Merge branch 'master' into swar8080/validate-iam-principial-is-not-group

.github/workflows/auto-approve-v2-merge-forward.yml

@@ -1,7 +1,7 @@
 # Automatically approve PRs that merge master forward to v2-main
 #
 # Only does approvals! mergify takes care of the actual merge.
-name: Auto-approve forward merges onto v2-main
+name: Auto-approve automated PRs around CDK v2
 on:
   pull_request:
     types:
@@ -21,6 +21,6 @@ jobs:
       if: >
         github.event.pull_request.user.login == 'aws-cdk-automation'
         && github.event.pull_request.base.ref == 'v2-main'
-        && contains(github.event.pull_request.labels.*.name, 'pr/forward-merge')
+        && contains(github.event.pull_request.labels.*.name, 'pr/auto-approve')
       with:
         github-token: "${{ secrets.GITHUB_TOKEN }}"

.yarnrc

@@ -1 +1,2 @@
 --install.check-files     true      # install will verify file tree of packages for consistency
+ignore-engines            true      # the 'engines' key for 'aws-cdk-lib' has specifies node14 as min while v1 will remain at node10

CHANGELOG.md

@@ -2,6 +2,57 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.85.0](https://github.com/aws/aws-cdk/compare/v1.84.0...v1.85.0) (2021-01-14)
+
+* **s3-deployment**: This version includes an important update, please upgrade to prevent deployment failure. This is in prepartion of Lambda deprecation of the request module in boto, more details are available in [AWS blog](https://aws.amazon.com/blogs/compute/upcoming-changes-to-the-python-sdk-in-aws-lambda/). Note, users of versions < `1.81.0` will not be impacted by this deprecation, but are still encouraged to upgrade to the latest version.
+
+### Features
+
+* **apigatewayv2:** http api - disable execute api endpoint ([#12426](https://github.com/aws/aws-cdk/issues/12426)) ([1724da7](https://github.com/aws/aws-cdk/commit/1724da758666ec92f7b923c899d2f2f439083ba2)), closes [#12241](https://github.com/aws/aws-cdk/issues/12241)
+* **appmesh:** add listener TLS certificates for VirtualNodes and VirtualGateways ([#11863](https://github.com/aws/aws-cdk/issues/11863)) ([175a257](https://github.com/aws/aws-cdk/commit/175a2570465d484aa0a73a7bded34e686da493ed)), closes [#10051](https://github.com/aws/aws-cdk/issues/10051)
+* **cfnspec:** CloudFormation resource specification update to v23.0.0 ([#12490](https://github.com/aws/aws-cdk/issues/12490)) ([a7a2236](https://github.com/aws/aws-cdk/commit/a7a2236367f8f01b00b6d90f1d3fe7bf674b1aee))
+
+
+### Bug Fixes
+
+* **appsync:** rds data source configured with cluster arn ([#12255](https://github.com/aws/aws-cdk/issues/12255)) ([d0305f3](https://github.com/aws/aws-cdk/commit/d0305f33da41ce1f07a5d571eb21c0ee9ea852d0)), closes [#11536](https://github.com/aws/aws-cdk/issues/11536)
+* **aws-ecs:** Support configuring Windows capacity for cluster ASGs ([#12365](https://github.com/aws/aws-cdk/issues/12365)) ([6d9a0f1](https://github.com/aws/aws-cdk/commit/6d9a0f1ea0c05e7902ccca4d0fc4040e688846e5))
+* **eks:** aws-node-termination-handler incorrectly deployed to on-demand instances as well ([#12369](https://github.com/aws/aws-cdk/issues/12369)) ([05c0b5f](https://github.com/aws/aws-cdk/commit/05c0b5f5a31c3fe89c47c6db8d9051f7165641a9)), closes [#12368](https://github.com/aws/aws-cdk/issues/12368)
+* **s3:** Bucket.grantWrite() no longer adds s3:PutObject* permission ([#12391](https://github.com/aws/aws-cdk/issues/12391)) ([cd437cf](https://github.com/aws/aws-cdk/commit/cd437cf630266086a3ddf9e326f215b5d1acdfd7))
+* **s3-deployment:** stop using deprecated API's that will cause breakage post 01/31/21 ([#12491](https://github.com/aws/aws-cdk/issues/12491)) ([f50f928](https://github.com/aws/aws-cdk/commit/f50f92880bbc219c331c858eaace712e0757507d))
+* **sns:** require topic name for fifo topic [#12386](https://github.com/aws/aws-cdk/issues/12386) ([#12437](https://github.com/aws/aws-cdk/issues/12437)) ([37d8ccc](https://github.com/aws/aws-cdk/commit/37d8ccc763f532999bc9f114264f3d29725b0f28))
+
+## [1.84.0](https://github.com/aws/aws-cdk/compare/v1.83.0...v1.84.0) (2021-01-12)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **apigatewayv2:** `subnets` prop in `VpcLink` resource now takes `SubnetSelection` instead of `ISubnet[]`
+
+### Features
+
+* **aws-lambda-nodejs:** add esbuild `define` bundling option ([#12424](https://github.com/aws/aws-cdk/issues/12424)) ([581f6af](https://github.com/aws/aws-cdk/commit/581f6af3d1f71737ca93b6ecb9b004bdade149a8)), closes [#12423](https://github.com/aws/aws-cdk/issues/12423)
+* **cdk-assets:** add external asset support ([#12259](https://github.com/aws/aws-cdk/issues/12259)) ([05a9980](https://github.com/aws/aws-cdk/commit/05a998065b3333854715c456b20b7cc5d5daac67))
+* **cli:** `--quiet` does not print template in `cdk synth` ([#12178](https://github.com/aws/aws-cdk/issues/12178)) ([74458a0](https://github.com/aws/aws-cdk/commit/74458a0e9eebce4ee254673aad8933d39588d843)), closes [#11970](https://github.com/aws/aws-cdk/issues/11970)
+* **codebuild:** support Standard 5.0 ([#12434](https://github.com/aws/aws-cdk/issues/12434)) ([422dc8e](https://github.com/aws/aws-cdk/commit/422dc8e9d50105af4e710d409a4f301079d43f3f)), closes [#12433](https://github.com/aws/aws-cdk/issues/12433)
+* **core:** validate maximum amount of resources in a stack ([#12193](https://github.com/aws/aws-cdk/issues/12193)) ([26121c8](https://github.com/aws/aws-cdk/commit/26121c81abf0fb92de97567c758a1ecf60f85f63)), closes [#276](https://github.com/aws/aws-cdk/issues/276)
+* **eks:** spot interruption handler can be disabled for self managed nodes ([#12453](https://github.com/aws/aws-cdk/issues/12453)) ([6ac1f4f](https://github.com/aws/aws-cdk/commit/6ac1f4fdef5853785d8e57652ec4c4e1d770844d)), closes [#12451](https://github.com/aws/aws-cdk/issues/12451)
+* **synthetics:** Update Cloudwatch Synthetics canaries NodeJS runtimes ([#11866](https://github.com/aws/aws-cdk/issues/11866)) ([4f6e377](https://github.com/aws/aws-cdk/commit/4f6e377ae3f35c3fa010e1597c3d71ef6e6e9a04)), closes [#11870](https://github.com/aws/aws-cdk/issues/11870)
+
+
+### Bug Fixes
+
+* **apigatewayv2:** vpclink - explicit subnet specification still causes private subnets to be included ([#12401](https://github.com/aws/aws-cdk/issues/12401)) ([336a58f](https://github.com/aws/aws-cdk/commit/336a58f06a3b3a9f5db2a79350f8721244767e3b)), closes [#12083](https://github.com/aws/aws-cdk/issues/12083)
+* **cli:** CLI doesn't read context from ~/.cdk.json ([#12394](https://github.com/aws/aws-cdk/issues/12394)) ([2389a9b](https://github.com/aws/aws-cdk/commit/2389a9b5742583f1d58c66a4f513ee4d833baab5)), closes [#10823](https://github.com/aws/aws-cdk/issues/10823) [#4802](https://github.com/aws/aws-cdk/issues/4802)
+* **core:** DefaultStackSynthesizer bucket prefix missing for template assets ([#11855](https://github.com/aws/aws-cdk/issues/11855)) ([50a3d3a](https://github.com/aws/aws-cdk/commit/50a3d3acf3e413d9b4e51197d2be4ea1349c0955)), closes [#10710](https://github.com/aws/aws-cdk/issues/10710) [#11327](https://github.com/aws/aws-cdk/issues/11327)
+* **dynamodb:** missing grantRead for ConditionCheckItem ([#12313](https://github.com/aws/aws-cdk/issues/12313)) ([e157007](https://github.com/aws/aws-cdk/commit/e1570072440b07b6b82219c1a4371386c541fb1c))
+* **ec2:** interface endpoint AZ lookup does not guard against broken situations ([#12033](https://github.com/aws/aws-cdk/issues/12033)) ([80f0bfd](https://github.com/aws/aws-cdk/commit/80f0bfd167430a015e71b00506e0ecc280068e86))
+* **eks:** nodegroup synthesis fails when configured with an AMI type that is not compatible to the default instance type ([#12441](https://github.com/aws/aws-cdk/issues/12441)) ([5f6f0f9](https://github.com/aws/aws-cdk/commit/5f6f0f9d46dbd460ac03dd5f9f4874eaa41611d8)), closes [#12389](https://github.com/aws/aws-cdk/issues/12389)
+* **elasticsearch:** domain fails due to log publishing keys on unsupported cluster versions ([#11622](https://github.com/aws/aws-cdk/issues/11622)) ([e6bb96f](https://github.com/aws/aws-cdk/commit/e6bb96ff6bae96e3167c82f6de97807217ddb3be))
+* **elbv2:** can't import two application listeners into the same scope ([#12373](https://github.com/aws/aws-cdk/issues/12373)) ([6534dcf](https://github.com/aws/aws-cdk/commit/6534dcf3e04a55f5c6d28203192cbbddb5d119e6)), closes [#12132](https://github.com/aws/aws-cdk/issues/12132)
+* **logs:** custom resource Lambda uses old NodeJS version ([#12228](https://github.com/aws/aws-cdk/issues/12228)) ([29c4943](https://github.com/aws/aws-cdk/commit/29c4943466f4a911f65a2a13cf9e776ade9b8dfe))
+* **stepfunctions-tasks:** EvaluateExpression does not support JSON paths with dash ([#12248](https://github.com/aws/aws-cdk/issues/12248)) ([da1ed08](https://github.com/aws/aws-cdk/commit/da1ed08a6a2de584f5ddf43dab4efbb530541419)), closes [#12221](https://github.com/aws/aws-cdk/issues/12221)
+
 ## [1.83.0](https://github.com/aws/aws-cdk/compare/v1.82.0...v1.83.0) (2021-01-06)
 
 

packages/@aws-cdk-containers/ecs-service-extensions/lib/environment.ts

@@ -3,6 +3,10 @@ import * as ecs from '@aws-cdk/aws-ecs';
 import * as cdk from '@aws-cdk/core';
 import { EnvironmentCapacityType } from './extensions/extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 /**
  * Settings for the environment you want to deploy.
  * services within.
@@ -64,11 +68,11 @@ export interface IEnvironment {
  * or it can create it's own VPC and cluster. By default it will create
  * a cluster with Fargate capacity.
  */
-export class Environment extends cdk.Construct implements IEnvironment {
+export class Environment extends Construct implements IEnvironment {
   /**
    * Import an existing environment from its attributes.
    */
-  public static fromEnvironmentAttributes(scope: cdk.Construct, id: string, attrs: EnvironmentAttributes): IEnvironment {
+  public static fromEnvironmentAttributes(scope: Construct, id: string, attrs: EnvironmentAttributes): IEnvironment {
     return new ImportedEnvironment(scope, id, attrs);
   }
 
@@ -94,7 +98,7 @@ export class Environment extends cdk.Construct implements IEnvironment {
 
   private readonly scope: cdk.Construct;
 
-  constructor(scope: cdk.Construct, id: string, props?: EnvironmentProps) {
+  constructor(scope: Construct, id: string, props?: EnvironmentProps) {
     super(scope, id);
 
     this.scope = scope;
@@ -139,13 +143,13 @@ export interface EnvironmentAttributes {
   cluster: ecs.ICluster;
 }
 
-export class ImportedEnvironment extends cdk.Construct implements IEnvironment {
+export class ImportedEnvironment extends Construct implements IEnvironment {
   public readonly capacityType: EnvironmentCapacityType;
   public readonly cluster: ecs.ICluster;
   public readonly id: string;
   public readonly vpc: ec2.IVpc;
 
-  constructor(scope: cdk.Construct, id: string, props: EnvironmentAttributes) {
+  constructor(scope: Construct, id: string, props: EnvironmentAttributes) {
     super(scope, id);
 
     this.id = id;

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/appmesh.ts

@@ -9,6 +9,10 @@ import { Service } from '../service';
 import { Container } from './container';
 import { ServiceExtension, ServiceBuild } from './extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 // The version of the App Mesh envoy sidecar to add to the task.
 const APP_MESH_ENVOY_SIDECAR_VERSION = 'v1.15.1.0-prod';
 
@@ -63,7 +67,7 @@ export class AppMeshExtension extends ServiceExtension {
     }
   }
 
-  public prehook(service: Service, scope: cdk.Construct) {
+  public prehook(service: Service, scope: Construct) {
     this.parentService = service;
     this.scope = scope;
 

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/assign-public-ip/assign-public-ip.ts

@@ -1,12 +1,15 @@
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as ecs from '@aws-cdk/aws-ecs';
 import * as route53 from '@aws-cdk/aws-route53';
-import * as cdk from '@aws-cdk/core';
 import { Service } from '../../service';
 import { Container } from '../container';
 import { ServiceExtension, ServiceBuild, EnvironmentCapacityType } from '../extension-interfaces';
 import { TaskRecordManager } from './task-record-manager';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 export interface AssignPublicIpExtensionOptions {
   /**
    * Enable publishing task public IPs to a recordset in a Route 53 hosted zone.
@@ -52,7 +55,7 @@ export class AssignPublicIpExtension extends ServiceExtension {
     return Boolean(this.dns);
   }
 
-  public prehook(service: Service, _scope: cdk.Construct) {
+  public prehook(service: Service, _scope: Construct) {
     super.prehook(service, _scope);
 
     if (service.capacityType != EnvironmentCapacityType.FARGATE) {

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/assign-public-ip/task-record-manager.ts

@@ -11,6 +11,10 @@ import * as sqs from '@aws-cdk/aws-sqs';
 import * as cdk from '@aws-cdk/core';
 import * as customresources from '@aws-cdk/custom-resources';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 export interface TaskRecordManagerProps {
   service: ecs.Ec2Service | ecs.FargateService;
   dnsZone: route53.IHostedZone;
@@ -21,8 +25,8 @@ export interface TaskRecordManagerProps {
  * An event-driven serverless app to maintain a list of public ips in a Route 53
  * hosted zone.
  */
-export class TaskRecordManager extends cdk.Construct {
-  constructor(scope: cdk.Construct, id: string, props: TaskRecordManagerProps) {
+export class TaskRecordManager extends Construct {
+  constructor(scope: Construct, id: string, props: TaskRecordManagerProps) {
     super(scope, id);
 
     // Poison pills go here.

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/cloudwatch-agent.ts

@@ -1,9 +1,12 @@
 import * as ecs from '@aws-cdk/aws-ecs';
 import * as iam from '@aws-cdk/aws-iam';
-import * as cdk from '@aws-cdk/core';
 import { Service } from '../service';
 import { ServiceExtension } from './extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 const CLOUDWATCH_AGENT_IMAGE = 'amazon/cloudwatch-agent:latest';
 
 /**
@@ -28,7 +31,7 @@ export class CloudwatchAgentExtension extends ServiceExtension {
     super('cloudwatchAgent');
   }
 
-  public prehook(service: Service, scope: cdk.Construct) {
+  public prehook(service: Service, scope: Construct) {
     this.parentService = service;
     this.scope = scope;
   }
@@ -70,4 +73,4 @@ export class CloudwatchAgentExtension extends ServiceExtension {
       });
     }
   }
-}
+}

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/container.ts

@@ -1,8 +1,11 @@
 import * as ecs from '@aws-cdk/aws-ecs';
-import * as cdk from '@aws-cdk/core';
 import { Service } from '../service';
 import { ServiceExtension } from './extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 /**
  * Setting for the main application container of a service
  */
@@ -59,7 +62,7 @@ export class Container extends ServiceExtension {
   }
 
   // @ts-ignore - Ignore unused params that are required for abstract class extend
-  public prehook(service: Service, scope: cdk.Construct) {
+  public prehook(service: Service, scope: Construct) {
     this.parentService = service;
   }
 
@@ -142,4 +145,4 @@ export class Container extends ServiceExtension {
       });
     }
   }
-}
+}

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/extension-interfaces.ts

@@ -2,6 +2,10 @@ import * as ecs from '@aws-cdk/aws-ecs';
 import * as cdk from '@aws-cdk/core';
 import { Service } from '../service';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 /**
  * A list of the capacity types that are supported. These
  * capacity types may change the behavior of an extension.
@@ -154,7 +158,7 @@ export abstract class ServiceExtension {
    * @param parent - The parent service which this extension has been added to
    * @param scope - The scope that this extension should create resources in
    */
-  public prehook(parent: Service, scope: cdk.Construct) {
+  public prehook(parent: Service, scope: Construct) {
     this.parentService = parent;
     this.scope = scope;
   }

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/firelens.ts

@@ -5,6 +5,10 @@ import { Service } from '../service';
 import { Container } from './container';
 import { ContainerMutatingHook, ServiceExtension } from './extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 /**
  * Settings for the hook which mutates the application container
  * to route logs through FireLens
@@ -63,7 +67,7 @@ export class FireLensExtension extends ServiceExtension {
     super('firelens');
   }
 
-  public prehook(service: Service, scope: cdk.Construct) {
+  public prehook(service: Service, scope: Construct) {
     this.parentService = service;
 
     // Create a log group for the service, into which FireLens

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/http-load-balancer.ts

@@ -4,6 +4,10 @@ import * as cdk from '@aws-cdk/core';
 import { Service } from '../service';
 import { ServiceExtension, ServiceBuild } from './extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 /**
  * This extension add a public facing load balancer for sending traffic
  * to one or more replicas of the application container
@@ -17,7 +21,7 @@ export class HttpLoadBalancerExtension extends ServiceExtension {
   }
 
   // Before the service is created go ahead and create the load balancer itself.
-  public prehook(service: Service, scope: cdk.Construct) {
+  public prehook(service: Service, scope: Construct) {
     this.parentService = service;
 
     this.loadBalancer = new alb.ApplicationLoadBalancer(scope, `${this.parentService.id}-load-balancer`, {

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/xray.ts

@@ -4,6 +4,10 @@ import * as cdk from '@aws-cdk/core';
 import { Service } from '../service';
 import { ServiceExtension } from './extension-interfaces';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 const XRAY_DAEMON_IMAGE = 'amazon/aws-xray-daemon:latest';
 
 /**
@@ -17,7 +21,7 @@ export class XRayExtension extends ServiceExtension {
   }
 
   // @ts-ignore - Ignore unused params that are required for abstract class extend
-  public prehook(service: Service, scope: cdk.Construct) {
+  public prehook(service: Service, scope: Construct) {
     this.parentService = service;
   }
 

packages/@aws-cdk-containers/ecs-service-extensions/lib/service.ts

@@ -5,6 +5,10 @@ import { IEnvironment } from './environment';
 import { EnvironmentCapacityType, ServiceBuild } from './extensions/extension-interfaces';
 import { ServiceDescription } from './service-description';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
 /**
  * The settings for an ECS Service
  */
@@ -24,7 +28,7 @@ export interface ServiceProps {
  * A service builder class. This construct support various extensions
  * which can construct an ECS service progressively.
  */
-export class Service extends cdk.Construct {
+export class Service extends Construct {
   /**
    * The underlying ECS service that was created
    */
@@ -74,7 +78,7 @@ export class Service extends cdk.Construct {
 
   private readonly scope: cdk.Construct;
 
-  constructor(scope: cdk.Construct, id: string, props: ServiceProps) {
+  constructor(scope: Construct, id: string, props: ServiceProps) {
     super(scope, id);
 
     this.scope = scope;