Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into pr/18546
Browse files Browse the repository at this point in the history
* origin/master: (27 commits)
  chore(eks): deprecate older versions of EKS (aws#18842)
  fix(tooling): update vscode devcontainer image (aws#18455)
  chore: npm-check-updates && yarn upgrade (aws#18832)
  chore(docs): Fix broken md links (aws#18384)
  chore(lambda-layer-awscli): install awscli with pip and requirements.txt (aws#18800)
  fix(aws-appsync): Strip unsupported characters from Lambda DataSource (aws#18765)
  feat(cfnspec): cloudformation spec v55.0.0 (aws#18827)
  docs(cfnspec): update CloudFormation documentation (aws#18826)
  chore(cxapi): plugin context provider limited by cx schema (aws#18709)
  feat(iotevents): add grant method to Input class (aws#18617)
  chore(cx-api): break circular dependencies (aws#18767)
  docs(core): clarify that `addOverride` does not change property casing (aws#18687)
  feat(s3-deployment): deploy data with deploy-time values (aws#18659)
  docs(cfnspec): update CloudFormation documentation (aws#18808)
  feat(cli): `cdk diff` works for Nested Stacks (aws#18207)
  docs(cfnspec): update CloudFormation documentation (aws#18783)
  chore(lambda-layer-awscli): add update mechanism for AWS CLI (aws#18780)
  chore(release): 1.143.0
  feat(fsx): add support for FSx Lustre Persistent_2 deployment type (aws#18626)
  feat(amplify): support performance mode in Branch (aws#18598)
  ...
  • Loading branch information
kornicameister committed Feb 6, 2022
2 parents 7bdc06a + 80ef69f commit d098d5f
Show file tree
Hide file tree
Showing 311 changed files with 6,372 additions and 1,016 deletions.
4 changes: 2 additions & 2 deletions .devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"name": "Dev Container Definition - AWS CDK",
"image": "jsii/superchain",
"image": "jsii/superchain:1-buster-slim",
"postCreateCommand": "yarn build --skip-test --no-bail --skip-prereqs --skip-compat",
"extensions": [
"dbaeumer.vscode-eslint@2.1.5"
]
}
}
28 changes: 28 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,34 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [1.143.0](https://github.com/aws/aws-cdk/compare/v1.142.0...v1.143.0) (2022-02-02)


### Features

* **amplify:** support performance mode in Branch ([#18598](https://github.com/aws/aws-cdk/issues/18598)) ([bdeb8eb](https://github.com/aws/aws-cdk/commit/bdeb8eb604f5012ce3180d2f6d887fed1834e4f4)), closes [#18557](https://github.com/aws/aws-cdk/issues/18557)
* **cfnspec:** cloudformation spec v54.0.0 ([#18764](https://github.com/aws/aws-cdk/issues/18764)) ([71601c1](https://github.com/aws/aws-cdk/commit/71601c115a6460b4532a34c83100ae70a476fad2))
* **cloudwatch-actions:** add ssm opsitem action for cloudwatch alarm ([#16923](https://github.com/aws/aws-cdk/issues/16923)) ([9380885](https://github.com/aws/aws-cdk/commit/93808851415bff269418f28d9de3c61727e143d3)), closes [#16861](https://github.com/aws/aws-cdk/issues/16861)
* **dynamodb:** allow setting TableClass for a Table ([#18719](https://github.com/aws/aws-cdk/issues/18719)) ([73a889e](https://github.com/aws/aws-cdk/commit/73a889eba85d0aa542ac96a1124f3ae4f1d351bc)), closes [#18718](https://github.com/aws/aws-cdk/issues/18718)
* **ec2:** support KMS keys for block device mappings for both instances and launch templates ([#18326](https://github.com/aws/aws-cdk/issues/18326)) ([17dbe5f](https://github.com/aws/aws-cdk/commit/17dbe5f476ac1ccc0c0e6a0905b0de5ae6186704)), closes [#18309](https://github.com/aws/aws-cdk/issues/18309)
* **ecr:** add server-side encryption configuration ([#16966](https://github.com/aws/aws-cdk/issues/16966)) ([c46acd5](https://github.com/aws/aws-cdk/commit/c46acd5f13442c43d0c2ed339e3091dd46002741)), closes [#15400](https://github.com/aws/aws-cdk/issues/15400) [#15571](https://github.com/aws/aws-cdk/issues/15571)
* **ecs:** expose image name in container definition ([#17793](https://github.com/aws/aws-cdk/issues/17793)) ([1947d7c](https://github.com/aws/aws-cdk/commit/1947d7cc809fda0765bee3dbb2286190ec2847f7))
* **fsx:** add support for FSx Lustre Persistent_2 deployment type ([#18626](https://github.com/aws/aws-cdk/issues/18626)) ([6036d99](https://github.com/aws/aws-cdk/commit/6036d9927bb3607e31a57361bf304976ff1891f7))
* **iot:** add Action to republish MQTT messages to another MQTT topic ([#18661](https://github.com/aws/aws-cdk/issues/18661)) ([7ac1215](https://github.com/aws/aws-cdk/commit/7ac121546776cae972bbfb89c2a11949762e7c47))


### Bug Fixes

* **core:** correctly reference versionless secure parameters ([#18730](https://github.com/aws/aws-cdk/issues/18730)) ([9f6e10e](https://github.com/aws/aws-cdk/commit/9f6e10ed0a751c06fe0cc1d79f38d5fb4b686087)), closes [#18729](https://github.com/aws/aws-cdk/issues/18729)
* **ec2:** `UserData.addSignalOnExitCommand` does not work in combination with `userDataCausesReplacement` ([#18726](https://github.com/aws/aws-cdk/issues/18726)) ([afdc550](https://github.com/aws/aws-cdk/commit/afdc550ee372dd25d9d2eef81a545da1e923f796)), closes [#12749](https://github.com/aws/aws-cdk/issues/12749)
* **vpc:** Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist ([#18714](https://github.com/aws/aws-cdk/issues/18714)) ([13e1c7f](https://github.com/aws/aws-cdk/commit/13e1c7f10b81fc350953fe69fcccb61ff5aa9c1e)), closes [#13962](https://github.com/aws/aws-cdk/issues/13962)


### Reverts

* "chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket ([#18264](https://github.com/aws/aws-cdk/issues/18264))" ([#18772](https://github.com/aws/aws-cdk/issues/18772)) ([121e4a1](https://github.com/aws/aws-cdk/commit/121e4a1dec13d31644f6176d0a1d703952dc1ba3)), closes [#18271](https://github.com/aws/aws-cdk/issues/18271) [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html/issues/AWS-logs-infrastructure-S3) [#18676](https://github.com/aws/aws-cdk/issues/18676)
* "chore(ec2): enforceSSL on flowLog s3 bucket ([#18271](https://github.com/aws/aws-cdk/issues/18271))" ([#18770](https://github.com/aws/aws-cdk/issues/18770)) ([a2eb092](https://github.com/aws/aws-cdk/commit/a2eb092b2b468bffa2acde9b98ca34cefa3e48f1)), closes [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html/issues/AWS-logs-infrastructure-S3) [#18676](https://github.com/aws/aws-cdk/issues/18676)

## [1.142.0](https://github.com/aws/aws-cdk/compare/v1.141.0...v1.142.0) (2022-01-28)


Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -662,7 +662,7 @@ extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-e

#### pkglint

The `pkglint` tool "lints" package.json files across the repo according to [rules.ts](tools/pkglint/lib/rules.ts).
The `pkglint` tool "lints" package.json files across the repo according to [rules.ts](tools/@aws-cdk/pkglint/lib/rules.ts).

To evaluate (and attempt to fix) all package linting issues in the repo, run the following command from the root of the
repository (after bootstrapping):
Expand Down
3 changes: 1 addition & 2 deletions design/aws-ecs/aws-ecs-fargate-capacity-providers.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Objective

Since Capacity Providers are now supported in CloudFormation, incorporating support for Fargate Spot capacity has been one of the [top asks](https://github.com/aws/aws-cdk/issues?q=is%3Aissue+is%3Aopen+label%3A%40aws-cdk%2Faws-ecs+sort%3Areactions-%2B1-desc) for the ECS CDK module, with over 60 customer reactions. While there are still some outstanding issues regarding capacity provider support in general, specifically regarding cyclic workflows with named clusters (See: [CFN issue](http://%20https//github.com/aws/containers-roadmap/issues/631#issuecomment-702580141)), we should be able to move ahead with supporting `FARGATE` and `FARGATE_SPOT` capacity providers with our existing FargateService construct.
Since Capacity Providers are now supported in CloudFormation, incorporating support for Fargate Spot capacity has been one of the [top asks](https://github.com/aws/aws-cdk/issues?q=is%3Aissue+is%3Aopen+label%3A%40aws-cdk%2Faws-ecs+sort%3Areactions-%2B1-desc) for the ECS CDK module, with over 60 customer reactions. While there are still some outstanding issues regarding capacity provider support in general, specifically regarding cyclic workflows with named clusters (See: [CFN issue](https://github.com/aws/containers-roadmap/issues/631#issuecomment-702580141)), we should be able to move ahead with supporting `FARGATE` and `FARGATE_SPOT` capacity providers with our existing FargateService construct.

See: https://github.com/aws/aws-cdk/issues/5850

Expand Down Expand Up @@ -118,4 +118,3 @@ One alternative considered was to provide a more magical experience by populatin
For future extensibility, we can however add an `addCapacityProvider` method on the Cluster resource, to allow modifying the cluster CapacityProviders field post-construction.

Another option would be to create a new FargateCluster resource, that would have the two Fargate capacity providers set by default. The main advantage with this alternative would be that it would be consistent with the current Console experience, which sets the Fargate capacity providers for you if you choose the “Networking Only” cluster template via the cluster wizard. The downside is that it would be a more restrictive resource model that would go back on the decision to have a single generic ECS Cluster resource that could potentially contain both Fargate and EC2 services or tasks. Given that we are moving towards more generic versions of ECS resources, this is not a preferable solution. That being said, in the current iteration we can set the Fargate Capacity Providers on the cluster by default, but put them behind a feature flag, which we would be able to remove in the v2 version of the ECS module. Using the feature flag would ensure that there would not be a diff in the generated CFN template for existing customers defining ECS clusters in their stack who redeploy using an updated version of the CDK.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
},
"devDependencies": {
"@yarnpkg/lockfile": "^1.1.0",
"cdk-generate-synthetic-examples": "^0.1.3",
"cdk-generate-synthetic-examples": "^0.1.5",
"conventional-changelog-cli": "^2.2.2",
"fs-extra": "^9.1.0",
"graceful-fs": "^4.2.9",
Expand Down
4 changes: 3 additions & 1 deletion packages/@aws-cdk/aws-amplify/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,9 @@ Add branches:
declare const amplifyApp: amplify.App;

const master = amplifyApp.addBranch('master'); // `id` will be used as repo branch name
const dev = amplifyApp.addBranch('dev');
const dev = amplifyApp.addBranch('dev', {
performanceMode: true, // optional, enables performance mode
});
dev.addEnvironment('STAGE', 'dev');
```

Expand Down
12 changes: 12 additions & 0 deletions packages/@aws-cdk/aws-amplify/lib/branch.ts
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,17 @@ export interface BranchOptions {
* @default - no asset
*/
readonly asset?: Asset

/**
* Enables performance mode for the branch.
*
* Performance mode optimizes for faster hosting performance by keeping content cached at the edge
* for a longer interval. When performance mode is enabled, hosting configuration or code changes
* can take up to 10 minutes to roll out.
*
* @default false
*/
readonly performanceMode?: boolean;
}

/**
Expand Down Expand Up @@ -168,6 +179,7 @@ export class Branch extends Resource implements IBranch {
environmentVariables: Lazy.any({ produce: () => renderEnvironmentVariables(this.environmentVariables) }, { omitEmptyArray: true }),
pullRequestEnvironmentName: props.pullRequestEnvironmentName,
stage: props.stage,
enablePerformanceMode: props.performanceMode,
});

this.arn = branch.attrArn;
Expand Down
12 changes: 12 additions & 0 deletions packages/@aws-cdk/aws-amplify/test/branch.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -162,3 +162,15 @@ test('with asset deployment', () => {
},
});
});

test('with performance mode', () => {
// WHEN
app.addBranch('dev', {
performanceMode: true,
});

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Amplify::Branch', {
EnablePerformanceMode: true,
});
});
3 changes: 2 additions & 1 deletion packages/@aws-cdk/aws-appsync/lib/data-source.ts
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,8 @@ export abstract class BaseDataSource extends CoreConstruct {
if (extended.type !== 'NONE') {
this.serviceRole = props.serviceRole || new Role(this, 'ServiceRole', { assumedBy: new ServicePrincipal('appsync') });
}
const name = props.name ?? id;
// Replace unsupported characters from DataSource name. The only allowed pattern is: {[_A-Za-z][_0-9A-Za-z]*}
const name = (props.name ?? id).replace(/[\W]+/g, '');
this.ds = new CfnDataSource(this, 'Resource', {
apiId: props.api.apiId,
name: name,
Expand Down
36 changes: 36 additions & 0 deletions packages/@aws-cdk/aws-appsync/test/appsync-lambda.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,42 @@ describe('Lambda Data Source configuration', () => {
});
});

test('appsync sanitized datasource name from unsupported characters', () => {
const badCharacters = [...'!@#$%^&*()+-=[]{}\\|;:\'",<>?/'];

badCharacters.forEach((badCharacter) => {
// WHEN
const newStack = new cdk.Stack();
const graphqlapi = new appsync.GraphqlApi(newStack, 'baseApi', {
name: 'api',
schema: appsync.Schema.fromAsset(path.join(__dirname, 'appsync.test.graphql')),
});
const dummyFunction = new lambda.Function(newStack, 'func', {
code: lambda.Code.fromAsset(path.join(__dirname, 'verify/iam-query')),
handler: 'iam-query.handler',
runtime: lambda.Runtime.NODEJS_12_X,
});
graphqlapi.addLambdaDataSource(`data-${badCharacter}-source`, dummyFunction);

// THEN
Template.fromStack(newStack).hasResourceProperties('AWS::AppSync::DataSource', {
Type: 'AWS_LAMBDA',
Name: 'datasource',
});
});
});

test('appsync leaves underscore untouched in datasource name', () => {
// WHEN
api.addLambdaDataSource('data_source', func);

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::AppSync::DataSource', {
Type: 'AWS_LAMBDA',
Name: 'data_source',
});
});

test('appsync errors when creating multiple lambda data sources with no configuration', () => {
// THEN
expect(() => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"@types/sinon": "^9.0.11",
"@aws-cdk/cdk-build-tools": "0.0.0",
"aws-sdk": "^2.596.0",
"aws-sdk-mock": "^5.6.0",
"aws-sdk-mock": "5.6.0",
"eslint": "^7.32.0",
"eslint-config-standard": "^14.1.1",
"eslint-plugin-import": "^2.25.4",
Expand All @@ -43,7 +43,7 @@
"jest": "^27.4.7",
"lambda-tester": "^3.6.0",
"sinon": "^9.2.4",
"nock": "^13.2.2",
"nock": "^13.2.4",
"ts-jest": "^27.1.3"
}
}
5 changes: 1 addition & 4 deletions packages/@aws-cdk/aws-cloudfront/lib/distribution.ts
Original file line number Diff line number Diff line change
Expand Up @@ -430,10 +430,7 @@ export class Distribution extends Resource implements IDistribution {
throw new Error('Explicitly disabled logging but provided a logging bucket.');
}

const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket', {
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket');
return {
bucket: bucket.bucketRegionalDomainName,
includeCookies: props.logIncludesCookies,
Expand Down
5 changes: 1 addition & 4 deletions packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts
Original file line number Diff line number Diff line change
Expand Up @@ -954,10 +954,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
}

if (props.loggingConfig) {
this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket', {
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket');
distributionConfig = {
...distributionConfig,
logging: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,67 +75,9 @@
},
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"AnAmazingWebsiteProbably2LoggingBucketPolicyE298B456": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "AnAmazingWebsiteProbably2LoggingBucket222F7CE9"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"AnAmazingWebsiteProbably2CFDistribution7C1CCD12": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,67 +2,9 @@
"Resources": {
"MyDistLoggingBucket9B8976BC": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"MyDistLoggingBucketPolicy847D8D11": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "MyDistLoggingBucket9B8976BC"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"MyDistLoggingBucket9B8976BC",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"MyDistLoggingBucket9B8976BC",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"MyDistDB88FD9A": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
Expand Down
15 changes: 14 additions & 1 deletion packages/@aws-cdk/aws-cloudwatch-actions/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

This library contains a set of classes which can be used as CloudWatch Alarm actions.

The currently implemented actions are: EC2 Actions, SNS Actions, Autoscaling Actions and Aplication Autoscaling Actions
The currently implemented actions are: EC2 Actions, SNS Actions, SSM OpsCenter Actions, Autoscaling Actions and Application Autoscaling Actions


## EC2 Action Example
Expand All @@ -25,4 +25,17 @@ alarm.addAlarmAction(
);
```

## SSM OpsCenter Action Example

```ts
declare const alarm: cloudwatch.Alarm;
// Create an OpsItem with specific severity and category when alarm triggers
alarm.addAlarmAction(
new actions.SsmAction(
actions.OpsItemSeverity.CRITICAL,
actions.OpsItemCategory.PERFORMANCE // category is optional
)
);
```

See `@aws-cdk/aws-cloudwatch` for more information.
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-cloudwatch-actions/lib/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ export * from './appscaling';
export * from './autoscaling';
export * from './sns';
export * from './ec2';
export * from './ssm';
Loading

0 comments on commit d098d5f

Please sign in to comment.