Merge branch 'main' into feat/aws-lambda-python-exclude-parameter-poetry

aws · Feb 18, 2023 · 2ec7893 · 2ec7893
2 parents 405b72d + f61d950
commit 2ec7893
Show file tree

Hide file tree

Showing 343 changed files with 18,565 additions and 1,902 deletions.
diff --git a/.github/ISSUE_TEMPLATE/region.yml b/.github/ISSUE_TEMPLATE/region.yml
@@ -0,0 +1,86 @@
+name: New Region
+description: Register a new region.
+title: "Register new region: [region]"
+labels: ["@aws-cdk/region-info", "feature-request", "p1", "effort/medium"]
+body:
+  - type: input
+    id: ROUTE_53_BUCKET_WEBSITE_ZONE_IDS
+    attributes:
+     label: AWS Route 53 Bucket Website Zone ID
+     description: |
+        See [Amazon Simple Storage Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints).
+
+  - type: input
+    id: EBS_ENV_ENDPOINT_HOSTED_ZONE_IDS
+    attributes:
+      label: AWS Elastic Beanstalk Hosted Zone ID
+      description: |
+        See [AWS Elastic Beanstalk endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html).
+
+  - type: input
+    id: ELBV2_ACCOUNTS
+    attributes:
+      label: AWS Elastic Beanstalk Load Balancer Account ID
+      description: |
+        See [Attach a policy to your S3 bucket](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy).
+
+  - type: input
+    id: DLC_REPOSITORY_ACCOUNTS
+    attributes:
+      label: AWS Deep Learning Container Account ID
+      description: |
+        See [Available Deep Learning Containers Images](https://aws.amazon.com/releasenotes/available-deep-learning-containers-images/).
+
+  - type: input
+    id: APPMESH_ECR_ACCOUNTS
+    attributes:
+      label: AWS AppMesh Envoy Proxy ECR Account ID
+      description: |
+        See [Envoy Image](https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html).
+
+  - type: input
+    id: CLOUDWATCH_LAMBDA_INSIGHTS_ARNS
+    attributes:
+      label: AWS CloudWatch Lambda Insights Extension ARN
+      description: |
+        See [1.0.178.0](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html#Lambda-Insights-extension-1.0.178.0).
+
+  - type: input
+    id: FIREHOSE_CIDR_BLOCKS
+    attributes:
+      label: AWS Kinesis Data Firehose CIDR Block
+      description: |
+        See [VPC Access to an Amazon Redshift Cluster](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-rs-vpc).
+
+  - type: checkboxes
+    id: ADOT_LAMBDA_LAYER
+    attributes:
+      label: OpenTelemetry Lambda Support
+      description: |
+        [Supported in Region](https://aws-otel.github.io/docs/getting-started/lambda/lambda-js)?
+      options:
+        - label: "Yes"
+        - label: "No"
+
+  - type: markdown
+    attributes:
+      value: |
+        ---
+
+        🚀 Checklist:
+
+        * [ ] Add region in [AWS_CDK_METADATA](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L1) (commented out).
+        * [ ] Add region and zone id in [ROUTE_53_BUCKET_WEBSITE_ZONE_IDS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L40).
+        * [ ] Add region and zone id in [EBS_ENV_ENDPOINT_HOSTED_ZONE_IDS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L77).
+        * [ ] Add region and account in [ELBV2_ACCOUNTS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L116).
+        * [ ] Add region and account in [DLC_REPOSITORY_ACCOUNTS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L149).
+        * [ ] Add region and account in [APPMESH_ECR_ACCOUNTS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L174).
+        * [ ] Add region and ARN in [CLOUDWATCH_LAMBDA_INSIGHTS_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L202) for `1.0.178.0`.
+        * [ ] Add region and CIDR block address in [FIREHOSE_CIDR_BLOCKS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L498).
+        * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_JAVA_SDK_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L529) for most recent version in `x86_64` and `arm64`.
+        * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_JAVA_AUTO_INSTRUMENTATION_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L608) for most recent version in `x86_64` and `arm64`.
+        * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_JAVASCRIPT_SDK_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L689) for most recent version in `x86_64` and `arm64`.
+        * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_PYTHON_SDK_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L768) for most recent version in `x86_64` and `arm64`.
+        * [ ] Add region and ARN in [ADOT_LAMBDA_LAYER_GENERIC_ARNS](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/build-tools/fact-tables.ts#L847) for most recent version in `x86_64` and `arm64`.
+        * [ ] Add region in [AWS_REGIONS_AND_RULES](https://github.com/aws/aws-cdk/blob/v2.65.0/packages/@aws-cdk/region-info/lib/aws-entities.ts).
+        * [ ] Run integ tests and update snapshots
diff --git a/.github/workflows/yarn-upgrade-v1main.yml b/.github/workflows/yarn-upgrade-v1main.yml
@@ -26,7 +26,7 @@ jobs:
 
       - name: Locate Yarn cache
         id: yarn-cache
-        run: echo "::set-output name=dir::$(yarn cache dir)"
+        run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
 
       - name: Restore Yarn cache
         uses: actions/cache@v3
@@ -39,17 +39,16 @@ jobs:
         run: yarn install --frozen-lockfile
       - name: Install Tools
         run: |-
-          npm -g install lerna npm-check-updates@^9.0.0
+          npm -g install lerna js-yaml npm-check-updates@^9.0.0
       - name: Build CLI
-        run: cd packages/aws-cdk && ../../scripts/buildup
+        run: lerna run build --scope aws-cdk --include-dependencies --stream
       - name: Build Integ Runner
-        run: cd packages/@aws-cdk/integ-runner && ../../../scripts/buildup
+        run: lerna run build --scope @aws-cdk/integ-runner --include-dependencies --stream
       - name: List Mono-Repo Packages
         id: list-packages
         # These need to be ignored from the `ncu` runs!
         run: |-
-          echo -n "::set-output name=list::"
-          node -p "$(lerna ls --all --json 2>/dev/null).map(item => item.name).join(',')"
+          echo "list=$(lerna ls --all --json 2>/dev/null | jq -r 'map(.name) | join(",")')" >> $GITHUB_OUTPUT
       - name: Run "ncu -u"
         # We special-case some @types because they need to be pinned to specific versions due to breaking changes in minor upgrades https://github.com/DefinitelyTyped/DefinitelyTyped/issues/64266
         # We special-case aws-sdk because of breaking changes with TS interface exports in recent minor versions - https://github.com/aws/aws-sdk-js/issues/3453

diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
@@ -37,14 +37,13 @@ jobs:
         run: yarn install --frozen-lockfile
       - name: Install Tools
         run: |-
-          npm -g install lerna npm-check-updates@^9.0.0
+          npm -g install lerna js-yaml npm-check-updates@^9.0.0
       - name: Build Integ Runner
-        run: cd packages/@aws-cdk/integ-runner && ../../../scripts/buildup
+        run: lerna run build --scope @aws-cdk/integ-runner --include-dependencies
       - name: List Mono-Repo Packages
         id: list-packages
         # These need to be ignored from the `ncu` runs!
         run: |-
-          echo -n "::set-output name=list::"
           echo "list=$(lerna ls --all --json 2>/dev/null | jq -r 'map(.name) | join(",")')" >> $GITHUB_OUTPUT
       - name: Run "ncu -u"
         # We special-case some @types because they need to be pinned to specific versions due to breaking changes in minor upgrades https://github.com/DefinitelyTyped/DefinitelyTyped/issues/64266

diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.65.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.64.0-alpha.0...v2.65.0-alpha.0) (2023-02-15)
+
+
+### Features
+
+* **glue:** support Ray jobs ([#23822](https://github.com/aws/aws-cdk/issues/23822)) ([8de50d6](https://github.com/aws/aws-cdk/commit/8de50d624c8703a12713dcffbc764688868f22b0))
+* **redshift:** IAM roles can be attached to a cluster, post creation ([#23791](https://github.com/aws/aws-cdk/issues/23791)) ([1a46808](https://github.com/aws/aws-cdk/commit/1a46808b03e8f6d09846f999ae3dc65b190f5f26)), closes [#22632](https://github.com/aws/aws-cdk/issues/22632)
+* **synthetics:** support runtime 3.9 ([#24101](https://github.com/aws/aws-cdk/issues/24101)) ([9d23cad](https://github.com/aws/aws-cdk/commit/9d23caded8aca42d3b78de1bc7e89c38a4d6805e))
+
 ## [2.64.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.63.2-alpha.0...v2.64.0-alpha.0) (2023-02-09)
 
 

diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.65.0](https://github.com/aws/aws-cdk/compare/v2.64.0...v2.65.0) (2023-02-15)
+
+
+### Features
+
+* **autoscaling:** L2 construct for enabling capacity rebalance of autoscaling ([#24025](https://github.com/aws/aws-cdk/issues/24025)) ([d2c63f5](https://github.com/aws/aws-cdk/commit/d2c63f55f8657315ad4e4dd463cfcae07cb66e53)), closes [#22625](https://github.com/aws/aws-cdk/issues/22625)
+* **chatbot:** support guardrail policies ([#24114](https://github.com/aws/aws-cdk/issues/24114)) ([4c72a7d](https://github.com/aws/aws-cdk/commit/4c72a7dc3994ba190f1e1aa467d3087228bcb881)), closes [#20788](https://github.com/aws/aws-cdk/issues/20788)
+* **core:** Allow passing Docker build secrets ([#23778](https://github.com/aws/aws-cdk/issues/23778)) ([74512fa](https://github.com/aws/aws-cdk/commit/74512fa339e0a2937213f519c109ef1207e9d0c6)), closes [#14910](https://github.com/aws/aws-cdk/issues/14910) [#14395](https://github.com/aws/aws-cdk/issues/14395)
+* **elbv2:** add metrics to INetworkTargetGroup and IApplicationTargetGroup ([#23993](https://github.com/aws/aws-cdk/issues/23993)) ([6a9e43f](https://github.com/aws/aws-cdk/commit/6a9e43f0c6f966df4671267eeda21638611dfb1c)), closes [#23853](https://github.com/aws/aws-cdk/issues/23853) [#10850](https://github.com/aws/aws-cdk/issues/10850)
+* **lambda:** add insights version 1.0.178.0 ([#23836](https://github.com/aws/aws-cdk/issues/23836)) ([5272908](https://github.com/aws/aws-cdk/commit/527290854d0fa31e7f41497ede0c1b8b0e1b9ad4))
+
+
+### Bug Fixes
+
+* **bootstrap:** remove Security Hub finding S3.10 ([#24175](https://github.com/aws/aws-cdk/issues/24175)) ([a1da757](https://github.com/aws/aws-cdk/commit/a1da757ce348b4bd66a6d0e7776f2ff8e9f531b6)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-10](https://github.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html/issues/fsbp-s3-10)
+* **codedeploy:** unable to remove alarms from deployment group ([#23308](https://github.com/aws/aws-cdk/issues/23308)) ([eee005f](https://github.com/aws/aws-cdk/commit/eee005f4949d7438467c7448ba8326efa4b79221))
+* **codepipeline:** x-env ECS deployment lacking support stack-dependency ([#24053](https://github.com/aws/aws-cdk/issues/24053)) ([adfe4fa](https://github.com/aws/aws-cdk/commit/adfe4fa137bb748961b4a767d538335490e13ed1)), closes [#24050](https://github.com/aws/aws-cdk/issues/24050) [#24051](https://github.com/aws/aws-cdk/issues/24051)
+* **core:** messages are displayed multiple times per construct ([#24019](https://github.com/aws/aws-cdk/issues/24019)) ([57770bb](https://github.com/aws/aws-cdk/commit/57770bb12ea6d77373f1e9e8e04f6757b440f277)), closes [#9565](https://github.com/aws/aws-cdk/issues/9565)
+* **ec2:** enable set throughput param to CfnVolume ([#24118](https://github.com/aws/aws-cdk/issues/24118)) ([32781f8](https://github.com/aws/aws-cdk/commit/32781f825352f9cb43d8fed5c122b454275b3076)), closes [#24107](https://github.com/aws/aws-cdk/issues/24107) [#24107](https://github.com/aws/aws-cdk/issues/24107)
+* **elbv2:** healthcheck interval is overly restrictive ([#24157](https://github.com/aws/aws-cdk/issues/24157)) ([4f83e02](https://github.com/aws/aws-cdk/commit/4f83e02b85229ebdff3f32ba6fd662ffd707d8db)), closes [#24156](https://github.com/aws/aws-cdk/issues/24156)
+* **iam:** PrincipalWithConditions.addCondition fails with a new key ([#23782](https://github.com/aws/aws-cdk/issues/23782)) ([8951d01](https://github.com/aws/aws-cdk/commit/8951d013bea5dad54b94a6a683f56275ff4e6dba)), closes [#23781](https://github.com/aws/aws-cdk/issues/23781)
+* **iam:** SamlConsolePrincipal does not work in China [#22091](https://github.com/aws/aws-cdk/issues/22091) ([#24034](https://github.com/aws/aws-cdk/issues/24034)) ([2902043](https://github.com/aws/aws-cdk/commit/29020435aeb1a9fb6401572520d0adca8155dc60))
+* **pipelines:** SelfMutation CodeBuild project not accessible ([#24073](https://github.com/aws/aws-cdk/issues/24073)) ([5942978](https://github.com/aws/aws-cdk/commit/594297862f2626b64b174d6998886a40f1b316be))
+* **rds:** database proxies use ids as their resource names directly (under feature flag) ([#23703](https://github.com/aws/aws-cdk/issues/23703)) ([03a0f79](https://github.com/aws/aws-cdk/commit/03a0f79b40e3be95de5421370703eb54c06b7dd7)), closes [#18578](https://github.com/aws/aws-cdk/issues/18578)
+* **s3:** logging bucket blocks KMS_MANAGED encryption ([#23514](https://github.com/aws/aws-cdk/issues/23514)) ([1e8926f](https://github.com/aws/aws-cdk/commit/1e8926fa9bcf561135beaa31379ec1f1e6f79901))
+
 ## [2.64.0](https://github.com/aws/aws-cdk/compare/v2.63.2...v2.64.0) (2023-02-09)
 
 

diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md
@@ -945,6 +945,18 @@ to allow users revert the stage to an old deployment manually.
 [Deployment]: https://docs.aws.amazon.com/apigateway/api-reference/resource/deployment/
 [Stage]: https://docs.aws.amazon.com/apigateway/api-reference/resource/stage/
 
+In order to also create a new deployment when changes are made to any authorizer attached to the API,
+the `@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId` [feature flag](https://docs.aws.amazon.com/cdk/v2/guide/featureflags.html) can be enabled. This can be set
+in the `cdk.json` file.
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true
+  }
+}
+```
+
 ## Custom Domains
 
 To associate an API with a custom domain, use the `domainName` configuration when

diff --git a/packages/@aws-cdk/aws-apigateway/lib/authorizers/cognito.ts b/packages/@aws-cdk/aws-apigateway/lib/authorizers/cognito.ts
@@ -1,7 +1,8 @@
 import * as cognito from '@aws-cdk/aws-cognito';
-import { Duration, Lazy, Names, Stack } from '@aws-cdk/core';
+import { Duration, FeatureFlags, Lazy, Names, Stack } from '@aws-cdk/core';
+import { APIGATEWAY_AUTHORIZER_CHANGE_DEPLOYMENT_LOGICAL_ID } from '@aws-cdk/cx-api';
 import { Construct } from 'constructs';
-import { CfnAuthorizer } from '../apigateway.generated';
+import { CfnAuthorizer, CfnAuthorizerProps } from '../apigateway.generated';
 import { Authorizer, IAuthorizer } from '../authorizer';
 import { AuthorizationType } from '../method';
 import { IRestApi } from '../restapi';
@@ -64,18 +65,25 @@ export class CognitoUserPoolsAuthorizer extends Authorizer implements IAuthorize
 
   private restApiId?: string;
 
+  private readonly authorizerProps: CfnAuthorizerProps;
+
   constructor(scope: Construct, id: string, props: CognitoUserPoolsAuthorizerProps) {
     super(scope, id);
 
     const restApiId = this.lazyRestApiId();
-    const resource = new CfnAuthorizer(this, 'Resource', {
+
+    const authorizerProps = {
       name: props.authorizerName ?? Names.uniqueId(this),
       restApiId,
       type: 'COGNITO_USER_POOLS',
       providerArns: props.cognitoUserPools.map(userPool => userPool.userPoolArn),
       authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds(),
       identitySource: props.identitySource || 'method.request.header.Authorization',
-    });
+    };
+
+    this.authorizerProps = authorizerProps;
+
+    const resource = new CfnAuthorizer(this, 'Resource', authorizerProps);
 
     this.authorizerId = resource.ref;
     this.authorizerArn = Stack.of(this).formatArn({
@@ -96,6 +104,16 @@ export class CognitoUserPoolsAuthorizer extends Authorizer implements IAuthorize
     }
 
     this.restApiId = restApi.restApiId;
+
+    const addToLogicalId = FeatureFlags.of(this).isEnabled(APIGATEWAY_AUTHORIZER_CHANGE_DEPLOYMENT_LOGICAL_ID);
+
+    const deployment = restApi.latestDeployment;
+    if (deployment && addToLogicalId) {
+      deployment.node.addDependency(this);
+      deployment.addToLogicalId({
+        authorizer: this.authorizerProps,
+      });
+    }
   }
 
   /**