chore(release): 1.99.0 (#14146)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.99.0/CHANGELOG.md)

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.99.0](https://github.com/aws/aws-cdk/compare/v1.98.0...v1.99.0) (2021-04-13)
+
+
+### Features
+
+* **elasticloadbalancing:** rename 'sslCertificateId' property of LB listener to 'sslCertificateArn'; deprecate sslCertificateId  property ([#13766](https://github.com/aws/aws-cdk/issues/13766)) ([1a30272](https://github.com/aws/aws-cdk/commit/1a30272c8bd99a919bde695b5b1b1f5cb458cb64)), closes [#9303](https://github.com/aws/aws-cdk/issues/9303) [#9303](https://github.com/aws/aws-cdk/issues/9303)
+
+
+### Bug Fixes
+
+* **aws-cloudfront:** distribution comment length not validated ([#14020](https://github.com/aws/aws-cdk/issues/14020)) ([#14094](https://github.com/aws/aws-cdk/issues/14094)) ([54fddc6](https://github.com/aws/aws-cdk/commit/54fddc64c7b541f9192fb904fa9a3b44b8aacf90))
+* **aws-ecs-patterns:** fixes [#11123](https://github.com/aws/aws-cdk/issues/11123) allow for https listeners to use non Route 53 DNS if a certificate is provided ([#14004](https://github.com/aws/aws-cdk/issues/14004)) ([e6c85e4](https://github.com/aws/aws-cdk/commit/e6c85e4167cdb38ed056eda17b869e179a6dd1c5))
+* **cfn-include:** allow deploy-time values in Parameter substitutions in Fn::Sub expressions ([#14068](https://github.com/aws/aws-cdk/issues/14068)) ([111d26a](https://github.com/aws/aws-cdk/commit/111d26a30d220a319bbb7b1b1696aafac865e009)), closes [#14047](https://github.com/aws/aws-cdk/issues/14047)
+* **fsx:** Weekday.SUNDAY incorrectly evaluates to 0 (should be 7) ([#14081](https://github.com/aws/aws-cdk/issues/14081)) ([708f23e](https://github.com/aws/aws-cdk/commit/708f23e78fb0eff2aa17593c530500eb0b94067a)), closes [#14080](https://github.com/aws/aws-cdk/issues/14080)
+
 ## [1.98.0](https://github.com/aws/aws-cdk/compare/v1.97.0...v1.98.0) (2021-04-12)
 
 

package.json

@@ -18,9 +18,9 @@
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.6",
     "jest-junit": "^12.0.0",
-    "jsii-diff": "^1.27.0",
-    "jsii-pacmak": "^1.27.0",
-    "jsii-rosetta": "^1.27.0",
+    "jsii-diff": "^1.28.0",
+    "jsii-pacmak": "^1.28.0",
+    "jsii-rosetta": "^1.28.0",
     "lerna": "^4.0.0",
     "standard-version": "^9.2.0",
     "typescript": "~3.9.9"

packages/@aws-cdk/aws-certificatemanager/jest.config.js

@@ -1,2 +1,2 @@
-const baseConfig = require('../../../tools/cdk-build-tools/config/jest.config');
+const baseConfig = require('cdk-build-tools/config/jest.config');
 module.exports = baseConfig;

packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json

@@ -29,7 +29,7 @@
   "devDependencies": {
     "aws-sdk": "^2.596.0",
     "aws-sdk-mock": "^5.1.0",
-    "eslint": "^7.23.0",
+    "eslint": "^7.24.0",
     "eslint-config-standard": "^14.1.1",
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-node": "^11.1.0",

packages/@aws-cdk/aws-cloudformation/package.json

@@ -72,7 +72,7 @@
     "@aws-cdk/aws-sns-subscriptions": "0.0.0",
     "@aws-cdk/aws-sqs": "0.0.0",
     "@aws-cdk/aws-ssm": "0.0.0",
-    "@types/aws-lambda": "^8.10.73",
+    "@types/aws-lambda": "^8.10.75",
     "@types/nodeunit": "^0.0.31",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",

packages/@aws-cdk/aws-cloudfront/lib/distribution.ts

@@ -279,6 +279,12 @@ export class Distribution extends Resource implements IDistribution {
     this.certificate = props.certificate;
     this.errorResponses = props.errorResponses ?? [];
 
+    // Comments have an undocumented limit of 128 characters
+    const trimmedComment =
+      props.comment && props.comment.length > 128
+        ? `${props.comment.substr(0, 128 - 3)}...`
+        : props.comment;
+
     const distribution = new CfnDistribution(this, 'Resource', {
       distributionConfig: {
         enabled: props.enabled ?? true,
@@ -287,7 +293,7 @@ export class Distribution extends Resource implements IDistribution {
         defaultCacheBehavior: this.defaultBehavior._renderBehavior(),
         aliases: props.domainNames,
         cacheBehaviors: Lazy.any({ produce: () => this.renderCacheBehaviors() }),
-        comment: props.comment,
+        comment: trimmedComment,
         customErrorResponses: this.renderErrorResponses(),
         defaultRootObject: props.defaultRootObject,
         httpVersion: props.httpVersion ?? HttpVersion.HTTP2,

packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts

@@ -769,8 +769,14 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
   constructor(scope: Construct, id: string, props: CloudFrontWebDistributionProps) {
     super(scope, id);
 
+    // Comments have an undocumented limit of 128 characters
+    const trimmedComment =
+    props.comment && props.comment.length > 128
+      ? `${props.comment.substr(0, 128 - 3)}...`
+      : props.comment;
+
     let distributionConfig: CfnDistribution.DistributionConfigProperty = {
-      comment: props.comment,
+      comment: trimmedComment,
       enabled: true,
       defaultRootObject: props.defaultRootObject ?? 'index.html',
       httpVersion: props.httpVersion || HttpVersion.HTTP2,

packages/@aws-cdk/aws-cloudfront/test/distribution.test.ts

@@ -107,6 +107,40 @@ test('exhaustive example of props renders correctly', () => {
   });
 });
 
+test('ensure comment prop is not greater than max lenght', () => {
+  const origin = defaultOrigin();
+  new Distribution(stack, 'MyDist', {
+    defaultBehavior: { origin },
+    comment: `Adding a comment longer than 128 characters should be trimmed and added the 
+ellipsis so a user would know there was more to read and everything beyond this point should not show up`,
+  });
+
+  expect(stack).toHaveResource('AWS::CloudFront::Distribution', {
+    DistributionConfig: {
+      DefaultCacheBehavior: {
+        CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6',
+        Compress: true,
+        TargetOriginId: 'StackMyDistOrigin1D6D5E535',
+        ViewerProtocolPolicy: 'allow-all',
+      },
+      Comment: `Adding a comment longer than 128 characters should be trimmed and added the 
+ellipsis so a user would know there was more to ...`,
+      Enabled: true,
+      HttpVersion: 'http2',
+      IPV6Enabled: true,
+      Origins: [
+        {
+          DomainName: 'www.example.com',
+          Id: 'StackMyDistOrigin1D6D5E535',
+          CustomOriginConfig: {
+            OriginProtocolPolicy: 'https-only',
+          },
+        },
+      ],
+    },
+  });
+});
+
 describe('multiple behaviors', () => {
 
   test('a second behavior can\'t be specified with the catch-all path pattern', () => {

packages/@aws-cdk/aws-cloudfront/test/web-distribution.test.ts

@@ -198,6 +198,78 @@ nodeunitShim({
     test.done();
   },
 
+  'ensure long comments will not break the distribution'(test: Test) {
+    const stack = new cdk.Stack();
+    const sourceBucket = new s3.Bucket(stack, 'Bucket');
+
+    new CloudFrontWebDistribution(stack, 'AnAmazingWebsiteProbably', {
+      comment: `Adding a comment longer than 128 characters should be trimmed and 
+added the ellipsis so a user would know there was more to read and everything beyond this point should not show up`,
+      originConfigs: [
+        {
+          s3OriginSource: {
+            s3BucketSource: sourceBucket,
+          },
+          behaviors: [
+            {
+              isDefaultBehavior: true,
+            },
+          ],
+        },
+      ],
+    });
+
+    expect(stack).toMatch({
+      Resources: {
+        Bucket83908E77: {
+          Type: 'AWS::S3::Bucket',
+          DeletionPolicy: 'Retain',
+          UpdateReplacePolicy: 'Retain',
+        },
+        AnAmazingWebsiteProbablyCFDistribution47E3983B: {
+          Type: 'AWS::CloudFront::Distribution',
+          Properties: {
+            DistributionConfig: {
+              DefaultRootObject: 'index.html',
+              Origins: [
+                {
+                  ConnectionAttempts: 3,
+                  ConnectionTimeout: 10,
+                  DomainName: {
+                    'Fn::GetAtt': ['Bucket83908E77', 'RegionalDomainName'],
+                  },
+                  Id: 'origin1',
+                  S3OriginConfig: {},
+                },
+              ],
+              ViewerCertificate: {
+                CloudFrontDefaultCertificate: true,
+              },
+              PriceClass: 'PriceClass_100',
+              DefaultCacheBehavior: {
+                AllowedMethods: ['GET', 'HEAD'],
+                CachedMethods: ['GET', 'HEAD'],
+                TargetOriginId: 'origin1',
+                ViewerProtocolPolicy: 'redirect-to-https',
+                ForwardedValues: {
+                  QueryString: false,
+                  Cookies: { Forward: 'none' },
+                },
+                Compress: true,
+              },
+              Comment: `Adding a comment longer than 128 characters should be trimmed and 
+added the ellipsis so a user would know there was more to ...`,
+              Enabled: true,
+              IPV6Enabled: true,
+              HttpVersion: 'http2',
+            },
+          },
+        },
+      },
+    });
+    test.done();
+  },
+
   'distribution with bucket and OAI'(test: Test) {
     const stack = new cdk.Stack();
     const s3BucketSource = new s3.Bucket(stack, 'Bucket');

packages/@aws-cdk/aws-dynamodb-global/lambda-packages/aws-global-table-coordinator/package.json

@@ -29,7 +29,7 @@
   "devDependencies": {
     "aws-sdk": "^2.596.0",
     "aws-sdk-mock": "^5.1.0",
-    "eslint": "^7.23.0",
+    "eslint": "^7.24.0",
     "eslint-config-standard": "^14.1.1",
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-node": "^11.1.0",

packages/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts

@@ -422,13 +422,14 @@ export abstract class ApplicationLoadBalancedServiceBase extends CoreConstruct {
     this.targetGroup = this.listener.addTargets('ECS', targetProps);
 
     if (protocol === ApplicationProtocol.HTTPS) {
-      if (typeof props.domainName === 'undefined' || typeof props.domainZone === 'undefined') {
-        throw new Error('A domain name and zone is required when using the HTTPS protocol');
-      }
 
       if (props.certificate !== undefined) {
         this.certificate = props.certificate;
       } else {
+        if (typeof props.domainName === 'undefined' || typeof props.domainZone === 'undefined') {
+          throw new Error('A domain name and zone is required when using the HTTPS protocol');
+        }
+
         this.certificate = new Certificate(this, 'Certificate', {
           domainName: props.domainName,
           validation: CertificateValidation.fromDns(props.domainZone),

packages/@aws-cdk/aws-ecs-patterns/test/fargate/test.load-balanced-fargate-service.ts

@@ -1,4 +1,5 @@
 import { expect, haveResource, haveResourceLike, SynthUtils } from '@aws-cdk/assert-internal';
+import { DnsValidatedCertificate } from '@aws-cdk/aws-certificatemanager';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as ecs from '@aws-cdk/aws-ecs';
 import { ApplicationLoadBalancer, ApplicationProtocol, NetworkLoadBalancer } from '@aws-cdk/aws-elasticloadbalancingv2';
@@ -977,4 +978,38 @@ export = {
     test.done();
   },
 
+  'domainName and domainZone not required for HTTPS listener with provided cert'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+    const cluster = new ecs.Cluster(stack, 'Cluster', { vpc });
+    const exampleDotComZone = new route53.PublicHostedZone(stack, 'ExampleDotCom', {
+      zoneName: 'example.com',
+    });
+    const certificate = new DnsValidatedCertificate(stack, 'Certificate', {
+      domainName: 'test.example.com',
+      hostedZone: exampleDotComZone,
+    });
+
+    // WHEN
+    new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'FargateAlbService', {
+      cluster,
+      protocol: ApplicationProtocol.HTTPS,
+
+      taskImageOptions: {
+        containerPort: 2015,
+        image: ecs.ContainerImage.fromRegistry('abiosoft/caddy'),
+      },
+      certificate: certificate,
+    });
+
+    // THEN
+    expect(stack).notTo(haveResourceLike('AWS::Route53::RecordSet', {
+      Name: 'test.domain.com.',
+    }));
+
+    test.done();
+
+  },
+
 };

packages/@aws-cdk/aws-ecs/jest.config.js

@@ -1,2 +1,2 @@
-const baseConfig = require('../../../tools/cdk-build-tools/config/jest.config');
-module.exports = baseConfig;
+const baseConfig = require('cdk-build-tools/config/jest.config');
+module.exports = baseConfig;

packages/@aws-cdk/aws-elasticloadbalancing/lib/load-balancer.ts

@@ -187,10 +187,18 @@ export interface LoadBalancerListener {
   readonly policyNames?: string[];
 
   /**
-   * ID of SSL certificate
+   * the ARN of the SSL certificate
+   * @deprecated - use sslCertificateArn instead
    */
   readonly sslCertificateId?: string;
 
+  /**
+   * the ARN of the SSL certificate
+   *
+   * @default - none
+   */
+  readonly sslCertificateArn?: string;
+
   /**
    * Allow connections to the load balancer from the given set of connection peers
    *
@@ -264,8 +272,12 @@ export class LoadBalancer extends Resource implements IConnectable {
    * @returns A ListenerPort object that controls connections to the listener port
    */
   public addListener(listener: LoadBalancerListener): ListenerPort {
+    if (listener.sslCertificateArn && listener.sslCertificateId) {
+      throw new Error('"sslCertificateId" is deprecated, please use "sslCertificateArn" only.');
+    }
     const protocol = ifUndefinedLazy(listener.externalProtocol, () => wellKnownProtocol(listener.externalPort));
     const instancePort = listener.internalPort || listener.externalPort;
+    const sslCertificateArn = listener.sslCertificateArn || listener.sslCertificateId;
     const instanceProtocol = ifUndefined(listener.internalProtocol,
       ifUndefined(tryWellKnownProtocol(instancePort),
         isHttpProtocol(protocol) ? LoadBalancingProtocol.HTTP : LoadBalancingProtocol.TCP));
@@ -275,7 +287,7 @@ export class LoadBalancer extends Resource implements IConnectable {
       protocol,
       instancePort: instancePort.toString(),
       instanceProtocol,
-      sslCertificateId: listener.sslCertificateId,
+      sslCertificateId: sslCertificateArn,
       policyNames: listener.policyNames,
     });