From 7ee87836a9b4e51adbadbd34ec16cfcd917d4aed Mon Sep 17 00:00:00 2001 From: Mark Pollmann Date: Fri, 12 Jul 2024 22:38:06 +0400 Subject: [PATCH 1/2] chore: fix typo in bucket error message (#30840) Minor typo fix in bucket error message ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-s3/lib/bucket.ts | 2 +- packages/aws-cdk-lib/aws-s3/test/bucket.test.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 45fb98de8a2cb..3d75c713c6332 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -2003,7 +2003,7 @@ export class Bucket extends BucketBase { if (props.publicReadAccess) { if (props.blockPublicAccess === undefined) { - throw new Error('Cannot use \'publicReadAccess\' property on a bucket without allowing bucket-level public access through \'blockPublicAceess\' property.'); + throw new Error('Cannot use \'publicReadAccess\' property on a bucket without allowing bucket-level public access through \'blockPublicAccess\' property.'); } this.grantPublicAccess(); diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 2e048acee3856..e526d6150d195 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -956,7 +956,7 @@ describe('bucket', () => { expect(() => new s3.Bucket(stack, 'Bucket', { publicReadAccess: true, - })).toThrow('Cannot use \'publicReadAccess\' property on a bucket without allowing bucket-level public access through \'blockPublicAceess\' property.'); + })).toThrow('Cannot use \'publicReadAccess\' property on a bucket without allowing bucket-level public access through \'blockPublicAccess\' property.'); }); test('bucket with enabled block public access setting to throw error msg', () => { From 4af3685888383e5451884bc6a9ddde7f0cdefa0c Mon Sep 17 00:00:00 2001 From: Kendra Neil <53584728+TheRealAmazonKendra@users.noreply.github.com> Date: Fri, 12 Jul 2024 13:51:31 -0700 Subject: [PATCH 2/2] chore: remove use of deprecated ServicePrincipal Mapping (#30832) They have now been standardized for a few years. We did not initially remove the old mappings out of caution and because we were unsure that the changes has made it to all regions yet. It is long past that happening at this point. Because we never removed this or marked it as deprecated, we still have a not insignificant amount of customers who believe the individual mapping is necessary and cut tickets because it is not up-to-date. ### Issue # (if applicable) Closes #. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-stepfunctions-integ.template.json | 466 +++++++-------- .../aws-stepfunctions-integ.template.json | 466 +++++++-------- .../__snapshots__/stepfunctions.test.ts.snap | 10 +- .../__snapshots__/stepfunctions.test.ts.snap | 30 +- packages/@aws-cdk/cx-api/FEATURE_FLAGS.md | 22 +- .../test/ecs/deployment-group.test.ts | 10 +- .../test/lambda/deployment-group.test.ts | 10 +- .../aws-ec2/lib/vpc-endpoint-service.ts | 13 +- .../aws-cdk-lib/aws-iam/lib/principals.ts | 47 +- .../aws-iam/test/policy-document.test.ts | 17 +- .../aws-iam/test/principals.test.ts | 24 +- .../test/kinesis.test.ts | 18 +- .../waiter-state-machine.test.ts | 11 +- packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 18 - packages/aws-cdk-lib/cx-api/lib/features.ts | 15 - packages/aws-cdk-lib/region-info/README.md | 16 +- .../build-tools/generate-static-data.ts | 6 - .../region-info/lib/aws-entities.ts | 20 - .../aws-cdk-lib/region-info/lib/default.ts | 9 +- packages/aws-cdk-lib/region-info/lib/fact.ts | 4 +- .../region-info/lib/region-info.ts | 4 +- .../__snapshots__/region-info.test.ts.snap | 560 ------------------ .../region-info/test/region-info.test.ts | 6 +- scripts/check-region-info-compatibility.ts | 8 + 24 files changed, 536 insertions(+), 1274 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json index 883741e07b733..815de3a514d83 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json @@ -1,253 +1,253 @@ { - "Resources": { - "GlueJobRole1CD031E0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "glue" - } + "Resources": { + "GlueJobRole1CD031E0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "glue.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSGlueServiceRole" + ] + ] + } + ] } - ], - "Version": "2012-10-17" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "GlueJobRoleDefaultPolicy3D94D6F1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" }, - ":iam::aws:policy/service-role/AWSGlueServiceRole" - ] - ] - } - ] - } - }, - "GlueJobRoleDefaultPolicy3D94D6F1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/*" - ] - ] + "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", + "Roles": [ + { + "Ref": "GlueJobRole1CD031E0" + } + ] + } + }, + "GlueJob": { + "Type": "AWS::Glue::Job", + "Properties": { + "Command": { + "Name": "glueetl", + "PythonVersion": "3", + "ScriptLocation": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" + ] + ] + } }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - } + "Role": { + "Fn::GetAtt": [ + "GlueJobRole1CD031E0", + "Arn" ] - ] + }, + "GlueVersion": "1.0", + "Name": "My Glue Job" + } + }, + "StateMachineRole543B9670": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } - ] } - ], - "Version": "2012-10-17" }, - "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", - "Roles": [ - { - "Ref": "GlueJobRole1CD031E0" - } - ] - } - }, - "GlueJob": { - "Type": "AWS::Glue::Job", - "Properties": { - "Command": { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": { - "Fn::Join": [ - "", - [ - "s3://", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "StateMachineRoleDefaultPolicyDA5F7DA8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "glue:BatchStopJobRun", + "glue:GetJobRun", + "glue:GetJobRuns", + "glue:StartJobRun" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":job/My Glue Job" + ] + ] + } + } + ], + "Version": "2012-10-17" }, - "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" - ] - ] - } - }, - "Role": { - "Fn::GetAtt": [ - "GlueJobRole1CD031E0", - "Arn" - ] - }, - "GlueVersion": "1.0", - "Name": "My Glue Job" - } - }, - "StateMachineRole543B9670": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "states.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StateMachineRoleDefaultPolicyDA5F7DA8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "glue:BatchStopJobRun", - "glue:GetJobRun", - "glue:GetJobRuns", - "glue:StartJobRun" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", + "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", + "Roles": [ { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":job/My Glue Job" - ] + "Ref": "StateMachineRole543B9670" + } ] - } } - ], - "Version": "2012-10-17" }, - "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", - "Roles": [ - { - "Ref": "StateMachineRole543B9670" - } - ] - } + "StateMachine81935E76": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole543B9670", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}},\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::glue:startJobRun.sync\"},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" + ] + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDA5F7DA8", + "StateMachineRole543B9670" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } }, - "StateMachine81935E76": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRole543B9670", - "Arn" - ] - }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}},\"Type\":\"Task\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::glue:startJobRun.sync\"},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" - ] - ] + "Outputs": { + "StateMachineARNOutput": { + "Value": { + "Ref": "StateMachine81935E76" + } } - }, - "DependsOn": [ - "StateMachineRoleDefaultPolicyDA5F7DA8", - "StateMachineRole543B9670" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - } - }, - "Outputs": { - "StateMachineARNOutput": { - "Value": { - "Ref": "StateMachine81935E76" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } - ] } - } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json index e054ff5a5c807..badcc4da61922 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json @@ -1,253 +1,253 @@ { - "Resources": { - "GlueJobRole1CD031E0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "glue" - } + "Resources": { + "GlueJobRole1CD031E0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "glue.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSGlueServiceRole" + ] + ] + } + ] } - ], - "Version": "2012-10-17" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "GlueJobRoleDefaultPolicy3D94D6F1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" }, - ":iam::aws:policy/service-role/AWSGlueServiceRole" - ] - ] - } - ] - } - }, - "GlueJobRoleDefaultPolicy3D94D6F1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/*" - ] - ] + "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", + "Roles": [ + { + "Ref": "GlueJobRole1CD031E0" + } + ] + } + }, + "GlueJob": { + "Type": "AWS::Glue::Job", + "Properties": { + "Command": { + "Name": "glueetl", + "PythonVersion": "3", + "ScriptLocation": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" + ] + ] + } }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - } + "Role": { + "Fn::GetAtt": [ + "GlueJobRole1CD031E0", + "Arn" ] - ] + }, + "GlueVersion": "1.0", + "Name": "My Glue Job" + } + }, + "StateMachineRole543B9670": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } - ] } - ], - "Version": "2012-10-17" }, - "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", - "Roles": [ - { - "Ref": "GlueJobRole1CD031E0" - } - ] - } - }, - "GlueJob": { - "Type": "AWS::Glue::Job", - "Properties": { - "Command": { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": { - "Fn::Join": [ - "", - [ - "s3://", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "StateMachineRoleDefaultPolicyDA5F7DA8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "glue:BatchStopJobRun", + "glue:GetJobRun", + "glue:GetJobRuns", + "glue:StartJobRun" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":job/My Glue Job" + ] + ] + } + } + ], + "Version": "2012-10-17" }, - "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" - ] - ] - } - }, - "Role": { - "Fn::GetAtt": [ - "GlueJobRole1CD031E0", - "Arn" - ] - }, - "GlueVersion": "1.0", - "Name": "My Glue Job" - } - }, - "StateMachineRole543B9670": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "states.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StateMachineRoleDefaultPolicyDA5F7DA8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "glue:BatchStopJobRun", - "glue:GetJobRun", - "glue:GetJobRuns", - "glue:StartJobRun" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", + "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", + "Roles": [ { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":job/My Glue Job" - ] + "Ref": "StateMachineRole543B9670" + } ] - } } - ], - "Version": "2012-10-17" }, - "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", - "Roles": [ - { - "Ref": "StateMachineRole543B9670" - } - ] - } + "StateMachine81935E76": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole543B9670", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::glue:startJobRun.sync\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}}},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" + ] + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDA5F7DA8", + "StateMachineRole543B9670" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } }, - "StateMachine81935E76": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRole543B9670", - "Arn" - ] - }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Type\":\"Task\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::glue:startJobRun.sync\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}}},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" - ] - ] + "Outputs": { + "StateMachineARNOutput": { + "Value": { + "Ref": "StateMachine81935E76" + } } - }, - "DependsOn": [ - "StateMachineRoleDefaultPolicyDA5F7DA8", - "StateMachineRole543B9670" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - } - }, - "Outputs": { - "StateMachineARNOutput": { - "Value": { - "Ref": "StateMachine81935E76" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } - ] } - } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap b/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap index 641c4506ff287..826d1b8ca419c 100644 --- a/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap +++ b/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap @@ -10,15 +10,7 @@ exports[`stepfunctions should grant pipe role invoke access 1`] = ` "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], diff --git a/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap b/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap index c58ce2f47f055..ab4bac868cfbe 100644 --- a/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap +++ b/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap @@ -27,15 +27,7 @@ exports[`step-function should grant pipe role push access (StartAsyncExecution) "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], @@ -74,15 +66,7 @@ exports[`step-function should grant pipe role push access (StartAsyncExecution) "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], @@ -121,15 +105,7 @@ exports[`step-function should grant pipe role push access (StartSyncExecution) w "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index ced7faaa3adef..be8cfb6c4d69c 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -38,7 +38,6 @@ Flags come in three types: | [@aws-cdk/core:enablePartitionLiterals](#aws-cdkcoreenablepartitionliterals) | Make ARNs concrete if AWS partition is known | 2.38.0 | (fix) | | [@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker](#aws-cdkaws-ecsdisableexplicitdeploymentcontrollerforcircuitbreaker) | Avoid setting the "ECS" deployment controller when adding a circuit breaker | 2.51.0 | (fix) | | [@aws-cdk/aws-events:eventsTargetQueueSameAccount](#aws-cdkaws-eventseventstargetqueuesameaccount) | Event Rules may only push to encrypted SQS queues in the same account | 2.51.0 | (fix) | -| [@aws-cdk/aws-iam:standardizedServicePrincipals](#aws-cdkaws-iamstandardizedserviceprincipals) | Use standardized (global) service principals everywhere | 2.51.0 | (fix) | | [@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName](#aws-cdkaws-iamimportedrolestacksafedefaultpolicyname) | Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in. | 2.60.0 | (fix) | | [@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy](#aws-cdkaws-s3serveraccesslogsusebucketpolicy) | Use S3 Bucket Policy instead of ACLs for Server Access Logging | 2.60.0 | (fix) | | [@aws-cdk/customresources:installLatestAwsSdkDefault](#aws-cdkcustomresourcesinstalllatestawssdkdefault) | Whether to install the latest SDK by default in AwsCustomResource | 2.60.0 | (default) | @@ -72,7 +71,7 @@ Flags come in three types: | [@aws-cdk/pipelines:reduceAssetRoleTrustScope](#aws-cdkpipelinesreduceassetroletrustscope) | Remove the root account principal from PipelineAssetsFileRole trust policy | 2.141.0 | (default) | | [@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm](#aws-cdkaws-ecsremovedefaultdeploymentalarm) | When enabled, remove default deployment alarm settings | 2.143.0 | (default) | | [@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault](#aws-cdkcustom-resourceslogapiresponsedatapropertytruedefault) | When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default | 2.145.0 | (fix) | -| [@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions](#aws-cdkaws-stepfunctions-tasksecsreduceruntaskpermissions) | When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. | V2NEXT | (fix) | +| [@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions](#aws-cdkaws-stepfunctions-tasksecsreduceruntaskpermissions) | When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. | 2.148.0 | (fix) | @@ -101,7 +100,6 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, "@aws-cdk/core:enablePartitionLiterals": true, "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, - "@aws-cdk/aws-iam:standardizedServicePrincipals": true, "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, @@ -748,22 +746,6 @@ always apply, regardless of the value of this flag. | 2.51.0 | `false` | `true` | -### @aws-cdk/aws-iam:standardizedServicePrincipals - -*Use standardized (global) service principals everywhere* (fix) - -We used to maintain a database of exceptions to Service Principal names in various regions. This database -is no longer necessary: all service principals names have been standardized to their global form (`SERVICE.amazonaws.com`). - -This flag disables use of that exceptions database and always uses the global service principal. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| 2.51.0 | `false` | `true` | - - ### @aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName *Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in.* (fix) @@ -1370,7 +1352,7 @@ for more details. | Since | Default | Recommended | | ----- | ----- | ----- | | (not in v1) | | | -| V2NEXT | `false` | `true` | +| 2.148.0 | `false` | `true` | diff --git a/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts b/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts index ff244b80f66fc..68ff197fdb09d 100644 --- a/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts +++ b/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts @@ -140,15 +140,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::FindInMap': [ - 'ServiceprincipalMap', - { - Ref: 'AWS::Region', - }, - 'codedeploy', - ], - }, + Service: 'codedeploy.amazonaws.com', }, }], Version: '2012-10-17', diff --git a/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts b/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts index c3a7c5110fa00..ed88b27c178e9 100644 --- a/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts +++ b/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts @@ -94,15 +94,7 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::FindInMap': [ - 'ServiceprincipalMap', - { - Ref: 'AWS::Region', - }, - 'codedeploy', - ], - }, + Service: 'codedeploy.amazonaws.com', }, }], Version: '2012-10-17', diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts index d609f417cd227..0e611adc996cc 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts @@ -2,7 +2,7 @@ import { Construct } from 'constructs'; import { CfnVPCEndpointService, CfnVPCEndpointServicePermissions } from './ec2.generated'; import { ArnPrincipal } from '../../aws-iam'; import { Aws, Fn, IResource, Resource, Stack, Token } from '../../core'; -import { Default, RegionInfo } from '../../region-info'; +import { RegionInfo } from '../../region-info'; /** * A load balancer that can host a VPC Endpoint Service @@ -46,6 +46,13 @@ export interface IVpcEndpointService extends IResource { */ export class VpcEndpointService extends Resource implements IVpcEndpointService { + /** + * The default value for a VPC Endpoint Service name prefix, useful if you do + * not have a synthesize-time region literal available (all you have is + * `{ "Ref": "AWS::Region" }`) + */ + public static readonly DEFAULT_PREFIX = 'com.amazonaws.vpce'; + /** * One or more network load balancers to host the service. * @attribute @@ -119,8 +126,8 @@ export class VpcEndpointService extends Resource implements IVpcEndpointService const { region } = Stack.of(this); const serviceNamePrefix = !Token.isUnresolved(region) ? - (RegionInfo.get(region).vpcEndpointServiceNamePrefix ?? Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX) : - Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX; + (RegionInfo.get(region).vpcEndpointServiceNamePrefix ?? VpcEndpointService.DEFAULT_PREFIX) : + VpcEndpointService.DEFAULT_PREFIX; this.vpcEndpointServiceName = Fn.join('.', [serviceNamePrefix, Aws.REGION, this.vpcEndpointServiceId]); if (this.allowedPrincipals.length > 0) { diff --git a/packages/aws-cdk-lib/aws-iam/lib/principals.ts b/packages/aws-cdk-lib/aws-iam/lib/principals.ts index 6833334fcbf3d..a45853aff1de9 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/principals.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/principals.ts @@ -6,8 +6,7 @@ import { defaultAddPrincipalToAssumeRole } from './private/assume-role-policy'; import { LITERAL_STRING_KEY, mergePrincipal } from './private/util'; import { ISamlProvider } from './saml-provider'; import * as cdk from '../../core'; -import * as cxapi from '../../cx-api'; -import { Default, FactName, RegionInfo } from '../../region-info'; +import { RegionInfo } from '../../region-info'; /** * Any object that has an associated principal that a permission can be granted to @@ -541,11 +540,13 @@ export class ServicePrincipal extends PrincipalBase { * These days all service principal names are standardized, and they are all * of the form `.amazonaws.com`. * - * If the feature flag `@aws-cdk/aws-iam:standardizedServicePrincipals` is set, this - * method will always return its input. If this feature flag is not set, this - * method will perform the legacy behavior, which appends the region-specific - * domain suffix for some select services (for example, it would append `.cn` - * to some service principal names). + * To avoid breaking changes, handling is provided for services added with the formats below, + * however, no additional handling will be added for new regions or partitions. + * - s3 + * - s3.amazonaws.com + * - s3.amazonaws.com.cn + * - s3.c2s.ic.gov + * - s3.sc2s.sgov.gov * * @example * const principalName = iam.ServicePrincipal.servicePrincipalName('ec2.amazonaws.com'); @@ -942,11 +943,7 @@ class ServicePrincipalToken implements cdk.IResolvable { } public resolve(ctx: cdk.IResolveContext) { - return cdk.FeatureFlags.of(ctx.scope).isEnabled(cxapi.IAM_STANDARDIZED_SERVICE_PRINCIPALS) - ? this.newStandardizedBehavior(ctx) - : this.legacyBehavior(ctx); - - // The correct behavior is to always use the global service principal + return this.newStandardizedBehavior(ctx); } /** @@ -954,32 +951,20 @@ class ServicePrincipalToken implements cdk.IResolvable { */ private newStandardizedBehavior(ctx: cdk.IResolveContext) { const stack = cdk.Stack.of(ctx.scope); + + // If the user had previously set the feature flag to `false` we would allow them to provide only the service name instead of the + // entire service principal. We can't break them so now everyone gets to do it! + const match = this.service.match(/^([^.]+)(?:(?:\.amazonaws\.com(?:\.cn)?)|(?:\.c2s\.ic\.gov)|(?:\.sc2s\.sgov\.gov))?$/); + const service = match ? `${match[1]}.amazonaws.com` : this.service; if ( this.opts.region && !cdk.Token.isUnresolved(this.opts.region) && stack.region !== this.opts.region && RegionInfo.get(this.opts.region).isOptInRegion ) { - return this.service.replace(/\.amazonaws\.com$/, `.${this.opts.region}.amazonaws.com`); - } - return this.service; - } - - /** - * Do a single lookup - */ - private legacyBehavior(ctx: cdk.IResolveContext) { - if (this.opts.region) { - // Special case, handle it separately to not break legacy behavior. - return RegionInfo.get(this.opts.region).servicePrincipal(this.service) ?? - Default.servicePrincipal(this.service, this.opts.region, cdk.Aws.URL_SUFFIX); + return service.replace(/\.amazonaws\.com$/, `.${this.opts.region}.amazonaws.com`); } - - const stack = cdk.Stack.of(ctx.scope); - return stack.regionalFact( - FactName.servicePrincipal(this.service), - Default.servicePrincipal(this.service, stack.region, cdk.Aws.URL_SUFFIX), - ); + return service; } public toString() { diff --git a/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts b/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts index 09af35f469636..2cf20950bab70 100644 --- a/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts @@ -1,4 +1,3 @@ -import { testDeprecated } from '@aws-cdk/cdk-build-tools'; import { Template } from '../../assertions'; import { Lazy, Stack, Token } from '../../core'; import { @@ -464,21 +463,7 @@ describe('IAM policy document', () => { expect(stack.resolve(s.toStatementJson())).toEqual({ Effect: 'Allow', Action: 'test:Action', - Principal: { Service: 'codedeploy.cn-north-1.amazonaws.com.cn' }, - }); - }); - - // Deprecated: 'region' parameter to ServicePrincipal shouldn't be used. - testDeprecated('regional service principals resolve appropriately (with user-set region)', () => { - const stack = new Stack(undefined, undefined, { env: { region: 'cn-northeast-1' } }); - const s = new PolicyStatement(); - s.addActions('test:Action'); - s.addServicePrincipal('codedeploy.amazonaws.com', { region: 'cn-north-1' }); - - expect(stack.resolve(s.toStatementJson())).toEqual({ - Effect: 'Allow', - Action: 'test:Action', - Principal: { Service: 'codedeploy.cn-north-1.amazonaws.com.cn' }, + Principal: { Service: 'codedeploy.amazonaws.com' }, }); }); diff --git a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts index 67cdb361ee257..43fb71da6005a 100644 --- a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts @@ -364,29 +364,13 @@ describe('deprecated ServicePrincipal behavior', () => { const afSouthStack = new Stack(undefined, undefined, { env: { region: 'af-south-1' } }); const principalName = iam.ServicePrincipal.servicePrincipalName('states.amazonaws.com'); - expect(usEastStack.resolve(principalName)).toEqual('states.us-east-1.amazonaws.com'); - expect(afSouthStack.resolve(principalName)).toEqual('states.af-south-1.amazonaws.com'); + expect(usEastStack.resolve(principalName)).toEqual('states.amazonaws.com'); + expect(afSouthStack.resolve(principalName)).toEqual('states.amazonaws.com'); }); test('Passing non-string as accountId parameter in AccountPrincipal constructor should throw error', () => { expect(() => new iam.AccountPrincipal(1234)).toThrowError('accountId should be of type string'); }); - - test('ServicePrincipal in agnostic stack generates lookup table', () => { - // GIVEN - const stack = new Stack(); - - // WHEN - new iam.Role(stack, 'Role', { - assumedBy: new iam.ServicePrincipal('states.amazonaws.com'), - }); - - // THEN - const template = Template.fromStack(stack); - const mappings = template.findMappings('ServiceprincipalMap'); - expect(mappings.ServiceprincipalMap['af-south-1']?.states).toEqual('states.af-south-1.amazonaws.com'); - expect(mappings.ServiceprincipalMap['us-east-1']?.states).toEqual('states.us-east-1.amazonaws.com'); - }); }); describe('standardized Service Principal behavior', () => { @@ -396,9 +380,7 @@ describe('standardized Service Principal behavior', () => { let app: App; beforeEach(() => { - app = new App({ - postCliContext: { [cxapi.IAM_STANDARDIZED_SERVICE_PRINCIPALS]: true }, - }); + app = new App(); }); test('no more regional service principals by default', () => { diff --git a/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts b/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts index 2062168fa3ee8..cd773f9d8d3da 100644 --- a/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts +++ b/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts @@ -32,14 +32,7 @@ test('stream can be subscription destination', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::Join': ['', [ - 'logs.', - { Ref: 'AWS::Region' }, - '.', - { Ref: 'AWS::URLSuffix' }, - ]], - }, + Service: 'logs.amazonaws.com', }, }], }, @@ -102,14 +95,7 @@ test('stream can be subscription destination twice, without duplicating permissi Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::Join': ['', [ - 'logs.', - { Ref: 'AWS::Region' }, - '.', - { Ref: 'AWS::URLSuffix' }, - ]], - }, + Service: 'logs.amazonaws.com', }, }], }, diff --git a/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts b/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts index d77ebdc94fa60..907a18e5d24f5 100644 --- a/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts +++ b/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts @@ -88,16 +88,7 @@ describe('state machine', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::Join': [ - '', - [ - 'states.', - stack.resolve(stack.region), - '.amazonaws.com', - ], - ], - }, + Service: 'states.amazonaws.com', }, }, ], diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 77e2f43760b24..be8cfb6c4d69c 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -38,7 +38,6 @@ Flags come in three types: | [@aws-cdk/core:enablePartitionLiterals](#aws-cdkcoreenablepartitionliterals) | Make ARNs concrete if AWS partition is known | 2.38.0 | (fix) | | [@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker](#aws-cdkaws-ecsdisableexplicitdeploymentcontrollerforcircuitbreaker) | Avoid setting the "ECS" deployment controller when adding a circuit breaker | 2.51.0 | (fix) | | [@aws-cdk/aws-events:eventsTargetQueueSameAccount](#aws-cdkaws-eventseventstargetqueuesameaccount) | Event Rules may only push to encrypted SQS queues in the same account | 2.51.0 | (fix) | -| [@aws-cdk/aws-iam:standardizedServicePrincipals](#aws-cdkaws-iamstandardizedserviceprincipals) | Use standardized (global) service principals everywhere | 2.51.0 | (fix) | | [@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName](#aws-cdkaws-iamimportedrolestacksafedefaultpolicyname) | Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in. | 2.60.0 | (fix) | | [@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy](#aws-cdkaws-s3serveraccesslogsusebucketpolicy) | Use S3 Bucket Policy instead of ACLs for Server Access Logging | 2.60.0 | (fix) | | [@aws-cdk/customresources:installLatestAwsSdkDefault](#aws-cdkcustomresourcesinstalllatestawssdkdefault) | Whether to install the latest SDK by default in AwsCustomResource | 2.60.0 | (default) | @@ -101,7 +100,6 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, "@aws-cdk/core:enablePartitionLiterals": true, "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, - "@aws-cdk/aws-iam:standardizedServicePrincipals": true, "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, @@ -748,22 +746,6 @@ always apply, regardless of the value of this flag. | 2.51.0 | `false` | `true` | -### @aws-cdk/aws-iam:standardizedServicePrincipals - -*Use standardized (global) service principals everywhere* (fix) - -We used to maintain a database of exceptions to Service Principal names in various regions. This database -is no longer necessary: all service principals names have been standardized to their global form (`SERVICE.amazonaws.com`). - -This flag disables use of that exceptions database and always uses the global service principal. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| 2.51.0 | `false` | `true` | - - ### @aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName *Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in.* (fix) diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index e7fef1bdf9e82..ba01e8b9a0e6f 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -72,7 +72,6 @@ export const SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY = '@aws-cdk/aws-sns-subscri export const APIGATEWAY_DISABLE_CLOUDWATCH_ROLE = '@aws-cdk/aws-apigateway:disableCloudWatchRole'; export const ENABLE_PARTITION_LITERALS = '@aws-cdk/core:enablePartitionLiterals'; export const EVENTS_TARGET_QUEUE_SAME_ACCOUNT = '@aws-cdk/aws-events:eventsTargetQueueSameAccount'; -export const IAM_STANDARDIZED_SERVICE_PRINCIPALS = '@aws-cdk/aws-iam:standardizedServicePrincipals'; export const ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER = '@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker'; export const S3_SERVER_ACCESS_LOGS_USE_BUCKET_POLICY = '@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy'; export const ROUTE53_PATTERNS_USE_CERTIFICATE = '@aws-cdk/aws-route53-patters:useCertificate'; @@ -564,20 +563,6 @@ export const FLAGS: Record = { recommendedValue: true, }, - ////////////////////////////////////////////////////////////////////// - [IAM_STANDARDIZED_SERVICE_PRINCIPALS]: { - type: FlagType.BugFix, - summary: 'Use standardized (global) service principals everywhere', - detailsMd: ` - We used to maintain a database of exceptions to Service Principal names in various regions. This database - is no longer necessary: all service principals names have been standardized to their global form (\`SERVICE.amazonaws.com\`). - - This flag disables use of that exceptions database and always uses the global service principal. - `, - introducedIn: { v2: '2.51.0' }, - recommendedValue: true, - }, - ////////////////////////////////////////////////////////////////////// [ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER]: { type: FlagType.BugFix, diff --git a/packages/aws-cdk-lib/region-info/README.md b/packages/aws-cdk-lib/region-info/README.md index fcbbeeeceda26..c173e62bf2761 100644 --- a/packages/aws-cdk-lib/region-info/README.md +++ b/packages/aws-cdk-lib/region-info/README.md @@ -1,6 +1,5 @@ # AWS Region-Specific Information Directory - ## Usage Some information used in CDK Applications differs from one AWS region to @@ -19,7 +18,6 @@ const region = regionInfo.RegionInfo.get('eu-west-1'); // Access attributes: region.s3StaticWebsiteEndpoint; // s3-website-eu-west-1.amazonaws.com -region.servicePrincipal('logs.amazonaws.com'); // logs.eu-west-1.amazonaws.com ``` The `RegionInfo` layer is built on top of the Low-Level API, which is described @@ -34,10 +32,10 @@ a list of known fact names, which can then be used with the `RegionInfo` to retrieve a particular value: ```ts -const codeDeployPrincipal = regionInfo.Fact.find('us-east-1', regionInfo.FactName.servicePrincipal('codedeploy.amazonaws.com')); -// => codedeploy.us-east-1.amazonaws.com - -const staticWebsite = regionInfo.Fact.find('ap-northeast-1', regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT); +const staticWebsite = regionInfo.Fact.find( + 'ap-northeast-1', + regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT +); // => s3-website-ap-northeast-1.amazonaws.com ``` @@ -50,7 +48,7 @@ to inject FactName into the database: ```ts class MyFact implements regionInfo.IFact { public readonly region = 'bermuda-triangle-1'; - public readonly name = regionInfo.FactName.servicePrincipal('s3.amazonaws.com'); + public readonly name = regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT; public readonly value = 's3-website.bermuda-triangle-1.nowhere.com'; } @@ -66,8 +64,8 @@ adding an extra boolean argument: ```ts class MyFact implements regionInfo.IFact { public readonly region = 'us-east-1'; - public readonly name = regionInfo.FactName.servicePrincipal('service.amazonaws.com'); - public readonly value = 'the-correct-principal.amazonaws.com'; + public readonly name = regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT; + public readonly value = 'the-correct-endpoint.amazonaws.com'; } regionInfo.Fact.register(new MyFact(), true /* Allow overriding information */); diff --git a/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts b/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts index 7e6e9c6eeceda..041108dd6390b 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts @@ -18,12 +18,10 @@ import { import { AWS_CDK_METADATA } from './metadata'; import { AWS_REGIONS, - AWS_SERVICES, before, RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN, RULE_CLASSIC_PARTITION_BECOMES_OPT_IN, } from '../lib/aws-entities'; -import { Default } from '../lib/default'; export async function main(): Promise { checkRegions(APPMESH_ECR_ACCOUNTS); @@ -98,10 +96,6 @@ export async function main(): Promise { const vpcEndpointServiceNamePrefix = `${domainSuffix.split('.').reverse().join('.')}.vpce`; registerFact(region, 'VPC_ENDPOINT_SERVICE_NAME_PREFIX', vpcEndpointServiceNamePrefix); - for (const service of AWS_SERVICES) { - registerFact(region, ['servicePrincipal', service], Default.servicePrincipal(service, region, domainSuffix)); - } - for (const version in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS) { for (const arch in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version]) { registerFact(region, ['cloudwatchLambdaInsightsVersion', version, arch], CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version][arch][region]); diff --git a/packages/aws-cdk-lib/region-info/lib/aws-entities.ts b/packages/aws-cdk-lib/region-info/lib/aws-entities.ts index d291d46bc1d41..f6e2d8125f24d 100644 --- a/packages/aws-cdk-lib/region-info/lib/aws-entities.ts +++ b/packages/aws-cdk-lib/region-info/lib/aws-entities.ts @@ -78,26 +78,6 @@ export const AWS_REGIONS = AWS_REGIONS_AND_RULES .filter((x) => typeof x === 'string') .sort() as readonly string[]; -/** - * Possibly non-exhaustive list of all service names, used to locate service principals. - * - * Not in the list ==> default service principal mappings. - */ -export const AWS_SERVICES: readonly string[] = [ - 'application-autoscaling', - 'autoscaling', - 'codedeploy', - 'ec2', - 'events', - 'lambda', - 'logs', - 's3', - 'ssm', - 'sns', - 'sqs', - 'states', -].sort(); - /** * Whether or not a region predates a given rule (or region). * diff --git a/packages/aws-cdk-lib/region-info/lib/default.ts b/packages/aws-cdk-lib/region-info/lib/default.ts index ded4f1d36551b..f763884bfccaf 100644 --- a/packages/aws-cdk-lib/region-info/lib/default.ts +++ b/packages/aws-cdk-lib/region-info/lib/default.ts @@ -1,5 +1,8 @@ /** * Provides default values for certain regional information points. + * This class is no longer needed because service principals are no longer needed except in very specific cases + * that are handled in the IAM ServicePrincipal class. + * @deprecated - Service principals are now globally `.amazonaws.com`, use iam.ServicePrincipal instead. */ export class Default { @@ -7,6 +10,8 @@ export class Default { * The default value for a VPC Endpoint Service name prefix, useful if you do * not have a synthesize-time region literal available (all you have is * `{ "Ref": "AWS::Region" }`) + * + * @deprecated - Use VpceEndpointService.DEFAULT_PREFIX instead */ public static readonly VPC_ENDPOINT_SERVICE_NAME_PREFIX = 'com.amazonaws.vpce'; @@ -19,6 +24,8 @@ export class Default { * @param serviceFqn the name of the service (s3, s3.amazonaws.com, ...) * @param region the region in which the service principal is needed. * @param urlSuffix deprecated and ignored. + * + * @deprecated - Service principals are now globally `.amazonaws.com`, use iam.ServicePrincipal instead. */ public static servicePrincipal(serviceFqn: string, region: string, urlSuffix: string): string { // NOTE: this whole method is deprecated, and should not be used or updated anymore. The global service @@ -26,8 +33,6 @@ export class Default { // (As a note, regional principals (`..amazonaws.com`) are required in // case of a cross-region reference to an opt-in region, but that's the only case, and that is not // controlled here). - // - // (It cannot be actually @deprecated since many of our tests use it :D) const serviceName = extractSimpleName(serviceFqn); if (!serviceName) { diff --git a/packages/aws-cdk-lib/region-info/lib/fact.ts b/packages/aws-cdk-lib/region-info/lib/fact.ts index 1657743343c87..2f98b31b7f149 100644 --- a/packages/aws-cdk-lib/region-info/lib/fact.ts +++ b/packages/aws-cdk-lib/region-info/lib/fact.ts @@ -226,9 +226,11 @@ export class FactName { * @param service the service name, either simple (e.g: `s3`, `codedeploy`) or qualified (e.g: `s3.amazonaws.com`). * The `.amazonaws.com` and `.amazonaws.com.cn` domains are stripped from service names, so they are * canonicalized in that respect. + * + * @deprecated - Use `iam.ServicePrincipal.servicePrincipalName()` instead. */ public static servicePrincipal(service: string): string { - return `service-principal:${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}`; + return `${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}.amazonaws.com`; } /** diff --git a/packages/aws-cdk-lib/region-info/lib/region-info.ts b/packages/aws-cdk-lib/region-info/lib/region-info.ts index 5f360f206bd0a..9b932c0c22f3b 100644 --- a/packages/aws-cdk-lib/region-info/lib/region-info.ts +++ b/packages/aws-cdk-lib/region-info/lib/region-info.ts @@ -124,9 +124,11 @@ export class RegionInfo { /** * The name of the service principal for a given service in this region. * @param service the service name (e.g: s3.amazonaws.com) + * + * @deprecated - Use `iam.ServicePrincipal.servicePrincipalName()` instead. */ public servicePrincipal(service: string): string | undefined { - return Fact.find(this.name, FactName.servicePrincipal(service)); + return `${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}.amazonaws.com`; } /** diff --git a/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap b/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap index 72c4a87d888e9..43c20a5f9364d 100644 --- a/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap +++ b/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap @@ -45,20 +45,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.af-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.af-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.af-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.af-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-east-1": { @@ -104,20 +90,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-northeast-1": { @@ -163,20 +135,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-ap-northeast-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-northeast-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-northeast-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-northeast-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-northeast-2": { @@ -222,20 +180,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-northeast-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-northeast-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-northeast-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-northeast-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-northeast-3": { @@ -281,20 +225,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-northeast-3.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-northeast-3.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-northeast-3.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-northeast-3.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-south-1": { @@ -340,20 +270,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-south-2": { @@ -399,20 +315,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-south-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-south-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-south-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-south-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-1": { @@ -458,20 +360,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-ap-southeast-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-2": { @@ -517,20 +405,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-ap-southeast-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-3": { @@ -576,20 +450,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-3.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-3.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-3.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-3.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-4": { @@ -635,20 +495,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-4.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-4.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-4.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-4.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-5": { @@ -694,20 +540,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-5.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-5.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-5.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-5.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-7": { @@ -753,20 +585,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-7.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-7.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-7.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-7.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ca-central-1": { @@ -812,20 +630,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ca-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ca-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ca-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ca-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ca-west-1": { @@ -871,20 +675,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ca-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ca-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ca-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ca-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "cn-north-1": { @@ -930,20 +720,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-cn", "s3StaticWebsiteEndpoint": "s3-website.cn-north-1.amazonaws.com.cn", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.cn-north-1.amazonaws.com.cn", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.cn-north-1.amazonaws.com.cn", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.cn-north-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce", }, "cn-northwest-1": { @@ -989,20 +765,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-cn", "s3StaticWebsiteEndpoint": "s3-website.cn-northwest-1.amazonaws.com.cn", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.cn-northwest-1.amazonaws.com.cn", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.cn-northwest-1.amazonaws.com.cn", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.cn-northwest-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce", }, "eu-central-1": { @@ -1048,20 +810,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-central-2": { @@ -1107,20 +855,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-central-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-central-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-central-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-central-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-isoe-west-1": { @@ -1166,20 +900,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso-e", "s3StaticWebsiteEndpoint": "s3-website.eu-isoe-west-1.cloud.adc-e.uk", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-isoe-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-isoe-west-1.cloud.adc-e.uk", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-isoe-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "uk.adc-e.cloud.vpce", }, "eu-north-1": { @@ -1225,20 +945,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-north-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-north-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-north-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-north-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-south-1": { @@ -1284,20 +990,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-south-2": { @@ -1343,20 +1035,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-south-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-south-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-south-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-south-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-west-1": { @@ -1402,20 +1080,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-eu-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-west-2": { @@ -1461,20 +1125,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-west-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-west-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-west-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-west-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-west-3": { @@ -1520,20 +1170,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-west-3.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-west-3.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-west-3.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-west-3.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "il-central-1": { @@ -1579,20 +1215,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.il-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.il-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.il-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.il-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "me-central-1": { @@ -1638,20 +1260,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.me-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.me-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.me-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.me-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "me-south-1": { @@ -1697,20 +1305,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.me-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.me-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.me-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.me-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "mx-central-1": { @@ -1756,20 +1350,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.mx-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.mx-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.mx-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.mx-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "sa-east-1": { @@ -1815,20 +1395,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-sa-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.sa-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.sa-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.sa-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-east-1": { @@ -1874,20 +1440,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-us-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-east-2": { @@ -1933,20 +1485,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.us-east-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-east-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-east-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-east-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-gov-east-1": { @@ -1992,20 +1530,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-us-gov", "s3StaticWebsiteEndpoint": "s3-website.us-gov-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-gov-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-gov-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-gov-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-gov-west-1": { @@ -2051,20 +1575,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-us-gov", "s3StaticWebsiteEndpoint": "s3-website-us-gov-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-gov-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-gov-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-gov-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-iso-east-1": { @@ -2110,20 +1620,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso", "s3StaticWebsiteEndpoint": "s3-website.us-iso-east-1.c2s.ic.gov", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-iso-east-1.c2s.ic.gov", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "gov.ic.c2s.vpce", }, "us-iso-west-1": { @@ -2169,20 +1665,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso", "s3StaticWebsiteEndpoint": "s3-website.us-iso-west-1.c2s.ic.gov", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-iso-west-1.c2s.ic.gov", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "gov.ic.c2s.vpce", }, "us-isob-east-1": { @@ -2228,20 +1710,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso-b", "s3StaticWebsiteEndpoint": "s3-website.us-isob-east-1.sc2s.sgov.gov", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-isob-east-1.sc2s.sgov.gov", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "gov.sgov.sc2s.vpce", }, "us-west-1": { @@ -2287,20 +1755,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-us-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-west-2": { @@ -2346,20 +1800,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-us-west-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-west-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-west-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-west-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, } diff --git a/packages/aws-cdk-lib/region-info/test/region-info.test.ts b/packages/aws-cdk-lib/region-info/test/region-info.test.ts index e32147ab020a4..8adc82b0d6b0b 100644 --- a/packages/aws-cdk-lib/region-info/test/region-info.test.ts +++ b/packages/aws-cdk-lib/region-info/test/region-info.test.ts @@ -1,20 +1,17 @@ import { APPCONFIG_LAMBDA_LAYER_ARNS, CLOUDWATCH_LAMBDA_INSIGHTS_ARNS } from '../build-tools/fact-tables'; import { FactName, RegionInfo } from '../lib'; -import { AWS_REGIONS, AWS_SERVICES } from '../lib/aws-entities'; +import { AWS_REGIONS } from '../lib/aws-entities'; test('built-in data is correct', () => { const snapshot: any = {}; for (const name of AWS_REGIONS) { const region = RegionInfo.get(name); - const servicePrincipals: { [service: string]: string | undefined } = {}; const lambdaInsightsVersions: { [service: string]: string | undefined } = {}; const lambdaInsightsArmVersions: { [service: string]: string | undefined } = {}; const appConfigLayerVersions: { [service: string]: string | undefined } = {}; const appConfigLayerArmVersions: { [service: string]: string | undefined } = {}; - AWS_SERVICES.forEach(service => servicePrincipals[service] = region.servicePrincipal(service)); - for (const version in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS) { lambdaInsightsVersions[version] = region.cloudwatchLambdaInsightsArn(version); @@ -36,7 +33,6 @@ test('built-in data is correct', () => { partition: region.partition, s3StaticWebsiteEndpoint: region.s3StaticWebsiteEndpoint, vpcEndPointServiceNamePrefix: region.vpcEndpointServiceNamePrefix, - servicePrincipals, lambdaInsightsVersions, lambdaInsightsArmVersions, appConfigLayerVersions, diff --git a/scripts/check-region-info-compatibility.ts b/scripts/check-region-info-compatibility.ts index 175c82b8e215a..f9886c09c615b 100644 --- a/scripts/check-region-info-compatibility.ts +++ b/scripts/check-region-info-compatibility.ts @@ -21,6 +21,14 @@ function main(oldPackage: string, newPackage: string) { const disappearedFacts = oldFacts .filter((oldFact) => !newFacts.some((newFact) => factEq(oldFact, newFact))) .map((fact) => ({ fact, key: `${fact[0]}:${fact[1]}` })) + // This mapping is generated dynamically at build time and the values in the mapping + // aren't accessed directly by users. + // This change updates the handling and generation of service principals but does not + // remove the ability of users to utilize them. The mapping is unnecessary. + // While we could have just added these to the file tracking allowed breaking changes, + // that seemed like it would clutter that file excessively rather than adding this check. + // We can remove this after the next release, if we feel so inclined. + .filter(({ key }) => !key.includes('service-principal')) .filter(({ key }) => !allowedBreaks.has(key)); if (disappearedFacts.length > 0) {