "userData": { + "Fn::Base64": "#!/bin/bash" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Instance", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "aws-cdk-ec2-key-pair-1/SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "aws-cdk-ec2-key-pair-1/SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-ec2-key-pair-1/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-ec2-key-pair-1/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "KeyPairTest": { + "id": "KeyPairTest", + "path": "KeyPairTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "KeyPairTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "KeyPairTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "KeyPairTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "KeyPairTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "KeyPairTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.ts new file mode 100644 index 0000000000000..fbc6553308cd5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.key-pair.ts @@ -0,0 +1,24 @@ +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-ec2-key-pair-1'); + +const vpc = new ec2.Vpc(stack, 'Vpc'); + +const keyPair = new ec2.KeyPair(stack, 'TestKeyPair'); + +new ec2.Instance(stack, 'TestInstance', { + vpc, + machineImage: new ec2.AmazonLinuxImage({ generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2023 }), + instanceType: new ec2.InstanceType('t3.micro'), + keyPair, +}); + +new integ.IntegTest(app, 'KeyPairTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index e83063c8f4864..4db6a4b655418 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -1609,6 +1609,70 @@ const instance = new ec2.Instance(this, 'Instance', { }); ``` +### Specifying a key pair + +To allow SSH access to an EC2 instance by default, a Key Pair must be specified. Key pairs can +be provided with the `keyPair` property to instances and launch templates. You can create a +key pair for an instance like this: + +```ts +declare const vpc: ec2.Vpc; +declare const instanceType: ec2.InstanceType; + +const keyPair = new ec2.KeyPair(this, 'KeyPair', { + type: ec2.KeyPairType.ED25519, + format: ec2.KeyPairFormat.PEM, +}); +const instance = new ec2.Instance(this, 'Instance', { + vpc, + instanceType, + machineImage: ec2.MachineImage.latestAmazonLinux2023(), + // Use the custom key pair + keyPair, +}); +``` + +When a new EC2 Key Pair is created (without imported material), the private key material is +automatically stored in Systems Manager Parameter Store. This can be retrieved from the key pair +construct: + +```ts +const keyPair = new ec2.KeyPair(this, 'KeyPair'); +const privateKey = keyPair.privateKey; +``` + +If you already have an SSH key that you wish to use in EC2, that can be provided when constructing the +`KeyPair`. If public key material is provided, the key pair is considered "imported" and there +will not be any data automatically stored in Systems Manager Parameter Store and the `type` property +cannot be specified for the key pair. + +```ts +const keyPair = new ec2.KeyPair(this, 'KeyPair', { + publicKeyMaterial: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7jpNzG+YG0s+xIGWbxrxIZiiozHOEuzIJacvASP0mq", +}) +``` + +#### Using an existing EC2 Key Pair + +If you already have an EC2 Key Pair created outside of the CDK, you can import that key to +your CDK stack. + +You can import it purely by name: + +```ts +const keyPair = ec2.KeyPair.fromKeyPairName(this, 'KeyPair', 'the-keypair-name'); +``` + +Or by specifying additional attributes: + +```ts +const keyPair = ec2.KeyPair.fromKeyPairAttributes(this, 'KeyPair', { + keyPairName: 'the-keypair-name', + type: ec2.KeyPairType.RSA, +}) +``` + + ## VPC Flow Logs VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination. (). diff --git a/packages/aws-cdk-lib/aws-ec2/lib/index.ts b/packages/aws-cdk-lib/aws-ec2/lib/index.ts index 276856f8470ad..444f1055f204c 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/index.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/index.ts @@ -31,6 +31,7 @@ export * from './client-vpn-route'; export * from './ip-addresses'; export * from './machine-image'; export * from './placement-group'; +export * from './key-pair'; // AWS::EC2 CloudFormation Resources: export * from './ec2.generated'; diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts index d12fb31fbc85f..e38d99f1354b9 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts @@ -5,6 +5,7 @@ import { CloudFormationInit } from './cfn-init'; import { Connections, IConnectable } from './connections'; import { CfnInstance } from './ec2.generated'; import { InstanceType } from './instance-types'; +import { IKeyPair } from './key-pair'; import { IMachineImage, OperatingSystemType } from './machine-image'; import { instanceBlockDeviceMappings } from './private/ebs-util'; import { ISecurityGroup, SecurityGroup } from './security-group'; @@ -76,9 +77,17 @@ export interface InstanceProps { * Name of SSH keypair to grant access to instance * * @default - No SSH access will be possible. + * @deprecated - Use {@link keyPair} instead */ readonly keyName?: string; + /** + * The SSH keypair to grant access to the instance. + * + * @default - No SSH access will be possible. + */ + readonly keyPair?: IKeyPair; + /** * Where to place the instance within the VPC * @@ -349,6 +358,10 @@ export class Instance extends Resource implements IInstance { throw new Error('Setting \'initOptions\' requires that \'init\' is also set'); } + if (props.keyName && props.keyPair) { + throw new Error('Cannot specify both of \'keyName\' and \'keyPair\'; prefer \'keyPair\''); + } + if (props.securityGroup) { this.securityGroup = props.securityGroup; } else { @@ -415,9 +428,13 @@ export class Instance extends Resource implements IInstance { privateIpAddress: props.privateIpAddress, }] : undefined; + if (props.keyPair && !props.keyPair._isOsCompatible(imageConfig.osType)) { + throw new Error(`${props.keyPair.type} keys are not compatible with the chosen AMI`); + } + // if network interfaces array is configured then subnetId, securityGroupIds, // and privateIpAddress are configured on the network interface level and - // there is no need to configure them on the instance leveleiifcbevnlbrbnrnjglvtebkufvkdlvlliiidflbibtf + // there is no need to configure them on the instance level this.instance = new CfnInstance(this, 'Resource', { imageId: imageConfig.imageId, keyName: props.keyName, diff --git a/packages/aws-cdk-lib/aws-ec2/lib/key-pair.ts b/packages/aws-cdk-lib/aws-ec2/lib/key-pair.ts new file mode 100644 index 0000000000000..0eaf06497a1b7 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ec2/lib/key-pair.ts @@ -0,0 +1,273 @@ +import { Construct } from 'constructs'; +import { CfnKeyPair } from './ec2.generated'; +import { OperatingSystemType } from './machine-image'; +import { StringParameter, IStringParameter } from '../../aws-ssm'; +import { Resource, ResourceProps, Names, Lazy, IResource } from '../../core'; + +/** + * The format of the Key Pair + */ +export enum KeyPairFormat { + /** + * A PPK file, typically used with PuTTY. + */ + PPK = 'ppk', + + /** + * A PEM file. + */ + PEM = 'pem', +} + +/** + * The type of the key pair. + */ +export enum KeyPairType { + /** + * An RSA key. + */ + RSA = 'rsa', + + /** + * An ED25519 key. + * + * Note that ED25519 keys are not supported for Windows instances. + */ + ED25519 = 'ed25519' +} + +/** + * The properties of a Key Pair + */ +export interface KeyPairProps extends ResourceProps { + /** + * A unique name for the key pair. + * + * @default A generated name + */ + readonly keyPairName?: string; + + /** + * The format of the key pair. + * + * @default PEM + */ + readonly format?: KeyPairFormat; + + /** + * The type of key pair. + * + * @default RSA (ignored if keyMaterial is provided) + */ + readonly type?: KeyPairType; + + /** + * The public key material. + * + * If this is provided the key is considered "imported". For imported + * keys, it is assumed that you already have the private key material + * so the private key material will not be returned or stored in + * AWS Systems Manager Parameter Store. + * + * @default a public and private key will be generated + */ + readonly publicKeyMaterial?: string; +} + +/** + * Attributes of a Key Pair. + */ +export interface KeyPairAttributes { + /** + * The unique name of the key pair. + */ + readonly keyPairName: string; + + /** + * The type of the key pair. + * + * @default no type specified + */ + readonly type?: KeyPairType; +} + +/** + * An EC2 Key Pair. + */ +export interface IKeyPair extends IResource { + /** + * The name of the key pair. + * + * @attribute + */ + readonly keyPairName: string; + + /** + * The type of the key pair. + */ + readonly type?: KeyPairType; + + /** + * Used internally to determine whether the key pair is compatible with an OS type. + * + * @internal + */ + _isOsCompatible(osType: OperatingSystemType): boolean; +} + +/** + * An EC2 Key Pair. + * + * @resource AWS::EC2::KeyPair + */ +export class KeyPair extends Resource implements IKeyPair { + /** + * Imports a key pair based on the name. + */ + public static fromKeyPairName(scope: Construct, id: string, keyPairName: string): IKeyPair { + return KeyPair.fromKeyPairAttributes(scope, id, { keyPairName }); + } + + /** + * Imports a key pair with a name and optional type. + */ + public static fromKeyPairAttributes(scope: Construct, id: string, attrs: KeyPairAttributes): IKeyPair { + class Import extends Resource implements IKeyPair { + public readonly keyPairName: string; + public readonly type?: KeyPairType; + + constructor() { + super(scope, id); + this.keyPairName = attrs.keyPairName; + this.type = attrs.type; + } + + /** + * Used internally to determine whether the key pair is compatible with an OS type. + * + * @internal + */ + public _isOsCompatible(osType: OperatingSystemType): boolean { + switch (this.type) { + case KeyPairType.ED25519: + return osType !== OperatingSystemType.WINDOWS; + case KeyPairType.RSA: + return true; + default: + return true; + } + } + } + return new Import(); + } + + /** + * The unique name of the key pair. + * + * @attribute + */ + public readonly keyPairName: string; + + /** + * The fingerprint of the key pair. + * + * @attribute + */ + public readonly keyPairFingerprint: string; + + /** + * The unique ID of the key pair. + * + * @attribute + */ + public readonly keyPairId: string; + + /** + * The type of the key pair. + */ + public readonly type?: KeyPairType; + + /** + * The format of the key pair. + */ + public readonly format: KeyPairFormat; + + private _privateKeySsm?: IStringParameter; + private readonly _isImport: boolean; + + constructor(scope: Construct, id: string, props?: KeyPairProps) { + super(scope, id, { + ...props, + physicalName: props?.keyPairName ?? Lazy.string({ + produce: () => Names.uniqueResourceName(this, { maxLength: 255 }), + }), + }); + + if (props?.publicKeyMaterial && props?.type) { + throw new Error('Cannot specify \'type\' for keys with imported material'); + } + + this._isImport = !!props?.publicKeyMaterial; + + const keyType = props?.type ?? KeyPairType.RSA; + const keyFormat = props?.format ?? KeyPairFormat.PEM; + + const cfnResource = new CfnKeyPair(this, 'Resource', { + keyName: this.physicalName, + keyType: props?.type ?? KeyPairType.RSA, + keyFormat: props?.format ?? KeyPairFormat.PEM, + publicKeyMaterial: props?.publicKeyMaterial, + }); + + this.keyPairName = cfnResource.ref; + this.keyPairFingerprint = cfnResource.attrKeyFingerprint; + this.keyPairId = cfnResource.attrKeyPairId; + this.type = keyType; + this.format = keyFormat; + } + + /** + * Whether the key material was imported. + * + * Keys with imported material do not have their private key material stored + * or returned automatically. + */ + public get hasImportedMaterial(): boolean { + return this._isImport; + } + + /** + * The Systems Manager Parameter Store parameter with the pair's private key material. + */ + public get privateKey(): IStringParameter { + if (this._isImport) { + throw new Error('An SSM parameter with private key material is not created for imported keys'); + } + if (!this._privateKeySsm) { + // This parameter is created by the underlying CloudFormation resource with a defined + // naming structure. The resource does not return a reference to it directly so it must + // be imported. + this._privateKeySsm = StringParameter.fromSecureStringParameterAttributes(this, 'PrivateKeyParameter', { + parameterName: `/ec2/keypair/${this.keyPairId}`, + simpleName: false, + }); + } + return this._privateKeySsm; + } + + /** + * Used internally to determine whether the key pair is compatible with an OS type. + * + * @internal + */ + public _isOsCompatible(osType: OperatingSystemType): boolean { + switch (this.type) { + case KeyPairType.ED25519: + return osType !== OperatingSystemType.WINDOWS; + case KeyPairType.RSA: + return true; + default: + return true; + } + } +} diff --git a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts index e30ba479f34bf..9395afea35794 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts @@ -2,6 +2,7 @@ import { Construct } from 'constructs'; import { Connections, IConnectable } from './connections'; import { CfnLaunchTemplate } from './ec2.generated'; import { InstanceType } from './instance-types'; +import { IKeyPair } from './key-pair'; import { IMachineImage, MachineImageConfig, OperatingSystemType } from './machine-image'; import { launchTemplateBlockDeviceMappings } from './private/ebs-util'; import { ISecurityGroup } from './security-group'; @@ -332,9 +333,17 @@ export interface LaunchTemplateProps { * Name of SSH keypair to grant access to instance * * @default - No SSH access will be possible. + * @deprecated - Use `keyPair` instead. */ readonly keyName?: string; + /** + * The SSK keypair to grant access to the instance. + * + * @default - No SSH access will be possible. + */ + readonly keyPair?: IKeyPair; + /** * If set to true, then detailed monitoring will be enabled on instances created with this * launch template. @@ -595,6 +604,10 @@ export class LaunchTemplate extends Resource implements ILaunchTemplate, iam.IGr throw new Error('You cannot provide both an instanceProfile and a role'); } + if (props.keyName && props.keyPair) { + throw new Error('Cannot specify both of \'keyName\' and \'keyPair\'; prefer \'keyPair\''); + } + // use provided instance profile or create one if a role was provided let iamProfileArn: string | undefined = undefined; if (props.instanceProfile) { @@ -628,6 +641,10 @@ export class LaunchTemplate extends Resource implements ILaunchTemplate, iam.IGr this.imageId = imageConfig.imageId; } + if (this.osType && props.keyPair && !props.keyPair._isOsCompatible(this.osType)) { + throw new Error(`${props.keyPair.type} keys are not compatible with the chosen AMI`); + } + if (FeatureFlags.of(this).isEnabled(cxapi.EC2_LAUNCH_TEMPLATE_DEFAULT_USER_DATA) || FeatureFlags.of(this).isEnabled(cxapi.AUTOSCALING_GENERATE_LAUNCH_TEMPLATE)) { // priority: prop.userData -> userData from machineImage -> undefined @@ -738,7 +755,7 @@ export class LaunchTemplate extends Resource implements ILaunchTemplate, iam.IGr instanceType: props?.instanceType?.toString(), instanceInitiatedShutdownBehavior: props?.instanceInitiatedShutdownBehavior, instanceMarketOptions: marketOptions, - keyName: props?.keyName, + keyName: props.keyPair?.keyPairName ?? props?.keyName, monitoring: props?.detailedMonitoring !== undefined ? { enabled: props.detailedMonitoring, } : undefined, diff --git a/packages/aws-cdk-lib/aws-ec2/lib/nat.ts b/packages/aws-cdk-lib/aws-ec2/lib/nat.ts index 6914f03200e41..b339b4e86fdc0 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/nat.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/nat.ts @@ -1,6 +1,7 @@ import { Connections, IConnectable } from './connections'; import { Instance } from './instance'; import { InstanceType } from './instance-types'; +import { IKeyPair } from './key-pair'; import { IMachineImage, LookupMachineImage } from './machine-image'; import { Port } from './port'; import { ISecurityGroup, SecurityGroup } from './security-group'; @@ -171,9 +172,17 @@ export interface NatInstanceProps { * Name of SSH keypair to grant access to instance * * @default - No SSH access will be possible. + * @deprecated - Use `keyPair` instead. */ readonly keyName?: string; + /** + * The SSH keypair to grant access to the instance. + * + * @default - No SSH access will be possible. + */ + readonly keyPair?: IKeyPair; + /** * Security Group for NAT instances * @@ -274,6 +283,10 @@ export class NatInstanceProvider extends NatProvider implements IConnectable { if (props.defaultAllowedTraffic !== undefined && props.allowAllTraffic !== undefined) { throw new Error('Can not specify both of \'defaultAllowedTraffic\' and \'defaultAllowedTraffic\'; prefer \'defaultAllowedTraffic\''); } + + if (props.keyName && props.keyPair) { + throw new Error('Cannot specify both of \'keyName\' and \'keyPair\'; prefer \'keyPair\''); + } } public configureNat(options: ConfigureNatOptions) { @@ -308,6 +321,7 @@ export class NatInstanceProvider extends NatProvider implements IConnectable { vpcSubnets: { subnets: [sub] }, securityGroup: this._securityGroup, role, + keyPair: this.props.keyPair, keyName: this.props.keyName, }); // NAT instance routes all traffic, both ways diff --git a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts index 4c0516c655fb9..8c902c1c51281 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts @@ -21,6 +21,10 @@ import { Vpc, SubnetType, SecurityGroup, + WindowsImage, + WindowsVersion, + KeyPair, + KeyPairType, } from '../lib'; let stack: Stack; @@ -487,6 +491,35 @@ describe('instance', () => { }); }); + it('throws an error on incompatible Key Pair for operating system', () => { + // GIVEN + const keyPair = new KeyPair(stack, 'KeyPair', { + type: KeyPairType.ED25519, + }); + + // THEN + expect(() => new Instance(stack, 'Instance', { + vpc, + machineImage: new WindowsImage(WindowsVersion.WINDOWS_SERVER_2022_ENGLISH_CORE_BASE), + instanceType: new InstanceType('t2.micro'), + keyPair, + })).toThrow('ed25519 keys are not compatible with the chosen AMI'); + }); + + it('throws an error if keyName and keyPair both provided', () => { + // GIVEN + const keyPair = new KeyPair(stack, 'KeyPair'); + + // THEN + expect(() => new Instance(stack, 'Instance', { + vpc, + instanceType: new InstanceType('t2.micro'), + machineImage: new AmazonLinuxImage(), + keyName: 'test-key-pair', + keyPair, + })).toThrow('Cannot specify both of \'keyName\' and \'keyPair\'; prefer \'keyPair\''); + }); + describe('Detailed Monitoring', () => { test('instance with Detailed Monitoring enabled', () => { // WHEN diff --git a/packages/aws-cdk-lib/aws-ec2/test/key-pair.test.ts b/packages/aws-cdk-lib/aws-ec2/test/key-pair.test.ts new file mode 100644 index 0000000000000..5a69547f82aba --- /dev/null +++ b/packages/aws-cdk-lib/aws-ec2/test/key-pair.test.ts @@ -0,0 +1,188 @@ +import { Match, Template } from '../../assertions'; +import * as cdk from '../../core'; +import { + KeyPair, + KeyPairFormat, + KeyPairType, + OperatingSystemType, +} from '../lib'; + +describe('Key Pair', () => { + test('basic test', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new KeyPair(stack, 'KeyPair'); + + // THEN + Template.fromStack(stack).resourceCountIs('AWS::EC2::KeyPair', 1); + }); + + it('automatically generates a name', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = new KeyPair(stack, 'TestKeyPair'); + + // THEN + expect(keyPair.keyPairName).toBeTruthy(); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::KeyPair', { + KeyName: Match.stringLikeRegexp('\\w{1,255}'), + }); + }); + + it('defaults to RSA type', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = new KeyPair(stack, 'TestKeyPair'); + + // THEN + expect(keyPair.type).toBe(KeyPairType.RSA); + }); + + it('correctly renders RSA', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new KeyPair(stack, 'TestKeyPair', { + type: KeyPairType.RSA, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::KeyPair', { + KeyType: 'rsa', + }); + }); + + it('correctly renders ED25519', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new KeyPair(stack, 'TestKeyPair', { + type: KeyPairType.ED25519, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::KeyPair', { + KeyType: 'ed25519', + }); + }); + + it('correctly renders PEM', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new KeyPair(stack, 'TestKeyPair', { + format: KeyPairFormat.PEM, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::KeyPair', { + KeyFormat: 'pem', + }); + }); + + it('correctly renders PPK', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new KeyPair(stack, 'TestKeyPair', { + format: KeyPairFormat.PPK, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::KeyPair', { + KeyFormat: 'ppk', + }); + }); + + it('asserts unknown type is compatible with all OSes', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = KeyPair.fromKeyPairName(stack, 'KeyPair', 'KeyPairName'); + + // THEN + expect(keyPair._isOsCompatible(OperatingSystemType.LINUX)).toBe(true); + expect(keyPair._isOsCompatible(OperatingSystemType.WINDOWS)).toBe(true); + expect(keyPair._isOsCompatible(OperatingSystemType.UNKNOWN)).toBe(true); + }); + + it('asserts RSA keys are compatible with all OSes', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = new KeyPair(stack, 'KeyPair', { + type: KeyPairType.RSA, + }); + + // THEN + expect(keyPair._isOsCompatible(OperatingSystemType.LINUX)).toBe(true); + expect(keyPair._isOsCompatible(OperatingSystemType.WINDOWS)).toBe(true); + expect(keyPair._isOsCompatible(OperatingSystemType.UNKNOWN)).toBe(true); + }); + + it('aserts ED25519 keys are incompatible with Windows', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = new KeyPair(stack, 'KeyPair', { + type: KeyPairType.ED25519, + }); + + // THEN + expect(keyPair._isOsCompatible(OperatingSystemType.WINDOWS)).toBe(false); + }); + + it('forbids specifying both publicKeyMaterial and type', () => { + // GIVEN + const stack = new cdk.Stack(); + + // THEN + expect(() => new KeyPair(stack, 'KeyPair', { + publicKeyMaterial: 'ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAA', + type: KeyPairType.ED25519, + })).toThrow('Cannot specify \'type\' for keys with imported material'); + }); + + it('returns a reference to SSM parameter for non-imported keys', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = new KeyPair(stack, 'TestKeyPair'); + new cdk.CfnOutput(stack, 'TestOutput', { + value: keyPair.privateKey.parameterName, + }); + + // THEN + expect(keyPair.privateKey).toBeTruthy(); + Template.fromStack(stack).hasOutput('TestOutput', { + Value: stack.resolve(`/ec2/keypair/${keyPair.keyPairId}`), + }); + }); + + it('throws an error when accessing the SSM parameter for an imported key', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const keyPair = new KeyPair(stack, 'TestKeyPair', { + publicKeyMaterial: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7jpNzG+YG0s+xIGWbxrxIZiiozHOEuzIJacvASP0mq', + }); + + // THEN + expect(() => keyPair.privateKey).toThrow('An SSM parameter with private key material is not created for imported keys'); + }); +}); diff --git a/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts b/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts index 3a75c1a7c362a..227eb1c1b0d84 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/launch-template.test.ts @@ -23,6 +23,8 @@ import { EbsDeviceVolumeType, InstanceInitiatedShutdownBehavior, InstanceType, + KeyPair, + KeyPairType, LaunchTemplate, LaunchTemplateHttpTokens, OperatingSystemType, @@ -589,6 +591,30 @@ describe('LaunchTemplate', () => { }); }); + it('throws an error on incompatible Key Pair for operating system', () => { + // GIVEN + const keyPair = new KeyPair(stack, 'KeyPair', { + type: KeyPairType.ED25519, + }); + + // THEN + expect(() => new LaunchTemplate(stack, 'Instance', { + machineImage: new WindowsImage(WindowsVersion.WINDOWS_SERVER_2022_ENGLISH_CORE_BASE), + keyPair, + })).toThrow('ed25519 keys are not compatible with the chosen AMI'); + }); + + it('throws when keyName and keyPair are provided', () => { + // GIVEN + const keyPair = new KeyPair(stack, 'KeyPair'); + + // THEN + expect(() => new LaunchTemplate(stack, 'Instance', { + keyName: 'test-key-pair', + keyPair, + })).toThrow('Cannot specify both of \'keyName\' and \'keyPair\'; prefer \'keyPair\''); + }); + test.each([ [true, true], [false, false],