This PR switches the `integ-runner` package from private to public.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

If you run `integ-runner --update-on-failed` and the test succeeds, then
the cli should not return an exit code.

re #20384


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Error message gives the incorrect field depsFileLockPath

Should be depsLockFilePath


----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

None.

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

None.

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Yep.

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.158.0/CHANGELOG.md)

In case user does not have entry in `/etc/passwd` the `os.userInfo()`
call will throw `SystemError` exception as documented:
https://nodejs.org/docs/latest-v16.x/api/os.html#osuserinfooptions

Fixes #19401 issue.

It can be tested inside Docker for ad-hoc 1234 user ID:
```sh
docker run -u 1234 -e CDK_HOME=/tmp npm run cdk diff
```

The `CDK_HOME=/tmp` is a workaround for #7937 issue, where CDK complains
that it can't write cached info in user homedir, because it does not
exists.

Once #7937 will be fixed then #19401 will most likely hit users. However
above workaround is a viable option. Hence those two issues are related,
but not duplicated.


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

Yes, followed the guide.

### Adding new Unconventional Dependencies:

* [x] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

No new dependencies.

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

No, it's a bugfix, not a feature.

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…sgCapacityProvider constructor (#20522)

Fixes #20293 

When adding an AsgCapacityProvider the property `canContainersAccessInstanceRole` is only checked when passed in via the method `addAsgCapacityProvider`. It is ignored when passing the property via the instantiation of an AsgCapacityProvider. In this PR I added, that if either one way (method or constructor) has got the property set - it is respected in the outcome. For more details please see the issue #20293 

I decided **not** to omit the property on the class level because it would bring in breaking changes.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/1.158.0/CHANGELOG.md)

#20456)

Fixed: #20458 

I found `fromServiceAtrributes`. I fixed to `fromServiceAttributes`

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…/lambda-layer-awscli (#20542)

Bumps [awscli](https://github.com/aws/aws-cli) from 1.24.5 to 1.24.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p>
<blockquote>
<h1>1.24.10</h1>
<ul>
<li>api-change:<code>appflow</code>: Adding the following features/changes: Parquet output that preserves typing from the source connector, Failed executions threshold before deactivation for scheduled flows, increasing max size of access and refresh token from 2048 to 4096</li>
<li>api-change:<code>sagemaker</code>: Amazon SageMaker Notebook Instances now allows configuration of Instance Metadata Service version and Amazon SageMaker Studio now supports G5 instance types.</li>
<li>api-change:<code>datasync</code>: AWS DataSync now supports TLS encryption in transit, file system policies and access points for EFS locations.</li>
<li>api-change:<code>emr-serverless</code>: This release adds support for Amazon EMR Serverless, a serverless runtime environment that simplifies running analytics applications using the latest open source frameworks such as Apache Spark and Apache Hive.</li>
</ul>
<h1>1.24.9</h1>
<ul>
<li>api-change:<code>ec2</code>: C7g instances, powered by the latest generation AWS Graviton3 processors, provide the best price performance in Amazon EC2 for compute-intensive workloads.</li>
<li>api-change:<code>emr-serverless</code>: This release adds support for Amazon EMR Serverless, a serverless runtime environment that simplifies running analytics applications using the latest open source frameworks such as Apache Spark and Apache Hive.</li>
<li>api-change:<code>forecast</code>: Introduced a new field in Auto Predictor as Time Alignment Boundary. It helps in aligning the timestamps generated during Forecast exports</li>
<li>api-change:<code>lightsail</code>: Amazon Lightsail now supports the ability to configure a Lightsail Container Service to pull images from Amazon ECR private repositories in your account.</li>
</ul>
<h1>1.24.8</h1>
<ul>
<li>api-change:<code>secretsmanager</code>: Documentation updates for Secrets Manager</li>
<li>api-change:<code>sagemaker</code>: Amazon SageMaker Autopilot adds support for manually selecting features from the input dataset using the CreateAutoMLJob API.</li>
<li>api-change:<code>apprunner</code>: Documentation-only update added for CodeConfiguration.</li>
<li>api-change:<code>apigateway</code>: Documentation updates for Amazon API Gateway</li>
<li>api-change:<code>fsx</code>: This release adds root squash support to FSx for Lustre to restrict root level access from clients by mapping root users to a less-privileged user/group with limited permissions.</li>
<li>api-change:<code>lookoutmetrics</code>: Adding AthenaSourceConfig for MetricSet APIs to support Athena as a data source.</li>
<li>api-change:<code>voice-id</code>: VoiceID will now automatically expire Speakers if they haven't been accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker APIs now return a &quot;LastAccessedAt&quot; time for Speakers, and the EvaluateSession API returns &quot;SPEAKER_EXPIRED&quot; Auth Decision for EXPIRED Speakers.</li>
<li>api-change:<code>cloudformation</code>: Add a new parameter statusReason to DescribeStackSetOperation output for additional details</li>
</ul>
<h1>1.24.7</h1>
<ul>
<li>api-change:<code>ec2</code>: Stop Protection feature enables customers to protect their instances from accidental stop actions.</li>
<li>api-change:<code>cognito-idp</code>: Amazon Cognito now supports requiring attribute verification (ex. email and phone number) before update.</li>
<li>api-change:<code>mediaconvert</code>: AWS Elemental MediaConvert SDK has added support for rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.</li>
<li>api-change:<code>networkmanager</code>: This release adds Multi Account API support for a TGW Global Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network Manager service and dependency CloudFormation StackSets service.</li>
<li>api-change:<code>ivschat</code>: Doc-only update. For MessageReviewHandler structure, added timeout period in the description of the fallbackResult field</li>
</ul>
<h1>1.24.6</h1>
<ul>
<li>api-change:<code>forecast</code>: New APIs for Monitor that help you understand how your predictors perform over time.</li>
<li>api-change:<code>elasticache</code>: Added support for encryption in transit for Memcached clusters. Customers can now launch Memcached cluster with encryption in transit enabled when using Memcached version 1.6.12 or later.</li>
<li>api-change:<code>personalize</code>: Adding modelMetrics as part of DescribeRecommender API response for Personalize.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-cli/commit/61acbef818708342d76580aafa397fd2259c5e72"><code>61acbef</code></a> Merge branch 'release-1.24.10'</li>
<li><a href="https://github.com/aws/aws-cli/commit/fd11aff77939a164795a03d2b7c7a7e63b11216d"><code>fd11aff</code></a> Bumping version to 1.24.10</li>
<li><a href="https://github.com/aws/aws-cli/commit/4db48c443eb427402d2965215fbdce4b65629cad"><code>4db48c4</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/c9cedb190b42c3aa17e003129d82b941c78fa48a"><code>c9cedb1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/3822">#3822</a> from mkrn/develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/7f04197b433b36534460935822ee25aef081bc30"><code>7f04197</code></a> Merge branch 'release-1.24.9'</li>
<li><a href="https://github.com/aws/aws-cli/commit/faafcb1fc2613988b6792a383c112e4e9d06c9a8"><code>faafcb1</code></a> Merge branch 'release-1.24.9' into develop</li>
<li><a href="https://github.com/aws/aws-cli/commit/4c2441303cf52a060987d1527e52cb454d51760f"><code>4c24413</code></a> Bumping version to 1.24.9</li>
<li><a href="https://github.com/aws/aws-cli/commit/2db57f754943a06994177a6cf85875cf112fa853"><code>2db57f7</code></a> Update changelog based on model updates</li>
<li><a href="https://github.com/aws/aws-cli/commit/d9f828cbc080f3d5629df4578654ec7fb9f8d03e"><code>d9f828c</code></a> Add support for aws cloudformation package of AWS::AppSync::FunctionConfigura...</li>
<li><a href="https://github.com/aws/aws-cli/commit/20348b2870e28215b941a39905474b4ce34479c7"><code>20348b2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/4353">#4353</a> from yoshiken/delete_unused_variable</li>
<li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.24.5...1.24.10">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.24.5&new-version=1.24.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

…and-line (#20523)

Snapshot errors
---------------

The constructor of `IntegSnapshotRunner` calls `loadManifest()`, which
on my computer happened to fail and stopped the entire test suite
because this error happened outside the `try/catch` block. Same for
the integ runner itself.

Move it inside the try/catch block, needed a bit of refactoring to
make sure we could still get at the test name.

`--from-file`
-------------

Instead of having `--from-file` require a JSON file with its own
structure, interpret it as a text file which gets treated exactly
the same as the `[TEST [..]]` arguments on the command line.

This still allows for the `--exclude` behavior by setting that flag
on the command-line.

Also be very liberal on the pattern (file name or test name or display
name) that we accept, encoded in the `IntegTest.matches()` class.

Refactoring
-----------

Moved the logic around determining test names and directories into a
class (`IntegTest`) which is a convenience class on top of a static data
record (`IntegTestInfo`). The split between data and logic is so that we
can pass the data to worker threads where we can hydrate the helper
class on top again. I tried to be consistent: in memory, all the fields are 
with respect to `process.cwd()`, so valid file paths in the current
process. Only when they are passed to the CLI wrapper are the paths
made relative to the CLI wrapper directory.

Print snapshot validations that are running for a long time (1 minute).
This helps diagnose what is stuck, if anything is. On my machine, it
was tests using Docker because there was some issue with it, and this
lost me a day. Also change the test reporting formatting slightly.

--------------

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Add the `UserPoolIdentityProviderOidc` class to create an OpenID Connect
identity provider for user pools.


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

)

Fixes (other half - see #20425) of #20372.
This implements the `objectSizeLessThan` property for a S3 lifecycle rule.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This commits adds Lambda Insights layer version 1.0.135.0 for x86 and arm.

Ref:
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html#Lambda-Insights-extension-1.0.135.0
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsARM.html#Lambda-Insights-extension-ARM-1.0.135.0


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fixes #19098.

This introduces two bug fixes that are hidden behind a feature flag to preserve the current hash:

- lambda layer order is ignored by the hash now 
- lambda layer version is included in the hash (along with other lambda layer attributes)

I also added a few more tests around this area to confirm the current behavior which should help demonstrate what the feature flag will change.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

When using `Stack.exportValue` to manually create a CloudFormation
export, the logicalId of the referenced resource is used to generate the
logicalId of the `CfnExport`. Because `exportValue` creates a
`CfnExport` _and_ returns an `importValue` it needs to _resolve_ the
logicalId at call time. If the user later overrides the logicalId of the
referenced resource, that override is reflected in the export/import
that was created earlier.

There doesn't seem to be a way to solve this without incurring a
breaking change so this PR attempts to smooth a rough edge by "locking"
the `logicalId` when `exportValue` is called. If the user attempts to
override the id _after_ that point, an error message will be thrown

closes #14335


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…#20563)

#20439 added support for the --platform option for docker build but the platform prop was not properly passed through when using the new DefaultStackSynthesizer. 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…20497)

The solution I went with in this PR was to try and keep the provided id
set on the `ImmutableRole` instead of the `Import` role. This should
also keep backwards compatibility by only changing the id of the
`Import` role if we are returning an `ImmutableRole`.

fixes #7255


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…irst target (#20479)

If the `EventBus` constructor is called with no arguments, then attaching more than a single target to its policy will silently fail to add them. This is because of a strange edge case in the implementation that was not accounted for previously; it is possible for `props.role` to be `undefined`, yet `singletonEventRole()` is still capable of finding the desired role. `singletonEventRole()` does not add the new statements to any IAM policies that it finds, so as a result adding multiple targets does not add any of them.

Fixes #19407.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*