diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets.json new file mode 100644 index 0000000000000..8688b51737ea1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.24", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/cdk.out new file mode 100644 index 0000000000000..4efaa16f29af9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.24"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ-bastionhost-userdatacausesreplacement.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ-bastionhost-userdatacausesreplacement.assets.json new file mode 100644 index 0000000000000..1494e794c45f3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ-bastionhost-userdatacausesreplacement.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.24", + "files": { + "500ab0cbc3e5f25aa40531fa4642888278c4bed1500e3cfaa1fdbe2964dcb42a": { + "source": { + "path": "integ-bastionhost-userdatacausesreplacement.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "500ab0cbc3e5f25aa40531fa4642888278c4bed1500e3cfaa1fdbe2964dcb42a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ-bastionhost-userdatacausesreplacement.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ-bastionhost-userdatacausesreplacement.template.json new file mode 100644 index 0000000000000..6433e6f07e68e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ-bastionhost-userdatacausesreplacement.template.json @@ -0,0 +1,695 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2RouteTableAssociation5A808732" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-bastionhost-userdatacausesreplacement/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "BastionHostUserDataReplacementEnabledInstanceSecurityGroupBFC3FE6F": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "BastionHost" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "BastionHost" + } + ] + } + }, + "BastionHostUserDataReplacementEnabledInstanceRoleDefaultPolicy4A45D792": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2messages:*", + "ssm:UpdateInstanceInformation", + "ssmmessages:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "BastionHostUserDataReplacementEnabledInstanceRoleDefaultPolicy4A45D792", + "Roles": [ + { + "Ref": "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D" + } + ] + } + }, + "BastionHostUserDataReplacementEnabledInstanceProfile1C737811": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D" + } + ] + } + }, + "BastionHostUserDataReplacementEnabled2AB683D8450c0dd0c96b2841": { + "Type": "AWS::EC2::Instance", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "IamInstanceProfile": { + "Ref": "BastionHostUserDataReplacementEnabledInstanceProfile1C737811" + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.nano", + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "BastionHostUserDataReplacementEnabledInstanceSecurityGroupBFC3FE6F", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + "Tags": [ + { + "Key": "Name", + "Value": "BastionHost" + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash\necho foo >> ~ec2-user/.ssh/authorized_keys\necho bar >> ~ec2-user/.ssh/authorized_keys" + } + }, + "DependsOn": [ + "BastionHostUserDataReplacementEnabledInstanceRoleDefaultPolicy4A45D792", + "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D" + ] + }, + "BastionHostUserDataReplacementDisabledInstanceSecurityGroup90E6FF96": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "BastionHost" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "BastionHost" + } + ] + } + }, + "BastionHostUserDataReplacementDisabledInstanceRoleDefaultPolicy932B765C": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2messages:*", + "ssm:UpdateInstanceInformation", + "ssmmessages:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "BastionHostUserDataReplacementDisabledInstanceRoleDefaultPolicy932B765C", + "Roles": [ + { + "Ref": "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC" + } + ] + } + }, + "BastionHostUserDataReplacementDisabledInstanceProfile847B5D26": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC" + } + ] + } + }, + "BastionHostUserDataReplacementDisabled923BB343": { + "Type": "AWS::EC2::Instance", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "IamInstanceProfile": { + "Ref": "BastionHostUserDataReplacementDisabledInstanceProfile847B5D26" + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.nano", + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "BastionHostUserDataReplacementDisabledInstanceSecurityGroup90E6FF96", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + "Tags": [ + { + "Key": "Name", + "Value": "BastionHost" + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash\necho foo >> ~ec2-user/.ssh/authorized_keys\necho bar >> ~ec2-user/.ssh/authorized_keys" + } + }, + "DependsOn": [ + "BastionHostUserDataReplacementDisabledInstanceRoleDefaultPolicy932B765C", + "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC" + ] + } + }, + "Outputs": { + "BastionHostUserDataReplacementEnabledBastionHostId40E9D44C": { + "Description": "Instance ID of the bastion host. Use this to connect via SSM Session Manager", + "Value": { + "Ref": "BastionHostUserDataReplacementEnabled2AB683D8450c0dd0c96b2841" + } + }, + "BastionHostUserDataReplacementDisabledBastionHostId3B0CFB99": { + "Description": "Instance ID of the bastion host. Use this to connect via SSM Session Manager", + "Value": { + "Ref": "BastionHostUserDataReplacementDisabled923BB343" + } + } + }, + "Parameters": { + "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ.json new file mode 100644 index 0000000000000..1e693f27e3d07 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.24", + "testCases": { + "bastionhost-userdatacausesreplacement-test/DefaultTest": { + "stacks": [ + "integ-bastionhost-userdatacausesreplacement" + ], + "assertionStack": "bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert", + "assertionStackName": "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/manifest.json new file mode 100644 index 0000000000000..db8810c471e11 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/manifest.json @@ -0,0 +1,323 @@ +{ + "version": "36.0.24", + "artifacts": { + "integ-bastionhost-userdatacausesreplacement.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integ-bastionhost-userdatacausesreplacement.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integ-bastionhost-userdatacausesreplacement": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integ-bastionhost-userdatacausesreplacement.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/500ab0cbc3e5f25aa40531fa4642888278c4bed1500e3cfaa1fdbe2964dcb42a.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integ-bastionhost-userdatacausesreplacement.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integ-bastionhost-userdatacausesreplacement.assets" + ], + "metadata": { + "/integ-bastionhost-userdatacausesreplacement/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/integ-bastionhost-userdatacausesreplacement/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementEnabledInstanceSecurityGroupBFC3FE6F" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementEnabledInstanceRoleDefaultPolicy4A45D792" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementEnabledInstanceProfile1C737811" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementEnabled2AB683D8450c0dd0c96b2841" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/BastionHostId": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementEnabledBastionHostId40E9D44C" + } + ], + "/integ-bastionhost-userdatacausesreplacement/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementDisabledInstanceSecurityGroup90E6FF96" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementDisabledInstanceRoleDefaultPolicy932B765C" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementDisabledInstanceProfile847B5D26" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementDisabled923BB343" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/BastionHostId": [ + { + "type": "aws:cdk:logicalId", + "data": "BastionHostUserDataReplacementDisabledBastionHostId3B0CFB99" + } + ], + "/integ-bastionhost-userdatacausesreplacement/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-bastionhost-userdatacausesreplacement/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-bastionhost-userdatacausesreplacement" + }, + "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "bastionhostuserdatacausesreplacementtestDefaultTestDeployAssert7991717B.assets" + ], + "metadata": { + "/bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/tree.json new file mode 100644 index 0000000000000..4c98762d8c43f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.js.snapshot/tree.json @@ -0,0 +1,1212 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "integ-bastionhost-userdatacausesreplacement": { + "id": "integ-bastionhost-userdatacausesreplacement", + "path": "integ-bastionhost-userdatacausesreplacement", + "children": { + "VPC": { + "id": "VPC", + "path": "integ-bastionhost-userdatacausesreplacement/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "integ-bastionhost-userdatacausesreplacement/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "integ-bastionhost-userdatacausesreplacement/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "BastionHostUserDataReplacementEnabled": { + "id": "BastionHostUserDataReplacementEnabled", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "BastionHost" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "BastionHost" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ec2messages:*", + "ssm:UpdateInstanceInformation", + "ssmmessages:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "BastionHostUserDataReplacementEnabledInstanceRoleDefaultPolicy4A45D792", + "roles": [ + { + "Ref": "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "BastionHostUserDataReplacementEnabledInstanceRoleC1DE5B7D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/Resource/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Instance", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "iamInstanceProfile": { + "Ref": "BastionHostUserDataReplacementEnabledInstanceProfile1C737811" + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t3.nano", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "BastionHostUserDataReplacementEnabledInstanceSecurityGroupBFC3FE6F", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + "tags": [ + { + "key": "Name", + "value": "BastionHost" + } + ], + "userData": { + "Fn::Base64": "#!/bin/bash\necho foo >> ~ec2-user/.ssh/authorized_keys\necho bar >> ~ec2-user/.ssh/authorized_keys" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Instance", + "version": "0.0.0" + } + }, + "BastionHostId": { + "id": "BastionHostId", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementEnabled/BastionHostId", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.BastionHostLinux", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "integ-bastionhost-userdatacausesreplacement/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "integ-bastionhost-userdatacausesreplacement/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-kernel-5.10-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BastionHostUserDataReplacementDisabled": { + "id": "BastionHostUserDataReplacementDisabled", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "BastionHost" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "BastionHost" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ec2messages:*", + "ssm:UpdateInstanceInformation", + "ssmmessages:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "BastionHostUserDataReplacementDisabledInstanceRoleDefaultPolicy932B765C", + "roles": [ + { + "Ref": "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "BastionHostUserDataReplacementDisabledInstanceRole8836D8AC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/Resource/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Instance", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "iamInstanceProfile": { + "Ref": "BastionHostUserDataReplacementDisabledInstanceProfile847B5D26" + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t3.nano", + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "BastionHostUserDataReplacementDisabledInstanceSecurityGroup90E6FF96", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + "tags": [ + { + "key": "Name", + "value": "BastionHost" + } + ], + "userData": { + "Fn::Base64": "#!/bin/bash\necho foo >> ~ec2-user/.ssh/authorized_keys\necho bar >> ~ec2-user/.ssh/authorized_keys" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Instance", + "version": "0.0.0" + } + }, + "BastionHostId": { + "id": "BastionHostId", + "path": "integ-bastionhost-userdatacausesreplacement/BastionHostUserDataReplacementDisabled/BastionHostId", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.BastionHostLinux", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-bastionhost-userdatacausesreplacement/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-bastionhost-userdatacausesreplacement/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "bastionhost-userdatacausesreplacement-test": { + "id": "bastionhost-userdatacausesreplacement-test", + "path": "bastionhost-userdatacausesreplacement-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "bastionhost-userdatacausesreplacement-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "bastionhost-userdatacausesreplacement-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "bastionhost-userdatacausesreplacement-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.ts new file mode 100644 index 0000000000000..012ad46b9fb3e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.bastion-host-userdatacausesreplacement.ts @@ -0,0 +1,38 @@ +import * as cdk from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); + +class TestStack extends cdk.Stack { + constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { + super(scope, id, props); + this.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false); + + const vpc = new ec2.Vpc(this, 'VPC'); + const sshKeys = ['foo', 'bar']; + + const bastionHostUserDataReplacementEnabled = new ec2.BastionHostLinux(this, 'BastionHostUserDataReplacementEnabled', { + vpc, + userDataCausesReplacement: true, + }); + bastionHostUserDataReplacementEnabled.instance.addUserData( + ...sshKeys.map(key => `echo ${key} >> ~ec2-user/.ssh/authorized_keys`), + ); + + const bastionHostUserDataReplacementDisabled = new ec2.BastionHostLinux(this, 'BastionHostUserDataReplacementDisabled', { + vpc, + userDataCausesReplacement: false, + }); + bastionHostUserDataReplacementDisabled.instance.addUserData( + ...sshKeys.map(key => `echo ${key} >> ~ec2-user/.ssh/authorized_keys`), + ); + } +} + +const testCase = new TestStack(app, 'integ-bastionhost-userdatacausesreplacement'); + +new IntegTest(app, 'bastionhost-userdatacausesreplacement-test', { + testCases: [testCase], +}); diff --git a/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts b/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts index 7671aa03aa489..d22dfffd42d5e 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts @@ -104,6 +104,25 @@ export interface BastionHostLinuxProps { * @default - false */ readonly requireImdsv2?: boolean; + + /** + * Determines whether changes to the UserData will force instance replacement. + * + * Depending on the EC2 instance type, modifying the UserData may either restart + * or replace the instance: + * + * - Instance store-backed instances are replaced. + * - EBS-backed instances are restarted. + * + * Note that by default, restarting does not execute the updated UserData, so an alternative + * mechanism is needed to ensure the instance re-executes the UserData. + * + * When set to `true`, the instance's Logical ID will depend on the UserData, causing + * CloudFormation to replace the instance if the UserData changes. + * + * @default - `true` if `initOptions` is specified, otherwise `false`. + */ + readonly userDataCausesReplacement?: boolean; } /** @@ -188,6 +207,7 @@ export class BastionHostLinux extends Resource implements IInstance { init: props.init, initOptions: props.initOptions, requireImdsv2: props.requireImdsv2 ?? false, + userDataCausesReplacement: props.userDataCausesReplacement, }); this.instance.addToRolePolicy(new PolicyStatement({ actions: [ diff --git a/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts b/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts index 39445e894e1a1..234597012ce5a 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts @@ -1,4 +1,4 @@ -import { Template } from '../../assertions'; +import { Match, Template } from '../../assertions'; import { Duration, Stack } from '../../core'; import { BastionHostLinux, BlockDeviceVolume, CloudFormationInit, InitCommand, InstanceClass, InstanceSize, InstanceType, SubnetType, Vpc } from '../lib'; @@ -176,4 +176,82 @@ describe('bastion host', () => { }, }); }); + + test('appends new hash digest to instance logical Id if userDataCausesReplacement is true', () => { + //GIVEN + const stackOld = new Stack(); + const stackNew = new Stack(); + const vpcOld = new Vpc(stackOld, 'VPC'); + const vpcNew = new Vpc(stackNew, 'VPC'); + const oldSshKeys = ['foo', 'bar']; + const newSshKeys = ['foo_new', 'bar_new']; + const oldHash = '450c0dd0c96b2841'; + const newHash = 'a5b7d63257ea4ca9'; + + // WHEN + const bastionHostOld = new BastionHostLinux(stackOld, 'BastionHostUserDataCausesReplacement', { + vpc: vpcOld, + userDataCausesReplacement: true, + }); + bastionHostOld.instance.addUserData( + ...oldSshKeys.map(key => `echo ${key} >> ~ec2-user/.ssh/authorized_keys`), + ); + + const bastionHostNew = new BastionHostLinux(stackNew, 'BastionHostUserDataCausesReplacement', { + vpc: vpcNew, + userDataCausesReplacement: true, + }); + bastionHostNew.instance.addUserData( + ...oldSshKeys.map(key => `echo ${key} >> ~ec2-user/.ssh/authorized_keys`), + ); + bastionHostNew.instance.addUserData( + ...newSshKeys.map(key => `echo ${key} >> ~ec2-user/.ssh/authorized_keys`), + ); + + // THEN + Template.fromStack(stackOld).templateMatches(Match.objectLike({ + Resources: Match.objectLike({ + [`BastionHostUserDataCausesReplacement985DBC41${oldHash}`]: Match.objectLike({ + Type: 'AWS::EC2::Instance', + Properties: Match.anyValue(), + }), + }), + })); + + Template.fromStack(stackNew).templateMatches(Match.objectLike({ + Resources: Match.objectLike({ + [`BastionHostUserDataCausesReplacement985DBC41${newHash}`]: Match.objectLike({ + Type: 'AWS::EC2::Instance', + Properties: Match.anyValue(), + }), + }), + })); + }); + + test('does not append new hash digest to instance logical Id if userDataCausesReplacement is false', () => { + //GIVEN + const stack = new Stack(); + const vpc = new Vpc(stack, 'VPC'); + const sshKeys = ['foo', 'bar']; + const hashdigest = '450c0dd0c96b2841'; + + // WHEN + const bastionHostOld = new BastionHostLinux(stack, 'BastionHostUserDataCausesReplacement', { + vpc, + userDataCausesReplacement: false, + }); + bastionHostOld.instance.addUserData( + ...sshKeys.map(key => `echo ${key} >> ~ec2-user/.ssh/authorized_keys`), + ); + + // THEN + Template.fromStack(stack).templateMatches(Match.objectLike({ + Resources: Match.objectLike({ + ['BastionHostUserDataCausesReplacement985DBC41']: Match.objectLike({ + Type: 'AWS::EC2::Instance', + Properties: Match.anyValue(), + }), + }), + })); + }); });