Skip to content

Commit

Permalink
Merge branch 'main' into feature/add-iam-role-after-declaration
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored Feb 10, 2023
2 parents 1b8d104 + 74512fa commit 8ec3caf
Show file tree
Hide file tree
Showing 282 changed files with 18,086 additions and 6,306 deletions.
4 changes: 4 additions & 0 deletions .gitallowed
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,11 @@ account: '012345678913'

# Account patterns used in the CHANGELOG
account: '123456789012'

111111111111
222222222222
123456789012
333333333333

# The account ID's of public facing ECR images for App Mesh Envoy
# https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/close-stale-prs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ on:
schedule:
# Cron format: min hr day month dow
- cron: "0 0 * * *"
workflow_dispatch:
workflow_dispatch:
jobs:
close-stale-prs:
permissions:
Expand All @@ -23,5 +23,5 @@ jobs:
important-checks-regex: AutoBuildv2Project1C6BFA3F
warn-message: This PR has been in the STATE state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.
close-message: This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.
skip-labels: contribution/core
skip-labels: contribution/core, pr-linter/do-not-close
close-label: closed-for-staleness
17 changes: 17 additions & 0 deletions CHANGELOG.v2.alpha.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,23 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [2.64.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.63.2-alpha.0...v2.64.0-alpha.0) (2023-02-09)


### Features

* **cloud9:** support setting environment owner ([#23878](https://github.com/aws/aws-cdk/issues/23878)) ([08a2f36](https://github.com/aws/aws-cdk/commit/08a2f363093f39d04026778bb8d5d7f673698b57)), closes [#22474](https://github.com/aws/aws-cdk/issues/22474)
* **redshift:** Tables can include comments ([#23847](https://github.com/aws/aws-cdk/issues/23847)) ([46cadd4](https://github.com/aws/aws-cdk/commit/46cadd4b2dd417e1484ba63389b33e1504cfd842)), closes [#22682](https://github.com/aws/aws-cdk/issues/22682)


### Bug Fixes

* **servicecatalogappregistry:** default stack name is not meaningful and causes conflict when multiple stacks deployed to the same account-region ([#23823](https://github.com/aws/aws-cdk/issues/23823)) ([420b5ff](https://github.com/aws/aws-cdk/commit/420b5ff2bd08311f2c8cabbe0787c0e0bf4f8ae3))

## [2.63.2-alpha.0](https://github.com/aws/aws-cdk/compare/v2.63.1-alpha.0...v2.63.2-alpha.0) (2023-02-04)

## [2.63.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.63.0-alpha.0...v2.63.1-alpha.0) (2023-02-03)

## [2.63.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.62.2-alpha.0...v2.63.0-alpha.0) (2023-01-31)


Expand Down
35 changes: 35 additions & 0 deletions CHANGELOG.v2.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,41 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [2.64.0](https://github.com/aws/aws-cdk/compare/v2.63.2...v2.64.0) (2023-02-09)


### Features

* **cfnspec:** cloudformation spec v109.0.0 ([#23968](https://github.com/aws/aws-cdk/issues/23968)) ([5d59134](https://github.com/aws/aws-cdk/commit/5d5913455da2cdb834feef708fb01f9e77df656f))
* **cfnspec:** cloudformation spec v109.0.0 ([#23984](https://github.com/aws/aws-cdk/issues/23984)) ([affe040](https://github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801))
* **cli:** --hotswap will not use CFN anymore, --hotswap-fallback to fall back if necessary ([#23653](https://github.com/aws/aws-cdk/issues/23653)) ([a5317ca](https://github.com/aws/aws-cdk/commit/a5317ca52f05ebc34d9f22196ab0ef36d5cac967)), closes [#22784](https://github.com/aws/aws-cdk/issues/22784) [#21773](https://github.com/aws/aws-cdk/issues/21773) [#21556](https://github.com/aws/aws-cdk/issues/21556) [#23640](https://github.com/aws/aws-cdk/issues/23640)
* **elbv2:** add metrics to INetworkLoadBalancer and IApplicationLoadBalancer ([#23853](https://github.com/aws/aws-cdk/issues/23853)) ([cb889bc](https://github.com/aws/aws-cdk/commit/cb889bc2c267654ca97e3d85a16a99a667d3584c)), closes [#10850](https://github.com/aws/aws-cdk/issues/10850)
* **iam:** implement IGrantable to Policy and ManagedPolicy ([#22712](https://github.com/aws/aws-cdk/issues/22712)) ([d3df40f](https://github.com/aws/aws-cdk/commit/d3df40ff89c70b9243ec175747eb398368067095)), closes [#10308](https://github.com/aws/aws-cdk/issues/10308)
* **lambda:** enable RuntimeManagementConfig ([#23891](https://github.com/aws/aws-cdk/issues/23891)) ([be4f971](https://github.com/aws/aws-cdk/commit/be4f97129f4237b39d0b99977eb597e2af49ed2a)), closes [#23890](https://github.com/aws/aws-cdk/issues/23890)
* **s3:** allow configuring S3 Object Lock ([#23744](https://github.com/aws/aws-cdk/issues/23744)) ([bdcd6c8](https://github.com/aws/aws-cdk/commit/bdcd6c890878fb71c480bf40964f1b6ea0a5f270)), closes [#5247](https://github.com/aws/aws-cdk/issues/5247) [#21738](https://github.com/aws/aws-cdk/issues/21738)


### Bug Fixes

* Use the correct LB full name when creating metrics for imported LBs ([#23972](https://github.com/aws/aws-cdk/issues/23972)) ([16c23b7](https://github.com/aws/aws-cdk/commit/16c23b7554923bf6c2703ba5f229e6c34b459a2f)), closes [#23853](https://github.com/aws/aws-cdk/issues/23853)
* **cdk-assets:** asset concurrency leaves a corrupted archive ([#24026](https://github.com/aws/aws-cdk/issues/24026)) ([989454f](https://github.com/aws/aws-cdk/commit/989454f7e27f3cbf33180d8aab29d56472378126))
* **cdk-assets:** packaging assets is broken on Node older than 14.17 ([#23994](https://github.com/aws/aws-cdk/issues/23994)) ([5bde92c](https://github.com/aws/aws-cdk/commit/5bde92c2ae29781aafd8c3817d08e93748c39885)), closes [#23859](https://github.com/aws/aws-cdk/issues/23859)
* **codedeploy:** cross-region referenced groups use wrong config ([#23986](https://github.com/aws/aws-cdk/issues/23986)) ([390ec78](https://github.com/aws/aws-cdk/commit/390ec78437a55ad68757f8ce812535e9bc149a2a))
* **core:** cross-stack reference error doesn't include violation ([#23987](https://github.com/aws/aws-cdk/issues/23987)) ([c7ad66f](https://github.com/aws/aws-cdk/commit/c7ad66fad6ca5aff5f2ae9754d263dea9d1de368))
* **ec2:** Cannot deploy VPC flow log with other resources that requires bucket policies ([#23889](https://github.com/aws/aws-cdk/issues/23889)) ([e646ad5](https://github.com/aws/aws-cdk/commit/e646ad5b5496b176549f8c039a5ffabbf07403ff)), closes [#18985](https://github.com/aws/aws-cdk/issues/18985)
* **pipelines:** cannot configure actionName for all sources ([#24027](https://github.com/aws/aws-cdk/issues/24027)) ([9cd639b](https://github.com/aws/aws-cdk/commit/9cd639b0f83e65fbe531d56210f68e99874f506e))
* **s3:** infer bucketWebsiteUrl and bucketDomainName suffixes from bucket region ([#23919](https://github.com/aws/aws-cdk/issues/23919)) ([252f052](https://github.com/aws/aws-cdk/commit/252f052d4239b320ac542c7db256683425ad7eba))
* **s3-deployment:** wrong URL in BucketDeployment.deployedBucket.bucketWebsiteUrl ([#24055](https://github.com/aws/aws-cdk/issues/24055)) ([ece46db](https://github.com/aws/aws-cdk/commit/ece46dbd939383f240023172a491767b51eaa722)), closes [#23354](https://github.com/aws/aws-cdk/issues/23354)

## [2.63.2](https://github.com/aws/aws-cdk/compare/v2.63.1...v2.63.2) (2023-02-04)

## [2.63.1](https://github.com/aws/aws-cdk/compare/v2.63.0...v2.63.1) (2023-02-03)


### Reverts

* **cdk-assets:** packaging assets is broken on Node older than 14.17 ([#23994](https://github.com/aws/aws-cdk/issues/23994)) ([1976f1a](https://github.com/aws/aws-cdk/commit/1976f1a7f585b1adb582c5cb557b96ed38418fca)), closes [#23859](https://github.com/aws/aws-cdk/issues/23859)

## [2.63.0](https://github.com/aws/aws-cdk/compare/v2.62.2...v2.63.0) (2023-01-31)


Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
"devDependencies": {
"@types/prettier": "2.6.0",
"@yarnpkg/lockfile": "^1.1.0",
"cdk-generate-synthetic-examples": "^0.1.138",
"cdk-generate-synthetic-examples": "^0.1.140",
"conventional-changelog-cli": "^2.2.2",
"fs-extra": "^9.1.0",
"graceful-fs": "^4.2.10",
Expand Down
54 changes: 45 additions & 9 deletions packages/@aws-cdk/aws-cloud9/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,19 @@

This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a
browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular
programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your
development machine to start new projects. Since your Cloud9 IDE is cloud-based, you can work on your projects from your
office, home, or anywhere using an internet-connected machine. Cloud9 also provides a seamless experience for developing
serverless applications enabling you to easily define resources, debug, and switch between local and remote execution of
serverless applications. With Cloud9, you can quickly share your development environment with your team, enabling you to pair
AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a
browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular
programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your
development machine to start new projects. Since your Cloud9 IDE is cloud-based, you can work on your projects from your
office, home, or anywhere using an internet-connected machine. Cloud9 also provides a seamless experience for developing
serverless applications enabling you to easily define resources, debug, and switch between local and remote execution of
serverless applications. With Cloud9, you can quickly share your development environment with your team, enabling you to pair
program and track each other's inputs in real time.


## Creating EC2 Environment

EC2 Environments are defined with `Ec2Environment`. To create an EC2 environment in the private subnet, specify
EC2 Environments are defined with `Ec2Environment`. To create an EC2 environment in the private subnet, specify
`subnetSelection` with private `subnetType`.


Expand All @@ -52,7 +52,7 @@ new cloud9.Ec2Environment(this, 'Cloud9Env2', {
imageId: cloud9.ImageId.AMAZON_LINUX_2,
});

// or specify in a different subnetSelection
// or specify in a different subnetSelection
const c9env = new cloud9.Ec2Environment(this, 'Cloud9Env3', {
vpc,
subnetSelection: {
Expand Down Expand Up @@ -104,3 +104,39 @@ new cloud9.Ec2Environment(this, 'C9Env', {
imageId: cloud9.ImageId.AMAZON_LINUX_2,
});
```

## Specifying Owners

Every Cloud9 Environment has an **owner**. An owner has full control over the environment, and can invite additional members to the environment for collaboration purposes. For more information, see [Working with shared environments in AWS Cloud9](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html)).

By default, the owner will be the identity that creates the Environment, which is most likely your CloudFormation Execution Role when the Environment is created using CloudFormation. Provider a value for the `owner` property to assign a different owner, either a specific IAM User or the AWS Account Root User.

`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user (but using the account root user is not recommended, see [environment sharing best practices](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-best-practices)).

To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()`

```ts
declare const vpc: ec2.Vpc;
new cloud9.Ec2Environment(this, 'C9Env', {
vpc,
imageId: cloud9.ImageId.AMAZON_LINUX_2,

owner: cloud9.Owner.accountRoot('111111111')
})
```

To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy

```ts
import * as iam from '@aws-cdk/aws-iam';

const user = new iam.User(this, 'user');
user.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCloud9Administrator'));
declare const vpc: ec2.Vpc;
new cloud9.Ec2Environment(this, 'C9Env', {
vpc,
imageId: cloud9.ImageId.AMAZON_LINUX_2,

owner: cloud9.Owner.user(user)
})
```
47 changes: 46 additions & 1 deletion packages/@aws-cdk/aws-cloud9/lib/environment.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import * as codecommit from '@aws-cdk/aws-codecommit';
import * as ec2 from '@aws-cdk/aws-ec2';
import { IUser } from '@aws-cdk/aws-iam';
import * as cdk from '@aws-cdk/core';
import { Construct } from 'constructs';
import { CfnEnvironmentEC2 } from '../lib/cloud9.generated';
Expand Down Expand Up @@ -53,11 +54,19 @@ export enum ImageId {
*/
UBUNTU_18_04 = 'ubuntu-18.04-x86_64'
}

/**
* Properties for Ec2Environment
*/
export interface Ec2EnvironmentProps {
/**
* Owner of the environment.
*
* The owner has full control of the environment and can invite additional members.
*
* @default - The identity that CloudFormation executes under will be the owner
*/
readonly owner?: Owner;

/**
* The type of instance to connect to the environment.
*
Expand Down Expand Up @@ -182,6 +191,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment {
const c9env = new CfnEnvironmentEC2(this, 'Resource', {
name: props.ec2EnvironmentName,
description: props.description,
ownerArn: props.owner?.ownerArn,
instanceType: props.instanceType?.toString() ?? ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO).toString(),
subnetId: this.vpc.selectSubnets(vpcSubnets).subnetIds[0],
repositories: props.clonedRepositories ? props.clonedRepositories.map(r => ({
Expand Down Expand Up @@ -217,3 +227,38 @@ export class CloneRepository {

private constructor(public readonly repositoryUrl: string, public readonly pathComponent: string) {}
}

/**
* An environment owner
*
*
*/
export class Owner {
/**
* Make an IAM user the environment owner
*
* User need to have AWSCloud9Administrator permissions
* @see https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-about
*
* @param user the User object to use as the environment owner
*/
public static user(user: IUser): Owner {
return { ownerArn: user.userArn };
}


/**
* Make the Account Root User the environment owner (not recommended)
*
* @param accountId the AccountId to use as the environment owner.
*/
public static accountRoot(accountId: string): Owner {
return { ownerArn: `arn:aws:iam::${accountId}:root` };
}

/**
*
* @param ownerArn of environment owner.
*/
private constructor(public readonly ownerArn: string) {}
}
2 changes: 2 additions & 0 deletions packages/@aws-cdk/aws-cloud9/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -92,13 +92,15 @@
"dependencies": {
"@aws-cdk/aws-codecommit": "0.0.0",
"@aws-cdk/aws-ec2": "0.0.0",
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/core": "0.0.0",
"constructs": "^10.0.0"
},
"homepage": "https://github.com/aws/aws-cdk",
"peerDependencies": {
"@aws-cdk/aws-codecommit": "0.0.0",
"@aws-cdk/aws-ec2": "0.0.0",
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/core": "0.0.0",
"constructs": "^10.0.0"
},
Expand Down
35 changes: 33 additions & 2 deletions packages/@aws-cdk/aws-cloud9/test/cloud9.environment.test.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
import { Match, Template } from '@aws-cdk/assertions';
import * as codecommit from '@aws-cdk/aws-codecommit';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as iam from '@aws-cdk/aws-iam';
import * as cdk from '@aws-cdk/core';
import * as cloud9 from '../lib';
import { ConnectionType, ImageId } from '../lib';
import { ConnectionType, ImageId, Owner } from '../lib';

let stack: cdk.Stack;
let vpc: ec2.IVpc;
Expand Down Expand Up @@ -79,7 +80,6 @@ test('throw error when subnetSelection not specified and the provided VPC has no
test('can use CodeCommit repositories', () => {
// WHEN
const repo = codecommit.Repository.fromRepositoryName(stack, 'Repo', 'foo');

new cloud9.Ec2Environment(stack, 'C9Env', {
vpc,
clonedRepositories: [
Expand Down Expand Up @@ -114,6 +114,37 @@ test('can use CodeCommit repositories', () => {
});
});

test('environment owner can be an IAM user', () => {
// WHEN
const user = new iam.User(stack, 'User', {
userName: 'testUser',
});
new cloud9.Ec2Environment(stack, 'C9Env', {
vpc,
imageId: cloud9.ImageId.AMAZON_LINUX_2,
owner: Owner.user(user),
});
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', {
OwnerArn: {
'Fn::GetAtt': ['User00B015A1', 'Arn'],
},
});
});

test('environment owner can be account root', () => {
// WHEN
new cloud9.Ec2Environment(stack, 'C9Env', {
vpc,
imageId: cloud9.ImageId.AMAZON_LINUX_2,
owner: Owner.accountRoot('12345678'),
});
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Cloud9::EnvironmentEC2', {
OwnerArn: 'arn:aws:iam::12345678:root',
});
});

test.each([
[ConnectionType.CONNECT_SSH, 'CONNECT_SSH'],
[ConnectionType.CONNECT_SSM, 'CONNECT_SSM'],
Expand Down
4 changes: 2 additions & 2 deletions packages/@aws-cdk/aws-codedeploy/lib/ecs/deployment-group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ export class EcsDeploymentGroup extends DeploymentGroupBase implements IEcsDeplo
this.alarms = props.alarms || [];

this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSCodeDeployRoleForECS'));
this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE;
this.deploymentConfig = this._bindDeploymentConfig(props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE);

if (cdk.Resource.isOwnedResource(props.service)) {
const cfnSvc = (props.service as ecs.BaseService).node.defaultChild as ecs.CfnService;
Expand Down Expand Up @@ -358,6 +358,6 @@ class ImportedEcsDeploymentGroup extends ImportedDeploymentGroupBase implements
});

this.application = props.application;
this.deploymentConfig = props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE;
this.deploymentConfig = this._bindDeploymentConfig(props.deploymentConfig || EcsDeploymentConfig.ALL_AT_ONCE);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ export class LambdaDeploymentGroup extends DeploymentGroupBase implements ILambd
this.alarms = props.alarms || [];

this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSCodeDeployRoleForLambdaLimited'));
this.deploymentConfig = props.deploymentConfig || LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES;
this.deploymentConfig = this._bindDeploymentConfig(props.deploymentConfig || LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES);

const resource = new CfnDeploymentGroup(this, 'Resource', {
applicationName: this.application.applicationName,
Expand Down Expand Up @@ -290,6 +290,6 @@ class ImportedLambdaDeploymentGroup extends ImportedDeploymentGroupBase implemen
});

this.application = props.application;
this.deploymentConfig = props.deploymentConfig || LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES;
this.deploymentConfig = this._bindDeploymentConfig(props.deploymentConfig || LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES);
}
}
Loading

0 comments on commit 8ec3caf

Please sign in to comment.