Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(release): 2.128.0 #29107

Merged
merged 15 commits into from
Feb 14, 2024
Merged

chore(release): 2.128.0 #29107

merged 15 commits into from
Feb 14, 2024

Conversation

aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Feb 14, 2024

See CHANGELOG

mergify bot and others added 14 commits February 10, 2024 03:07
…itution (#29029)

### Issue # (if applicable)

Closes #28450 

### Reason for this change

Currently, the filename is automatically generated based on its fingerprint. There's no way to override the resulting filename.

### Description of changes

Added an optional `destinationKey` parameter. If this is provided, the construct would use the `destinationKey` when uploading the resulting processed file to S3. If the `destinationKey` is not provided, the current approach would be the default.

### Description of how you validated changes

Added a unit test to confirm that the correct filename is being used.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#27891)

While working on [#27803](#27803), I noticed the integration tests for `aws-stepfunctions-tasks/ecs` were not fully working (they deployed but the state machines did not run successfully). This PR addresses two issues:

1. Missing permissions for `ecs:RunTask` on the task definition version.
<img width="1587" alt="sfn-role" src="https://github.com/aws/aws-cdk/assets/3310356/13a0d402-8cbb-4852-9708-290f3a3b6711">

2. The sample container was from a Lambda image. This resulted in the following error: `entrypoint requires the handler name to be the first argument`. I changed the image to `docker/library/python:3.12`.

These changes result in the successful execution of all four state machines in `aws-stepfunctions-tasks/ecs`.


----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #<issue number here>.

### Reason for this change


Updated according to [this document](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy).

### Description of changes



### Description of how you validated changes



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…oups (#26957)

The alarms on a CodeDeploy group are configurable to be enabled or disabled through the SDK or UI. Bringing in that functionality to the CDK to have parity. The parameter name mirrors the "Ignore alarm configuration" checkbox in the alarm configuration section of the UI.

Motivation: Developers are able to disable _rollback_ on alarm, but this leaves deployments in a stopped state should any alarms be active. Including this configuration will align with the expectation that alarms will not block a deployment in lower environments via a flag rather than logic to include/exclude alarms on the deployment group based on environment. I'm sure there are other use cases for disabling the alarm configuration on a deployment group.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue

Closes #29083

### Reason for this change

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

```
  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })
```

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

### Description of changes

Added `grant` and `grantSendEmail` to `IEmailIdentity`, and added a common abstract class, `BaseEmailIdentity` with the relevant grant code. This is to avoid code duplication between the full `EmailIdentity` and the `Import` class.

### Description of how you validated changes

Tests added for grants on both new and imported email identities, and a test to validate the `grantSendEmail` method.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

closes #28975.

### Reason for this change

add support for table widget https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/add_remove_table_dashboard.html

### Description of changes

add a new `TableWidget` and its supporting property classes/interfaces

### Description of how you validated changes

added both unit/integ tests

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #<issue number here>.

### Reason for this change


This PR adds a new alpha module to for EvenBridge pipes targets.

This is the base setup for future work and additional targets.

### Description of changes



The initial target is the SQS target.


### Description of how you validated changes


- [x] Unittests
- [x]  Integration test

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…d triggers (#28538)

This PR supports pipeline type v2 with pipeline-level variables and triggers.

When referring to a variable in pipeline actions, it must be specified according to the format `#{variables.variableName}`. In order to avoid the need to specify directly in this form, a new class `Variable` with a `reference()` method was created.

```ts
const myVariable = new codepipeline.Variable({
  variableName: 'bucket-var',
  description: 'description',
  defaultValue: 'sample',
});

const pipeline = new codepipeline.Pipeline(stack, 'Pipeline', {
  artifactBucket: sourceBucket,
  pipelineType: codepipeline.PipelineType.V2,
  variables: [myVariable],
  stages: [
    {
      stageName: 'Source',
      actions: [sourceAction],
    },
    {
      stageName: 'Deploy',
      actions: [
        new S3DeployAction({
          actionName: 'DeployAction',
          extract: false,
          // objectKey: '#{variables.bucket-var}.txt',
          objectKey: `${myVariable.reference()}.txt`,
          input: sourceOutput,
          bucket: deployBucket,
        }),
      ],
    },
  ],
});
```

- user guide
  - https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html
  - https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-variables.html#reference-variables-workflow
  - https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-tags.html
- CloudFormation
  - https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-codepipeline-pipeline.html
  - https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-variabledeclaration.html
  - https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-pipelinetriggerdeclaration.html

Closes #28476 #28694.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…et (#28927)

This PR adds SageMakerStartPipelineExecution Target for EventBridge Scheduler.

Closes #27457

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…le (#29063)

### Issue # (if applicable)

Closes #<issue number here>.

### Reason for this change

This PR adds a new alpha module to for EvenBridge pipes enrichments.

This is the base setup for future work and additional enrichments.

### Description of changes

The initial enrichment is the Lambda enrichment.

### Description of how you validated changes

- [x] Unittests
- [x] Integration test


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…cryption` and note that we intend to default to `S3_MANAGED` in the future (#28978)

### Issue # (if applicable)

Relates to #28815

### Reason for this change

The App Staging Synthesizer is great - I've moved to using it for most of my stacks. However, the current default uses a Customer-Managed KMS key, which costs $1/month.

The default synthesizer bucket uses SSE-S3 encryption by default. This is nice because users do not incur additional fees for a KMS key.

In my opinion, SSE-S3 is good enough for most people. If folks need additional security, they should opt-in to SSE-KMS, which they can do via the `stagingBucketEncryption` property @msambol introduced with #28903.

### Description of changes

With guidance from @kaizencc [below](#28978 (comment)), this PR makes `stagingBucketEncryption` a required property, with a user-facing note that we intend to default to `S3_MANAGED` as the module is stablized.

### Description of how you validated changes

Updated unit tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)


BREAKING CHANGE: `stagingBucketEncryption` property is now required. For existing apps, specify `BucketEncryption.KMS` to retain existing behavior. For new apps, choose the bucket encryption that makes most sense for your use case. `BucketEncryption.S3_MANAGED` is available and is intended to be the default when this module is stabilized.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Every time I perform a CDK deployment, the logicalId hash of the deployment resource changes and causes the deployment resource to be deleted and recreated. I'm assuming it is because the configuration `content` is part of the hash creation and I am creating the content using `lazy` and at the time of the hash creation it is still a token.

Looking at the [CloudFormation
docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appconfig-deployment.html) for the deployment resource, a change to _any_ property causes a replacement so I don't think we need to control the recreation logic ourselves, we should just let CloudFormation do the resource replacement for us.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Feb 14, 2024
@github-actions github-actions bot added the p2 label Feb 14, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team February 14, 2024 17:25
@vinayak-kukreja vinayak-kukreja added pr/do-not-merge This PR should not be merged at this time. and removed pr/do-not-merge This PR should not be merged at this time. labels Feb 14, 2024
CHANGELOG.v2.md Outdated

### Bug Fixes

* **lambda:** [@deprecated](https://github.com/deprecated) tag to deprecated runtimes ([#29081](https://github.com/aws/aws-cdk/issues/29081)) ([2503f68](https://github.com/aws/aws-cdk/commit/2503f6855b6b0dad73c6fafc51f81f66354e2822))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinayak-kukreja can you update the CHANGELOG to not reference the github alias deprecated?

@kaizencc kaizencc added the pr/do-not-merge This PR should not be merged at this time. label Feb 14, 2024
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Feb 14, 2024
Signed-off-by: Vinayak Kukreja <vinakuk@amazon.com>
@vinayak-kukreja vinayak-kukreja removed the pr/do-not-merge This PR should not be merged at this time. label Feb 14, 2024
@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 72262dd
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Copy link
Contributor

mergify bot commented Feb 14, 2024

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit d995261 into v2-release Feb 14, 2024
15 checks passed
@mergify mergify bot deleted the bump/2.128.0 branch February 14, 2024 18:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-approve p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr/no-squash This PR should be merged instead of squash-merging it
Projects
None yet
Development

Successfully merging this pull request may close these issues.