Merge branch 'main' into amplify-cache-config

aws · Sep 10, 2024 · 9dbdc8c · 9dbdc8c
2 parents 89aa773 + 84f69af
commit 9dbdc8c
Show file tree

Hide file tree

Showing 17 changed files with 840 additions and 3 deletions.
diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.157.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.156.0-alpha.0...v2.157.0-alpha.0) (2024-09-09)
+
 ## [2.156.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.155.0-alpha.0...v2.156.0-alpha.0) (2024-09-05)
 
 

diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.157.0](https://github.com/aws/aws-cdk/compare/v2.156.0...v2.157.0) (2024-09-09)
+
+
+### Features
+
+* update L1 CloudFormation resource definitions ([#31361](https://github.com/aws/aws-cdk/issues/31361)) ([bc4dbfd](https://github.com/aws/aws-cdk/commit/bc4dbfdb05a1fe02d30c4724958d09f239a3656f))
+* **appsync:** support DEBUG and INFO logging levels for AppSync GraphQL APIs ([#31326](https://github.com/aws/aws-cdk/issues/31326)) ([4b9643f](https://github.com/aws/aws-cdk/commit/4b9643f28edc2c530809931ccd7a17a811891af2))
+* **lambda:** added new property allowAllIpv6Outbound to FunctionOptions ([#31013](https://github.com/aws/aws-cdk/issues/31013)) ([fa55194](https://github.com/aws/aws-cdk/commit/fa55194698960b9161590e05cf1138a813315615)), closes [#30994](https://github.com/aws/aws-cdk/issues/30994)
+
+
+### Bug Fixes
+
+* **rds:** proxy target group does not depend on database instances when using writer property for database cluster ([#31354](https://github.com/aws/aws-cdk/issues/31354)) ([6542207](https://github.com/aws/aws-cdk/commit/65422077123fa5870106e29594b8f0392484da3f)), closes [#31304](https://github.com/aws/aws-cdk/issues/31304) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts/issues/L535-L539)
+
 ## [2.156.0](https://github.com/aws/aws-cdk/compare/v2.155.0...v2.156.0) (2024-09-05)
 
 

diff --git a/packages/@aws-cdk/aws-iot-alpha/README.md b/packages/@aws-cdk/aws-iot-alpha/README.md
@@ -77,3 +77,17 @@ new iot.TopicRule(this, 'TopicRule', {
 ```
 
 See also [@aws-cdk/aws-iot-actions-alpha](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-iot-actions-alpha-readme.html) for other actions.
+
+## Logging
+
+AWS IoT provides a [logging feature](https://docs.aws.amazon.com/iot/latest/developerguide/configure-logging.html) that allows you to monitor and log AWS IoT activity.
+
+You can enable IoT logging with the following code:
+
+```ts
+new iot.Logging(this, 'Logging', {
+  logLevel: iot.LogLevel.INFO,
+});
+```
+
+**Note**: All logs are forwarded to the `AWSIotLogsV2` log group in CloudWatch.
diff --git a/packages/@aws-cdk/aws-iot-alpha/awslint.json b/packages/@aws-cdk/aws-iot-alpha/awslint.json
@@ -1,5 +1,6 @@
 {
   "exclude": [
-    "no-unused-type:@aws-cdk/aws-iot-alpha.ActionConfig"
+    "no-unused-type:@aws-cdk/aws-iot-alpha.ActionConfig",
+    "props-physical-name:@aws-cdk/aws-iot-alpha.LoggingProps"
   ]
 }
diff --git a/packages/@aws-cdk/aws-iot-alpha/lib/index.ts b/packages/@aws-cdk/aws-iot-alpha/lib/index.ts
@@ -1,5 +1,6 @@
 export * from './action';
 export * from './iot-sql';
+export * from './logging';
 export * from './topic-rule';
 
 // AWS::IoT CloudFormation Resources:
diff --git a/packages/@aws-cdk/aws-iot-alpha/lib/logging.ts b/packages/@aws-cdk/aws-iot-alpha/lib/logging.ts
@@ -0,0 +1,140 @@
+import { Resource, Stack, IResource } from 'aws-cdk-lib/core';
+import { Construct } from 'constructs';
+import * as iot from 'aws-cdk-lib/aws-iot';
+import * as iam from 'aws-cdk-lib/aws-iam';
+
+/**
+ * Represents AWS IoT Logging
+ */
+export interface ILogging extends IResource {
+  /**
+   * The log ID
+   * @attribute
+   */
+  readonly logId: string;
+}
+
+/**
+ * The log level for the AWS IoT Logging
+ */
+export enum LogLevel {
+  /**
+   * Any error that causes an operation to fail
+   *
+   * Logs include ERROR information only
+   */
+  ERROR = 'ERROR',
+
+  /**
+   * Anything that can potentially cause inconsistencies in the system, but might not cause the operation to fail
+   *
+   * Logs include ERROR and WARN information
+   */
+  WARN = 'WARN',
+
+  /**
+   * High-level information about the flow of things
+   *
+   * Logs include INFO, ERROR, and WARN information
+   */
+  INFO = 'INFO',
+
+  /**
+   * Information that might be helpful when debugging a problem
+   *
+   * Logs include DEBUG, INFO, ERROR, and WARN information
+   */
+  DEBUG = 'DEBUG',
+
+  /**
+   * All logging is disabled
+   */
+  DISABLED = 'DISABLED',
+}
+
+/**
+ * Properties for defining AWS IoT Logging
+ */
+export interface LoggingProps {
+  /**
+   * The log level for the AWS IoT Logging
+   *
+   * @default LogLevel.ERROR
+   */
+  readonly logLevel?: LogLevel;
+}
+
+/**
+ * Defines AWS IoT Logging
+ */
+export class Logging extends Resource implements ILogging {
+  /**
+   * Import an existing AWS IoT Logging
+   *
+   * @param scope The parent creating construct (usually `this`)
+   * @param id The construct's name
+   * @param logId AWS IoT Logging ID
+   */
+  public static fromLogId(scope: Construct, id: string, logId: string): ILogging {
+    class Import extends Resource implements ILogging {
+      public readonly logId = logId;
+    }
+    return new Import(scope, id);
+  }
+
+  /**
+   * The logging ID
+   * @attribute
+   */
+  public readonly logId: string;
+
+  constructor(scope: Construct, id: string, props?: LoggingProps) {
+    super(scope, id);
+
+    const accountId = Stack.of(this).account;
+
+    // Create a role for logging
+    // https://docs.aws.amazon.com/iot/latest/developerguide/configure-logging.html#configure-logging-role-and-policy
+    const role = new iam.Role(this, 'Role', {
+      assumedBy: new iam.ServicePrincipal('iot.amazonaws.com'),
+      inlinePolicies: {
+        LoggingPolicy: new iam.PolicyDocument({
+          statements: [
+            new iam.PolicyStatement({
+              actions: [
+                'logs:CreateLogGroup',
+                'logs:CreateLogStream',
+                'logs:PutLogEvents',
+                'logs:PutMetricFilter',
+                'logs:PutRetentionPolicy',
+                'iot:GetLoggingOptions',
+                'iot:SetLoggingOptions',
+                'iot:SetV2LoggingOptions',
+                'iot:GetV2LoggingOptions',
+                'iot:SetV2LoggingLevel',
+                'iot:ListV2LoggingLevels',
+                'iot:DeleteV2LoggingLevel',
+              ],
+              resources: [
+                Stack.of(this).formatArn({
+                  service: 'logs',
+                  resource: 'log-group',
+                  sep: ':',
+                  resourceName: 'AWSIotLogsV2:*',
+                }),
+              ],
+            }),
+          ],
+        }),
+      },
+    });
+
+    const resource = new iot.CfnLogging(this, 'Resource', {
+      accountId,
+      defaultLogLevel: props?.logLevel ?? LogLevel.ERROR,
+      roleArn: role.roleArn,
+    });
+
+    this.logId = resource.ref;
+  }
+}
diff --git a/.../test/integ.logging.js.snapshot/IotLoggingTestDefaultTestDeployAssertB1DE3CEF.assets.json b/.../test/integ.logging.js.snapshot/IotLoggingTestDefaultTestDeployAssertB1DE3CEF.assets.json
diff --git a/...est/integ.logging.js.snapshot/IotLoggingTestDefaultTestDeployAssertB1DE3CEF.template.json b/...est/integ.logging.js.snapshot/IotLoggingTestDefaultTestDeployAssertB1DE3CEF.template.json
diff --git a/...ges/@aws-cdk/aws-iot-alpha/test/integ.logging.js.snapshot/IotLoggingTestStack.assets.json b/...ges/@aws-cdk/aws-iot-alpha/test/integ.logging.js.snapshot/IotLoggingTestStack.assets.json