feat(appconfig): add deploy method to configuration constructs #28174

Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

When using `WINDOWS_SERVER_2019_CONTAINER`, only MEDIUM and LARGE computeType is supported. https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html However, currently only ComputeType `SMALL` is validated. This PR modified to generate an error when ComputeType is specified as X2_LARGE in WindowsBuildImage. ```ts new codebuild.Project(this, 'CodeBuildCdk', { source: codebuild.Source.codeCommit({ repository: codecommit.Repository.fromRepositoryName(this, "Repo", "sample") }), environment: { computeType: codebuild.ComputeType.X2_LARGE, // generate error in synth stage buildImage: codebuild.WindowsBuildImage.WINDOWS_BASE_2_0 } }); ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR moves the dynamodb replica handler from `aws-cdk-lib` to our new centralized location for custom resource handlers in the `@aws-cdk` package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ion integ test (aws#28181) This PR adds directions that can be used when running the cross account zone delegation integ test. The directions are the exact same as what is provided for running the [cross account assume role integ test](https://github.com/aws/aws-cdk/blob/20bfa721525d290f453b17ad4bc91b7fb8922635/packages/%40aws-cdk-testing/framework-integ/test/custom-resources/test/aws-custom-resource/integ.cross-account-assumeRole.ts#L7-L29). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes aws#27459 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

It is more or less frustrating that we have to check if a variable is undefined or not before calling the `CfnResource.isCfnResource` method. For example, ```ts const bucket1 = new Bucket(stack, 'Bucket1'); const bucket1Resource = bucket1.node.defaultChild; if (bucket1Resource !== undefined && // Currently we need this! cdk.CfnResource.isCfnResource(bucket1Resource) ) { bucket1Resource.addDependency(...); } ``` With this PR, `isCfnResource` now accepts `any` type as input and performs the necessary validations inside. ```ts const bucket1 = new Bucket(stack, 'Bucket1'); const bucket1Resource = bucket1.node.defaultChild; if (cdk.CfnResource.isCfnResource(bucket1Resource)) { // much smoother bucket1Resource.addDependency(...); } ``` Actually, other `isXxx` methods have consistent signatures like the one below: ```ts public static isStack(x: any): x is Stack public static isReference(x: any): x is Reference public static isCfnElement(x: any): x is CfnElement // and more... ``` This change also makes the `isCfnResource` consistent with these signatures. Note that this is not a breaking change, because the input constraint is relaxed, not tightened, so all the old code will work without change. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Tiny PR to remove duplicate `create`.

This PR moves the cross account zone handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

) Improve docstrings to explain that parameter objectsKeyPattern of type any should take in string inputs. Unable to directly change the parameter type because of backwards compatibility concerns (mentioned in aws#27486 we are improving documentation as an alternative solution. Closes aws#27481. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

An eventBridgePutEvents target was implemented similar to the already existing LambdaInvoke/StepFunctionStartExecution target. I needed to change some properties and methods from Target.ts from private to protected so that the logic could be reused (hope that is ok). Some design choices to outline (let me know if you disagree or have improvements I could take :) ): 1. PutEvents would accept multiple Entries (eg. an array), but I decided to support just one single event, because how Target is currently designed (to support only one target arn). It also aligns with the templated integration in the aws management console. 2. It throws an error in the constructor if the base prop `input` is used. All the props should be delivered by the new `EventBridgePutEventsEntry`. It felt not right for the developer experience to split the object (detail to `input` and `source`, `detailType` to `EventBridgePutEventsEntry` ). Closes aws#27454. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

We are excited to graduate the `@aws-cdk/aws-apigatewayv2-alpha`, `@aws-cdk/aws-apigatewayv2-authorizers-alpha`, and `@aws-cdk/aws-apigatewayv2-integrations-alpha` modules to STABLE. They now live on as: - `aws-cdk-lib/aws-apigatewayv2` - `aws-cdk-lib/aws-apigatewayv2-authorizers` - `aws-cdk-lib/aws-apigatewayv2-integrations` **Deprecated properties removed**: - `httpApiId` has been removed in `aws-apigatewayv2`. Use `apiId` instead. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ws#28185) The hotswappable resource detectors failed to correctly identify `AWS::IAM::Policy` resources as not-hotswappable. When `--hotswap-fallback` was used and the only change to the stack was with `AWS::IAM::Policy`, this caused the deploy command to first report IAM changes, and then report `no changes` on the stack. <img width="1076" alt="image" src="https://github.com/aws/aws-cdk/assets/379814/d77320bc-fc8d-4b70-b710-2c28467d07e5"> ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…e_modules/@aws-cdk/integ-runner/lib/workers/db.json.gz'" (aws#28199) After aws#27813 the `deploy` action was broken with the above error. This is effectively the same as aws#27983 . To ensure these kind of issues are not slipping through again, the PR is adding a basic testing harness for `cli-lib` to `@aws-cdk-testing/cli-integtests`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ws#27850) This PR adds InspectorStartAssessmentRun Target for EventBridge Scheduler. In [the issue](aws#27453), the `inspector.CfnAssessmentTarget` is used in the `InspectorStartAssessmentRun`. But it should be a `CfnAssessmentTemplate` so I fixed. ```ts export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget { constructor( private readonly target: inspector.CfnAssessmentTarget, // <- here private readonly props: ScheduleTargetBaseProps, ) { ``` Closes aws#27453. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes aws#28190. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action

…v2 packages

…eMode property (aws#27560) This patch adds support for the `tiered` `storage mode` and Kafka versions `2.8.2.tiered` & `3.5.1` in the `aws-msk-alpha` package. --- ### Changes - added Kafka versions `2.8.2.tiered` & `3.5.1`. - added `storageMode` L1 construct property to the L2 msk - added unit and integ tests for `Kafka versions and 'storageMode` - updated test versions to latest supported Kafka version as desired Ref: - [aws: MSK supported Kafka versions](https://docs.aws.amazon.com/msk/latest/developerguide/supported-kafka-versions.html) --- Closes aws#27551 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws#28221) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

AWS Service Spec packages to latest versions.

… after re:Invent launch (aws#28227) Removes temporary patch schema `aws-logs-loggroup.json`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

pet peeves ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Saw some formatting issues that I'm fixing here. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…7845) This PR adds KinesisStreamPutRecord Target for EventBridge Scheduler. Closes aws#27451. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ty source in authorizer (aws#28214) Addressed the following points about Authorizer's `identitySource` property. - Reference link is broken. - now: https://docs.aws.amazon.com/apigateway/api-reference/link-relation/authorizer-create/#identitySource - new: https://docs.aws.amazon.com/apigateway/latest/api/API_CreateAuthorizer.html#apigw-CreateAuthorizer-request-identitySource - One explanation was confusing, so I enclosed it in quotes. - now: ```this should be `method.request.header.Authorizer` where Authorizer is the header containing the bearer token.``` - new: ```this should be `method.request.header.Authorizer` where `Authorizer` is the header containing the bearer token.``` - Not using the static method written in the doc to set default values when a prop is not specified. - now: `'method.request.header.Authorization'` - new: `IdentitySource.header('Authorization')` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…8250) The API Gateway V2 modules which were graduated to stable with [2.112.0](https://github.com/aws/aws-cdk/releases/tag/v2.112.0) were not added to the main package exports. In particular: - aws-apigatewayv2-authorizers - aws-apigatewayv2-integrations Closes aws#28239. Now, I am not completely familiar with JSII and the CDK, so this may be only one part of the required solution to include these missing packages. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… config (aws#28191) When importing a config from a file, you can now pass a relative path (`config.json`) instead of the absolute path (`/Users/..../config.json`). Closes aws#26937. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws#28129) Fixes `attachToUser`, `attachToRole`, and `attachToGroup` for `Policy` and `ManagedPolicy` to use ARNs as a discriminant for resource equality to prevent duplicates on imported resources. Closes aws#28101. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Supporting composite alarm role creation on the AppConfig environment. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…8118) This adds a `grantConnect` method to the `DatabaseCluster` which gives an IAM entity access to connect to the cluster using the specified database user. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Moved the url property from RestApi class to the RestApiBase to have the url property on all derived class. This will fix the problem mentioned in the issue where SpecRestApi does not work with the RestApiOrigin construct. PS. I could not perform the integration tests as the free tier on my personal account expired. Closes aws#27501. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… policy (aws#28082) When we use CallAwsService for Step Functions task, CDK generates IAM policy to grant permission regarding the API call. However, if we specify `mwaa` as service in CallAwsService, CDK generates wrong policy statement such as `mwaa:listEnvironments`. Correct service prefix for MWAA is `airflow`. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedworkflowsforapacheairflow.html > Amazon Managed Workflows for Apache Airflow (service prefix: airflow) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies. This PR solves the issue by adding `mwaa` into iamServiceMap. This is similar with aws#27623. Closes aws#28081 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ws#27842) This PR adds KinesisDataFirehosePutRecord as a target for an EventBridge scheduler. Closes aws#27450. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

@Attribute

…lias (aws#28197) **Motivation:** The current implementation of `keyArn` within the AWS CDK AWS KMS module returns the Key ARN for a key and an alias, which causes confusion for users expecting the Alias ARN. This PR aims to alleviate this confusion by providing clearer access to the Alias ARN. **Changes:** Introducing a new attribute `aliasArn` that mirrors the value from `keyArn` specifically for aliases to explicitly retrieve the Alias ARN. ```typescript /** * The ARN of the alias. * * @Attribute * @deprecated use `aliasArn` instead */ public get keyArn(): string { return Stack.of(this).formatArn({ service: 'kms', // aliasName already contains the '/' resource: this.aliasName, }); } /** * The ARN of the alias. * * @Attribute */ public get aliasArn(): string { return this.keyArn; } ``` **Query:** Should we deprecate the existing `keyArn` and mirror it in `aliasArn` or change the logic within `keyArn` to `aliasArn` and use the `keyArn` as the mirror? > Your feedback on the preferred approach would be greatly appreciated! Closes aws#28105. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

AWS Service Spec packages to latest versions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(appconfig): add deploy method to configuration constructs #28174

feat(appconfig): add deploy method to configuration constructs #28174

Commits on Nov 28, 2023

Commits on Nov 30, 2023

Commits on Dec 1, 2023

Commits on Dec 5, 2023